- Linux-stable-mirror - lists.linaro.org

[PATCH 5.10.y] netfilter: nf_tables: fix memleak in map from abort path

by jianqi.ren.cn＠windriver.com

From: Pablo Neira Ayuso <pablo(a)netfilter.org> [ Upstream commit 86a1471d7cde792941109b93b558b5dc078b9ee9 ] The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping. Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already cleared. This is similar to the activate logic using the set walk iterator. [ 6170.286929] ------------[ cut here ]------------ [ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287071] Modules linked in: [...] [ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365 [ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f [ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202 [ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000 [ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750 [ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55 [ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10 [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100 [ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000 [ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0 [ 6170.287962] Call Trace: [ 6170.287967] <TASK> [ 6170.287973] ? __warn+0x9f/0x1a0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.288104] ? handle_bug+0x3c/0x70 [ 6170.288112] ? exc_invalid_op+0x17/0x40 [ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20 [ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables] Fixes: 591054469b3e ("netfilter: nf_tables: revisit chain/object refcounting from elements") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> [fixed conflicts due to missing commits aaa31047a6d25da0fa101da1ed544e1247949b40 ("netfilter: nftables: add catch-all set element support"), 0e1ea651c9717ddcd8e0648d8468477a31867b0a ("netfilter: nf_tables: shrink memory consumption of set elements") and 9dad402b89e81a0516bad5e0ac009b7a0a80898f ("netfilter: nf_tables: expose opaque set element as struct nft_elem_priv") so we pass the correct types and values to nft_setelem_active_next() + nft_set_elem_ext()] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/netfilter/nf_tables_api.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 04fda8c14e04..5b4d5b882418 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5933,6 +5933,16 @@ void nft_data_hold(const struct nft_data *data, enum nft_data_types type) } } +static int nft_setelem_active_next(const struct net *net, + const struct nft_set *set, + struct nft_set_elem *elem) +{ + const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv); + u8 genmask = nft_genmask_next(net); + + return nft_set_elem_active(ext, genmask); +} + static void nft_setelem_data_activate(const struct net *net, const struct nft_set *set, struct nft_set_elem *elem) @@ -8990,8 +9000,10 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) case NFT_MSG_DELSETELEM: te = (struct nft_trans_elem *)trans->data; - nft_setelem_data_activate(net, te->set, &te->elem); - te->set->ops->activate(net, te->set, &te->elem); + if (!nft_setelem_active_next(net, te->set, &te->elem)) { + nft_setelem_data_activate(net, te->set, &te->elem); + te->set->ops->activate(net, te->set, &te->elem); + } te->set->ndeact--; if (te->set->ops->abort && -- 2.34.1

7 months

2
1
0 0

[PATCH 5.15.y] usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group

by jianqi.ren.cn＠windriver.com

From: RD Babiera <rdbabiera(a)google.com> commit 165376f6b23e9a779850e750fb2eb06622e5a531 upstream. The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Remove manual sysfs node creation in favor of adding attribute group as default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is not used here otherwise the path to the sysfs nodes is no longer compliant with the ABI. Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Link: https://lore.kernel.org/r/20240229001101.3889432-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/usb/typec/altmodes/displayport.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c index 8f0c6da27dd1..97a912f0c4ee 100644 --- a/drivers/usb/typec/altmodes/displayport.c +++ b/drivers/usb/typec/altmodes/displayport.c @@ -521,22 +521,26 @@ static ssize_t pin_assignment_show(struct device *dev, } static DEVICE_ATTR_RW(pin_assignment); -static struct attribute *dp_altmode_attrs[] = { +static struct attribute *displayport_attrs[] = { &dev_attr_configuration.attr, &dev_attr_pin_assignment.attr, NULL }; -static const struct attribute_group dp_altmode_group = { +static const struct attribute_group displayport_group = { .name = "displayport", - .attrs = dp_altmode_attrs, + .attrs = displayport_attrs, +}; + +static const struct attribute_group *displayport_groups[] = { + &displayport_group, + NULL, }; int dp_altmode_probe(struct typec_altmode *alt) { const struct typec_altmode *port = typec_altmode_get_partner(alt); struct dp_altmode *dp; - int ret; /* FIXME: Port can only be DFP_U. */ @@ -547,10 +551,6 @@ int dp_altmode_probe(struct typec_altmode *alt) DP_CAP_PIN_ASSIGN_DFP_D(alt->vdo))) return -ENODEV; - ret = sysfs_create_group(&alt->dev.kobj, &dp_altmode_group); - if (ret) - return ret; - dp = devm_kzalloc(&alt->dev, sizeof(*dp), GFP_KERNEL); if (!dp) return -ENOMEM; @@ -576,7 +576,6 @@ void dp_altmode_remove(struct typec_altmode *alt) { struct dp_altmode *dp = typec_altmode_get_drvdata(alt); - sysfs_remove_group(&alt->dev.kobj, &dp_altmode_group); cancel_work_sync(&dp->work); } EXPORT_SYMBOL_GPL(dp_altmode_remove); @@ -594,6 +593,7 @@ static struct typec_altmode_driver dp_altmode_driver = { .driver = { .name = "typec_displayport", .owner = THIS_MODULE, + .dev_groups = displayport_groups, }, }; module_typec_altmode_driver(dp_altmode_driver); -- 2.34.1

7 months

2
1
0 0

[PATCH 5.15.y] netfilter: nf_tables: fix memleak in map from abort path

by jianqi.ren.cn＠windriver.com

From: Pablo Neira Ayuso <pablo(a)netfilter.org> [ Upstream commit 86a1471d7cde792941109b93b558b5dc078b9ee9 ] The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping. Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already cleared. This is similar to the activate logic using the set walk iterator. [ 6170.286929] ------------[ cut here ]------------ [ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287071] Modules linked in: [...] [ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365 [ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f [ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202 [ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000 [ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750 [ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55 [ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10 [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100 [ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000 [ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0 [ 6170.287962] Call Trace: [ 6170.287967] <TASK> [ 6170.287973] ? __warn+0x9f/0x1a0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.288104] ? handle_bug+0x3c/0x70 [ 6170.288112] ? exc_invalid_op+0x17/0x40 [ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20 [ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables] Fixes: 591054469b3e ("netfilter: nf_tables: revisit chain/object refcounting from elements") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> [fixed conflicts due to missing commits 0e1ea651c9717ddcd8e0648d8468477a31867b0a ("netfilter: nf_tables: shrink memory consumption of set elements") and 9dad402b89e81a0516bad5e0ac009b7a0a80898f ("netfilter: nf_tables: expose opaque set element as struct nft_elem_priv") so we pass the correct types and values to nft_setelem_active_next() + nft_set_elem_ext()] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/netfilter/nf_tables_api.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 07fdd5f18f3c..211d67dc8e28 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -6650,6 +6650,16 @@ void nft_data_hold(const struct nft_data *data, enum nft_data_types type) } } +static int nft_setelem_active_next(const struct net *net, + const struct nft_set *set, + struct nft_set_elem *elem) +{ + const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv); + u8 genmask = nft_genmask_next(net); + + return nft_set_elem_active(ext, genmask); +} + static void nft_setelem_data_activate(const struct net *net, const struct nft_set *set, struct nft_set_elem *elem) @@ -9881,8 +9891,10 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) case NFT_MSG_DELSETELEM: te = (struct nft_trans_elem *)trans->data; - nft_setelem_data_activate(net, te->set, &te->elem); - nft_setelem_activate(net, te->set, &te->elem); + if (!nft_setelem_active_next(net, te->set, &te->elem)) { + nft_setelem_data_activate(net, te->set, &te->elem); + nft_setelem_activate(net, te->set, &te->elem); + } if (!nft_setelem_is_catchall(te->set, &te->elem)) te->set->ndeact--; -- 2.34.1

7 months

2
1
0 0

FAILED: patch "[PATCH] rust: allow Rust 1.87.0's `clippy::ptr_eq` lint" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a39f3087092716f2bd531d6fdc20403c3dc2a879 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051211-unclothed-common-f6cf@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a39f3087092716f2bd531d6fdc20403c3dc2a879 Mon Sep 17 00:00:00 2001 From: Miguel Ojeda <ojeda(a)kernel.org> Date: Fri, 2 May 2025 16:02:34 +0200 Subject: [PATCH] rust: allow Rust 1.87.0's `clippy::ptr_eq` lint Starting with Rust 1.87.0 (expected 2025-05-15) [1], Clippy may expand the `ptr_eq` lint, e.g.: error: use `core::ptr::eq` when comparing raw pointers --> rust/kernel/list.rs:438:12 | 438 | if self.first == item { | ^^^^^^^^^^^^^^^^^^ help: try: `core::ptr::eq(self.first, item)` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#ptr_eq = note: `-D clippy::ptr-eq` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(clippy::ptr_eq)]` It is expected that a PR to relax the lint will be backported [2] by the time Rust 1.87.0 releases, since the lint was considered too eager (at least by default) [3]. Thus allow the lint temporarily just in case. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: https://github.com/rust-lang/rust-clippy/pull/14339 [1] Link: https://github.com/rust-lang/rust-clippy/pull/14526 [2] Link: https://github.com/rust-lang/rust-clippy/issues/14525 [3] Link: https://lore.kernel.org/r/20250502140237.1659624-3-ojeda@kernel.org [ Converted to `allow`s since backport was confirmed. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs index ae9d072741ce..87a71fd40c3c 100644 --- a/rust/kernel/alloc/kvec.rs +++ b/rust/kernel/alloc/kvec.rs @@ -2,6 +2,9 @@ //! Implementation of [`Vec`]. +// May not be needed in Rust 1.87.0 (pending beta backport). +#![allow(clippy::ptr_eq)] + use super::{ allocator::{KVmalloc, Kmalloc, Vmalloc}, layout::ArrayLayout, diff --git a/rust/kernel/list.rs b/rust/kernel/list.rs index a335c3b1ff5e..2054682c5724 100644 --- a/rust/kernel/list.rs +++ b/rust/kernel/list.rs @@ -4,6 +4,9 @@ //! A linked list implementation. +// May not be needed in Rust 1.87.0 (pending beta backport). +#![allow(clippy::ptr_eq)] + use crate::sync::ArcBorrow; use crate::types::Opaque; use core::iter::{DoubleEndedIterator, FusedIterator};

7 months

3
2
0 0

+ xarray-fix-kmemleak-false-positive-in-xas_shrink.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: XArray: fix kmemleak false positive in xas_shrink() has been added to the -mm mm-hotfixes-unstable branch. Its filename is xarray-fix-kmemleak-false-positive-in-xas_shrink.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jared Kangas <jkangas(a)redhat.com> Subject: XArray: fix kmemleak false positive in xas_shrink() Date: Mon, 12 May 2025 12:17:07 -0700 Kmemleak periodically produces a false positive report that resembles the following: unreferenced object 0xffff0000c105ed08 (size 576): comm "swapper/0", pid 1, jiffies 4294937478 hex dump (first 32 bytes): 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 e7 0a 8b 00 80 ff ff 20 ed 05 c1 00 00 ff ff ........ ....... backtrace (crc 69e99671): kmemleak_alloc+0xb4/0xc4 kmem_cache_alloc_lru+0x1f0/0x244 xas_alloc+0x2a0/0x3a0 xas_expand.constprop.0+0x144/0x4dc xas_create+0x2b0/0x484 xas_store+0x60/0xa00 __xa_alloc+0x194/0x280 __xa_alloc_cyclic+0x104/0x2e0 dev_index_reserve+0xd8/0x18c register_netdevice+0x5e8/0xf90 register_netdev+0x28/0x50 loopback_net_init+0x68/0x114 ops_init+0x90/0x2c0 register_pernet_operations+0x20c/0x554 register_pernet_device+0x3c/0x8c net_dev_init+0x5cc/0x7d8 This transient leak can be traced to xas_shrink(): when the xarray's head is reassigned, kmemleak may have already started scanning the xarray. When this happens, if kmemleak fails to scan the new xa_head before it moves, kmemleak will see it as a leak until the xarray is scanned again. The report can be reproduced by running the xdp_bonding BPF selftest, although it doesn't appear consistently due to the bug's transience. In my testing, the following script has reliably triggered the report in under an hour on a debug kernel with kmemleak enabled, where KSELFTESTS is set to the install path for the kernel selftests: #!/bin/sh set -eu echo 1 >/sys/module/kmemleak/parameters/verbose echo scan=1 >/sys/kernel/debug/kmemleak while :; do $KSELFTESTS/bpf/test_progs -t xdp_bonding done To prevent this false positive report, mark the new xa_head in xas_shrink() as a transient leak. Link: https://lkml.kernel.org/r/20250512191707.245153-1-jkangas@redhat.com Signed-off-by: Jared Kangas <jkangas(a)redhat.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Jared Kangas <jkangas(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/xarray.c | 2 ++ 1 file changed, 2 insertions(+) --- a/lib/xarray.c~xarray-fix-kmemleak-false-positive-in-xas_shrink +++ a/lib/xarray.c @@ -8,6 +8,7 @@ #include <linux/bitmap.h> #include <linux/export.h> +#include <linux/kmemleak.h> #include <linux/list.h> #include <linux/slab.h> #include <linux/xarray.h> @@ -476,6 +477,7 @@ static void xas_shrink(struct xa_state * break; node = xa_to_node(entry); node->parent = NULL; + kmemleak_transient_leak(node); } } _ Patches currently in -mm which might be from jkangas(a)redhat.com are xarray-fix-kmemleak-false-positive-in-xas_shrink.patch

7 months

1
0
0 0

[PATCH] memblock: Accept allocated memory before use in memblock_double_array()

by Tom Lendacky

When increasing the array size in memblock_double_array() and the slab is not yet available, a call to memblock_find_in_range() is used to reserve/allocate memory. However, the range returned may not have been accepted, which can result in a crash when booting an SNP guest: RIP: 0010:memcpy_orig+0x68/0x130 Code: ... RSP: 0000:ffffffff9cc03ce8 EFLAGS: 00010006 RAX: ff11001ff83e5000 RBX: 0000000000000000 RCX: fffffffffffff000 RDX: 0000000000000bc0 RSI: ffffffff9dba8860 RDI: ff11001ff83e5c00 RBP: 0000000000002000 R08: 0000000000000000 R09: 0000000000002000 R10: 000000207fffe000 R11: 0000040000000000 R12: ffffffff9d06ef78 R13: ff11001ff83e5000 R14: ffffffff9dba7c60 R15: 0000000000000c00 memblock_double_array+0xff/0x310 memblock_add_range+0x1fb/0x2f0 memblock_reserve+0x4f/0xa0 memblock_alloc_range_nid+0xac/0x130 memblock_alloc_internal+0x53/0xc0 memblock_alloc_try_nid+0x3d/0xa0 swiotlb_init_remap+0x149/0x2f0 mem_init+0xb/0xb0 mm_core_init+0x8f/0x350 start_kernel+0x17e/0x5d0 x86_64_start_reservations+0x14/0x30 x86_64_start_kernel+0x92/0xa0 secondary_startup_64_no_verify+0x194/0x19b Mitigate this by calling accept_memory() on the memory range returned before the slab is available. Prior to v6.12, the accept_memory() interface used a 'start' and 'end' parameter instead of 'start' and 'size', therefore the accept_memory() call must be adjusted to specify 'start + size' for 'end' when applying to kernels prior to v6.12. Cc: <stable(a)vger.kernel.org> # see patch description, needs adjustments for <= 6.11 Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> --- mm/memblock.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/mm/memblock.c b/mm/memblock.c index 0a53db4d9f7b..30fa553e9634 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -457,7 +457,14 @@ static int __init_memblock memblock_double_array(struct memblock_type *type, min(new_area_start, memblock.current_limit), new_alloc_size, PAGE_SIZE); - new_array = addr ? __va(addr) : NULL; + if (addr) { + /* The memory may not have been accepted, yet. */ + accept_memory(addr, new_alloc_size); + + new_array = __va(addr); + } else { + new_array = NULL; + } } if (!addr) { pr_err("memblock: Failed to double %s array from %ld to %ld entries !\n", base-commit: fc96b232f8e7c0a6c282f47726b2ff6a5fb341d2 -- 2.46.2

7 months

3
3
0 0

[PATCH 5.15.y] btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()

by jianqi.ren.cn＠windriver.com

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit 28cb13f29faf6290597b24b728dc3100c019356f ] Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/extent-tree.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 551faae77bc3..8959506a0aa7 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -176,6 +176,14 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, ei = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_extent_item); num_refs = btrfs_extent_refs(leaf, ei); + if (unlikely(num_refs == 0)) { + ret = -EUCLEAN; + btrfs_err(fs_info, + "unexpected zero reference count for extent item (%llu %u %llu)", + key.objectid, key.type, key.offset); + btrfs_abort_transaction(trans, ret); + goto out_free; + } extent_flags = btrfs_extent_flags(leaf, ei); } else { ret = -EINVAL; @@ -187,8 +195,6 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, goto out_free; } - - BUG_ON(num_refs == 0); } else { num_refs = 0; extent_flags = 0; @@ -218,10 +224,19 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, goto search_again; } spin_lock(&head->lock); - if (head->extent_op && head->extent_op->update_flags) + if (head->extent_op && head->extent_op->update_flags) { extent_flags |= head->extent_op->flags_to_set; - else - BUG_ON(num_refs == 0); + } else if (unlikely(num_refs == 0)) { + spin_unlock(&head->lock); + mutex_unlock(&head->mutex); + spin_unlock(&delayed_refs->lock); + ret = -EUCLEAN; + btrfs_err(fs_info, + "unexpected zero reference count for extent %llu (%s)", + bytenr, metadata ? "metadata" : "data"); + btrfs_abort_transaction(trans, ret); + goto out_free; + } num_refs += head->ref_mod; spin_unlock(&head->lock); -- 2.34.1

7 months

2
1
0 0

[PATCH 6.6.y] btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()

by jianqi.ren.cn＠windriver.com

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit 28cb13f29faf6290597b24b728dc3100c019356f ] Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/extent-tree.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index af03a1c6ba76..ef77d4208510 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -164,6 +164,14 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, ei = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_extent_item); num_refs = btrfs_extent_refs(leaf, ei); + if (unlikely(num_refs == 0)) { + ret = -EUCLEAN; + btrfs_err(fs_info, + "unexpected zero reference count for extent item (%llu %u %llu)", + key.objectid, key.type, key.offset); + btrfs_abort_transaction(trans, ret); + goto out_free; + } extent_flags = btrfs_extent_flags(leaf, ei); } else { ret = -EUCLEAN; @@ -177,8 +185,6 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, goto out_free; } - - BUG_ON(num_refs == 0); } else { num_refs = 0; extent_flags = 0; @@ -208,10 +214,19 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, goto search_again; } spin_lock(&head->lock); - if (head->extent_op && head->extent_op->update_flags) + if (head->extent_op && head->extent_op->update_flags) { extent_flags |= head->extent_op->flags_to_set; - else - BUG_ON(num_refs == 0); + } else if (unlikely(num_refs == 0)) { + spin_unlock(&head->lock); + mutex_unlock(&head->mutex); + spin_unlock(&delayed_refs->lock); + ret = -EUCLEAN; + btrfs_err(fs_info, + "unexpected zero reference count for extent %llu (%s)", + bytenr, metadata ? "metadata" : "data"); + btrfs_abort_transaction(trans, ret); + goto out_free; + } num_refs += head->ref_mod; spin_unlock(&head->lock); -- 2.34.1

7 months

2
1
0 0

[PATCH 5.10.y] drm/vmwgfx: Fix a deadlock in dma buf fence polling

by Zhi Yang

From: Zack Rusin <zack.rusin(a)broadcom.com> commit e58337100721f3cc0c7424a18730e4f39844934f upstream. Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 2298e804e96e ("drm/vmwgfx: rework to new fence interface, v2") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.2+ Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240722184313.181318-2-zack.… [Minor context change fixed] Signed-off-by: Zhi Yang <Zhi.Yang(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 6bacdb7583df..0505f87d13c0 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -32,7 +32,6 @@ #define VMW_FENCE_WRAP (1 << 31) struct vmw_fence_manager { - int num_fence_objects; struct vmw_private *dev_priv; spinlock_t lock; struct list_head fence_list; @@ -113,13 +112,13 @@ static void vmw_fence_obj_destroy(struct dma_fence *f) { struct vmw_fence_obj *fence = container_of(f, struct vmw_fence_obj, base); - struct vmw_fence_manager *fman = fman_from_fence(fence); - spin_lock(&fman->lock); - list_del_init(&fence->head); - --fman->num_fence_objects; - spin_unlock(&fman->lock); + if (!list_empty(&fence->head)) { + spin_lock(&fman->lock); + list_del_init(&fence->head); + spin_unlock(&fman->lock); + } fence->destroy(fence); } @@ -250,7 +249,6 @@ static const struct dma_fence_ops vmw_fence_ops = { .release = vmw_fence_obj_destroy, }; - /** * Execute signal actions on fences recently signaled. * This is done from a workqueue so we don't have to execute @@ -353,7 +351,6 @@ static int vmw_fence_obj_init(struct vmw_fence_manager *fman, goto out_unlock; } list_add_tail(&fence->head, &fman->fence_list); - ++fman->num_fence_objects; out_unlock: spin_unlock(&fman->lock); @@ -402,7 +399,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, { u32 goal_seqno; u32 *fifo_mem; - struct vmw_fence_obj *fence; + struct vmw_fence_obj *fence, *next_fence; if (likely(!fman->seqno_valid)) return false; @@ -413,7 +410,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, return false; fman->seqno_valid = false; - list_for_each_entry(fence, &fman->fence_list, head) { + list_for_each_entry_safe(fence, next_fence, &fman->fence_list, head) { if (!list_empty(&fence->seq_passed_actions)) { fman->seqno_valid = true; vmw_mmio_write(fence->base.seqno, -- 2.34.1

7 months

2
1
0 0

[PATCH 5.15.y 1/2] usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

by bin.lan.cn＠windriver.com

From: Dan Carpenter <dan.carpenter(a)linaro.org> [ Upstream commit e56aac6e5a25630645607b6856d4b2a17b2311a5 ] The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. Fixes: 170a6726d0e2 ("usb: typec: ucsi: add support for separate DP altmode devices") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/c69ef0b3-61b0-4dde-98dd-97b97f81d912@stanley.moun… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [The function ucsi_ccg_sync_write() is renamed to ucsi_ccg_sync_control() in commit 13f2ec3115c8 ("usb: typec: ucsi:simplify command sending API"). Apply this patch to ucsi_ccg_sync_write() in 5.15.y accordingly.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c index fb6211efb5d8..3983bf21a580 100644 --- a/drivers/usb/typec/ucsi/ucsi_ccg.c +++ b/drivers/usb/typec/ucsi/ucsi_ccg.c @@ -573,6 +573,10 @@ static int ucsi_ccg_sync_write(struct ucsi *ucsi, unsigned int offset, uc->has_multiple_dp) { con_index = (uc->last_cmd_sent >> 16) & UCSI_CMD_CONNECTOR_MASK; + if (con_index == 0) { + ret = -EINVAL; + goto unlock; + } con = &uc->ucsi->connector[con_index - 1]; ucsi_ccg_update_set_new_cam_cmd(uc, con, (u64 *)val); } @@ -588,6 +592,7 @@ static int ucsi_ccg_sync_write(struct ucsi *ucsi, unsigned int offset, err_clear_bit: clear_bit(DEV_CMD_PENDING, &uc->flags); pm_runtime_put_sync(uc->dev); +unlock: mutex_unlock(&uc->lock); return ret; -- 2.34.1

7 months

2
3
0 0

[PATCH 6.12] Revert "um: work around sched_yield not yielding in time-travel mode"

by Christian Lamparter

This reverts commit 887c5c12e80c ("um: work around sched_yield not yielding in time-travel mode") added with v6.12.25. Reason being that the patch depends on at least commit 0b8b2668f998 ("um: insert scheduler ticks when userspace does not yield") in order to build. Otherwise it fails with: | /usr/bin/ld: arch/um/kernel/skas/syscall.o: in function `handle_syscall': | linux-6.12.27/arch/um/kernel/skas/syscall.c:43:(.text+0xa2): undefined | reference to `tt_extra_sched_jiffies' | collect2: error: ld returned 1 exit status The author Benjamin Berg commented: "I think it is better to just not backport commit 0b8b2668f998 ("um: insert scheduler ticks when userspace does not yield") " Link: https://lore.kernel.org/linux-um/8ce0b6056a9726e540f61bce77311278654219eb.c… Cc: <stable(a)vger.kernel.org> # 6.12.y Cc: Benjamin Berg <benjamin.berg(a)intel.com> Signed-off-by: Christian Lamparter <chunkeey(a)gmail.com> --- Just in case, this throws someone else for a space-time loop: What's interessting/very strange strange about this time-travel stuff: |commit 0b8b2668f998 ("um: insert scheduler ticks when userspace does not yield") $ git describe 0b8b2668f998 => v6.12-rc2-43-g0b8b2668f998 (from what I know this is 43 patches on top of v6.12-rc2 as per the man page: "The command finds the most recent tag that is reachable from a commit. [...] it suffixes the tag name with the number of additional commits on top of the tagged object and the abbreviated object name of the most recent commit." But it was merged as part of: uml-for-linus-6.13-rc1 : https://lore.kernel.org/lkml/1155823186.11802667.1732921581257.JavaMail.zim… --- arch/um/include/linux/time-internal.h | 2 -- arch/um/kernel/skas/syscall.c | 11 ----------- 2 files changed, 13 deletions(-) diff --git a/arch/um/include/linux/time-internal.h b/arch/um/include/linux/time-internal.h index 138908b999d7..b22226634ff6 100644 --- a/arch/um/include/linux/time-internal.h +++ b/arch/um/include/linux/time-internal.h @@ -83,8 +83,6 @@ extern void time_travel_not_configured(void); #define time_travel_del_event(...) time_travel_not_configured() #endif /* CONFIG_UML_TIME_TRAVEL_SUPPORT */ -extern unsigned long tt_extra_sched_jiffies; - /* * Without CONFIG_UML_TIME_TRAVEL_SUPPORT this is a linker error if used, * which is intentional since we really shouldn't link it in that case. diff --git a/arch/um/kernel/skas/syscall.c b/arch/um/kernel/skas/syscall.c index a5beaea2967e..b09e85279d2b 100644 --- a/arch/um/kernel/skas/syscall.c +++ b/arch/um/kernel/skas/syscall.c @@ -31,17 +31,6 @@ void handle_syscall(struct uml_pt_regs *r) goto out; syscall = UPT_SYSCALL_NR(r); - - /* - * If no time passes, then sched_yield may not actually yield, causing - * broken spinlock implementations in userspace (ASAN) to hang for long - * periods of time. - */ - if ((time_travel_mode == TT_MODE_INFCPU || - time_travel_mode == TT_MODE_EXTERNAL) && - syscall == __NR_sched_yield) - tt_extra_sched_jiffies += 1; - if (syscall >= 0 && syscall < __NR_syscalls) { unsigned long ret = EXECUTE_SYSCALL(syscall, regs); -- 2.49.0

7 months

3
4
0 0

[PATCH 6.1.y] f2fs: fix to cover read extent cache access with lock

by jianqi.ren.cn＠windriver.com

From: Chao Yu <chao(a)kernel.org> [ Upstream commit d7409b05a64f212735f0d33f5f1602051a886eab ] syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46 Read of size 4 at addr ffff8880739ab220 by task syz-executor200/5097 CPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46 do_read_inode fs/f2fs/inode.c:509 [inline] f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560 f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237 generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413 exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444 exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584 do_handle_to_path fs/fhandle.c:155 [inline] handle_to_path fs/fhandle.c:210 [inline] do_handle_open+0x495/0x650 fs/fhandle.c:226 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f We missed to cover sanity_check_extent_cache() w/ extent cache lock, so, below race case may happen, result in use after free issue. - f2fs_iget - do_read_inode - f2fs_init_read_extent_tree : add largest extent entry in to cache - shrink - f2fs_shrink_read_extent_tree - __shrink_extent_tree - __detach_extent_node : drop largest extent entry - sanity_check_extent_cache : access et->largest w/o lock let's refactor sanity_check_extent_cache() to avoid extent cache access and call it before f2fs_init_read_extent_tree() to fix this issue. Reported-by: syzbot+74ebe2104433e9dc610d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-f2fs-devel/00000000000009beea061740a531@googl… Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/f2fs/extent_cache.c | 45 ++++++++++++++++++++---------------------- fs/f2fs/f2fs.h | 2 +- fs/f2fs/inode.c | 8 ++++---- 3 files changed, 26 insertions(+), 29 deletions(-) diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c index f13143efc4b1..d7202de5401e 100644 --- a/fs/f2fs/extent_cache.c +++ b/fs/f2fs/extent_cache.c @@ -15,26 +15,23 @@ #include "node.h" #include <trace/events/f2fs.h> -bool sanity_check_extent_cache(struct inode *inode) +bool sanity_check_extent_cache(struct inode *inode, struct page *ipage) { struct f2fs_sb_info *sbi = F2FS_I_SB(inode); - struct f2fs_inode_info *fi = F2FS_I(inode); - struct extent_info *ei; + struct f2fs_extent *i_ext = &F2FS_INODE(ipage)->i_ext; + struct extent_info ei; - if (!fi->extent_tree[EX_READ]) - return true; + get_read_extent_info(&ei, i_ext); - ei = &fi->extent_tree[EX_READ]->largest; + if (!ei.len) + return true; - if (ei->len && - (!f2fs_is_valid_blkaddr(sbi, ei->blk, - DATA_GENERIC_ENHANCE) || - !f2fs_is_valid_blkaddr(sbi, ei->blk + ei->len - 1, - DATA_GENERIC_ENHANCE))) { - set_sbi_flag(sbi, SBI_NEED_FSCK); + if (!f2fs_is_valid_blkaddr(sbi, ei.blk, DATA_GENERIC_ENHANCE) || + !f2fs_is_valid_blkaddr(sbi, ei.blk + ei.len - 1, + DATA_GENERIC_ENHANCE)) { f2fs_warn(sbi, "%s: inode (ino=%lx) extent info [%u, %u, %u] is incorrect, run fsck to fix", __func__, inode->i_ino, - ei->blk, ei->fofs, ei->len); + ei.blk, ei.fofs, ei.len); return false; } return true; @@ -444,24 +441,22 @@ void f2fs_init_read_extent_tree(struct inode *inode, struct page *ipage) if (!__may_extent_tree(inode, EX_READ)) { /* drop largest read extent */ - if (i_ext && i_ext->len) { + if (i_ext->len) { f2fs_wait_on_page_writeback(ipage, NODE, true, true); i_ext->len = 0; set_page_dirty(ipage); } - goto out; + set_inode_flag(inode, FI_NO_EXTENT); + return; } et = __grab_extent_tree(inode, EX_READ); - if (!i_ext || !i_ext->len) - goto out; - get_read_extent_info(&ei, i_ext); write_lock(&et->lock); - if (atomic_read(&et->node_cnt)) - goto unlock_out; + if (atomic_read(&et->node_cnt) || !ei.len) + goto skip; en = __attach_extent_node(sbi, et, &ei, NULL, &et->root.rb_root.rb_node, true); @@ -473,11 +468,13 @@ void f2fs_init_read_extent_tree(struct inode *inode, struct page *ipage) list_add_tail(&en->list, &eti->extent_list); spin_unlock(&eti->extent_lock); } -unlock_out: +skip: + /* Let's drop, if checkpoint got corrupted. */ + if (f2fs_cp_error(sbi)) { + et->largest.len = 0; + et->largest_updated = true; + } write_unlock(&et->lock); -out: - if (!F2FS_I(inode)->extent_tree[EX_READ]) - set_inode_flag(inode, FI_NO_EXTENT); } void f2fs_init_extent_tree(struct inode *inode) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 840a45855451..c9f401b5c706 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4130,7 +4130,7 @@ void f2fs_leave_shrinker(struct f2fs_sb_info *sbi); /* * extent_cache.c */ -bool sanity_check_extent_cache(struct inode *inode); +bool sanity_check_extent_cache(struct inode *inode, struct page *ipage); struct rb_entry *f2fs_lookup_rb_tree(struct rb_root_cached *root, struct rb_entry *cached_re, unsigned int ofs); struct rb_node **f2fs_lookup_rb_tree_for_insert(struct f2fs_sb_info *sbi, diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index b8296b0414fc..b4aa0b88e668 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -448,15 +448,15 @@ static int do_read_inode(struct inode *inode) init_idisk_time(inode); - /* Need all the flag bits */ - f2fs_init_read_extent_tree(inode, node_page); - - if (!sanity_check_extent_cache(inode)) { + if (!sanity_check_extent_cache(inode, node_page)) { f2fs_put_page(node_page, 1); f2fs_handle_error(sbi, ERROR_CORRUPTED_INODE); return -EFSCORRUPTED; } + /* Need all the flag bits */ + f2fs_init_read_extent_tree(inode, node_page); + f2fs_put_page(node_page, 1); stat_inc_inline_xattr(inode); -- 2.34.1

7 months

2
1
0 0

[PATCH 5.15.y] media: mtk-vcodec: potential null pointer deference in SCP

by jianqi.ren.cn＠windriver.com

From: Fullway Wang <fullwaywang(a)outlook.com> [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ] The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@… Signed-off-by: Fullway Wang <fullwaywang(a)outlook.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c index d8e66b645bd8..27f08b1d34d1 100644 --- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c +++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c @@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev) } fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL); + if (!fw) + return ERR_PTR(-ENOMEM); fw->type = SCP; fw->ops = &mtk_vcodec_rproc_msg; fw->scp = scp; -- 2.34.1

7 months

2
1
0 0

[PATCH AUTOSEL 5.4 1/3] btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref

by Sasha Levin

From: Goldwyn Rodrigues <rgoldwyn(a)suse.de> [ Upstream commit bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e ] btrfs_prelim_ref() calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to trace_btrfs_prelim_ref_insert(). Note, trace_btrfs_prelim_ref_insert() is being called with newref as oldref (and oldref as NULL) on purpose in order to print out the values of newref. To reproduce: echo 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable Perform some writeback operations. Backtrace: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014 RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130 Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88 RSP: 0018:ffffce44820077a0 EFLAGS: 00010286 RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000 R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540 FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> prelim_ref_insert+0x1c1/0x270 find_parent_nodes+0x12a6/0x1ee0 ? __entry_text_end+0x101f06/0x101f09 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 btrfs_is_data_extent_shared+0x167/0x640 ? fiemap_process_hole+0xd0/0x2c0 extent_fiemap+0xa5c/0xbc0 ? __entry_text_end+0x101f05/0x101f09 btrfs_fiemap+0x7e/0xd0 do_vfs_ioctl+0x425/0x9d0 __x64_sys_ioctl+0x75/0xc0 Signed-off-by: Goldwyn Rodrigues <rgoldwyn(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/trace/events/btrfs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index 94a3adb65b8af..fe4d7e165050b 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -1773,7 +1773,7 @@ DECLARE_EVENT_CLASS(btrfs__prelim_ref, TP_PROTO(const struct btrfs_fs_info *fs_info, const struct prelim_ref *oldref, const struct prelim_ref *newref, u64 tree_size), - TP_ARGS(fs_info, newref, oldref, tree_size), + TP_ARGS(fs_info, oldref, newref, tree_size), TP_STRUCT__entry_btrfs( __field( u64, root_id ) -- 2.39.5

7 months

1
2
0 0

[PATCH 5.10.y] tty: add the option to have a tty reject a new ldisc

by jianqi.ren.cn＠windriver.com

From: Linus Torvalds <torvalds(a)linux-foundation.org> [ Upstream commit 6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b ] ... and use it to limit the virtual terminals to just N_TTY. They are kind of special, and in particular, the "con_write()" routine violates the "writes cannot sleep" rule that some ldiscs rely on. This avoids the BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659 when N_GSM has been attached to a virtual console, and gsmld_write() calls con_write() while holding a spinlock, and con_write() then tries to get the console lock. Tested-by: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Cc: Jiri Slaby <jirislaby(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Daniel Starke <daniel.starke(a)siemens.com> Reported-by: syzbot <syzbot+dbac96d8e73b61aa559c(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=dbac96d8e73b61aa559c Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20240423163339.59780-1-torvalds@linux-foundation.… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Minor conflict resolved due to code context change. And also backport description comments for struct tty_operations.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/tty/tty_ldisc.c | 6 + drivers/tty/vt/vt.c | 10 ++ include/linux/tty_driver.h | 339 +++++++++++++++++++++++++++++++++++++ 3 files changed, 355 insertions(+) diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index 7262f45b513b..0dae579efdd9 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -579,6 +579,12 @@ int tty_set_ldisc(struct tty_struct *tty, int disc) goto out; } + if (tty->ops->ldisc_ok) { + retval = tty->ops->ldisc_ok(tty, disc); + if (retval) + goto out; + } + old_ldisc = tty->ldisc; /* Shutdown the old discipline. */ diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index 5d9de3a53548..a772c614a878 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -3448,6 +3448,15 @@ static void con_cleanup(struct tty_struct *tty) tty_port_put(&vc->port); } +/* + * We can't deal with anything but the N_TTY ldisc, + * because we can sleep in our write() routine. + */ +static int con_ldisc_ok(struct tty_struct *tty, int ldisc) +{ + return ldisc == N_TTY ? 0 : -EINVAL; +} + static int default_color = 7; /* white */ static int default_italic_color = 2; // green (ASCII) static int default_underline_color = 3; // cyan (ASCII) @@ -3576,6 +3585,7 @@ static const struct tty_operations con_ops = { .resize = vt_resize, .shutdown = con_shutdown, .cleanup = con_cleanup, + .ldisc_ok = con_ldisc_ok, }; static struct cdev vc0_cdev; diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h index 2f719b471d52..3412eb7280da 100644 --- a/include/linux/tty_driver.h +++ b/include/linux/tty_driver.h @@ -243,6 +243,344 @@ struct tty_driver; struct serial_icounter_struct; struct serial_struct; +/** + * struct tty_operations -- interface between driver and tty + * + * @lookup: ``struct tty_struct *()(struct tty_driver *self, struct file *, + * int idx)`` + * + * Return the tty device corresponding to @idx, %NULL if there is not + * one currently in use and an %ERR_PTR value on error. Called under + * %tty_mutex (for now!) + * + * Optional method. Default behaviour is to use the @self->ttys array. + * + * @install: ``int ()(struct tty_driver *self, struct tty_struct *tty)`` + * + * Install a new @tty into the @self's internal tables. Used in + * conjunction with @lookup and @remove methods. + * + * Optional method. Default behaviour is to use the @self->ttys array. + * + * @remove: ``void ()(struct tty_driver *self, struct tty_struct *tty)`` + * + * Remove a closed @tty from the @self's internal tables. Used in + * conjunction with @lookup and @remove methods. + * + * Optional method. Default behaviour is to use the @self->ttys array. + * + * @open: ``int ()(struct tty_struct *tty, struct file *)`` + * + * This routine is called when a particular @tty device is opened. This + * routine is mandatory; if this routine is not filled in, the attempted + * open will fail with %ENODEV. + * + * Required method. Called with tty lock held. May sleep. + * + * @close: ``void ()(struct tty_struct *tty, struct file *)`` + * + * This routine is called when a particular @tty device is closed. At the + * point of return from this call the driver must make no further ldisc + * calls of any kind. + * + * Remark: called even if the corresponding @open() failed. + * + * Required method. Called with tty lock held. May sleep. + * + * @shutdown: ``void ()(struct tty_struct *tty)`` + * + * This routine is called under the tty lock when a particular @tty device + * is closed for the last time. It executes before the @tty resources + * are freed so may execute while another function holds a @tty kref. + * + * @cleanup: ``void ()(struct tty_struct *tty)`` + * + * This routine is called asynchronously when a particular @tty device + * is closed for the last time freeing up the resources. This is + * actually the second part of shutdown for routines that might sleep. + * + * @write: ``int ()(struct tty_struct *tty, const unsigned char *buf, + * int count)`` + * + * This routine is called by the kernel to write a series (@count) of + * characters (@buf) to the @tty device. The characters may come from + * user space or kernel space. This routine will return the + * number of characters actually accepted for writing. + * + * May occur in parallel in special cases. Because this includes panic + * paths drivers generally shouldn't try and do clever locking here. + * + * Optional: Required for writable devices. May not sleep. + * + * @put_char: ``int ()(struct tty_struct *tty, unsigned char ch)`` + * + * This routine is called by the kernel to write a single character @ch to + * the @tty device. If the kernel uses this routine, it must call the + * @flush_chars() routine (if defined) when it is done stuffing characters + * into the driver. If there is no room in the queue, the character is + * ignored. + * + * Optional: Kernel will use the @write method if not provided. Do not + * call this function directly, call tty_put_char(). + * + * @flush_chars: ``void ()(struct tty_struct *tty)`` + * + * This routine is called by the kernel after it has written a + * series of characters to the tty device using @put_char(). + * + * Optional. Do not call this function directly, call + * tty_driver_flush_chars(). + * + * @write_room: ``int ()(struct tty_struct *tty)`` + * + * This routine returns the numbers of characters the @tty driver + * will accept for queuing to be written. This number is subject + * to change as output buffers get emptied, or if the output flow + * control is acted. + * + * The ldisc is responsible for being intelligent about multi-threading of + * write_room/write calls + * + * Required if @write method is provided else not needed. Do not call this + * function directly, call tty_write_room() + * + * @chars_in_buffer: ``int ()(struct tty_struct *tty)`` + * + * This routine returns the number of characters in the device private + * output queue. Used in tty_wait_until_sent() and for poll() + * implementation. + * + * Optional: if not provided, it is assumed there is no queue on the + * device. Do not call this function directly, call tty_chars_in_buffer(). + * + * @ioctl: ``int ()(struct tty_struct *tty, unsigned int cmd, + * unsigned long arg)`` + * + * This routine allows the @tty driver to implement device-specific + * ioctls. If the ioctl number passed in @cmd is not recognized by the + * driver, it should return %ENOIOCTLCMD. + * + * Optional. + * + * @compat_ioctl: ``long ()(struct tty_struct *tty, unsigned int cmd, + * unsigned long arg)`` + * + * Implement ioctl processing for 32 bit process on 64 bit system. + * + * Optional. + * + * @set_termios: ``void ()(struct tty_struct *tty, struct ktermios *old)`` + * + * This routine allows the @tty driver to be notified when device's + * termios settings have changed. New settings are in @tty->termios. + * Previous settings are passed in the @old argument. + * + * The API is defined such that the driver should return the actual modes + * selected. This means that the driver is responsible for modifying any + * bits in @tty->termios it cannot fulfill to indicate the actual modes + * being used. + * + * Optional. Called under the @tty->termios_rwsem. May sleep. + * + * @ldisc_ok: ``int ()(struct tty_struct *tty, int ldisc)`` + * + * This routine allows the @tty driver to decide if it can deal + * with a particular @ldisc. + * + * Optional. Called under the @tty->ldisc_sem and @tty->termios_rwsem. + * + * @set_ldisc: ``void ()(struct tty_struct *tty)`` + * + * This routine allows the @tty driver to be notified when the device's + * line discipline is being changed. At the point this is done the + * discipline is not yet usable. + * + * Optional. Called under the @tty->ldisc_sem and @tty->termios_rwsem. + * + * @throttle: ``void ()(struct tty_struct *tty)`` + * + * This routine notifies the @tty driver that input buffers for the line + * discipline are close to full, and it should somehow signal that no more + * characters should be sent to the @tty. + * + * Serialization including with @unthrottle() is the job of the ldisc + * layer. + * + * Optional: Always invoke via tty_throttle_safe(). Called under the + * @tty->termios_rwsem. + * + * @unthrottle: ``void ()(struct tty_struct *tty)`` + * + * This routine notifies the @tty driver that it should signal that + * characters can now be sent to the @tty without fear of overrunning the + * input buffers of the line disciplines. + * + * Optional. Always invoke via tty_unthrottle(). Called under the + * @tty->termios_rwsem. + * + * @stop: ``void ()(struct tty_struct *tty)`` + * + * This routine notifies the @tty driver that it should stop outputting + * characters to the tty device. + * + * Called with @tty->flow.lock held. Serialized with @start() method. + * + * Optional. Always invoke via stop_tty(). + * + * @start: ``void ()(struct tty_struct *tty)`` + * + * This routine notifies the @tty driver that it resumed sending + * characters to the @tty device. + * + * Called with @tty->flow.lock held. Serialized with stop() method. + * + * Optional. Always invoke via start_tty(). + * + * @hangup: ``void ()(struct tty_struct *tty)`` + * + * This routine notifies the @tty driver that it should hang up the @tty + * device. + * + * Optional. Called with tty lock held. + * + * @break_ctl: ``int ()(struct tty_struct *tty, int state)`` + * + * This optional routine requests the @tty driver to turn on or off BREAK + * status on the RS-232 port. If @state is -1, then the BREAK status + * should be turned on; if @state is 0, then BREAK should be turned off. + * + * If this routine is implemented, the high-level tty driver will handle + * the following ioctls: %TCSBRK, %TCSBRKP, %TIOCSBRK, %TIOCCBRK. + * + * If the driver sets %TTY_DRIVER_HARDWARE_BREAK in tty_alloc_driver(), + * then the interface will also be called with actual times and the + * hardware is expected to do the delay work itself. 0 and -1 are still + * used for on/off. + * + * Optional: Required for %TCSBRK/%BRKP/etc. handling. May sleep. + * + * @flush_buffer: ``void ()(struct tty_struct *tty)`` + * + * This routine discards device private output buffer. Invoked on close, + * hangup, to implement %TCOFLUSH ioctl and similar. + * + * Optional: if not provided, it is assumed there is no queue on the + * device. Do not call this function directly, call + * tty_driver_flush_buffer(). + * + * @wait_until_sent: ``void ()(struct tty_struct *tty, int timeout)`` + * + * This routine waits until the device has written out all of the + * characters in its transmitter FIFO. Or until @timeout (in jiffies) is + * reached. + * + * Optional: If not provided, the device is assumed to have no FIFO. + * Usually correct to invoke via tty_wait_until_sent(). May sleep. + * + * @send_xchar: ``void ()(struct tty_struct *tty, char ch)`` + * + * This routine is used to send a high-priority XON/XOFF character (@ch) + * to the @tty device. + * + * Optional: If not provided, then the @write method is called under + * the @tty->atomic_write_lock to keep it serialized with the ldisc. + * + * @tiocmget: ``int ()(struct tty_struct *tty)`` + * + * This routine is used to obtain the modem status bits from the @tty + * driver. + * + * Optional: If not provided, then %ENOTTY is returned from the %TIOCMGET + * ioctl. Do not call this function directly, call tty_tiocmget(). + * + * @tiocmset: ``int ()(struct tty_struct *tty, + * unsigned int set, unsigned int clear)`` + * + * This routine is used to set the modem status bits to the @tty driver. + * First, @clear bits should be cleared, then @set bits set. + * + * Optional: If not provided, then %ENOTTY is returned from the %TIOCMSET + * ioctl. Do not call this function directly, call tty_tiocmset(). + * + * @resize: ``int ()(struct tty_struct *tty, struct winsize *ws)`` + * + * Called when a termios request is issued which changes the requested + * terminal geometry to @ws. + * + * Optional: the default action is to update the termios structure + * without error. This is usually the correct behaviour. Drivers should + * not force errors here if they are not resizable objects (e.g. a serial + * line). See tty_do_resize() if you need to wrap the standard method + * in your own logic -- the usual case. + * + * @get_icount: ``int ()(struct tty_struct *tty, + * struct serial_icounter *icount)`` + * + * Called when the @tty device receives a %TIOCGICOUNT ioctl. Passed a + * kernel structure @icount to complete. + * + * Optional: called only if provided, otherwise %ENOTTY will be returned. + * + * @get_serial: ``int ()(struct tty_struct *tty, struct serial_struct *p)`` + * + * Called when the @tty device receives a %TIOCGSERIAL ioctl. Passed a + * kernel structure @p (&struct serial_struct) to complete. + * + * Optional: called only if provided, otherwise %ENOTTY will be returned. + * Do not call this function directly, call tty_tiocgserial(). + * + * @set_serial: ``int ()(struct tty_struct *tty, struct serial_struct *p)`` + * + * Called when the @tty device receives a %TIOCSSERIAL ioctl. Passed a + * kernel structure @p (&struct serial_struct) to set the values from. + * + * Optional: called only if provided, otherwise %ENOTTY will be returned. + * Do not call this function directly, call tty_tiocsserial(). + * + * @show_fdinfo: ``void ()(struct tty_struct *tty, struct seq_file *m)`` + * + * Called when the @tty device file descriptor receives a fdinfo request + * from VFS (to show in /proc/<pid>/fdinfo/). @m should be filled with + * information. + * + * Optional: called only if provided, otherwise nothing is written to @m. + * Do not call this function directly, call tty_show_fdinfo(). + * + * @poll_init: ``int ()(struct tty_driver *driver, int line, char *options)`` + * + * kgdboc support (Documentation/dev-tools/kgdb.rst). This routine is + * called to initialize the HW for later use by calling @poll_get_char or + * @poll_put_char. + * + * Optional: called only if provided, otherwise skipped as a non-polling + * driver. + * + * @poll_get_char: ``int ()(struct tty_driver *driver, int line)`` + * + * kgdboc support (see @poll_init). @driver should read a character from a + * tty identified by @line and return it. + * + * Optional: called only if @poll_init provided. + * + * @poll_put_char: ``void ()(struct tty_driver *driver, int line, char ch)`` + * + * kgdboc support (see @poll_init). @driver should write character @ch to + * a tty identified by @line. + * + * Optional: called only if @poll_init provided. + * + * @proc_show: ``int ()(struct seq_file *m, void *driver)`` + * + * Driver @driver (cast to &struct tty_driver) can show additional info in + * /proc/tty/driver/<driver_name>. It is enough to fill in the information + * into @m. + * + * Optional: called only if provided, otherwise no /proc entry created. + * + * This structure defines the interface between the low-level tty driver and + * the tty routines. These routines can be defined. Unless noted otherwise, + * they are optional, and can be filled in with a %NULL pointer. + */ struct tty_operations { struct tty_struct * (*lookup)(struct tty_driver *driver, struct file *filp, int idx); @@ -270,6 +608,7 @@ struct tty_operations { void (*hangup)(struct tty_struct *tty); int (*break_ctl)(struct tty_struct *tty, int state); void (*flush_buffer)(struct tty_struct *tty); + int (*ldisc_ok)(struct tty_struct *tty, int ldisc); void (*set_ldisc)(struct tty_struct *tty); void (*wait_until_sent)(struct tty_struct *tty, int timeout); void (*send_xchar)(struct tty_struct *tty, char ch); -- 2.34.1

7 months

2
1
0 0

[PATCH 5.15.y] RDMA/core: Refactor rdma_bind_addr

by Zhi Yang

From: Patrisious Haddad <phaddad(a)nvidia.com> commit 8d037973d48c026224ab285e6a06985ccac6f7bf upstream. Refactor rdma_bind_addr function so that it doesn't require that the cma destination address be changed before calling it. So now it will update the destination address internally only when it is really needed and after passing all the required checks. Which in turn results in a cleaner and more sensible call and error handling flows for the functions that call it directly or indirectly. Signed-off-by: Patrisious Haddad <phaddad(a)nvidia.com> Reported-by: Wei Chen <harperchen1110(a)gmail.com> Reviewed-by: Mark Zhang <markzhang(a)nvidia.com> Link: https://lore.kernel.org/r/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.16728192… Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Zhi Yang <Zhi.Yang(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/infiniband/core/cma.c | 253 +++++++++++++++++----------------- 1 file changed, 130 insertions(+), 123 deletions(-) diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index a204c738e9cf..e8dfce17a5e5 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -3364,121 +3364,6 @@ static int cma_resolve_ib_addr(struct rdma_id_private *id_priv) return ret; } -static int cma_bind_addr(struct rdma_cm_id *id, struct sockaddr *src_addr, - const struct sockaddr *dst_addr) -{ - struct sockaddr_storage zero_sock = {}; - - if (src_addr && src_addr->sa_family) - return rdma_bind_addr(id, src_addr); - - /* - * When the src_addr is not specified, automatically supply an any addr - */ - zero_sock.ss_family = dst_addr->sa_family; - if (IS_ENABLED(CONFIG_IPV6) && dst_addr->sa_family == AF_INET6) { - struct sockaddr_in6 *src_addr6 = - (struct sockaddr_in6 *)&zero_sock; - struct sockaddr_in6 *dst_addr6 = - (struct sockaddr_in6 *)dst_addr; - - src_addr6->sin6_scope_id = dst_addr6->sin6_scope_id; - if (ipv6_addr_type(&dst_addr6->sin6_addr) & IPV6_ADDR_LINKLOCAL) - id->route.addr.dev_addr.bound_dev_if = - dst_addr6->sin6_scope_id; - } else if (dst_addr->sa_family == AF_IB) { - ((struct sockaddr_ib *)&zero_sock)->sib_pkey = - ((struct sockaddr_ib *)dst_addr)->sib_pkey; - } - return rdma_bind_addr(id, (struct sockaddr *)&zero_sock); -} - -/* - * If required, resolve the source address for bind and leave the id_priv in - * state RDMA_CM_ADDR_BOUND. This oddly uses the state to determine the prior - * calls made by ULP, a previously bound ID will not be re-bound and src_addr is - * ignored. - */ -static int resolve_prepare_src(struct rdma_id_private *id_priv, - struct sockaddr *src_addr, - const struct sockaddr *dst_addr) -{ - int ret; - - memcpy(cma_dst_addr(id_priv), dst_addr, rdma_addr_size(dst_addr)); - if (!cma_comp_exch(id_priv, RDMA_CM_ADDR_BOUND, RDMA_CM_ADDR_QUERY)) { - /* For a well behaved ULP state will be RDMA_CM_IDLE */ - ret = cma_bind_addr(&id_priv->id, src_addr, dst_addr); - if (ret) - goto err_dst; - if (WARN_ON(!cma_comp_exch(id_priv, RDMA_CM_ADDR_BOUND, - RDMA_CM_ADDR_QUERY))) { - ret = -EINVAL; - goto err_dst; - } - } - - if (cma_family(id_priv) != dst_addr->sa_family) { - ret = -EINVAL; - goto err_state; - } - return 0; - -err_state: - cma_comp_exch(id_priv, RDMA_CM_ADDR_QUERY, RDMA_CM_ADDR_BOUND); -err_dst: - memset(cma_dst_addr(id_priv), 0, rdma_addr_size(dst_addr)); - return ret; -} - -int rdma_resolve_addr(struct rdma_cm_id *id, struct sockaddr *src_addr, - const struct sockaddr *dst_addr, unsigned long timeout_ms) -{ - struct rdma_id_private *id_priv = - container_of(id, struct rdma_id_private, id); - int ret; - - ret = resolve_prepare_src(id_priv, src_addr, dst_addr); - if (ret) - return ret; - - if (cma_any_addr(dst_addr)) { - ret = cma_resolve_loopback(id_priv); - } else { - if (dst_addr->sa_family == AF_IB) { - ret = cma_resolve_ib_addr(id_priv); - } else { - /* - * The FSM can return back to RDMA_CM_ADDR_BOUND after - * rdma_resolve_ip() is called, eg through the error - * path in addr_handler(). If this happens the existing - * request must be canceled before issuing a new one. - * Since canceling a request is a bit slow and this - * oddball path is rare, keep track once a request has - * been issued. The track turns out to be a permanent - * state since this is the only cancel as it is - * immediately before rdma_resolve_ip(). - */ - if (id_priv->used_resolve_ip) - rdma_addr_cancel(&id->route.addr.dev_addr); - else - id_priv->used_resolve_ip = 1; - ret = rdma_resolve_ip(cma_src_addr(id_priv), dst_addr, - &id->route.addr.dev_addr, - timeout_ms, addr_handler, - false, id_priv); - } - } - if (ret) - goto err; - - return 0; -err: - cma_comp_exch(id_priv, RDMA_CM_ADDR_QUERY, RDMA_CM_ADDR_BOUND); - return ret; -} -EXPORT_SYMBOL(rdma_resolve_addr); - int rdma_set_reuseaddr(struct rdma_cm_id *id, int reuse) { struct rdma_id_private *id_priv; @@ -3881,27 +3766,26 @@ int rdma_listen(struct rdma_cm_id *id, int backlog) } EXPORT_SYMBOL(rdma_listen); -int rdma_bind_addr(struct rdma_cm_id *id, struct sockaddr *addr) +static int rdma_bind_addr_dst(struct rdma_id_private *id_priv, + struct sockaddr *addr, const struct sockaddr *daddr) { - struct rdma_id_private *id_priv; + struct sockaddr *id_daddr; int ret; - struct sockaddr *daddr; if (addr->sa_family != AF_INET && addr->sa_family != AF_INET6 && addr->sa_family != AF_IB) return -EAFNOSUPPORT; - id_priv = container_of(id, struct rdma_id_private, id); if (!cma_comp_exch(id_priv, RDMA_CM_IDLE, RDMA_CM_ADDR_BOUND)) return -EINVAL; - ret = cma_check_linklocal(&id->route.addr.dev_addr, addr); + ret = cma_check_linklocal(&id_priv->id.route.addr.dev_addr, addr); if (ret) goto err1; memcpy(cma_src_addr(id_priv), addr, rdma_addr_size(addr)); if (!cma_any_addr(addr)) { - ret = cma_translate_addr(addr, &id->route.addr.dev_addr); + ret = cma_translate_addr(addr, &id_priv->id.route.addr.dev_addr); if (ret) goto err1; @@ -3921,8 +3805,10 @@ int rdma_bind_addr(struct rdma_cm_id *id, struct sockaddr *addr) } #endif } - daddr = cma_dst_addr(id_priv); - daddr->sa_family = addr->sa_family; + id_daddr = cma_dst_addr(id_priv); + if (daddr != id_daddr) + memcpy(id_daddr, daddr, rdma_addr_size(addr)); + id_daddr->sa_family = addr->sa_family; ret = cma_get_port(id_priv); if (ret) @@ -3938,6 +3824,127 @@ int rdma_bind_addr(struct rdma_cm_id *id, struct sockaddr *addr) cma_comp_exch(id_priv, RDMA_CM_ADDR_BOUND, RDMA_CM_IDLE); return ret; } + +static int cma_bind_addr(struct rdma_cm_id *id, struct sockaddr *src_addr, + const struct sockaddr *dst_addr) +{ + struct rdma_id_private *id_priv = + container_of(id, struct rdma_id_private, id); + struct sockaddr_storage zero_sock = {}; + + if (src_addr && src_addr->sa_family) + return rdma_bind_addr_dst(id_priv, src_addr, dst_addr); + + /* + * When the src_addr is not specified, automatically supply an any addr + */ + zero_sock.ss_family = dst_addr->sa_family; + if (IS_ENABLED(CONFIG_IPV6) && dst_addr->sa_family == AF_INET6) { + struct sockaddr_in6 *src_addr6 = + (struct sockaddr_in6 *)&zero_sock; + struct sockaddr_in6 *dst_addr6 = + (struct sockaddr_in6 *)dst_addr; + + src_addr6->sin6_scope_id = dst_addr6->sin6_scope_id; + if (ipv6_addr_type(&dst_addr6->sin6_addr) & IPV6_ADDR_LINKLOCAL) + id->route.addr.dev_addr.bound_dev_if = + dst_addr6->sin6_scope_id; + } else if (dst_addr->sa_family == AF_IB) { + ((struct sockaddr_ib *)&zero_sock)->sib_pkey = + ((struct sockaddr_ib *)dst_addr)->sib_pkey; + } + return rdma_bind_addr_dst(id_priv, (struct sockaddr *)&zero_sock, dst_addr); +} + +/* + * If required, resolve the source address for bind and leave the id_priv in + * state RDMA_CM_ADDR_BOUND. This oddly uses the state to determine the prior + * calls made by ULP, a previously bound ID will not be re-bound and src_addr is + * ignored. + */ +static int resolve_prepare_src(struct rdma_id_private *id_priv, + struct sockaddr *src_addr, + const struct sockaddr *dst_addr) +{ + int ret; + + if (!cma_comp_exch(id_priv, RDMA_CM_ADDR_BOUND, RDMA_CM_ADDR_QUERY)) { + /* For a well behaved ULP state will be RDMA_CM_IDLE */ + ret = cma_bind_addr(&id_priv->id, src_addr, dst_addr); + if (ret) + return ret; + if (WARN_ON(!cma_comp_exch(id_priv, RDMA_CM_ADDR_BOUND, + RDMA_CM_ADDR_QUERY))) + return -EINVAL; + + } + + if (cma_family(id_priv) != dst_addr->sa_family) { + ret = -EINVAL; + goto err_state; + } + return 0; + +err_state: + cma_comp_exch(id_priv, RDMA_CM_ADDR_QUERY, RDMA_CM_ADDR_BOUND); + return ret; +} + +int rdma_resolve_addr(struct rdma_cm_id *id, struct sockaddr *src_addr, + const struct sockaddr *dst_addr, unsigned long timeout_ms) +{ + struct rdma_id_private *id_priv = + container_of(id, struct rdma_id_private, id); + int ret; + + ret = resolve_prepare_src(id_priv, src_addr, dst_addr); + if (ret) + return ret; + + if (cma_any_addr(dst_addr)) { + ret = cma_resolve_loopback(id_priv); + } else { + if (dst_addr->sa_family == AF_IB) { + ret = cma_resolve_ib_addr(id_priv); + } else { + /* + * The FSM can return back to RDMA_CM_ADDR_BOUND after + * rdma_resolve_ip() is called, eg through the error + * path in addr_handler(). If this happens the existing + * request must be canceled before issuing a new one. + * Since canceling a request is a bit slow and this + * oddball path is rare, keep track once a request has + * been issued. The track turns out to be a permanent + * state since this is the only cancel as it is + * immediately before rdma_resolve_ip(). + */ + if (id_priv->used_resolve_ip) + rdma_addr_cancel(&id->route.addr.dev_addr); + else + id_priv->used_resolve_ip = 1; + ret = rdma_resolve_ip(cma_src_addr(id_priv), dst_addr, + &id->route.addr.dev_addr, + timeout_ms, addr_handler, + false, id_priv); + } + } + if (ret) + goto err; + + return 0; +err: + cma_comp_exch(id_priv, RDMA_CM_ADDR_QUERY, RDMA_CM_ADDR_BOUND); + return ret; +} +EXPORT_SYMBOL(rdma_resolve_addr); + +int rdma_bind_addr(struct rdma_cm_id *id, struct sockaddr *addr) +{ + struct rdma_id_private *id_priv = + container_of(id, struct rdma_id_private, id); + + return rdma_bind_addr_dst(id_priv, addr, cma_dst_addr(id_priv)); +} EXPORT_SYMBOL(rdma_bind_addr); static int cma_format_hdr(void *hdr, struct rdma_id_private *id_priv) -- 2.34.1

7 months

2
1
0 0

[PATCH AUTOSEL 5.10 1/3] btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref

by Sasha Levin

From: Goldwyn Rodrigues <rgoldwyn(a)suse.de> [ Upstream commit bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e ] btrfs_prelim_ref() calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to trace_btrfs_prelim_ref_insert(). Note, trace_btrfs_prelim_ref_insert() is being called with newref as oldref (and oldref as NULL) on purpose in order to print out the values of newref. To reproduce: echo 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable Perform some writeback operations. Backtrace: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014 RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130 Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88 RSP: 0018:ffffce44820077a0 EFLAGS: 00010286 RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000 R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540 FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> prelim_ref_insert+0x1c1/0x270 find_parent_nodes+0x12a6/0x1ee0 ? __entry_text_end+0x101f06/0x101f09 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 btrfs_is_data_extent_shared+0x167/0x640 ? fiemap_process_hole+0xd0/0x2c0 extent_fiemap+0xa5c/0xbc0 ? __entry_text_end+0x101f05/0x101f09 btrfs_fiemap+0x7e/0xd0 do_vfs_ioctl+0x425/0x9d0 __x64_sys_ioctl+0x75/0xc0 Signed-off-by: Goldwyn Rodrigues <rgoldwyn(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/trace/events/btrfs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index 041be3ce10718..d8aa1d3570243 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -1788,7 +1788,7 @@ DECLARE_EVENT_CLASS(btrfs__prelim_ref, TP_PROTO(const struct btrfs_fs_info *fs_info, const struct prelim_ref *oldref, const struct prelim_ref *newref, u64 tree_size), - TP_ARGS(fs_info, newref, oldref, tree_size), + TP_ARGS(fs_info, oldref, newref, tree_size), TP_STRUCT__entry_btrfs( __field( u64, root_id ) -- 2.39.5

7 months

1
2
0 0

[PATCH 6.1.y] nvme: apple: fix device reference counting

by bin.lan.cn＠windriver.com

From: Keith Busch <kbusch(a)kernel.org> [ Upstream commit b9ecbfa45516182cd062fecd286db7907ba84210 ] Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Split the allocation side out to make the error handling boundary easier to navigate. The apple driver had been doing this wrong, leaking the controller device memory on a tagset failure. Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Chaitanya Kulkarni <kch(a)nvidia.com> Signed-off-by: Keith Busch <kbusch(a)kernel.org> [Minor context change fixed.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/nvme/host/apple.c | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/drivers/nvme/host/apple.c b/drivers/nvme/host/apple.c index 262d2b60ac6d..057917e23b6f 100644 --- a/drivers/nvme/host/apple.c +++ b/drivers/nvme/host/apple.c @@ -1373,7 +1373,7 @@ static void devm_apple_nvme_mempool_destroy(void *data) mempool_destroy(data); } -static int apple_nvme_probe(struct platform_device *pdev) +static struct apple_nvme *apple_nvme_alloc(struct platform_device *pdev) { struct device *dev = &pdev->dev; struct apple_nvme *anv; @@ -1381,7 +1381,7 @@ static int apple_nvme_probe(struct platform_device *pdev) anv = devm_kzalloc(dev, sizeof(*anv), GFP_KERNEL); if (!anv) - return -ENOMEM; + return ERR_PTR(-ENOMEM); anv->dev = get_device(dev); anv->adminq.is_adminq = true; @@ -1501,10 +1501,26 @@ static int apple_nvme_probe(struct platform_device *pdev) goto put_dev; } + return anv; +put_dev: + put_device(anv->dev); + return ERR_PTR(ret); +} + +static int apple_nvme_probe(struct platform_device *pdev) +{ + struct apple_nvme *anv; + int ret; + + anv = apple_nvme_alloc(pdev); + if (IS_ERR(anv)) + return PTR_ERR(anv); + anv->ctrl.admin_q = blk_mq_init_queue(&anv->admin_tagset); if (IS_ERR(anv->ctrl.admin_q)) { ret = -ENOMEM; - goto put_dev; + anv->ctrl.admin_q = NULL; + goto out_uninit_ctrl; } if (!blk_get_queue(anv->ctrl.admin_q)) { @@ -1512,7 +1528,7 @@ static int apple_nvme_probe(struct platform_device *pdev) blk_mq_destroy_queue(anv->ctrl.admin_q); anv->ctrl.admin_q = NULL; ret = -ENODEV; - goto put_dev; + goto out_uninit_ctrl; } nvme_reset_ctrl(&anv->ctrl); @@ -1520,8 +1536,9 @@ static int apple_nvme_probe(struct platform_device *pdev) return 0; -put_dev: - put_device(anv->dev); +out_uninit_ctrl: + nvme_uninit_ctrl(&anv->ctrl); + nvme_put_ctrl(&anv->ctrl); return ret; } -- 2.34.1

7 months

2
1
0 0

[PATCH 5.10.y] media: mtk-vcodec: potential null pointer deference in SCP

by jianqi.ren.cn＠windriver.com

From: Fullway Wang <fullwaywang(a)outlook.com> [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ] The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@… Signed-off-by: Fullway Wang <fullwaywang(a)outlook.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c index d8e66b645bd8..27f08b1d34d1 100644 --- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c +++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c @@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev) } fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL); + if (!fw) + return ERR_PTR(-ENOMEM); fw->type = SCP; fw->ops = &mtk_vcodec_rproc_msg; fw->scp = scp; -- 2.34.1

7 months

2
1
0 0

[PATCH 6.1.y] btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()

by jianqi.ren.cn＠windriver.com

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit 28cb13f29faf6290597b24b728dc3100c019356f ] Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/extent-tree.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 9040108eda64..5395e27f9e89 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -179,6 +179,14 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, ei = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_extent_item); num_refs = btrfs_extent_refs(leaf, ei); + if (unlikely(num_refs == 0)) { + ret = -EUCLEAN; + btrfs_err(fs_info, + "unexpected zero reference count for extent item (%llu %u %llu)", + key.objectid, key.type, key.offset); + btrfs_abort_transaction(trans, ret); + goto out_free; + } extent_flags = btrfs_extent_flags(leaf, ei); } else { ret = -EINVAL; @@ -190,8 +198,6 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, goto out_free; } - - BUG_ON(num_refs == 0); } else { num_refs = 0; extent_flags = 0; @@ -221,10 +227,19 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, goto search_again; } spin_lock(&head->lock); - if (head->extent_op && head->extent_op->update_flags) + if (head->extent_op && head->extent_op->update_flags) { extent_flags |= head->extent_op->flags_to_set; - else - BUG_ON(num_refs == 0); + } else if (unlikely(num_refs == 0)) { + spin_unlock(&head->lock); + mutex_unlock(&head->mutex); + spin_unlock(&delayed_refs->lock); + ret = -EUCLEAN; + btrfs_err(fs_info, + "unexpected zero reference count for extent %llu (%s)", + bytenr, metadata ? "metadata" : "data"); + btrfs_abort_transaction(trans, ret); + goto out_free; + } num_refs += head->ref_mod; spin_unlock(&head->lock); -- 2.34.1

7 months

2
1
0 0

[PATCH AUTOSEL 5.15 1/3] btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref

by Sasha Levin

From: Goldwyn Rodrigues <rgoldwyn(a)suse.de> [ Upstream commit bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e ] btrfs_prelim_ref() calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to trace_btrfs_prelim_ref_insert(). Note, trace_btrfs_prelim_ref_insert() is being called with newref as oldref (and oldref as NULL) on purpose in order to print out the values of newref. To reproduce: echo 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable Perform some writeback operations. Backtrace: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014 RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130 Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88 RSP: 0018:ffffce44820077a0 EFLAGS: 00010286 RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000 R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540 FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> prelim_ref_insert+0x1c1/0x270 find_parent_nodes+0x12a6/0x1ee0 ? __entry_text_end+0x101f06/0x101f09 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 btrfs_is_data_extent_shared+0x167/0x640 ? fiemap_process_hole+0xd0/0x2c0 extent_fiemap+0xa5c/0xbc0 ? __entry_text_end+0x101f05/0x101f09 btrfs_fiemap+0x7e/0xd0 do_vfs_ioctl+0x425/0x9d0 __x64_sys_ioctl+0x75/0xc0 Signed-off-by: Goldwyn Rodrigues <rgoldwyn(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/trace/events/btrfs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index 9271b5dfae4c4..a5f77b685c55f 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -1788,7 +1788,7 @@ DECLARE_EVENT_CLASS(btrfs__prelim_ref, TP_PROTO(const struct btrfs_fs_info *fs_info, const struct prelim_ref *oldref, const struct prelim_ref *newref, u64 tree_size), - TP_ARGS(fs_info, newref, oldref, tree_size), + TP_ARGS(fs_info, oldref, newref, tree_size), TP_STRUCT__entry_btrfs( __field( u64, root_id ) -- 2.39.5

7 months

1
2
0 0

[PATCH 6.1.y 1/2] usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

by bin.lan.cn＠windriver.com

From: Dan Carpenter <dan.carpenter(a)linaro.org> [ Upstream commit e56aac6e5a25630645607b6856d4b2a17b2311a5 ] The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. Fixes: 170a6726d0e2 ("usb: typec: ucsi: add support for separate DP altmode devices") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/c69ef0b3-61b0-4dde-98dd-97b97f81d912@stanley.moun… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [The function ucsi_ccg_sync_write() is renamed to ucsi_ccg_sync_control() in commit 13f2ec3115c8 ("usb: typec: ucsi:simplify command sending API"). Apply this patch to ucsi_ccg_sync_write() in 6.1.y accordingly.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c index 8e500fe41e78..4801d783bd0c 100644 --- a/drivers/usb/typec/ucsi/ucsi_ccg.c +++ b/drivers/usb/typec/ucsi/ucsi_ccg.c @@ -585,6 +585,10 @@ static int ucsi_ccg_sync_write(struct ucsi *ucsi, unsigned int offset, uc->has_multiple_dp) { con_index = (uc->last_cmd_sent >> 16) & UCSI_CMD_CONNECTOR_MASK; + if (con_index == 0) { + ret = -EINVAL; + goto unlock; + } con = &uc->ucsi->connector[con_index - 1]; ucsi_ccg_update_set_new_cam_cmd(uc, con, (u64 *)val); } @@ -600,6 +604,7 @@ static int ucsi_ccg_sync_write(struct ucsi *ucsi, unsigned int offset, err_clear_bit: clear_bit(DEV_CMD_PENDING, &uc->flags); pm_runtime_put_sync(uc->dev); +unlock: mutex_unlock(&uc->lock); return ret; -- 2.34.1

7 months

2
3
0 0

[PATCH 5.10.y 1/2] usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

by bin.lan.cn＠windriver.com

From: Dan Carpenter <dan.carpenter(a)linaro.org> [ Upstream commit e56aac6e5a25630645607b6856d4b2a17b2311a5 ] The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. Fixes: 170a6726d0e2 ("usb: typec: ucsi: add support for separate DP altmode devices") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/c69ef0b3-61b0-4dde-98dd-97b97f81d912@stanley.moun… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [The function ucsi_ccg_sync_write() is renamed to ucsi_ccg_sync_control() in commit 13f2ec3115c8 ("usb: typec: ucsi:simplify command sending API"). Apply this patch to ucsi_ccg_sync_write() in 5.10.y accordingly.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c index fb6211efb5d8..3983bf21a580 100644 --- a/drivers/usb/typec/ucsi/ucsi_ccg.c +++ b/drivers/usb/typec/ucsi/ucsi_ccg.c @@ -573,6 +573,10 @@ static int ucsi_ccg_sync_write(struct ucsi *ucsi, unsigned int offset, uc->has_multiple_dp) { con_index = (uc->last_cmd_sent >> 16) & UCSI_CMD_CONNECTOR_MASK; + if (con_index == 0) { + ret = -EINVAL; + goto unlock; + } con = &uc->ucsi->connector[con_index - 1]; ucsi_ccg_update_set_new_cam_cmd(uc, con, (u64 *)val); } @@ -588,6 +592,7 @@ static int ucsi_ccg_sync_write(struct ucsi *ucsi, unsigned int offset, err_clear_bit: clear_bit(DEV_CMD_PENDING, &uc->flags); pm_runtime_put_sync(uc->dev); +unlock: mutex_unlock(&uc->lock); return ret; -- 2.34.1

7 months

2
3
0 0

[PATCH AUTOSEL 6.1 1/4] btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref

by Sasha Levin

From: Goldwyn Rodrigues <rgoldwyn(a)suse.de> [ Upstream commit bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e ] btrfs_prelim_ref() calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to trace_btrfs_prelim_ref_insert(). Note, trace_btrfs_prelim_ref_insert() is being called with newref as oldref (and oldref as NULL) on purpose in order to print out the values of newref. To reproduce: echo 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable Perform some writeback operations. Backtrace: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014 RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130 Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88 RSP: 0018:ffffce44820077a0 EFLAGS: 00010286 RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000 R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540 FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> prelim_ref_insert+0x1c1/0x270 find_parent_nodes+0x12a6/0x1ee0 ? __entry_text_end+0x101f06/0x101f09 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 btrfs_is_data_extent_shared+0x167/0x640 ? fiemap_process_hole+0xd0/0x2c0 extent_fiemap+0xa5c/0xbc0 ? __entry_text_end+0x101f05/0x101f09 btrfs_fiemap+0x7e/0xd0 do_vfs_ioctl+0x425/0x9d0 __x64_sys_ioctl+0x75/0xc0 Signed-off-by: Goldwyn Rodrigues <rgoldwyn(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/trace/events/btrfs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index 7a6c5a870d33c..31847ccae4936 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -1847,7 +1847,7 @@ DECLARE_EVENT_CLASS(btrfs__prelim_ref, TP_PROTO(const struct btrfs_fs_info *fs_info, const struct prelim_ref *oldref, const struct prelim_ref *newref, u64 tree_size), - TP_ARGS(fs_info, newref, oldref, tree_size), + TP_ARGS(fs_info, oldref, newref, tree_size), TP_STRUCT__entry_btrfs( __field( u64, root_id ) -- 2.39.5

7 months

1
3
0 0

[PATCH 5.10.y] btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()

by jianqi.ren.cn＠windriver.com

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit 28cb13f29faf6290597b24b728dc3100c019356f ] Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/extent-tree.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index cf2b65be04b5..d652d4091b2b 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -174,6 +174,14 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, ei = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_extent_item); num_refs = btrfs_extent_refs(leaf, ei); + if (unlikely(num_refs == 0)) { + ret = -EUCLEAN; + btrfs_err(fs_info, + "unexpected zero reference count for extent item (%llu %u %llu)", + key.objectid, key.type, key.offset); + btrfs_abort_transaction(trans, ret); + goto out_free; + } extent_flags = btrfs_extent_flags(leaf, ei); } else { ret = -EINVAL; @@ -185,8 +193,6 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, goto out_free; } - - BUG_ON(num_refs == 0); } else { num_refs = 0; extent_flags = 0; @@ -216,10 +222,19 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, goto search_again; } spin_lock(&head->lock); - if (head->extent_op && head->extent_op->update_flags) + if (head->extent_op && head->extent_op->update_flags) { extent_flags |= head->extent_op->flags_to_set; - else - BUG_ON(num_refs == 0); + } else if (unlikely(num_refs == 0)) { + spin_unlock(&head->lock); + mutex_unlock(&head->mutex); + spin_unlock(&delayed_refs->lock); + ret = -EUCLEAN; + btrfs_err(fs_info, + "unexpected zero reference count for extent %llu (%s)", + bytenr, metadata ? "metadata" : "data"); + btrfs_abort_transaction(trans, ret); + goto out_free; + } num_refs += head->ref_mod; spin_unlock(&head->lock); -- 2.34.1

7 months

2
1
0 0

FAILED: patch "[PATCH] firmware: arm_scmi: Fix timeout checks on polling path" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c23c03bf1faa1e76be1eba35bad6da6a2a7c95ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050930-scuba-spending-0eb9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c23c03bf1faa1e76be1eba35bad6da6a2a7c95ee Mon Sep 17 00:00:00 2001 From: Cristian Marussi <cristian.marussi(a)arm.com> Date: Mon, 10 Mar 2025 17:58:00 +0000 Subject: [PATCH] firmware: arm_scmi: Fix timeout checks on polling path Polling mode transactions wait for a reply busy-looping without holding a spinlock, but currently the timeout checks are based only on elapsed time: as a result we could hit a false positive whenever our busy-looping thread is pre-empted and scheduled out for a time greater than the polling timeout. Change the checks at the end of the busy-loop to make sure that the polling wasn't indeed successful or an out-of-order reply caused the polling to be forcibly terminated. Fixes: 31d2f803c19c ("firmware: arm_scmi: Add sync_cmds_completed_on_ret transport flag") Reported-by: Huangjie <huangjie1663(a)phytium.com.cn> Closes: https://lore.kernel.org/arm-scmi/20250123083323.2363749-1-jackhuang021@gmai… Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> Cc: stable(a)vger.kernel.org # 5.18.x Message-Id: <20250310175800.1444293-1-cristian.marussi(a)arm.com> Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index 1c75a4c9c371..0390d5ff195e 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -1248,7 +1248,8 @@ static void xfer_put(const struct scmi_protocol_handle *ph, } static bool scmi_xfer_done_no_timeout(struct scmi_chan_info *cinfo, - struct scmi_xfer *xfer, ktime_t stop) + struct scmi_xfer *xfer, ktime_t stop, + bool *ooo) { struct scmi_info *info = handle_to_scmi_info(cinfo->handle); @@ -1257,7 +1258,7 @@ static bool scmi_xfer_done_no_timeout(struct scmi_chan_info *cinfo, * in case of out-of-order receptions of delayed responses */ return info->desc->ops->poll_done(cinfo, xfer) || - try_wait_for_completion(&xfer->done) || + (*ooo = try_wait_for_completion(&xfer->done)) || ktime_after(ktime_get(), stop); } @@ -1274,15 +1275,17 @@ static int scmi_wait_for_reply(struct device *dev, const struct scmi_desc *desc, * itself to support synchronous commands replies. */ if (!desc->sync_cmds_completed_on_ret) { + bool ooo = false; + /* * Poll on xfer using transport provided .poll_done(); * assumes no completion interrupt was available. */ ktime_t stop = ktime_add_ms(ktime_get(), timeout_ms); - spin_until_cond(scmi_xfer_done_no_timeout(cinfo, - xfer, stop)); - if (ktime_after(ktime_get(), stop)) { + spin_until_cond(scmi_xfer_done_no_timeout(cinfo, xfer, + stop, &ooo)); + if (!ooo && !info->desc->ops->poll_done(cinfo, xfer)) { dev_err(dev, "timed out in resp(caller: %pS) - polling\n", (void *)_RET_IP_);

7 months

4
4
0 0

[PATCH AUTOSEL 6.6 1/6] btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref

by Sasha Levin

From: Goldwyn Rodrigues <rgoldwyn(a)suse.de> [ Upstream commit bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e ] btrfs_prelim_ref() calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to trace_btrfs_prelim_ref_insert(). Note, trace_btrfs_prelim_ref_insert() is being called with newref as oldref (and oldref as NULL) on purpose in order to print out the values of newref. To reproduce: echo 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable Perform some writeback operations. Backtrace: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014 RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130 Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88 RSP: 0018:ffffce44820077a0 EFLAGS: 00010286 RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000 R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540 FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> prelim_ref_insert+0x1c1/0x270 find_parent_nodes+0x12a6/0x1ee0 ? __entry_text_end+0x101f06/0x101f09 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 btrfs_is_data_extent_shared+0x167/0x640 ? fiemap_process_hole+0xd0/0x2c0 extent_fiemap+0xa5c/0xbc0 ? __entry_text_end+0x101f05/0x101f09 btrfs_fiemap+0x7e/0xd0 do_vfs_ioctl+0x425/0x9d0 __x64_sys_ioctl+0x75/0xc0 Signed-off-by: Goldwyn Rodrigues <rgoldwyn(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/trace/events/btrfs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index 3c4d5ef6d4463..8ea1674069fe8 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -1956,7 +1956,7 @@ DECLARE_EVENT_CLASS(btrfs__prelim_ref, TP_PROTO(const struct btrfs_fs_info *fs_info, const struct prelim_ref *oldref, const struct prelim_ref *newref, u64 tree_size), - TP_ARGS(fs_info, newref, oldref, tree_size), + TP_ARGS(fs_info, oldref, newref, tree_size), TP_STRUCT__entry_btrfs( __field( u64, root_id ) -- 2.39.5

7 months

1
5
0 0

FAILED: patch "[PATCH] arm64/sme: Always exit sme_alloc() early with existing" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024012617-overlap-reborn-e124@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: dc7eb8755797 ("arm64/sme: Always exit sme_alloc() early with existing storage") 5d0a8d2fba50 ("arm64/ptrace: Ensure that SME is set up for target when writing SSVE state") f90b529bcbe5 ("arm64/sme: Implement ZT0 ptrace support") ce514000da4f ("arm64/sme: Rename za_state to sme_state") 1192b93ba352 ("arm64/fp: Use a struct to pass data to fpsimd_bind_state_to_cpu()") deeb8f9a80fd ("arm64/fpsimd: Have KVM explicitly say which FP registers to save") baa8515281b3 ("arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE") 93ae6b01bafe ("KVM: arm64: Discard any SVE state when entering KVM guests") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 Mon Sep 17 00:00:00 2001 From: Mark Brown <broonie(a)kernel.org> Date: Mon, 15 Jan 2024 20:15:46 +0000 Subject: [PATCH] arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fix this by separating the checks for flushing and for existing storage as we do for SVE. Callers that reallocate (eg, due to changing the vector length) should call sme_free() themselves. Fixes: 5d0a8d2fba50 ("arm64/ptrace: Ensure that SME is set up for target when writing SSVE state") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240115-arm64-sme-flush-v1-1-7472bd3459b7@kernel… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index 0983be2b1b61..a5dc6f764195 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1217,8 +1217,10 @@ void fpsimd_release_task(struct task_struct *dead_task) */ void sme_alloc(struct task_struct *task, bool flush) { - if (task->thread.sme_state && flush) { - memset(task->thread.sme_state, 0, sme_state_size(task)); + if (task->thread.sme_state) { + if (flush) + memset(task->thread.sme_state, 0, + sme_state_size(task)); return; }

7 months

3
2
0 0

[PATCH 6.1.y] sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket

by jianqi.ren.cn＠windriver.com

From: Liu Jian <liujian56(a)huawei.com> [ Upstream commit 3f23f96528e8fcf8619895c4c916c52653892ec1 ] BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: <IRQ> dump_stack_lvl+0x68/0xa0 print_address_description.constprop.0+0x2c/0x3d0 print_report+0xb4/0x270 kasan_report+0xbd/0xf0 tcp_write_timer_handler+0x156/0x3e0 tcp_write_timer+0x66/0x170 call_timer_fn+0xfb/0x1d0 __run_timers+0x3f8/0x480 run_timer_softirq+0x9b/0x100 handle_softirqs+0x153/0x390 __irq_exit_rcu+0x103/0x120 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0x76/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 RSP: 0018:ffffffffa2007e28 EFLAGS: 00000242 RAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d R10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000 R13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0 default_idle_call+0x6b/0xa0 cpuidle_idle_call+0x1af/0x1f0 do_idle+0xbc/0x130 cpu_startup_entry+0x33/0x40 rest_init+0x11f/0x210 start_kernel+0x39a/0x420 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x97/0xa0 common_startup_64+0x13e/0x141 </TASK> Allocated by task 595: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x87/0x90 kmem_cache_alloc_noprof+0x12b/0x3f0 copy_net_ns+0x94/0x380 create_new_namespaces+0x24c/0x500 unshare_nsproxy_namespaces+0x75/0xf0 ksys_unshare+0x24e/0x4f0 __x64_sys_unshare+0x1f/0x30 do_syscall_64+0x70/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 100: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x54/0x70 kmem_cache_free+0x156/0x5d0 cleanup_net+0x5d3/0x670 process_one_work+0x776/0xa90 worker_thread+0x2e2/0x560 kthread+0x1a8/0x1f0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Reproduction script: mkdir -p /mnt/nfsshare mkdir -p /mnt/nfs/netns_1 mkfs.ext4 /dev/sdb mount /dev/sdb /mnt/nfsshare systemctl restart nfs-server chmod 777 /mnt/nfsshare exportfs -i -o rw,no_root_squash *:/mnt/nfsshare ip netns add netns_1 ip link add name veth_1_peer type veth peer veth_1 ifconfig veth_1_peer 11.11.0.254 up ip link set veth_1 netns netns_1 ip netns exec netns_1 ifconfig veth_1 11.11.0.1 ip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \ --tcp-flags FIN FIN -j DROP (note: In my environment, a DESTROY_CLIENTID operation is always sent immediately, breaking the nfs tcp connection.) ip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \ 11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1 ip netns del netns_1 The reason here is that the tcp socket in netns_1 (nfs side) has been shutdown and closed (done in xs_destroy), but the FIN message (with ack) is discarded, and the nfsd side keeps sending retransmission messages. As a result, when the tcp sock in netns_1 processes the received message, it sends the message (FIN message) in the sending queue, and the tcp timer is re-established. When the network namespace is deleted, the net structure accessed by tcp's timer handler function causes problems. To fix this problem, let's hold netns refcnt for the tcp kernel socket as done in other modules. This is an ugly hack which can easily be backported to earlier kernels. A proper fix which cleans up the interfaces will follow, but may not be so easy to backport. Fixes: 26abe14379f8 ("net: Modify sk_alloc to not reference count the netns of kernel sockets.") Signed-off-by: Liu Jian <liujian56(a)huawei.com> Acked-by: Jeff Layton <jlayton(a)kernel.org> Reviewed-by: Kuniyuki Iwashima <kuniyu(a)amazon.com> Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> [Routine __netns_tracker_free() is not supported in 6.1 and so using netns_tracker_free() instead.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/sunrpc/svcsock.c | 4 ++++ net/sunrpc/xprtsock.c | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c index 23b4c728de59..654579553edb 100644 --- a/net/sunrpc/svcsock.c +++ b/net/sunrpc/svcsock.c @@ -1457,6 +1457,10 @@ static struct svc_xprt *svc_create_socket(struct svc_serv *serv, newlen = error; if (protocol == IPPROTO_TCP) { + netns_tracker_free(net, &sock->sk->ns_tracker); + sock->sk->sk_net_refcnt = 1; + get_net_track(net, &sock->sk->ns_tracker, GFP_KERNEL); + sock_inuse_add(net, 1); if ((error = kernel_listen(sock, 64)) < 0) goto bummer; } diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c index b9dc8e197dde..181474105e4c 100644 --- a/net/sunrpc/xprtsock.c +++ b/net/sunrpc/xprtsock.c @@ -1855,6 +1855,13 @@ static struct socket *xs_create_sock(struct rpc_xprt *xprt, goto out; } + if (protocol == IPPROTO_TCP) { + netns_tracker_free(xprt->xprt_net, &sock->sk->ns_tracker); + sock->sk->sk_net_refcnt = 1; + get_net_track(xprt->xprt_net, &sock->sk->ns_tracker, GFP_KERNEL); + sock_inuse_add(xprt->xprt_net, 1); + } + filp = sock_alloc_file(sock, O_NONBLOCK, NULL); if (IS_ERR(filp)) return ERR_CAST(filp); -- 2.34.1

7 months

2
1
0 0

[PATCH AUTOSEL 6.12 01/11] btrfs: compression: adjust cb->compressed_folios allocation type

by Sasha Levin

From: Kees Cook <kees(a)kernel.org> [ Upstream commit 6f9a8ab796c6528d22de3c504c81fce7dde63d8a ] In preparation for making the kmalloc() family of allocators type aware, we need to make sure that the returned type from the allocation matches the type of the variable being assigned. (Before, the allocator would always return "void *", which can be implicitly cast to any pointer type.) The assigned type is "struct folio **" but the returned type will be "struct page **". These are the same allocation size (pointer size), but the types don't match. Adjust the allocation type to match the assignment. Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Kees Cook <kees(a)kernel.org> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/compression.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c index 40332ab62f101..65d883da86c60 100644 --- a/fs/btrfs/compression.c +++ b/fs/btrfs/compression.c @@ -606,7 +606,7 @@ void btrfs_submit_compressed_read(struct btrfs_bio *bbio) free_extent_map(em); cb->nr_folios = DIV_ROUND_UP(compressed_len, PAGE_SIZE); - cb->compressed_folios = kcalloc(cb->nr_folios, sizeof(struct page *), GFP_NOFS); + cb->compressed_folios = kcalloc(cb->nr_folios, sizeof(struct folio *), GFP_NOFS); if (!cb->compressed_folios) { ret = BLK_STS_RESOURCE; goto out_free_bio; -- 2.39.5

7 months

1
10
0 0

[PATCH v8 04/20] drm/xe: Timeslice GPU on atomic SVM fault

by Himal Prasad Ghimiray

From: Matthew Brost <matthew.brost(a)intel.com> Ensure GPU can make forward progress on an atomic SVM GPU fault by giving the GPU a timeslice of 5ms v2: - Reduce timeslice to 5ms - Double timeslice on retry - Split out GPU SVM changes into independent patch v5: - Double timeslice in a few more places Fixes: 2f118c949160 ("drm/xe: Add SVM VRAM migration") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> --- drivers/gpu/drm/xe/xe_svm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index d8e15259a8df..d934df622276 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -797,6 +797,8 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) ? SZ_64K : 0, .devmem_only = atomic && IS_DGFX(vm->xe) && IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR), + .timeslice_ms = atomic && IS_DGFX(vm->xe) && + IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) ? 5 : 0, }; struct xe_svm_range *range; struct drm_gpusvm_range *r; @@ -836,6 +838,7 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, if (--migrate_try_count >= 0 && xe_svm_range_needs_migrate_to_vram(range, vma)) { err = xe_svm_alloc_vram(vm, tile, range, &ctx); + ctx.timeslice_ms <<= 1; /* Double timeslice if we have to retry */ if (err) { if (migrate_try_count || !ctx.devmem_only) { drm_dbg(&vm->xe->drm, @@ -855,6 +858,7 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, err = drm_gpusvm_range_get_pages(&vm->svm.gpusvm, r, &ctx); /* Corner where CPU mappings have changed */ if (err == -EOPNOTSUPP || err == -EFAULT || err == -EPERM) { + ctx.timeslice_ms <<= 1; /* Double timeslice if we have to retry */ if (migrate_try_count > 0 || !ctx.devmem_only) { if (err == -EOPNOTSUPP) { range_debug(range, "PAGE FAULT - EVICT PAGES"); @@ -894,6 +898,7 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, drm_exec_fini(&exec); err = PTR_ERR(fence); if (err == -EAGAIN) { + ctx.timeslice_ms <<= 1; /* Double timeslice if we have to retry */ range_debug(range, "PAGE FAULT - RETRY BIND"); goto retry; } -- 2.34.1

7 months

1
0
0 0

[PATCH v8 03/20] drm/gpusvm: Add timeslicing support to GPU SVM

by Himal Prasad Ghimiray

From: Matthew Brost <matthew.brost(a)intel.com> Add timeslicing support to GPU SVM which will guarantee the GPU a minimum execution time on piece of physical memory before migration back to CPU. Intended to implement strict migration policies which require memory to be in a certain placement for correct execution. Required for shared CPU and GPU atomics on certain devices. Fixes: 99624bdff867 ("drm/gpusvm: Add support for GPU Shared Virtual Memory") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> --- drivers/gpu/drm/drm_gpusvm.c | 9 +++++++++ include/drm/drm_gpusvm.h | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c index 41f6616bcf76..4b2f32889f00 100644 --- a/drivers/gpu/drm/drm_gpusvm.c +++ b/drivers/gpu/drm/drm_gpusvm.c @@ -1783,6 +1783,8 @@ int drm_gpusvm_migrate_to_devmem(struct drm_gpusvm *gpusvm, goto err_finalize; /* Upon success bind devmem allocation to range and zdd */ + devmem_allocation->timeslice_expiration = get_jiffies_64() + + msecs_to_jiffies(ctx->timeslice_ms); zdd->devmem_allocation = devmem_allocation; /* Owns ref */ err_finalize: @@ -2003,6 +2005,13 @@ static int __drm_gpusvm_migrate_to_ram(struct vm_area_struct *vas, void *buf; int i, err = 0; + if (page) { + zdd = page->zone_device_data; + if (time_before64(get_jiffies_64(), + zdd->devmem_allocation->timeslice_expiration)) + return 0; + } + start = ALIGN_DOWN(fault_addr, size); end = ALIGN(fault_addr + 1, size); diff --git a/include/drm/drm_gpusvm.h b/include/drm/drm_gpusvm.h index 653d48dbe1c1..eaf704d3d05e 100644 --- a/include/drm/drm_gpusvm.h +++ b/include/drm/drm_gpusvm.h @@ -89,6 +89,7 @@ struct drm_gpusvm_devmem_ops { * @ops: Pointer to the operations structure for GPU SVM device memory * @dpagemap: The struct drm_pagemap of the pages this allocation belongs to. * @size: Size of device memory allocation + * @timeslice_expiration: Timeslice expiration in jiffies */ struct drm_gpusvm_devmem { struct device *dev; @@ -97,6 +98,7 @@ struct drm_gpusvm_devmem { const struct drm_gpusvm_devmem_ops *ops; struct drm_pagemap *dpagemap; size_t size; + u64 timeslice_expiration; }; /** @@ -295,6 +297,8 @@ struct drm_gpusvm { * @check_pages_threshold: Check CPU pages for present if chunk is less than or * equal to threshold. If not present, reduce chunk * size. + * @timeslice_ms: The timeslice MS which in minimum time a piece of memory + * remains with either exclusive GPU or CPU access. * @in_notifier: entering from a MMU notifier * @read_only: operating on read-only memory * @devmem_possible: possible to use device memory @@ -304,6 +308,7 @@ struct drm_gpusvm { */ struct drm_gpusvm_ctx { unsigned long check_pages_threshold; + unsigned long timeslice_ms; unsigned int in_notifier :1; unsigned int read_only :1; unsigned int devmem_possible :1; -- 2.34.1

7 months

1
0
0 0

[PATCH v8 02/20] drm/xe: Strict migration policy for atomic SVM faults

by Himal Prasad Ghimiray

From: Matthew Brost <matthew.brost(a)intel.com> Mixing GPU and CPU atomics does not work unless a strict migration policy of GPU atomics must be device memory. Enforce a policy of must be in VRAM with a retry loop of 3 attempts, if retry loop fails abort fault. Removing always_migrate_to_vram modparam as we now have real migration policy. v2: - Only retry migration on atomics - Drop alway migrate modparam v3: - Only set vram_only on DGFX (Himal) - Bail on get_pages failure if vram_only and retry count exceeded (Himal) - s/vram_only/devmem_only - Update xe_svm_range_is_valid to accept devmem_only argument v4: - Fix logic bug get_pages failure v5: - Fix commit message (Himal) - Mention removing always_migrate_to_vram in commit message (Lucas) - Fix xe_svm_range_is_valid to check for devmem pages - Bail on devmem_only && !migrate_devmem (Thomas) v6: - Add READ_ONCE barriers for opportunistic checks (Thomas) - Pair READ_ONCE with WRITE_ONCE (Thomas) v7: - Adjust comments (Thomas) Fixes: 2f118c949160 ("drm/xe: Add SVM VRAM migration") Cc: stable(a)vger.kernel.org Signed-off-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Acked-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com>` Reviewed-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/drm_gpusvm.c | 23 +++++-- drivers/gpu/drm/xe/xe_module.c | 3 - drivers/gpu/drm/xe/xe_module.h | 1 - drivers/gpu/drm/xe/xe_pt.c | 14 ++++- drivers/gpu/drm/xe/xe_svm.c | 111 +++++++++++++++++++++++++-------- drivers/gpu/drm/xe/xe_svm.h | 5 -- include/drm/drm_gpusvm.h | 40 +++++++----- 7 files changed, 140 insertions(+), 57 deletions(-) diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c index a58d03e6cac2..41f6616bcf76 100644 --- a/drivers/gpu/drm/drm_gpusvm.c +++ b/drivers/gpu/drm/drm_gpusvm.c @@ -1118,6 +1118,10 @@ static void __drm_gpusvm_range_unmap_pages(struct drm_gpusvm *gpusvm, lockdep_assert_held(&gpusvm->notifier_lock); if (range->flags.has_dma_mapping) { + struct drm_gpusvm_range_flags flags = { + .__flags = range->flags.__flags, + }; + for (i = 0, j = 0; i < npages; j++) { struct drm_pagemap_device_addr *addr = &range->dma_addr[j]; @@ -1131,8 +1135,12 @@ static void __drm_gpusvm_range_unmap_pages(struct drm_gpusvm *gpusvm, dev, *addr); i += 1 << addr->order; } - range->flags.has_devmem_pages = false; - range->flags.has_dma_mapping = false; + + /* WRITE_ONCE pairs with READ_ONCE for opportunistic checks */ + flags.has_devmem_pages = false; + flags.has_dma_mapping = false; + WRITE_ONCE(range->flags.__flags, flags.__flags); + range->dpagemap = NULL; } } @@ -1334,6 +1342,7 @@ int drm_gpusvm_range_get_pages(struct drm_gpusvm *gpusvm, int err = 0; struct dev_pagemap *pagemap; struct drm_pagemap *dpagemap; + struct drm_gpusvm_range_flags flags; retry: hmm_range.notifier_seq = mmu_interval_read_begin(notifier); @@ -1378,7 +1387,8 @@ int drm_gpusvm_range_get_pages(struct drm_gpusvm *gpusvm, */ drm_gpusvm_notifier_lock(gpusvm); - if (range->flags.unmapped) { + flags.__flags = range->flags.__flags; + if (flags.unmapped) { drm_gpusvm_notifier_unlock(gpusvm); err = -EFAULT; goto err_free; @@ -1474,14 +1484,17 @@ int drm_gpusvm_range_get_pages(struct drm_gpusvm *gpusvm, } i += 1 << order; num_dma_mapped = i; - range->flags.has_dma_mapping = true; + flags.has_dma_mapping = true; } if (zdd) { - range->flags.has_devmem_pages = true; + flags.has_devmem_pages = true; range->dpagemap = dpagemap; } + /* WRITE_ONCE pairs with READ_ONCE for opportunistic checks */ + WRITE_ONCE(range->flags.__flags, flags.__flags); + drm_gpusvm_notifier_unlock(gpusvm); kvfree(pfns); set_seqno: diff --git a/drivers/gpu/drm/xe/xe_module.c b/drivers/gpu/drm/xe/xe_module.c index 64bf46646544..e4742e27e2cd 100644 --- a/drivers/gpu/drm/xe/xe_module.c +++ b/drivers/gpu/drm/xe/xe_module.c @@ -30,9 +30,6 @@ struct xe_modparam xe_modparam = { module_param_named(svm_notifier_size, xe_modparam.svm_notifier_size, uint, 0600); MODULE_PARM_DESC(svm_notifier_size, "Set the svm notifier size(in MiB), must be power of 2"); -module_param_named(always_migrate_to_vram, xe_modparam.always_migrate_to_vram, bool, 0444); -MODULE_PARM_DESC(always_migrate_to_vram, "Always migrate to VRAM on GPU fault"); - module_param_named_unsafe(force_execlist, xe_modparam.force_execlist, bool, 0444); MODULE_PARM_DESC(force_execlist, "Force Execlist submission"); diff --git a/drivers/gpu/drm/xe/xe_module.h b/drivers/gpu/drm/xe/xe_module.h index 84339e509c80..5a3bfea8b7b4 100644 --- a/drivers/gpu/drm/xe/xe_module.h +++ b/drivers/gpu/drm/xe/xe_module.h @@ -12,7 +12,6 @@ struct xe_modparam { bool force_execlist; bool probe_display; - bool always_migrate_to_vram; u32 force_vram_bar_size; int guc_log_level; char *guc_firmware_path; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index b42cf5d1b20c..b04756a97cdc 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -2270,11 +2270,19 @@ static void op_commit(struct xe_vm *vm, } case DRM_GPUVA_OP_DRIVER: { + /* WRITE_ONCE pairs with READ_ONCE in xe_svm.c */ + if (op->subop == XE_VMA_SUBOP_MAP_RANGE) { - op->map_range.range->tile_present |= BIT(tile->id); - op->map_range.range->tile_invalidated &= ~BIT(tile->id); + WRITE_ONCE(op->map_range.range->tile_present, + op->map_range.range->tile_present | + BIT(tile->id)); + WRITE_ONCE(op->map_range.range->tile_invalidated, + op->map_range.range->tile_invalidated & + ~BIT(tile->id)); } else if (op->subop == XE_VMA_SUBOP_UNMAP_RANGE) { - op->unmap_range.range->tile_present &= ~BIT(tile->id); + WRITE_ONCE(op->unmap_range.range->tile_present, + op->unmap_range.range->tile_present & + ~BIT(tile->id)); } break; } diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index d25f02c8d7fc..d8e15259a8df 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -16,8 +16,17 @@ static bool xe_svm_range_in_vram(struct xe_svm_range *range) { - /* Not reliable without notifier lock */ - return range->base.flags.has_devmem_pages; + /* + * Advisory only check whether the range is currently backed by VRAM + * memory. + */ + + struct drm_gpusvm_range_flags flags = { + /* Pairs with WRITE_ONCE in drm_gpusvm.c */ + .__flags = READ_ONCE(range->base.flags.__flags), + }; + + return flags.has_devmem_pages; } static bool xe_svm_range_has_vram_binding(struct xe_svm_range *range) @@ -650,9 +659,16 @@ void xe_svm_fini(struct xe_vm *vm) } static bool xe_svm_range_is_valid(struct xe_svm_range *range, - struct xe_tile *tile) + struct xe_tile *tile, + bool devmem_only) { - return (range->tile_present & ~range->tile_invalidated) & BIT(tile->id); + /* + * Advisory only check whether the range currently has a valid mapping, + * READ_ONCE pairs with WRITE_ONCE in xe_pt.c + */ + return ((READ_ONCE(range->tile_present) & + ~READ_ONCE(range->tile_invalidated)) & BIT(tile->id)) && + (!devmem_only || xe_svm_range_in_vram(range)); } #if IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) @@ -726,6 +742,36 @@ static int xe_svm_alloc_vram(struct xe_vm *vm, struct xe_tile *tile, } #endif +static bool supports_4K_migration(struct xe_device *xe) +{ + if (xe->info.vram_flags & XE_VRAM_FLAGS_NEED64K) + return false; + + return true; +} + +static bool xe_svm_range_needs_migrate_to_vram(struct xe_svm_range *range, + struct xe_vma *vma) +{ + struct xe_vm *vm = range_to_vm(&range->base); + u64 range_size = xe_svm_range_size(range); + + if (!range->base.flags.migrate_devmem) + return false; + + if (xe_svm_range_in_vram(range)) { + drm_dbg(&vm->xe->drm, "Range is already in VRAM\n"); + return false; + } + + if (range_size <= SZ_64K && !supports_4K_migration(vm->xe)) { + drm_dbg(&vm->xe->drm, "Platform doesn't support SZ_4K range migration\n"); + return false; + } + + return true; +} + /** * xe_svm_handle_pagefault() - SVM handle page fault * @vm: The VM. @@ -749,12 +795,15 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR), .check_pages_threshold = IS_DGFX(vm->xe) && IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) ? SZ_64K : 0, + .devmem_only = atomic && IS_DGFX(vm->xe) && + IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR), }; struct xe_svm_range *range; struct drm_gpusvm_range *r; struct drm_exec exec; struct dma_fence *fence; struct xe_tile *tile = gt_to_tile(gt); + int migrate_try_count = ctx.devmem_only ? 3 : 1; ktime_t end = 0; int err; @@ -775,24 +824,30 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, if (IS_ERR(r)) return PTR_ERR(r); + if (ctx.devmem_only && !r->flags.migrate_devmem) + return -EACCES; + range = to_xe_range(r); - if (xe_svm_range_is_valid(range, tile)) + if (xe_svm_range_is_valid(range, tile, ctx.devmem_only)) return 0; range_debug(range, "PAGE FAULT"); - /* XXX: Add migration policy, for now migrate range once */ - if (!range->skip_migrate && range->base.flags.migrate_devmem && - xe_svm_range_size(range) >= SZ_64K) { - range->skip_migrate = true; - + if (--migrate_try_count >= 0 && + xe_svm_range_needs_migrate_to_vram(range, vma)) { err = xe_svm_alloc_vram(vm, tile, range, &ctx); if (err) { - drm_dbg(&vm->xe->drm, - "VRAM allocation failed, falling back to " - "retrying fault, asid=%u, errno=%pe\n", - vm->usm.asid, ERR_PTR(err)); - goto retry; + if (migrate_try_count || !ctx.devmem_only) { + drm_dbg(&vm->xe->drm, + "VRAM allocation failed, falling back to retrying fault, asid=%u, errno=%pe\n", + vm->usm.asid, ERR_PTR(err)); + goto retry; + } else { + drm_err(&vm->xe->drm, + "VRAM allocation failed, retry count exceeded, asid=%u, errno=%pe\n", + vm->usm.asid, ERR_PTR(err)); + return err; + } } } @@ -800,15 +855,22 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, err = drm_gpusvm_range_get_pages(&vm->svm.gpusvm, r, &ctx); /* Corner where CPU mappings have changed */ if (err == -EOPNOTSUPP || err == -EFAULT || err == -EPERM) { - if (err == -EOPNOTSUPP) { - range_debug(range, "PAGE FAULT - EVICT PAGES"); - drm_gpusvm_range_evict(&vm->svm.gpusvm, &range->base); + if (migrate_try_count > 0 || !ctx.devmem_only) { + if (err == -EOPNOTSUPP) { + range_debug(range, "PAGE FAULT - EVICT PAGES"); + drm_gpusvm_range_evict(&vm->svm.gpusvm, + &range->base); + } + drm_dbg(&vm->xe->drm, + "Get pages failed, falling back to retrying, asid=%u, gpusvm=%p, errno=%pe\n", + vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); + range_debug(range, "PAGE FAULT - RETRY PAGES"); + goto retry; + } else { + drm_err(&vm->xe->drm, + "Get pages failed, retry count exceeded, asid=%u, gpusvm=%p, errno=%pe\n", + vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); } - drm_dbg(&vm->xe->drm, - "Get pages failed, falling back to retrying, asid=%u, gpusvm=%p, errno=%pe\n", - vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); - range_debug(range, "PAGE FAULT - RETRY PAGES"); - goto retry; } if (err) { range_debug(range, "PAGE FAULT - FAIL PAGE COLLECT"); @@ -842,9 +904,6 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, } drm_exec_fini(&exec); - if (xe_modparam.always_migrate_to_vram) - range->skip_migrate = false; - dma_fence_wait(fence, false); dma_fence_put(fence); diff --git a/drivers/gpu/drm/xe/xe_svm.h b/drivers/gpu/drm/xe/xe_svm.h index 2881af1e60b2..30fc78b85b30 100644 --- a/drivers/gpu/drm/xe/xe_svm.h +++ b/drivers/gpu/drm/xe/xe_svm.h @@ -39,11 +39,6 @@ struct xe_svm_range { * range. Protected by GPU SVM notifier lock. */ u8 tile_invalidated; - /** - * @skip_migrate: Skip migration to VRAM, protected by GPU fault handler - * locking. - */ - u8 skip_migrate :1; }; /** diff --git a/include/drm/drm_gpusvm.h b/include/drm/drm_gpusvm.h index 9fd25fc880a4..653d48dbe1c1 100644 --- a/include/drm/drm_gpusvm.h +++ b/include/drm/drm_gpusvm.h @@ -185,6 +185,31 @@ struct drm_gpusvm_notifier { } flags; }; +/** + * struct drm_gpusvm_range_flags - Structure representing a GPU SVM range flags + * + * @migrate_devmem: Flag indicating whether the range can be migrated to device memory + * @unmapped: Flag indicating if the range has been unmapped + * @partial_unmap: Flag indicating if the range has been partially unmapped + * @has_devmem_pages: Flag indicating if the range has devmem pages + * @has_dma_mapping: Flag indicating if the range has a DMA mapping + * @__flags: Flags for range in u16 form (used for READ_ONCE) + */ +struct drm_gpusvm_range_flags { + union { + struct { + /* All flags below must be set upon creation */ + u16 migrate_devmem : 1; + /* All flags below must be set / cleared under notifier lock */ + u16 unmapped : 1; + u16 partial_unmap : 1; + u16 has_devmem_pages : 1; + u16 has_dma_mapping : 1; + }; + u16 __flags; + }; +}; + /** * struct drm_gpusvm_range - Structure representing a GPU SVM range * @@ -198,11 +223,6 @@ struct drm_gpusvm_notifier { * @dpagemap: The struct drm_pagemap of the device pages we're dma-mapping. * Note this is assuming only one drm_pagemap per range is allowed. * @flags: Flags for range - * @flags.migrate_devmem: Flag indicating whether the range can be migrated to device memory - * @flags.unmapped: Flag indicating if the range has been unmapped - * @flags.partial_unmap: Flag indicating if the range has been partially unmapped - * @flags.has_devmem_pages: Flag indicating if the range has devmem pages - * @flags.has_dma_mapping: Flag indicating if the range has a DMA mapping * * This structure represents a GPU SVM range used for tracking memory ranges * mapped in a DRM device. @@ -216,15 +236,7 @@ struct drm_gpusvm_range { unsigned long notifier_seq; struct drm_pagemap_device_addr *dma_addr; struct drm_pagemap *dpagemap; - struct { - /* All flags below must be set upon creation */ - u16 migrate_devmem : 1; - /* All flags below must be set / cleared under notifier lock */ - u16 unmapped : 1; - u16 partial_unmap : 1; - u16 has_devmem_pages : 1; - u16 has_dma_mapping : 1; - } flags; + struct drm_gpusvm_range_flags flags; }; /** -- 2.34.1

7 months

1
0
0 0

[PATCH v8 01/20] drm/gpusvm: Introduce devmem_only flag for allocation

by Himal Prasad Ghimiray

This commit adds a new flag, devmem_only, to the drm_gpusvm structure. The purpose of this flag is to ensure that the get_pages function allocates memory exclusively from the device's memory. If the allocation from device memory fails, the function will return an -EFAULT error. Required for shared CPU and GPU atomics on certain devices. v3: - s/vram_only/devmem_only/ Fixes: 99624bdff867 ("drm/gpusvm: Add support for GPU Shared Virtual Memory") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/drm_gpusvm.c | 5 +++++ include/drm/drm_gpusvm.h | 2 ++ 2 files changed, 7 insertions(+) diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c index de424e670995..a58d03e6cac2 100644 --- a/drivers/gpu/drm/drm_gpusvm.c +++ b/drivers/gpu/drm/drm_gpusvm.c @@ -1454,6 +1454,11 @@ int drm_gpusvm_range_get_pages(struct drm_gpusvm *gpusvm, goto err_unmap; } + if (ctx->devmem_only) { + err = -EFAULT; + goto err_unmap; + } + addr = dma_map_page(gpusvm->drm->dev, page, 0, PAGE_SIZE << order, diff --git a/include/drm/drm_gpusvm.h b/include/drm/drm_gpusvm.h index df120b4d1f83..9fd25fc880a4 100644 --- a/include/drm/drm_gpusvm.h +++ b/include/drm/drm_gpusvm.h @@ -286,6 +286,7 @@ struct drm_gpusvm { * @in_notifier: entering from a MMU notifier * @read_only: operating on read-only memory * @devmem_possible: possible to use device memory + * @devmem_only: use only device memory * * Context that is DRM GPUSVM is operating in (i.e. user arguments). */ @@ -294,6 +295,7 @@ struct drm_gpusvm_ctx { unsigned int in_notifier :1; unsigned int read_only :1; unsigned int devmem_possible :1; + unsigned int devmem_only :1; }; int drm_gpusvm_init(struct drm_gpusvm *gpusvm, -- 2.34.1

7 months

1
0
0 0

[REGRESSION] amdgpu: async system error exception from hdp_v5_0_flush_hdp()

by Alexey Klimov

#regzbot introduced: v6.12..v6.13 I use RX6600 on arm64 Orion o6 board and it seems that amdgpu is broken on recent kernels, fails on boot: [drm] amdgpu: 7886M of GTT memory ready. [drm] GART: num cpu pages 131072, num gpu pages 131072 SError Interrupt on CPU11, code 0x00000000be000011 -- SError CPU: 11 UID: 0 PID: 255 Comm: (udev-worker) Tainted: G S 6.15.0-rc2+ #1 VOLUNTARY Tainted: [S]=CPU_OUT_OF_SPEC Hardware name: Radxa Computer (Shenzhen) Co., Ltd. Radxa Orion O6/Radxa Orion O6, BIOS 1.0 Jan 1 1980 pstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : amdgpu_device_rreg+0x60/0xe4 [amdgpu] lr : hdp_v5_0_flush_hdp+0x6c/0x80 [amdgpu] sp : ffffffc08321b490 x29: ffffffc08321b490 x28: ffffff80b8b80000 x27: ffffff80b8bd0178 x26: ffffff80b8b8fe88 x25: 0000000000000001 x24: ffffff8081647000 x23: ffffffc079d6e000 x22: ffffff80b8bd5000 x21: 000000000007f000 x20: 000000000001fc00 x19: 00000000ffffffff x18: 00000000000015fc x17: 00000000000015fc x16: 00000000000015cf x15: 00000000000015ce x14: 00000000000015d0 x13: 00000000000015d1 x12: 00000000000015d2 x11: 00000000000015d3 x10: 000000000000ec00 x9 : 00000000000015fd x8 : 00000000000015fd x7 : 0000000000001689 x6 : 0000000000555401 x5 : 0000000000000001 x4 : 0000000000100000 x3 : 0000000000100000 x2 : 0000000000000000 x1 : 000000000007f000 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 11 UID: 0 PID: 255 Comm: (udev-worker) Tainted: G S 6.15.0-rc2+ #1 VOLUNTARY Tainted: [S]=CPU_OUT_OF_SPEC Hardware name: Radxa Computer (Shenzhen) Co., Ltd. Radxa Orion O6/Radxa Orion O6, BIOS 1.0 Jan 1 1980 Call trace: show_stack+0x2c/0x84 (C) dump_stack_lvl+0x60/0x80 dump_stack+0x18/0x24 panic+0x148/0x330 add_taint+0x0/0xbc arm64_serror_panic+0x64/0x7c do_serror+0x28/0x68 el1h_64_error_handler+0x30/0x48 el1h_64_error+0x6c/0x70 amdgpu_device_rreg+0x60/0xe4 [amdgpu] (P) hdp_v5_0_flush_hdp+0x6c/0x80 [amdgpu] gmc_v10_0_hw_init+0xec/0x1fc [amdgpu] amdgpu_device_init+0x19f8/0x2480 [amdgpu] amdgpu_driver_load_kms+0x20/0xb0 [amdgpu] amdgpu_pci_probe+0x1b8/0x5d4 [amdgpu] pci_device_probe+0xbc/0x1a8 really_probe+0xc0/0x39c __driver_probe_device+0x7c/0x14c driver_probe_device+0x3c/0x120 __driver_attach+0xc4/0x200 bus_for_each_dev+0x68/0xb4 driver_attach+0x24/0x30 bus_add_driver+0x110/0x240 driver_register+0x68/0x124 __pci_register_driver+0x44/0x50 amdgpu_init+0x84/0xf94 [amdgpu] do_one_initcall+0x60/0x1e0 do_init_module+0x54/0x200 load_module+0x18f8/0x1e68 init_module_from_file+0x74/0xa0 __arm64_sys_finit_module+0x1e0/0x3f0 invoke_syscall+0x64/0xe4 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xd0 el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x1000,000000e0,f169a650,9b7ff667 Memory Limit: none ---[ end Kernel panic - not syncing: Asynchronous SError Interrupt ]--- (bios version seems to be 45 years old but that is the state of the board when I received it) Also saw this crash with RX6700. Old radeons like HD5450 and nvidia gt1030 work fine on that board. A little bit of testing showed that it was introduced between 6.12 and 6.13. Also it seems that changes were taken by some distro kernels already and different iso images I tried failed to boot before I bumped into some iso with kernel 6.8 that worked just fine. The only change related to hdp_v5_0_flush_hdp() was cf424020e040 drm/amdgpu/hdp5.0: do a posting read when flushing HDP Reverting that commit ^^ did help and resolved that problem. Before sending revert as-is I was interested to know if there supposed to be a proper fix for this or maybe someone is interested to debug this or have any suggestions. In theory I also need to confirm that exactly that change introduced the regression. Thanks, Alexey

7 months

5
19
0 0

[PATCH v6 0/1] kasan: Avoid sleepable page allocation from atomic context

by Alexander Gordeev

Hi All, Chages since v5: - full error message included into commit description Chages since v4: - unused pages leak is avoided Chages since v3: - pfn_to_virt() changed to page_to_virt() due to compile error Chages since v2: - page allocation moved out of the atomic context Chages since v1: - Fixes: and -stable tags added to the patch description Thanks! Alexander Gordeev (1): kasan: Avoid sleepable page allocation from atomic context mm/kasan/shadow.c | 77 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 63 insertions(+), 14 deletions(-) -- 2.45.2

7 months

3
4
0 0

[PATCH 6.1 00/97] 6.1.138-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.138 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 10 May 2025 11:25:44 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.138-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.138-rc2 Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Rob Herring (Arm) <robh(a)kernel.org> ASoC: Use of_property_read_bool() Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/amd/display: Fix slab-use-after-free in hdcp Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Bhawanpreet Lakha <bhawanpreet.lakha(a)amd.com> drm/amd/display: Change HDCP update sequence for DM Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c hersen wu <hersenxs.wu(a)amd.com> drm/amd/display: phase2 enable mst hdcp multiple displays Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Tudor Ambarus <tudor.ambarus(a)linaro.org> dm: fix copying after src array boundaries Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Thomas Gleixner <tglx(a)linutronix.de> irqchip/gic-v2m: Mark a few functions __init Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/kexec: Allocate PGD for x86_64 transition page tables separately" Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Yu Kuai <yukuai3(a)huawei.com> md: move initialization and destruction of 'io_acct_set' to md.c Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix RX error handling Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Add range check for CMD_RTS Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix LEN_MASK Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix broken taprio gate states after clock jump Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Ido Schimmel <idosch(a)nvidia.com> vxlan: vnifilter: Fix unlocked deletion of default FDB entry Murad Masimov <m.masimov(a)mt-integration.ru> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Sheetal <sheetal(a)nvidia.com> ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence LongPing Wei <weilongping(a)oppo.com> dm-bufio: don't schedule in atomic context Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Darrick J. Wong <djwong(a)kernel.org> xfs: restrict when we try to align cow fork delalloc to cowextsz hints Darrick J. Wong <djwong(a)kernel.org> xfs: allow unlinked symlinks and dirs with zero size Christoph Hellwig <hch(a)lst.de> xfs: fix freeing speculative preallocations for preallocated files Wengang Wang <wen.gang.wang(a)oracle.com> xfs: make sure sb_fdblocks is non-negative Darrick J. Wong <djwong(a)kernel.org> xfs: allow symlinks with short remote targets Zhang Yi <yi.zhang(a)huawei.com> xfs: convert delayed extents to unwritten when zeroing post eof blocks Zhang Yi <yi.zhang(a)huawei.com> xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset Zhang Yi <yi.zhang(a)huawei.com> xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional Zhang Yi <yi.zhang(a)huawei.com> xfs: match lock mode in xfs_buffered_write_iomap_begin() Darrick J. Wong <djwong(a)kernel.org> xfs: revert commit 44af6c7e59b12 Darrick J. Wong <djwong(a)kernel.org> xfs: validate recovered name buffers when recovering xattr items Darrick J. Wong <djwong(a)kernel.org> xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 Darrick J. Wong <djwong(a)kernel.org> xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery Christoph Hellwig <hch(a)lst.de> xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent Christoph Hellwig <hch(a)lst.de> xfs: fix xfs_bmap_add_extent_delay_real for partial conversions Christoph Hellwig <hch(a)lst.de> xfs: fix error returns from xfs_bmapi_write Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix setting policy limits when frequency tables are used Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in kerberos authentication Shouye Liu <shouyeliu(a)tencent.com> platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Stephan Gerhold <stephan.gerhold(a)linaro.org> irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Sean Christopherson <seanjc(a)google.com> perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Christian Heusel <christian(a)heusel.eu> Revert "rndis_host: Flag RNDIS modems as WWAN devices" ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/x86/events/intel/core.c | 2 +- arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/machine_kexec_64.c | 45 ++- arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/cpufreq/cpufreq.c | 42 ++- drivers/cpufreq/cpufreq_ondemand.c | 3 +- drivers/cpufreq/freq_table.c | 6 +- drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_ffa/driver.c | 3 +- drivers/firmware/arm_scmi/bus.c | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 417 ++++++++++++--------- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.h | 5 +- drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 ++-- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-gic-v2m.c | 8 +- drivers/irqchip/irq-qcom-mpm.c | 3 + drivers/md/dm-bufio.c | 3 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/md/md.c | 27 +- drivers/md/md.h | 2 - drivers/md/raid0.c | 16 +- drivers/md/raid5.c | 41 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 5 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 +- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 ++-- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/ethernet/mscc/ocelot.c | 194 +++++++++- drivers/net/ethernet/mscc/ocelot_vcap.c | 1 + drivers/net/ethernet/vertexcom/mse102x.c | 36 +- drivers/net/phy/microchip.c | 46 +-- drivers/net/usb/rndis_host.c | 16 +- drivers/net/vxlan/vxlan_vnifilter.c | 8 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 1 - drivers/nvme/host/tcp.c | 31 +- drivers/pci/controller/dwc/pci-imx6.c | 5 +- .../x86/intel/uncore-frequency/uncore-frequency.c | 13 +- fs/smb/server/auth.c | 14 +- fs/smb/server/smb2pdu.c | 5 - fs/xfs/libxfs/xfs_attr_remote.c | 1 - fs/xfs/libxfs/xfs_bmap.c | 130 +++++-- fs/xfs/libxfs/xfs_da_btree.c | 20 +- fs/xfs/libxfs/xfs_inode_buf.c | 49 ++- fs/xfs/libxfs/xfs_sb.c | 7 +- fs/xfs/scrub/attr.c | 5 + fs/xfs/xfs_aops.c | 54 +-- fs/xfs/xfs_attr_item.c | 88 ++++- fs/xfs/xfs_bmap_util.c | 65 ++-- fs/xfs/xfs_bmap_util.h | 2 +- fs/xfs/xfs_dquot.c | 1 - fs/xfs/xfs_icache.c | 2 +- fs/xfs/xfs_inode.c | 14 +- fs/xfs/xfs_iomap.c | 81 ++-- fs/xfs/xfs_reflink.c | 20 - fs/xfs/xfs_rtalloc.c | 2 - include/linux/cpufreq.h | 83 ++-- include/soc/mscc/ocelot_vcap.h | 2 + kernel/trace/trace.c | 5 +- net/ipv4/udp_offload.c | 61 ++- net/sched/sch_drr.c | 16 +- net/sched/sch_ets.c | 17 +- net/sched/sch_hfsc.c | 10 +- net/sched/sch_htb.c | 2 + net/sched/sch_qfq.c | 18 +- sound/soc/codecs/ak4613.c | 4 +- sound/soc/soc-core.c | 36 +- sound/soc/soc-pcm.c | 5 +- sound/usb/format.c | 3 +- 102 files changed, 1471 insertions(+), 847 deletions(-)

7 months

8
9
0 0

[PATCH 6.12.y] btrfs: always fallback to buffered write if the inode requires checksum

by Qu Wenruo

commit 968f19c5b1b7d5595423b0ac0020cc18dfed8cb5 upstream. [BUG] It is a long known bug that VM image on btrfs can lead to data csum mismatch, if the qemu is using direct-io for the image (this is commonly known as cache mode 'none'). [CAUSE] Inside the VM, if the fs is EXT4 or XFS, or even NTFS from Windows, the fs is allowed to dirty/modify the folio even if the folio is under writeback (as long as the address space doesn't have AS_STABLE_WRITES flag inherited from the block device). This is a valid optimization to improve the concurrency, and since these filesystems have no extra checksum on data, the content change is not a problem at all. Bu the final write into the image file is handled by btrfs, which needs the content not to be modified during writeback, or the checksum will not match the data (checksum is calculated before submitting the bio). So EXT4/XFS/NTRFS assume they can modify the folio under writeback, but btrfs requires no modification, this leads to the false csum mismatch. This is only a controlled example, there are even cases where multi-thread programs can submit a direct IO write, then another thread modifies the direct IO buffer for whatever reason. For such cases, btrfs has no sane way to detect such cases and leads to false data csum mismatch. [FIX] I have considered the following ideas to solve the problem: - Make direct IO to always skip data checksum This not only requires a new incompatible flag, as it breaks the current per-inode NODATASUM flag. But also requires extra handling for no csum found cases. And this also reduces our checksum protection. - Let hardware handle all the checksum AKA, just nodatasum mount option. That requires trust for hardware (which is not that trustful in a lot of cases), and it's not generic at all. - Always fallback to buffered write if the inode requires checksum This was suggested by Christoph, and is the solution utilized by this patch. The cost is obvious, the extra buffer copying into page cache, thus it reduces the performance. But at least it's still user configurable, if the end user still wants the zero-copy performance, just set NODATASUM flag for the inode (which is a common practice for VM images on btrfs). Since we cannot trust user space programs to keep the buffer consistent during direct IO, we have no choice but always falling back to buffered IO. At least by this, we avoid the more deadly false data checksum mismatch error. CC: stable(a)vger.kernel.org # 6.12+ Suggested-by: Christoph Hellwig <hch(a)infradead.org> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/direct-io.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/fs/btrfs/direct-io.c b/fs/btrfs/direct-io.c index 8567af46e16f..eacbb74bf6bc 100644 --- a/fs/btrfs/direct-io.c +++ b/fs/btrfs/direct-io.c @@ -855,6 +855,22 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); goto buffered; } + /* + * We can't control the folios being passed in, applications can write + * to them while a direct IO write is in progress. This means the + * content might change after we calculated the data checksum. + * Therefore we can end up storing a checksum that doesn't match the + * persisted data. + * + * To be extra safe and avoid false data checksum mismatch, if the + * inode requires data checksum, just fallback to buffered IO. + * For buffered IO we have full control of page cache and can ensure + * no one is modifying the content during writeback. + */ + if (!(BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) { + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + goto buffered; + } /* * The iov_iter can be mapped to the same file range we are writing to. -- 2.49.0

7 months

3
2
0 0

FAILED: patch "[PATCH] io_uring: ensure deferred completions are flushed for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 687b2bae0efff9b25e071737d6af5004e6e35af5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051212-antirust-outshoot-07f7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 687b2bae0efff9b25e071737d6af5004e6e35af5 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Wed, 7 May 2025 07:34:24 -0600 Subject: [PATCH] io_uring: ensure deferred completions are flushed for multishot Multishot normally uses io_req_post_cqe() to post completions, but when stopping it, it may finish up with a deferred completion. This is fine, except if another multishot event triggers before the deferred completions get flushed. If this occurs, then CQEs may get reordered in the CQ ring, as new multishot completions get posted before the deferred ones are flushed. This can cause confusion on the application side, if strict ordering is required for the use case. When multishot posting via io_req_post_cqe(), flush any pending deferred completions first, if any. Cc: stable(a)vger.kernel.org # 6.1+ Reported-by: Norman Maurer <norman_maurer(a)apple.com> Reported-by: Christian Mazakas <christian.mazakas(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 769814d71153..541e65a1eebf 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -848,6 +848,14 @@ bool io_req_post_cqe(struct io_kiocb *req, s32 res, u32 cflags) struct io_ring_ctx *ctx = req->ctx; bool posted; + /* + * If multishot has already posted deferred completions, ensure that + * those are flushed first before posting this one. If not, CQEs + * could get reordered. + */ + if (!wq_list_empty(&ctx->submit_state.compl_reqs)) + __io_submit_flush_completions(ctx); + lockdep_assert(!io_wq_current_is_worker()); lockdep_assert_held(&ctx->uring_lock);

7 months

3
3
0 0

[STABLE 6.12/6.14] Bluetooth MediaTek controller reset fixes

by Geoffrey D. Bennett

Hi stable(a)vger.kernel.org, Could you please apply: 1. Commit a7208610761ae ("Bluetooth: btmtk: Remove resetting mt7921 before downloading the fw") to v6.12.x (it's already in v6.14). 2. Commit 33634e2ab7c6 ("Bluetooth: btmtk: Remove the resetting step before downloading the fw") to v6.12.x and v6.14.x. These fixes address an issue with some audio interfaces failing to initialise during boot on kernels 6.11+. As noted in my original analysis below, the MediaTek Bluetooth controller reset increases the device setup time from ~200ms to ~20s and can interfere with other USB devices on the bus. Thanks, Geoffrey. On Fri, Mar 28, 2025 at 08:44:49AM +1030, Geoffrey D. Bennett wrote: > Hi all, > > Sorry, I see that an identical patch has already been applied to > bluetooth-next > https://lore.kernel.org/linux-bluetooth/20250315022730.11071-1-hao.qin@medi… > > While I'm glad the issue is being addressed, my original patch > https://lore.kernel.org/linux-bluetooth/Z8ybV04CVUfVAykH@m.b4.vu/ > contained useful context and tags that didn't make it into the final > commit. > > For getting this fix into current kernel releases 6.12/6.13/6.14, I > think the patch needs the "Cc: stable(a)vger.kernel.org" tag that was in > my original submission but missing from Hao's. Since this is causing > significant issues for users on kernels 6.11+ (audio interfaces > failing to work), it's important this gets backported. > > Hao, is this something you can do? I think the instructions at > https://www.kernel.org/doc/html/v6.14/process/stable-kernel-rules.html#opti… > need to be followed, but I've not done this before. > > Thanks, > Geoffrey. > > On Fri, Mar 28, 2025 at 07:22:06AM +1030, Geoffrey D. Bennett wrote: > > This reverts commit ccfc8948d7e4d93cab341a99774b24586717d89a. > > > > The MediaTek Bluetooth controller reset that was added increases the > > Bluetooth device setup time from ~200ms to ~20s and interferes with > > other devices on the bus. > > > > Three users (with Focusrite Scarlett 2nd Gen 6i6 and 3rd Gen Solo and > > 4i4 audio interfaces) reported that since 6.11 (which added this > > commit) their audio interface fails to initialise if connected during > > boot. Two of the users confirmed they have an MT7922. > > > > Errors like this are observed in dmesg for the audio interface: > > > > usb 3-4: parse_audio_format_rates_v2v3(): unable to find clock source (clock -110) > > usb 3-4: uac_clock_source_is_valid(): cannot get clock validity for id 41 > > usb 3-4: clock source 41 is not valid, cannot use > > > > The problem only occurs when both devices and kernel modules are > > present and loaded during system boot, so it can be worked around by > > connecting the audio interface after booting. > > > > Fixes: ccfc8948d7e4 ("Bluetooth: btusb: mediatek: reset the controller before downloading the fw") > > Closes: https://github.com/geoffreybennett/linux-fcp/issues/24 > > Bisected-by: Benedikt Ziemons <ben(a)rs485.network> > > Tested-by: Benedikt Ziemons <ben(a)rs485.network> > > Cc: stable(a)vger.kernel.org > > Signed-off-by: Geoffrey D. Bennett <g(a)b4.vu> > > --- > > Changelog: > > > > v1 -> v2: > > > > - Updated commit message with additional information. > > - No change to this patch's diff. > > - Dropped alternate patch that only reverted for 0x7922. > > - Chris, Sean, Hao agreed to reverting the change: > > https://lore.kernel.org/linux-bluetooth/2025031352-octopus-quadrant-f7ca@gr… > > > > drivers/bluetooth/btmtk.c | 10 ---------- > > 1 file changed, 10 deletions(-) > > > > diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c > > index 68846c5bd4f7..4390fd571dbd 100644 > > --- a/drivers/bluetooth/btmtk.c > > +++ b/drivers/bluetooth/btmtk.c > > @@ -1330,13 +1330,6 @@ int btmtk_usb_setup(struct hci_dev *hdev) > > break; > > case 0x7922: > > case 0x7925: > > - /* Reset the device to ensure it's in the initial state before > > - * downloading the firmware to ensure. > > - */ > > - > > - if (!test_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags)) > > - btmtk_usb_subsys_reset(hdev, dev_id); > > - fallthrough; > > case 0x7961: > > btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id, > > fw_version, fw_flavor); > > @@ -1345,12 +1338,9 @@ int btmtk_usb_setup(struct hci_dev *hdev) > > btmtk_usb_hci_wmt_sync); > > if (err < 0) { > > bt_dev_err(hdev, "Failed to set up firmware (%d)", err); > > - clear_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags); > > return err; > > } > > > > - set_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags); > > - > > /* It's Device EndPoint Reset Option Register */ > > err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, > > MTK_EP_RST_IN_OUT_OPT); > > -- > > 2.45.0 > > > > > >

7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring: always arm linked timeouts prior to issue" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x b53e523261bf058ea4a518b482222e7a277b186b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051224-effects-slightly-6462@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b53e523261bf058ea4a518b482222e7a277b186b Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Sun, 4 May 2025 08:06:28 -0600 Subject: [PATCH] io_uring: always arm linked timeouts prior to issue There are a few spots where linked timeouts are armed, and not all of them adhere to the pre-arm, attempt issue, post-arm pattern. This can be problematic if the linked request returns that it will trigger a callback later, and does so before the linked timeout is fully armed. Consolidate all the linked timeout handling into __io_issue_sqe(), rather than have it spread throughout the various issue entry points. Cc: stable(a)vger.kernel.org Link: https://github.com/axboe/liburing/issues/1390 Reported-by: Chase Hiltz <chase(a)path.net> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index a2b256e96d5d..769814d71153 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -448,24 +448,6 @@ static struct io_kiocb *__io_prep_linked_timeout(struct io_kiocb *req) return req->link; } -static inline struct io_kiocb *io_prep_linked_timeout(struct io_kiocb *req) -{ - if (likely(!(req->flags & REQ_F_ARM_LTIMEOUT))) - return NULL; - return __io_prep_linked_timeout(req); -} - -static noinline void __io_arm_ltimeout(struct io_kiocb *req) -{ - io_queue_linked_timeout(__io_prep_linked_timeout(req)); -} - -static inline void io_arm_ltimeout(struct io_kiocb *req) -{ - if (unlikely(req->flags & REQ_F_ARM_LTIMEOUT)) - __io_arm_ltimeout(req); -} - static void io_prep_async_work(struct io_kiocb *req) { const struct io_issue_def *def = &io_issue_defs[req->opcode]; @@ -518,7 +500,6 @@ static void io_prep_async_link(struct io_kiocb *req) static void io_queue_iowq(struct io_kiocb *req) { - struct io_kiocb *link = io_prep_linked_timeout(req); struct io_uring_task *tctx = req->tctx; BUG_ON(!tctx); @@ -543,8 +524,6 @@ static void io_queue_iowq(struct io_kiocb *req) trace_io_uring_queue_async_work(req, io_wq_is_hashed(&req->work)); io_wq_enqueue(tctx->io_wq, &req->work); - if (link) - io_queue_linked_timeout(link); } static void io_req_queue_iowq_tw(struct io_kiocb *req, io_tw_token_t tw) @@ -1724,15 +1703,22 @@ static bool io_assign_file(struct io_kiocb *req, const struct io_issue_def *def, return !!req->file; } +#define REQ_ISSUE_SLOW_FLAGS (REQ_F_CREDS | REQ_F_ARM_LTIMEOUT) + static inline int __io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags, const struct io_issue_def *def) { const struct cred *creds = NULL; + struct io_kiocb *link = NULL; int ret; - if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(req->creds); + if (unlikely(req->flags & REQ_ISSUE_SLOW_FLAGS)) { + if ((req->flags & REQ_F_CREDS) && req->creds != current_cred()) + creds = override_creds(req->creds); + if (req->flags & REQ_F_ARM_LTIMEOUT) + link = __io_prep_linked_timeout(req); + } if (!def->audit_skip) audit_uring_entry(req->opcode); @@ -1742,8 +1728,12 @@ static inline int __io_issue_sqe(struct io_kiocb *req, if (!def->audit_skip) audit_uring_exit(!ret, ret); - if (creds) - revert_creds(creds); + if (unlikely(creds || link)) { + if (creds) + revert_creds(creds); + if (link) + io_queue_linked_timeout(link); + } return ret; } @@ -1769,7 +1759,6 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) if (ret == IOU_ISSUE_SKIP_COMPLETE) { ret = 0; - io_arm_ltimeout(req); /* If the op doesn't have a file, we're not polling for it */ if ((req->ctx->flags & IORING_SETUP_IOPOLL) && def->iopoll_queue) @@ -1824,8 +1813,6 @@ void io_wq_submit_work(struct io_wq_work *work) else req_ref_get(req); - io_arm_ltimeout(req); - /* either cancelled or io-wq is dying, so don't touch tctx->iowq */ if (atomic_read(&work->flags) & IO_WQ_WORK_CANCEL) { fail: @@ -1941,15 +1928,11 @@ struct file *io_file_get_normal(struct io_kiocb *req, int fd) static void io_queue_async(struct io_kiocb *req, int ret) __must_hold(&req->ctx->uring_lock) { - struct io_kiocb *linked_timeout; - if (ret != -EAGAIN || (req->flags & REQ_F_NOWAIT)) { io_req_defer_failed(req, ret); return; } - linked_timeout = io_prep_linked_timeout(req); - switch (io_arm_poll_handler(req, 0)) { case IO_APOLL_READY: io_kbuf_recycle(req, 0); @@ -1962,9 +1945,6 @@ static void io_queue_async(struct io_kiocb *req, int ret) case IO_APOLL_OK: break; } - - if (linked_timeout) - io_queue_linked_timeout(linked_timeout); } static inline void io_queue_sqe(struct io_kiocb *req)

7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring: always arm linked timeouts prior to issue" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x b53e523261bf058ea4a518b482222e7a277b186b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051225-maximize-tingly-00b5@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b53e523261bf058ea4a518b482222e7a277b186b Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Sun, 4 May 2025 08:06:28 -0600 Subject: [PATCH] io_uring: always arm linked timeouts prior to issue There are a few spots where linked timeouts are armed, and not all of them adhere to the pre-arm, attempt issue, post-arm pattern. This can be problematic if the linked request returns that it will trigger a callback later, and does so before the linked timeout is fully armed. Consolidate all the linked timeout handling into __io_issue_sqe(), rather than have it spread throughout the various issue entry points. Cc: stable(a)vger.kernel.org Link: https://github.com/axboe/liburing/issues/1390 Reported-by: Chase Hiltz <chase(a)path.net> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index a2b256e96d5d..769814d71153 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -448,24 +448,6 @@ static struct io_kiocb *__io_prep_linked_timeout(struct io_kiocb *req) return req->link; } -static inline struct io_kiocb *io_prep_linked_timeout(struct io_kiocb *req) -{ - if (likely(!(req->flags & REQ_F_ARM_LTIMEOUT))) - return NULL; - return __io_prep_linked_timeout(req); -} - -static noinline void __io_arm_ltimeout(struct io_kiocb *req) -{ - io_queue_linked_timeout(__io_prep_linked_timeout(req)); -} - -static inline void io_arm_ltimeout(struct io_kiocb *req) -{ - if (unlikely(req->flags & REQ_F_ARM_LTIMEOUT)) - __io_arm_ltimeout(req); -} - static void io_prep_async_work(struct io_kiocb *req) { const struct io_issue_def *def = &io_issue_defs[req->opcode]; @@ -518,7 +500,6 @@ static void io_prep_async_link(struct io_kiocb *req) static void io_queue_iowq(struct io_kiocb *req) { - struct io_kiocb *link = io_prep_linked_timeout(req); struct io_uring_task *tctx = req->tctx; BUG_ON(!tctx); @@ -543,8 +524,6 @@ static void io_queue_iowq(struct io_kiocb *req) trace_io_uring_queue_async_work(req, io_wq_is_hashed(&req->work)); io_wq_enqueue(tctx->io_wq, &req->work); - if (link) - io_queue_linked_timeout(link); } static void io_req_queue_iowq_tw(struct io_kiocb *req, io_tw_token_t tw) @@ -1724,15 +1703,22 @@ static bool io_assign_file(struct io_kiocb *req, const struct io_issue_def *def, return !!req->file; } +#define REQ_ISSUE_SLOW_FLAGS (REQ_F_CREDS | REQ_F_ARM_LTIMEOUT) + static inline int __io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags, const struct io_issue_def *def) { const struct cred *creds = NULL; + struct io_kiocb *link = NULL; int ret; - if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(req->creds); + if (unlikely(req->flags & REQ_ISSUE_SLOW_FLAGS)) { + if ((req->flags & REQ_F_CREDS) && req->creds != current_cred()) + creds = override_creds(req->creds); + if (req->flags & REQ_F_ARM_LTIMEOUT) + link = __io_prep_linked_timeout(req); + } if (!def->audit_skip) audit_uring_entry(req->opcode); @@ -1742,8 +1728,12 @@ static inline int __io_issue_sqe(struct io_kiocb *req, if (!def->audit_skip) audit_uring_exit(!ret, ret); - if (creds) - revert_creds(creds); + if (unlikely(creds || link)) { + if (creds) + revert_creds(creds); + if (link) + io_queue_linked_timeout(link); + } return ret; } @@ -1769,7 +1759,6 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) if (ret == IOU_ISSUE_SKIP_COMPLETE) { ret = 0; - io_arm_ltimeout(req); /* If the op doesn't have a file, we're not polling for it */ if ((req->ctx->flags & IORING_SETUP_IOPOLL) && def->iopoll_queue) @@ -1824,8 +1813,6 @@ void io_wq_submit_work(struct io_wq_work *work) else req_ref_get(req); - io_arm_ltimeout(req); - /* either cancelled or io-wq is dying, so don't touch tctx->iowq */ if (atomic_read(&work->flags) & IO_WQ_WORK_CANCEL) { fail: @@ -1941,15 +1928,11 @@ struct file *io_file_get_normal(struct io_kiocb *req, int fd) static void io_queue_async(struct io_kiocb *req, int ret) __must_hold(&req->ctx->uring_lock) { - struct io_kiocb *linked_timeout; - if (ret != -EAGAIN || (req->flags & REQ_F_NOWAIT)) { io_req_defer_failed(req, ret); return; } - linked_timeout = io_prep_linked_timeout(req); - switch (io_arm_poll_handler(req, 0)) { case IO_APOLL_READY: io_kbuf_recycle(req, 0); @@ -1962,9 +1945,6 @@ static void io_queue_async(struct io_kiocb *req, int ret) case IO_APOLL_OK: break; } - - if (linked_timeout) - io_queue_linked_timeout(linked_timeout); } static inline void io_queue_sqe(struct io_kiocb *req)

7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring: always arm linked timeouts prior to issue" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b53e523261bf058ea4a518b482222e7a277b186b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051225-punisher-evident-a1a8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b53e523261bf058ea4a518b482222e7a277b186b Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Sun, 4 May 2025 08:06:28 -0600 Subject: [PATCH] io_uring: always arm linked timeouts prior to issue There are a few spots where linked timeouts are armed, and not all of them adhere to the pre-arm, attempt issue, post-arm pattern. This can be problematic if the linked request returns that it will trigger a callback later, and does so before the linked timeout is fully armed. Consolidate all the linked timeout handling into __io_issue_sqe(), rather than have it spread throughout the various issue entry points. Cc: stable(a)vger.kernel.org Link: https://github.com/axboe/liburing/issues/1390 Reported-by: Chase Hiltz <chase(a)path.net> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index a2b256e96d5d..769814d71153 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -448,24 +448,6 @@ static struct io_kiocb *__io_prep_linked_timeout(struct io_kiocb *req) return req->link; } -static inline struct io_kiocb *io_prep_linked_timeout(struct io_kiocb *req) -{ - if (likely(!(req->flags & REQ_F_ARM_LTIMEOUT))) - return NULL; - return __io_prep_linked_timeout(req); -} - -static noinline void __io_arm_ltimeout(struct io_kiocb *req) -{ - io_queue_linked_timeout(__io_prep_linked_timeout(req)); -} - -static inline void io_arm_ltimeout(struct io_kiocb *req) -{ - if (unlikely(req->flags & REQ_F_ARM_LTIMEOUT)) - __io_arm_ltimeout(req); -} - static void io_prep_async_work(struct io_kiocb *req) { const struct io_issue_def *def = &io_issue_defs[req->opcode]; @@ -518,7 +500,6 @@ static void io_prep_async_link(struct io_kiocb *req) static void io_queue_iowq(struct io_kiocb *req) { - struct io_kiocb *link = io_prep_linked_timeout(req); struct io_uring_task *tctx = req->tctx; BUG_ON(!tctx); @@ -543,8 +524,6 @@ static void io_queue_iowq(struct io_kiocb *req) trace_io_uring_queue_async_work(req, io_wq_is_hashed(&req->work)); io_wq_enqueue(tctx->io_wq, &req->work); - if (link) - io_queue_linked_timeout(link); } static void io_req_queue_iowq_tw(struct io_kiocb *req, io_tw_token_t tw) @@ -1724,15 +1703,22 @@ static bool io_assign_file(struct io_kiocb *req, const struct io_issue_def *def, return !!req->file; } +#define REQ_ISSUE_SLOW_FLAGS (REQ_F_CREDS | REQ_F_ARM_LTIMEOUT) + static inline int __io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags, const struct io_issue_def *def) { const struct cred *creds = NULL; + struct io_kiocb *link = NULL; int ret; - if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(req->creds); + if (unlikely(req->flags & REQ_ISSUE_SLOW_FLAGS)) { + if ((req->flags & REQ_F_CREDS) && req->creds != current_cred()) + creds = override_creds(req->creds); + if (req->flags & REQ_F_ARM_LTIMEOUT) + link = __io_prep_linked_timeout(req); + } if (!def->audit_skip) audit_uring_entry(req->opcode); @@ -1742,8 +1728,12 @@ static inline int __io_issue_sqe(struct io_kiocb *req, if (!def->audit_skip) audit_uring_exit(!ret, ret); - if (creds) - revert_creds(creds); + if (unlikely(creds || link)) { + if (creds) + revert_creds(creds); + if (link) + io_queue_linked_timeout(link); + } return ret; } @@ -1769,7 +1759,6 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) if (ret == IOU_ISSUE_SKIP_COMPLETE) { ret = 0; - io_arm_ltimeout(req); /* If the op doesn't have a file, we're not polling for it */ if ((req->ctx->flags & IORING_SETUP_IOPOLL) && def->iopoll_queue) @@ -1824,8 +1813,6 @@ void io_wq_submit_work(struct io_wq_work *work) else req_ref_get(req); - io_arm_ltimeout(req); - /* either cancelled or io-wq is dying, so don't touch tctx->iowq */ if (atomic_read(&work->flags) & IO_WQ_WORK_CANCEL) { fail: @@ -1941,15 +1928,11 @@ struct file *io_file_get_normal(struct io_kiocb *req, int fd) static void io_queue_async(struct io_kiocb *req, int ret) __must_hold(&req->ctx->uring_lock) { - struct io_kiocb *linked_timeout; - if (ret != -EAGAIN || (req->flags & REQ_F_NOWAIT)) { io_req_defer_failed(req, ret); return; } - linked_timeout = io_prep_linked_timeout(req); - switch (io_arm_poll_handler(req, 0)) { case IO_APOLL_READY: io_kbuf_recycle(req, 0); @@ -1962,9 +1945,6 @@ static void io_queue_async(struct io_kiocb *req, int ret) case IO_APOLL_OK: break; } - - if (linked_timeout) - io_queue_linked_timeout(linked_timeout); } static inline void io_queue_sqe(struct io_kiocb *req)

7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring: ensure deferred completions are flushed for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 687b2bae0efff9b25e071737d6af5004e6e35af5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051212-safeness-barista-b429@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 687b2bae0efff9b25e071737d6af5004e6e35af5 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Wed, 7 May 2025 07:34:24 -0600 Subject: [PATCH] io_uring: ensure deferred completions are flushed for multishot Multishot normally uses io_req_post_cqe() to post completions, but when stopping it, it may finish up with a deferred completion. This is fine, except if another multishot event triggers before the deferred completions get flushed. If this occurs, then CQEs may get reordered in the CQ ring, as new multishot completions get posted before the deferred ones are flushed. This can cause confusion on the application side, if strict ordering is required for the use case. When multishot posting via io_req_post_cqe(), flush any pending deferred completions first, if any. Cc: stable(a)vger.kernel.org # 6.1+ Reported-by: Norman Maurer <norman_maurer(a)apple.com> Reported-by: Christian Mazakas <christian.mazakas(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 769814d71153..541e65a1eebf 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -848,6 +848,14 @@ bool io_req_post_cqe(struct io_kiocb *req, s32 res, u32 cflags) struct io_ring_ctx *ctx = req->ctx; bool posted; + /* + * If multishot has already posted deferred completions, ensure that + * those are flushed first before posting this one. If not, CQEs + * could get reordered. + */ + if (!wq_list_empty(&ctx->submit_state.compl_reqs)) + __io_submit_flush_completions(ctx); + lockdep_assert(!io_wq_current_is_worker()); lockdep_assert_held(&ctx->uring_lock);

7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring: always arm linked timeouts prior to issue" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b53e523261bf058ea4a518b482222e7a277b186b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051226-snorkel-exclusive-71e3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b53e523261bf058ea4a518b482222e7a277b186b Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Sun, 4 May 2025 08:06:28 -0600 Subject: [PATCH] io_uring: always arm linked timeouts prior to issue There are a few spots where linked timeouts are armed, and not all of them adhere to the pre-arm, attempt issue, post-arm pattern. This can be problematic if the linked request returns that it will trigger a callback later, and does so before the linked timeout is fully armed. Consolidate all the linked timeout handling into __io_issue_sqe(), rather than have it spread throughout the various issue entry points. Cc: stable(a)vger.kernel.org Link: https://github.com/axboe/liburing/issues/1390 Reported-by: Chase Hiltz <chase(a)path.net> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index a2b256e96d5d..769814d71153 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -448,24 +448,6 @@ static struct io_kiocb *__io_prep_linked_timeout(struct io_kiocb *req) return req->link; } -static inline struct io_kiocb *io_prep_linked_timeout(struct io_kiocb *req) -{ - if (likely(!(req->flags & REQ_F_ARM_LTIMEOUT))) - return NULL; - return __io_prep_linked_timeout(req); -} - -static noinline void __io_arm_ltimeout(struct io_kiocb *req) -{ - io_queue_linked_timeout(__io_prep_linked_timeout(req)); -} - -static inline void io_arm_ltimeout(struct io_kiocb *req) -{ - if (unlikely(req->flags & REQ_F_ARM_LTIMEOUT)) - __io_arm_ltimeout(req); -} - static void io_prep_async_work(struct io_kiocb *req) { const struct io_issue_def *def = &io_issue_defs[req->opcode]; @@ -518,7 +500,6 @@ static void io_prep_async_link(struct io_kiocb *req) static void io_queue_iowq(struct io_kiocb *req) { - struct io_kiocb *link = io_prep_linked_timeout(req); struct io_uring_task *tctx = req->tctx; BUG_ON(!tctx); @@ -543,8 +524,6 @@ static void io_queue_iowq(struct io_kiocb *req) trace_io_uring_queue_async_work(req, io_wq_is_hashed(&req->work)); io_wq_enqueue(tctx->io_wq, &req->work); - if (link) - io_queue_linked_timeout(link); } static void io_req_queue_iowq_tw(struct io_kiocb *req, io_tw_token_t tw) @@ -1724,15 +1703,22 @@ static bool io_assign_file(struct io_kiocb *req, const struct io_issue_def *def, return !!req->file; } +#define REQ_ISSUE_SLOW_FLAGS (REQ_F_CREDS | REQ_F_ARM_LTIMEOUT) + static inline int __io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags, const struct io_issue_def *def) { const struct cred *creds = NULL; + struct io_kiocb *link = NULL; int ret; - if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(req->creds); + if (unlikely(req->flags & REQ_ISSUE_SLOW_FLAGS)) { + if ((req->flags & REQ_F_CREDS) && req->creds != current_cred()) + creds = override_creds(req->creds); + if (req->flags & REQ_F_ARM_LTIMEOUT) + link = __io_prep_linked_timeout(req); + } if (!def->audit_skip) audit_uring_entry(req->opcode); @@ -1742,8 +1728,12 @@ static inline int __io_issue_sqe(struct io_kiocb *req, if (!def->audit_skip) audit_uring_exit(!ret, ret); - if (creds) - revert_creds(creds); + if (unlikely(creds || link)) { + if (creds) + revert_creds(creds); + if (link) + io_queue_linked_timeout(link); + } return ret; } @@ -1769,7 +1759,6 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) if (ret == IOU_ISSUE_SKIP_COMPLETE) { ret = 0; - io_arm_ltimeout(req); /* If the op doesn't have a file, we're not polling for it */ if ((req->ctx->flags & IORING_SETUP_IOPOLL) && def->iopoll_queue) @@ -1824,8 +1813,6 @@ void io_wq_submit_work(struct io_wq_work *work) else req_ref_get(req); - io_arm_ltimeout(req); - /* either cancelled or io-wq is dying, so don't touch tctx->iowq */ if (atomic_read(&work->flags) & IO_WQ_WORK_CANCEL) { fail: @@ -1941,15 +1928,11 @@ struct file *io_file_get_normal(struct io_kiocb *req, int fd) static void io_queue_async(struct io_kiocb *req, int ret) __must_hold(&req->ctx->uring_lock) { - struct io_kiocb *linked_timeout; - if (ret != -EAGAIN || (req->flags & REQ_F_NOWAIT)) { io_req_defer_failed(req, ret); return; } - linked_timeout = io_prep_linked_timeout(req); - switch (io_arm_poll_handler(req, 0)) { case IO_APOLL_READY: io_kbuf_recycle(req, 0); @@ -1962,9 +1945,6 @@ static void io_queue_async(struct io_kiocb *req, int ret) case IO_APOLL_OK: break; } - - if (linked_timeout) - io_queue_linked_timeout(linked_timeout); } static inline void io_queue_sqe(struct io_kiocb *req)

7 months

2
1
0 0

[PATCH] MAINTAINERS: update Alexey Makhalov's email address

by Alexey Makhalov

Fix a typo in an email address. Cc: stable(a)vger.kernel.org Reported-by: Konstantin Ryabitsev <konstantin(a)linuxfoundation.org> Closes: https://lore.kernel.org/all/20240925-rational-succinct-vulture-cca9fb@lemur… Signed-off-by: Alexey Makhalov <alexey.makhalov(a)broadcom.com> --- MAINTAINERS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index c9763412a508..c2eb78c1ab75 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -17945,7 +17945,7 @@ F: include/uapi/linux/ppdev.h PARAVIRT_OPS INTERFACE M: Juergen Gross <jgross(a)suse.com> R: Ajay Kaher <ajay.kaher(a)broadcom.com> -R: Alexey Makhalov <alexey.amakhalov(a)broadcom.com> +R: Alexey Makhalov <alexey.makhalov(a)broadcom.com> R: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> L: virtualization(a)lists.linux.dev L: x86(a)kernel.org @@ -25341,7 +25341,7 @@ F: drivers/misc/vmw_balloon.c VMWARE HYPERVISOR INTERFACE M: Ajay Kaher <ajay.kaher(a)broadcom.com> -M: Alexey Makhalov <alexey.amakhalov(a)broadcom.com> +M: Alexey Makhalov <alexey.makhalov(a)broadcom.com> R: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> L: virtualization(a)lists.linux.dev L: x86(a)kernel.org @@ -25369,7 +25369,7 @@ F: drivers/scsi/vmw_pvscsi.h VMWARE VIRTUAL PTP CLOCK DRIVER M: Nick Shi <nick.shi(a)broadcom.com> R: Ajay Kaher <ajay.kaher(a)broadcom.com> -R: Alexey Makhalov <alexey.amakhalov(a)broadcom.com> +R: Alexey Makhalov <alexey.makhalov(a)broadcom.com> R: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> L: netdev(a)vger.kernel.org S: Supported -- 2.39.4

7 months

2
2
0 0

[PATCH v2] x86/mtrr: Check if fixed-range MTRR exists in mtrr_save_fixed_ranges()

by Jiaqing Zhao

When suspending, save_processor_state() calls mtrr_save_fixed_ranges() to save fixed-range MTRRs. On platforms without fixed-range MTRRs, accessing these MSRs will trigger unchecked MSR access error. Make sure fixed-range MTRRs are supported before access to prevent such error. Since mtrr_state.have_fixed is only set when MTRRs are present and enabled, checking the CPU feature flag in mtrr_save_fixed_ranges() is unnecessary. Fixes: 3ebad5905609 ("[PATCH] x86: Save and restore the fixed-range MTRRs of the BSP when suspending") Cc: stable(a)vger.kernel.org Signed-off-by: Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> --- v2: * Removed unnecessary boot_cpu_has(X86_FEATURE_MTRR) check. * Updated commit message. Link: https://lore.kernel.org/all/20250509085612.2236222-2-jiaqing.zhao@linux.int… arch/x86/kernel/cpu/mtrr/generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c index e2c6b471d230..8c18327eb10b 100644 --- a/arch/x86/kernel/cpu/mtrr/generic.c +++ b/arch/x86/kernel/cpu/mtrr/generic.c @@ -593,7 +593,7 @@ static void get_fixed_ranges(mtrr_type *frs) void mtrr_save_fixed_ranges(void *info) { - if (boot_cpu_has(X86_FEATURE_MTRR)) + if (mtrr_state.have_fixed) get_fixed_ranges(mtrr_state.fixed_ranges); } -- 2.43.0

7 months

2
5
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: displayport: Fix deadlock" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 364618c89d4c57c85e5fc51a2446cd939bf57802 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051222-papyrus-snarl-af05@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 364618c89d4c57c85e5fc51a2446cd939bf57802 Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Thu, 24 Apr 2025 08:44:28 +0000 Subject: [PATCH] usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. Cc: stable <stable(a)kernel.org> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250424084429.3220757-2-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..acd053d4e38c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) u8 cur = 0; int ret; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) schedule_work(&dp->work); ret = 0; err_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) u64 command; int ret = 0; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) schedule_work(&dp->work); out_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, int cmd = PD_VDO_CMD(header); int svdm_version; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); dev_warn(&p->dev, "firmware doesn't support alternate mode overriding\n"); - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return -EOPNOTSUPP; } svdm_version = typec_altmode_get_svdm_version(alt); if (svdm_version < 0) { - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return svdm_version; } @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, break; } - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return 0; } diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index e8c7e9dc4930..01ce858a1a2b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data) } EXPORT_SYMBOL_GPL(ucsi_set_drvdata); +/** + * ucsi_con_mutex_lock - Acquire the connector mutex + * @con: The connector interface to lock + * + * Returns true on success, false if the connector is disconnected + */ +bool ucsi_con_mutex_lock(struct ucsi_connector *con) +{ + bool mutex_locked = false; + bool connected = true; + + while (connected && !mutex_locked) { + mutex_locked = mutex_trylock(&con->lock) != 0; + connected = UCSI_CONSTAT(con, CONNECTED); + if (connected && !mutex_locked) + msleep(20); + } + + connected = connected && con->partner; + if (!connected && mutex_locked) + mutex_unlock(&con->lock); + + return connected; +} + +/** + * ucsi_con_mutex_unlock - Release the connector mutex + * @con: The connector interface to unlock + */ +void ucsi_con_mutex_unlock(struct ucsi_connector *con) +{ + mutex_unlock(&con->lock); +} + /** * ucsi_create - Allocate UCSI instance * @dev: Device interface to the PPM (Platform Policy Manager) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 3a2c1762bec1..9c5278a0c5d4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi); void ucsi_unregister(struct ucsi *ucsi); void *ucsi_get_drvdata(struct ucsi *ucsi); void ucsi_set_drvdata(struct ucsi *ucsi, void *data); +bool ucsi_con_mutex_lock(struct ucsi_connector *con); +void ucsi_con_mutex_unlock(struct ucsi_connector *con); void ucsi_connector_change(struct ucsi *ucsi, u8 num);

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: displayport: Fix deadlock" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 364618c89d4c57c85e5fc51a2446cd939bf57802 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051221-asleep-envy-c37f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 364618c89d4c57c85e5fc51a2446cd939bf57802 Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Thu, 24 Apr 2025 08:44:28 +0000 Subject: [PATCH] usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. Cc: stable <stable(a)kernel.org> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250424084429.3220757-2-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..acd053d4e38c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) u8 cur = 0; int ret; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) schedule_work(&dp->work); ret = 0; err_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) u64 command; int ret = 0; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) schedule_work(&dp->work); out_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, int cmd = PD_VDO_CMD(header); int svdm_version; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); dev_warn(&p->dev, "firmware doesn't support alternate mode overriding\n"); - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return -EOPNOTSUPP; } svdm_version = typec_altmode_get_svdm_version(alt); if (svdm_version < 0) { - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return svdm_version; } @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, break; } - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return 0; } diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index e8c7e9dc4930..01ce858a1a2b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data) } EXPORT_SYMBOL_GPL(ucsi_set_drvdata); +/** + * ucsi_con_mutex_lock - Acquire the connector mutex + * @con: The connector interface to lock + * + * Returns true on success, false if the connector is disconnected + */ +bool ucsi_con_mutex_lock(struct ucsi_connector *con) +{ + bool mutex_locked = false; + bool connected = true; + + while (connected && !mutex_locked) { + mutex_locked = mutex_trylock(&con->lock) != 0; + connected = UCSI_CONSTAT(con, CONNECTED); + if (connected && !mutex_locked) + msleep(20); + } + + connected = connected && con->partner; + if (!connected && mutex_locked) + mutex_unlock(&con->lock); + + return connected; +} + +/** + * ucsi_con_mutex_unlock - Release the connector mutex + * @con: The connector interface to unlock + */ +void ucsi_con_mutex_unlock(struct ucsi_connector *con) +{ + mutex_unlock(&con->lock); +} + /** * ucsi_create - Allocate UCSI instance * @dev: Device interface to the PPM (Platform Policy Manager) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 3a2c1762bec1..9c5278a0c5d4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi); void ucsi_unregister(struct ucsi *ucsi); void *ucsi_get_drvdata(struct ucsi *ucsi); void ucsi_set_drvdata(struct ucsi *ucsi, void *data); +bool ucsi_con_mutex_lock(struct ucsi_connector *con); +void ucsi_con_mutex_unlock(struct ucsi_connector *con); void ucsi_connector_change(struct ucsi *ucsi, u8 num);

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9f657a92805cfc98e11cf5da9e8f4e02ecff2260 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051247-swarm-drinking-a5ff@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9f657a92805cfc98e11cf5da9e8f4e02ecff2260 Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Date: Fri, 25 Apr 2025 17:18:06 +0200 Subject: [PATCH] usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs The Cypress HX3 USB3.0 hubs use different PID values depending on the product variant. The comment in compatibles table is misleading, as the currently used PIDs (0x6504 and 0x6506 for USB 3.0 and USB 2.0, respectively) are defaults for the CYUSB331x, while CYUSB330x and CYUSB332x variants use different values. Based on the datasheet [1], update the compatible usb devices table to handle different types of the hub. The change also includes vendor mode PIDs, which are used by the hub in I2C Master boot mode, if connected EEPROM contains invalid signature or is blank. This allows to correctly boot the hub even if the EEPROM will have broken content. Number of vcc supplies and timing requirements are the same for all HX variants, so the platform driver's match table does not have to be extended. [1] https://www.infineon.com/dgdl/Infineon-HX3_USB_3_0_Hub_Consumer_Industrial-… Table 9. PID Values Fixes: b43cd82a1a40 ("usb: misc: onboard-hub: add support for Cypress HX3 USB 3.0 family") Cc: stable <stable(a)kernel.org> Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Link: https://lore.kernel.org/r/20250425-onboard_usb_dev-v2-1-4a76a474a010@thauma… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/misc/onboard_usb_dev.c b/drivers/usb/misc/onboard_usb_dev.c index 75ac3c6aa92d..f5372dfa241a 100644 --- a/drivers/usb/misc/onboard_usb_dev.c +++ b/drivers/usb/misc/onboard_usb_dev.c @@ -569,8 +569,14 @@ static void onboard_dev_usbdev_disconnect(struct usb_device *udev) } static const struct usb_device_id onboard_dev_id_table[] = { - { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6504) }, /* CYUSB33{0,1,2}x/CYUSB230x 3.0 HUB */ - { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6506) }, /* CYUSB33{0,1,2}x/CYUSB230x 2.0 HUB */ + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6500) }, /* CYUSB330x 3.0 HUB */ + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6502) }, /* CYUSB330x 2.0 HUB */ + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6503) }, /* CYUSB33{0,1}x 2.0 HUB, Vendor Mode */ + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6504) }, /* CYUSB331x 3.0 HUB */ + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6506) }, /* CYUSB331x 2.0 HUB */ + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6507) }, /* CYUSB332x 2.0 HUB, Vendor Mode */ + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6508) }, /* CYUSB332x 3.0 HUB */ + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x650a) }, /* CYUSB332x 2.0 HUB */ { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6570) }, /* CY7C6563x 2.0 HUB */ { USB_DEVICE(VENDOR_ID_GENESYS, 0x0608) }, /* Genesys Logic GL850G USB 2.0 HUB */ { USB_DEVICE(VENDOR_ID_GENESYS, 0x0610) }, /* Genesys Logic GL852G USB 2.0 HUB */

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Make gadget_wakeup asynchronous" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2372f1caeca433c4c01c2482f73fbe057f5168ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051215-spiffy-repost-d6d8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2372f1caeca433c4c01c2482f73fbe057f5168ce Mon Sep 17 00:00:00 2001 From: Prashanth K <prashanth.k(a)oss.qualcomm.com> Date: Tue, 22 Apr 2025 16:02:31 +0530 Subject: [PATCH] usb: dwc3: gadget: Make gadget_wakeup asynchronous Currently gadget_wakeup() waits for U0 synchronously if it was called from func_wakeup(), this is because we need to send the function wakeup command soon after the link is active. And the call is made synchronous by polling DSTS continuosly for 20000 times in __dwc3_gadget_wakeup(). But it observed that sometimes the link is not active even after polling 20K times, leading to remote wakeup failures. Adding a small delay between each poll helps, but that won't guarantee resolution in future. Hence make the gadget_wakeup completely asynchronous. Since multiple interfaces can issue a function wakeup at once, add a new variable wakeup_pending_funcs which will indicate the functions that has issued func_wakup, this is represented in a bitmap format. If the link is in U3, dwc3_gadget_func_wakeup() will set the bit corresponding to interface_id and bail out. Once link comes back to U0, linksts_change irq is triggered, where the function wakeup command is sent based on bitmap. Cc: stable <stable(a)kernel.org> Fixes: 92c08a84b53e ("usb: dwc3: Add function suspend and function wakeup support") Signed-off-by: Prashanth K <prashanth.k(a)oss.qualcomm.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20250422103231.1954387-4-prashanth.k@oss.qualcomm… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index aaa39e663f60..27eae4cf223d 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1164,6 +1164,9 @@ struct dwc3_scratchpad_array { * @gsbuscfg0_reqinfo: store GSBUSCFG0.DATRDREQINFO, DESRDREQINFO, * DATWRREQINFO, and DESWRREQINFO value passed from * glue driver. + * @wakeup_pending_funcs: Indicates whether any interface has requested for + * function wakeup in bitmap format where bit position + * represents interface_id. */ struct dwc3 { struct work_struct drd_work; @@ -1394,6 +1397,7 @@ struct dwc3 { int num_ep_resized; struct dentry *debug_root; u32 gsbuscfg0_reqinfo; + u32 wakeup_pending_funcs; }; #define INCRX_BURST_MODE 0 diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 8c30d86cc4e3..321361288935 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -276,8 +276,6 @@ int dwc3_send_gadget_generic_command(struct dwc3 *dwc, unsigned int cmd, return ret; } -static int __dwc3_gadget_wakeup(struct dwc3 *dwc, bool async); - /** * dwc3_send_gadget_ep_cmd - issue an endpoint command * @dep: the endpoint to which the command is going to be issued @@ -2359,10 +2357,8 @@ static int dwc3_gadget_get_frame(struct usb_gadget *g) return __dwc3_gadget_get_frame(dwc); } -static int __dwc3_gadget_wakeup(struct dwc3 *dwc, bool async) +static int __dwc3_gadget_wakeup(struct dwc3 *dwc) { - int retries; - int ret; u32 reg; @@ -2390,8 +2386,7 @@ static int __dwc3_gadget_wakeup(struct dwc3 *dwc, bool async) return -EINVAL; } - if (async) - dwc3_gadget_enable_linksts_evts(dwc, true); + dwc3_gadget_enable_linksts_evts(dwc, true); ret = dwc3_gadget_set_link_state(dwc, DWC3_LINK_STATE_RECOV); if (ret < 0) { @@ -2410,27 +2405,8 @@ static int __dwc3_gadget_wakeup(struct dwc3 *dwc, bool async) /* * Since link status change events are enabled we will receive - * an U0 event when wakeup is successful. So bail out. + * an U0 event when wakeup is successful. */ - if (async) - return 0; - - /* poll until Link State changes to ON */ - retries = 20000; - - while (retries--) { - reg = dwc3_readl(dwc->regs, DWC3_DSTS); - - /* in HS, means ON */ - if (DWC3_DSTS_USBLNKST(reg) == DWC3_LINK_STATE_U0) - break; - } - - if (DWC3_DSTS_USBLNKST(reg) != DWC3_LINK_STATE_U0) { - dev_err(dwc->dev, "failed to send remote wakeup\n"); - return -EINVAL; - } - return 0; } @@ -2451,7 +2427,7 @@ static int dwc3_gadget_wakeup(struct usb_gadget *g) spin_unlock_irqrestore(&dwc->lock, flags); return -EINVAL; } - ret = __dwc3_gadget_wakeup(dwc, true); + ret = __dwc3_gadget_wakeup(dwc); spin_unlock_irqrestore(&dwc->lock, flags); @@ -2479,14 +2455,10 @@ static int dwc3_gadget_func_wakeup(struct usb_gadget *g, int intf_id) */ link_state = dwc3_gadget_get_link_state(dwc); if (link_state == DWC3_LINK_STATE_U3) { - ret = __dwc3_gadget_wakeup(dwc, false); - if (ret) { - spin_unlock_irqrestore(&dwc->lock, flags); - return -EINVAL; - } - dwc3_resume_gadget(dwc); - dwc->suspended = false; - dwc->link_state = DWC3_LINK_STATE_U0; + dwc->wakeup_pending_funcs |= BIT(intf_id); + ret = __dwc3_gadget_wakeup(dwc); + spin_unlock_irqrestore(&dwc->lock, flags); + return ret; } ret = dwc3_send_gadget_generic_command(dwc, DWC3_DGCMD_DEV_NOTIFICATION, @@ -4353,6 +4325,8 @@ static void dwc3_gadget_linksts_change_interrupt(struct dwc3 *dwc, { enum dwc3_link_state next = evtinfo & DWC3_LINK_STATE_MASK; unsigned int pwropt; + int ret; + int intf_id; /* * WORKAROUND: DWC3 < 2.50a have an issue when configured without @@ -4428,7 +4402,7 @@ static void dwc3_gadget_linksts_change_interrupt(struct dwc3 *dwc, switch (next) { case DWC3_LINK_STATE_U0: - if (dwc->gadget->wakeup_armed) { + if (dwc->gadget->wakeup_armed || dwc->wakeup_pending_funcs) { dwc3_gadget_enable_linksts_evts(dwc, false); dwc3_resume_gadget(dwc); dwc->suspended = false; @@ -4451,6 +4425,18 @@ static void dwc3_gadget_linksts_change_interrupt(struct dwc3 *dwc, } dwc->link_state = next; + + /* Proceed with func wakeup if any interfaces that has requested */ + while (dwc->wakeup_pending_funcs && (next == DWC3_LINK_STATE_U0)) { + intf_id = ffs(dwc->wakeup_pending_funcs) - 1; + ret = dwc3_send_gadget_generic_command(dwc, DWC3_DGCMD_DEV_NOTIFICATION, + DWC3_DGCMDPAR_DN_FUNC_WAKE | + DWC3_DGCMDPAR_INTF_SEL(intf_id)); + if (ret) + dev_err(dwc->dev, "Failed to send DN wake for intf %d\n", intf_id); + + dwc->wakeup_pending_funcs &= ~BIT(intf_id); + } } static void dwc3_gadget_suspend_interrupt(struct dwc3 *dwc,

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: mprls0025pa: use aligned_s64 for timestamp" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ffcd19e9f4cca0c8f9e23e88f968711acefbb37b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051255-frequency-concept-f9f5@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffcd19e9f4cca0c8f9e23e88f968711acefbb37b Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Fri, 18 Apr 2025 11:17:14 -0500 Subject: [PATCH] iio: pressure: mprls0025pa: use aligned_s64 for timestamp Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure the struct itself it also 8-byte aligned. While touching this, convert struct mpr_chan to an anonymous struct to consolidate the code a bit to make it easier for future readers. Fixes: 713337d9143e ("iio: pressure: Honeywell mprls0025pa pressure sensor") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250418-iio-more-timestamp-alignment-v2-2-d6a5d2b… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/mprls0025pa.h b/drivers/iio/pressure/mprls0025pa.h index 9d5c30afa9d6..d62a018eaff3 100644 --- a/drivers/iio/pressure/mprls0025pa.h +++ b/drivers/iio/pressure/mprls0025pa.h @@ -34,16 +34,6 @@ struct iio_dev; struct mpr_data; struct mpr_ops; -/** - * struct mpr_chan - * @pres: pressure value - * @ts: timestamp - */ -struct mpr_chan { - s32 pres; - s64 ts; -}; - enum mpr_func_id { MPR_FUNCTION_A, MPR_FUNCTION_B, @@ -69,6 +59,8 @@ enum mpr_func_id { * reading in a loop until data is ready * @completion: handshake from irq to read * @chan: channel values for buffered mode + * @chan.pres: pressure value + * @chan.ts: timestamp * @buffer: raw conversion data */ struct mpr_data { @@ -87,7 +79,10 @@ struct mpr_data { struct gpio_desc *gpiod_reset; int irq; struct completion completion; - struct mpr_chan chan; + struct { + s32 pres; + aligned_s64 ts; + } chan; u8 buffer[MPR_MEASUREMENT_RD_SIZE] __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: chemical: pms7003: use aligned_s64 for timestamp" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 6ffa698674053e82e811520642db2650d00d2c01 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051248-cabana-diaphragm-f579@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ffa698674053e82e811520642db2650d00d2c01 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 17 Apr 2025 11:52:36 -0500 Subject: [PATCH] iio: chemical: pms7003: use aligned_s64 for timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure that the timestamp is correctly aligned on all architectures. Also move the unaligned.h header while touching this since it was the only one not in alphabetical order. Fixes: 13e945631c2f ("iio:chemical:pms7003: Fix timestamp alignment and prevent data leak.") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250417-iio-more-timestamp-alignment-v1-4-eafac1e… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/chemical/pms7003.c b/drivers/iio/chemical/pms7003.c index d0bd94912e0a..e05ce1f12065 100644 --- a/drivers/iio/chemical/pms7003.c +++ b/drivers/iio/chemical/pms7003.c @@ -5,7 +5,6 @@ * Copyright (c) Tomasz Duszynski <tduszyns(a)gmail.com> */ -#include <linux/unaligned.h> #include <linux/completion.h> #include <linux/device.h> #include <linux/errno.h> @@ -19,6 +18,8 @@ #include <linux/module.h> #include <linux/mutex.h> #include <linux/serdev.h> +#include <linux/types.h> +#include <linux/unaligned.h> #define PMS7003_DRIVER_NAME "pms7003" @@ -76,7 +77,7 @@ struct pms7003_state { /* Used to construct scan to push to the IIO buffer */ struct { u16 data[3]; /* PM1, PM2P5, PM10 */ - s64 ts; + aligned_s64 ts; } scan; };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: chemical: sps30: use aligned_s64 for timestamp" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bb49d940344bcb8e2b19e69d7ac86f567887ea9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051235-quit-circus-c6e7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bb49d940344bcb8e2b19e69d7ac86f567887ea9a Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 17 Apr 2025 11:52:37 -0500 Subject: [PATCH] iio: chemical: sps30: use aligned_s64 for timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure that the timestamp is correctly aligned on all architectures. Fixes: a5bf6fdd19c3 ("iio:chemical:sps30: Fix timestamp alignment") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250417-iio-more-timestamp-alignment-v1-5-eafac1e… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/chemical/sps30.c b/drivers/iio/chemical/sps30.c index 6f4f2ba2c09d..a7888146188d 100644 --- a/drivers/iio/chemical/sps30.c +++ b/drivers/iio/chemical/sps30.c @@ -108,7 +108,7 @@ static irqreturn_t sps30_trigger_handler(int irq, void *p) int ret; struct { s32 data[4]; /* PM1, PM2P5, PM4, PM10 */ - s64 ts; + aligned_s64 ts; } scan; mutex_lock(&state->lock);

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: chemical: sps30: use aligned_s64 for timestamp" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x bb49d940344bcb8e2b19e69d7ac86f567887ea9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051234-swerve-tamer-8fde@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bb49d940344bcb8e2b19e69d7ac86f567887ea9a Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 17 Apr 2025 11:52:37 -0500 Subject: [PATCH] iio: chemical: sps30: use aligned_s64 for timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure that the timestamp is correctly aligned on all architectures. Fixes: a5bf6fdd19c3 ("iio:chemical:sps30: Fix timestamp alignment") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250417-iio-more-timestamp-alignment-v1-5-eafac1e… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/chemical/sps30.c b/drivers/iio/chemical/sps30.c index 6f4f2ba2c09d..a7888146188d 100644 --- a/drivers/iio/chemical/sps30.c +++ b/drivers/iio/chemical/sps30.c @@ -108,7 +108,7 @@ static irqreturn_t sps30_trigger_handler(int irq, void *p) int ret; struct { s32 data[4]; /* PM1, PM2P5, PM4, PM10 */ - s64 ts; + aligned_s64 ts; } scan; mutex_lock(&state->lock);

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: chemical: sps30: use aligned_s64 for timestamp" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x bb49d940344bcb8e2b19e69d7ac86f567887ea9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051234-respect-outgrow-ba49@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bb49d940344bcb8e2b19e69d7ac86f567887ea9a Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 17 Apr 2025 11:52:37 -0500 Subject: [PATCH] iio: chemical: sps30: use aligned_s64 for timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure that the timestamp is correctly aligned on all architectures. Fixes: a5bf6fdd19c3 ("iio:chemical:sps30: Fix timestamp alignment") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250417-iio-more-timestamp-alignment-v1-5-eafac1e… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/chemical/sps30.c b/drivers/iio/chemical/sps30.c index 6f4f2ba2c09d..a7888146188d 100644 --- a/drivers/iio/chemical/sps30.c +++ b/drivers/iio/chemical/sps30.c @@ -108,7 +108,7 @@ static irqreturn_t sps30_trigger_handler(int irq, void *p) int ret; struct { s32 data[4]; /* PM1, PM2P5, PM4, PM10 */ - s64 ts; + aligned_s64 ts; } scan; mutex_lock(&state->lock);

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: chemical: sps30: use aligned_s64 for timestamp" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bb49d940344bcb8e2b19e69d7ac86f567887ea9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051233-captivity-mustard-1a5c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bb49d940344bcb8e2b19e69d7ac86f567887ea9a Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 17 Apr 2025 11:52:37 -0500 Subject: [PATCH] iio: chemical: sps30: use aligned_s64 for timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure that the timestamp is correctly aligned on all architectures. Fixes: a5bf6fdd19c3 ("iio:chemical:sps30: Fix timestamp alignment") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250417-iio-more-timestamp-alignment-v1-5-eafac1e… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/chemical/sps30.c b/drivers/iio/chemical/sps30.c index 6f4f2ba2c09d..a7888146188d 100644 --- a/drivers/iio/chemical/sps30.c +++ b/drivers/iio/chemical/sps30.c @@ -108,7 +108,7 @@ static irqreturn_t sps30_trigger_handler(int irq, void *p) int ret; struct { s32 data[4]; /* PM1, PM2P5, PM4, PM10 */ - s64 ts; + aligned_s64 ts; } scan; mutex_lock(&state->lock);

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: chemical: sps30: use aligned_s64 for timestamp" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bb49d940344bcb8e2b19e69d7ac86f567887ea9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051233-catchy-scary-b2a5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bb49d940344bcb8e2b19e69d7ac86f567887ea9a Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 17 Apr 2025 11:52:37 -0500 Subject: [PATCH] iio: chemical: sps30: use aligned_s64 for timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure that the timestamp is correctly aligned on all architectures. Fixes: a5bf6fdd19c3 ("iio:chemical:sps30: Fix timestamp alignment") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250417-iio-more-timestamp-alignment-v1-5-eafac1e… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/chemical/sps30.c b/drivers/iio/chemical/sps30.c index 6f4f2ba2c09d..a7888146188d 100644 --- a/drivers/iio/chemical/sps30.c +++ b/drivers/iio/chemical/sps30.c @@ -108,7 +108,7 @@ static irqreturn_t sps30_trigger_handler(int irq, void *p) int ret; struct { s32 data[4]; /* PM1, PM2P5, PM4, PM10 */ - s64 ts; + aligned_s64 ts; } scan; mutex_lock(&state->lock);

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: chemical: sps30: use aligned_s64 for timestamp" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x bb49d940344bcb8e2b19e69d7ac86f567887ea9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051232-trivial-handbook-ec4c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bb49d940344bcb8e2b19e69d7ac86f567887ea9a Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 17 Apr 2025 11:52:37 -0500 Subject: [PATCH] iio: chemical: sps30: use aligned_s64 for timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure that the timestamp is correctly aligned on all architectures. Fixes: a5bf6fdd19c3 ("iio:chemical:sps30: Fix timestamp alignment") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250417-iio-more-timestamp-alignment-v1-5-eafac1e… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/chemical/sps30.c b/drivers/iio/chemical/sps30.c index 6f4f2ba2c09d..a7888146188d 100644 --- a/drivers/iio/chemical/sps30.c +++ b/drivers/iio/chemical/sps30.c @@ -108,7 +108,7 @@ static irqreturn_t sps30_trigger_handler(int irq, void *p) int ret; struct { s32 data[4]; /* PM1, PM2P5, PM4, PM10 */ - s64 ts; + aligned_s64 ts; } scan; mutex_lock(&state->lock);

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051216-wreath-barrier-759f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051215-doorstop-corporate-98dc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051210-january-gallstone-4417@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051209-quantum-unlaced-36e2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051209-pronto-scapegoat-fa4b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051208-removed-stove-9fcf@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp." failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051206-accuracy-cover-113a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:25 +0100 Subject: [PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is not 64-bit aligned, this may result insufficient alignment of the timestamp and the structure being too small. Use aligned_s64 to force the alignment. Fixes: a1caeebab07e ("iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp()") # aligned_s64 newer Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-3-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index 5a863005aca6..5e0be36af0c5 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -168,7 +168,7 @@ struct ad7768_state { union { struct { __be32 chan; - s64 timestamp; + aligned_s64 timestamp; } scan; __be32 d32; u8 d8[2];

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp." failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051205-spelling-reconvene-1e4a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:25 +0100 Subject: [PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is not 64-bit aligned, this may result insufficient alignment of the timestamp and the structure being too small. Use aligned_s64 to force the alignment. Fixes: a1caeebab07e ("iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp()") # aligned_s64 newer Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-3-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index 5a863005aca6..5e0be36af0c5 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -168,7 +168,7 @@ struct ad7768_state { union { struct { __be32 chan; - s64 timestamp; + aligned_s64 timestamp; } scan; __be32 d32; u8 d8[2];

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp." failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051205-undoing-hydration-4060@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:25 +0100 Subject: [PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is not 64-bit aligned, this may result insufficient alignment of the timestamp and the structure being too small. Use aligned_s64 to force the alignment. Fixes: a1caeebab07e ("iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp()") # aligned_s64 newer Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-3-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index 5a863005aca6..5e0be36af0c5 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -168,7 +168,7 @@ struct ad7768_state { union { struct { __be32 chan; - s64 timestamp; + aligned_s64 timestamp; } scan; __be32 d32; u8 d8[2];

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp." failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051204-sedate-collar-e8b8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:25 +0100 Subject: [PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is not 64-bit aligned, this may result insufficient alignment of the timestamp and the structure being too small. Use aligned_s64 to force the alignment. Fixes: a1caeebab07e ("iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp()") # aligned_s64 newer Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-3-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index 5a863005aca6..5e0be36af0c5 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -168,7 +168,7 @@ struct ad7768_state { union { struct { __be32 chan; - s64 timestamp; + aligned_s64 timestamp; } scan; __be32 d32; u8 d8[2];

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp." failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051204-seclusion-marigold-ffe0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:25 +0100 Subject: [PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is not 64-bit aligned, this may result insufficient alignment of the timestamp and the structure being too small. Use aligned_s64 to force the alignment. Fixes: a1caeebab07e ("iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp()") # aligned_s64 newer Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-3-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index 5a863005aca6..5e0be36af0c5 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -168,7 +168,7 @@ struct ad7768_state { union { struct { __be32 chan; - s64 timestamp; + aligned_s64 timestamp; } scan; __be32 d32; u8 d8[2];

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp." failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051203-nape-sixteen-9c73@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffbc26bc91c1f1eb3dcf5d8776e74cbae21ee13a Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:25 +0100 Subject: [PATCH] iio: adc: ad7768-1: Fix insufficient alignment of timestamp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is not 64-bit aligned, this may result insufficient alignment of the timestamp and the structure being too small. Use aligned_s64 to force the alignment. Fixes: a1caeebab07e ("iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp()") # aligned_s64 newer Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-3-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index 5a863005aca6..5e0be36af0c5 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -168,7 +168,7 @@ struct ad7768_state { union { struct { __be32 chan; - s64 timestamp; + aligned_s64 timestamp; } scan; __be32 d32; u8 d8[2];

7 months

1
0
0 0

FAILED: patch "[PATCH] xhci: dbc: Avoid event polling busyloop if pending rx" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x cab63934c33b12c0d1e9f4da7450928057f2c142 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051253-undertook-polo-7c94@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cab63934c33b12c0d1e9f4da7450928057f2c142 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Mon, 5 May 2025 15:56:30 +0300 Subject: [PATCH] xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Event polling delay is set to 0 if there are any pending requests in either rx or tx requests lists. Checking for pending requests does not work well for "IN" transfers as the tty driver always queues requests to the list and TRBs to the ring, preparing to receive data from the host. This causes unnecessary busylooping and cpu hogging. Only set the event polling delay to 0 if there are pending tx "write" transfers, or if it was less than 10ms since last active data transfer in any direction. Cc: Łukasz Bartosik <ukaszb(a)chromium.org> Fixes: fb18e5bb9660 ("xhci: dbc: poll at different rate depending on data transfer activity") Cc: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250505125630.561699-3-mathias.nyman@linux.intel… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-dbgcap.c b/drivers/usb/host/xhci-dbgcap.c index fd7895b24367..0d4ce5734165 100644 --- a/drivers/usb/host/xhci-dbgcap.c +++ b/drivers/usb/host/xhci-dbgcap.c @@ -823,6 +823,7 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) { dma_addr_t deq; union xhci_trb *evt; + enum evtreturn ret = EVT_DONE; u32 ctrl, portsc; bool update_erdp = false; @@ -909,6 +910,7 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) break; case TRB_TYPE(TRB_TRANSFER): dbc_handle_xfer_event(dbc, evt); + ret = EVT_XFER_DONE; break; default: break; @@ -927,7 +929,7 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) lo_hi_writeq(deq, &dbc->regs->erdp); } - return EVT_DONE; + return ret; } static void xhci_dbc_handle_events(struct work_struct *work) @@ -936,6 +938,7 @@ static void xhci_dbc_handle_events(struct work_struct *work) struct xhci_dbc *dbc; unsigned long flags; unsigned int poll_interval; + unsigned long busypoll_timelimit; dbc = container_of(to_delayed_work(work), struct xhci_dbc, event_work); poll_interval = dbc->poll_interval; @@ -954,11 +957,21 @@ static void xhci_dbc_handle_events(struct work_struct *work) dbc->driver->disconnect(dbc); break; case EVT_DONE: - /* set fast poll rate if there are pending data transfers */ + /* + * Set fast poll rate if there are pending out transfers, or + * a transfer was recently processed + */ + busypoll_timelimit = dbc->xfer_timestamp + + msecs_to_jiffies(DBC_XFER_INACTIVITY_TIMEOUT); + if (!list_empty(&dbc->eps[BULK_OUT].list_pending) || - !list_empty(&dbc->eps[BULK_IN].list_pending)) + time_is_after_jiffies(busypoll_timelimit)) poll_interval = 0; break; + case EVT_XFER_DONE: + dbc->xfer_timestamp = jiffies; + poll_interval = 0; + break; default: dev_info(dbc->dev, "stop handling dbc events\n"); return; diff --git a/drivers/usb/host/xhci-dbgcap.h b/drivers/usb/host/xhci-dbgcap.h index 9dc8f4d8077c..47ac72c2286d 100644 --- a/drivers/usb/host/xhci-dbgcap.h +++ b/drivers/usb/host/xhci-dbgcap.h @@ -96,6 +96,7 @@ struct dbc_ep { #define DBC_WRITE_BUF_SIZE 8192 #define DBC_POLL_INTERVAL_DEFAULT 64 /* milliseconds */ #define DBC_POLL_INTERVAL_MAX 5000 /* milliseconds */ +#define DBC_XFER_INACTIVITY_TIMEOUT 10 /* milliseconds */ /* * Private structure for DbC hardware state: */ @@ -142,6 +143,7 @@ struct xhci_dbc { enum dbc_state state; struct delayed_work event_work; unsigned int poll_interval; /* ms */ + unsigned long xfer_timestamp; unsigned resume_required:1; struct dbc_ep eps[2]; @@ -187,6 +189,7 @@ struct dbc_request { enum evtreturn { EVT_ERR = -1, EVT_DONE, + EVT_XFER_DONE, EVT_GSER, EVT_DISC, };

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix wrong handling for AUX_DEFER case" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 65924ec69b29296845c7f628112353438e63ea56 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051216-denote-richly-592b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65924ec69b29296845c7f628112353438e63ea56 Mon Sep 17 00:00:00 2001 From: Wayne Lin <Wayne.Lin(a)amd.com> Date: Sun, 20 Apr 2025 19:22:14 +0800 Subject: [PATCH] drm/amd/display: Fix wrong handling for AUX_DEFER case [Why] We incorrectly ack all bytes get written when the reply actually is defer. When it's defer, means sink is not ready for the request. We should retry the request. [How] Only reply all data get written when receive I2C_ACK|AUX_ACK. Otherwise, reply the number of actual written bytes received from the sink. Add some messages to facilitate debugging as well. Fixes: ad6756b4d773 ("drm/amd/display: Shift dc link aux to aux_payload") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Ray Wu <ray.wu(a)amd.com> Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 3637e457eb0000bc37d8bbbec95964aad2fb29fd) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 7ceedf626d23..074b79fd5822 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -51,6 +51,9 @@ #define PEAK_FACTOR_X1000 1006 +/* + * This function handles both native AUX and I2C-Over-AUX transactions. + */ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) { @@ -87,15 +90,25 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, if (adev->dm.aux_hpd_discon_quirk) { if (msg->address == DP_SIDEBAND_MSG_DOWN_REQ_BASE && operation_result == AUX_RET_ERROR_HPD_DISCON) { - result = 0; + result = msg->size; operation_result = AUX_RET_SUCCESS; } } - if (payload.write && result >= 0) - result = msg->size; + /* + * result equals to 0 includes the cases of AUX_DEFER/I2C_DEFER + */ + if (payload.write && result >= 0) { + if (result) { + /*one byte indicating partially written bytes. Force 0 to retry*/ + drm_info(adev_to_drm(adev), "amdgpu: AUX partially written\n"); + result = 0; + } else if (!payload.reply[0]) + /*I2C_ACK|AUX_ACK*/ + result = msg->size; + } - if (result < 0) + if (result < 0) { switch (operation_result) { case AUX_RET_SUCCESS: break; @@ -114,6 +127,13 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, break; } + drm_info(adev_to_drm(adev), "amdgpu: DP AUX transfer fail:%d\n", operation_result); + } + + if (payload.reply[0]) + drm_info(adev_to_drm(adev), "amdgpu: AUX reply command not ACK: 0x%02x.", + payload.reply[0]); + return result; }

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix wrong handling for AUX_DEFER case" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 65924ec69b29296845c7f628112353438e63ea56 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051215-judge-sliding-c90c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65924ec69b29296845c7f628112353438e63ea56 Mon Sep 17 00:00:00 2001 From: Wayne Lin <Wayne.Lin(a)amd.com> Date: Sun, 20 Apr 2025 19:22:14 +0800 Subject: [PATCH] drm/amd/display: Fix wrong handling for AUX_DEFER case [Why] We incorrectly ack all bytes get written when the reply actually is defer. When it's defer, means sink is not ready for the request. We should retry the request. [How] Only reply all data get written when receive I2C_ACK|AUX_ACK. Otherwise, reply the number of actual written bytes received from the sink. Add some messages to facilitate debugging as well. Fixes: ad6756b4d773 ("drm/amd/display: Shift dc link aux to aux_payload") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Ray Wu <ray.wu(a)amd.com> Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 3637e457eb0000bc37d8bbbec95964aad2fb29fd) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 7ceedf626d23..074b79fd5822 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -51,6 +51,9 @@ #define PEAK_FACTOR_X1000 1006 +/* + * This function handles both native AUX and I2C-Over-AUX transactions. + */ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) { @@ -87,15 +90,25 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, if (adev->dm.aux_hpd_discon_quirk) { if (msg->address == DP_SIDEBAND_MSG_DOWN_REQ_BASE && operation_result == AUX_RET_ERROR_HPD_DISCON) { - result = 0; + result = msg->size; operation_result = AUX_RET_SUCCESS; } } - if (payload.write && result >= 0) - result = msg->size; + /* + * result equals to 0 includes the cases of AUX_DEFER/I2C_DEFER + */ + if (payload.write && result >= 0) { + if (result) { + /*one byte indicating partially written bytes. Force 0 to retry*/ + drm_info(adev_to_drm(adev), "amdgpu: AUX partially written\n"); + result = 0; + } else if (!payload.reply[0]) + /*I2C_ACK|AUX_ACK*/ + result = msg->size; + } - if (result < 0) + if (result < 0) { switch (operation_result) { case AUX_RET_SUCCESS: break; @@ -114,6 +127,13 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, break; } + drm_info(adev_to_drm(adev), "amdgpu: DP AUX transfer fail:%d\n", operation_result); + } + + if (payload.reply[0]) + drm_info(adev_to_drm(adev), "amdgpu: AUX reply command not ACK: 0x%02x.", + payload.reply[0]); + return result; }

7 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/amd: Stop evicting resources on APUs in suspend"" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d0ce1aaa8531a4a4707711cab5721374751c51b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051256-uncork-pointed-310b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d0ce1aaa8531a4a4707711cab5721374751c51b0 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Thu, 1 May 2025 13:00:16 -0400 Subject: [PATCH] Revert "drm/amd: Stop evicting resources on APUs in suspend" This reverts commit 3a9626c816db901def438dc2513622e281186d39. This breaks S4 because we end up setting the s3/s0ix flags even when we are entering s4 since prepare is used by both flows. The causes both the S3/s0ix and s4 flags to be set which breaks several checks in the driver which assume they are mutually exclusive. Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3634 Cc: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit ce8f7d95899c2869b47ea6ce0b3e5bf304b2fff4) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h index ef6e78224fdf..c3641331d4de 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h @@ -1614,11 +1614,9 @@ static inline void amdgpu_acpi_get_backlight_caps(struct amdgpu_dm_backlight_cap #if defined(CONFIG_ACPI) && defined(CONFIG_SUSPEND) bool amdgpu_acpi_is_s3_active(struct amdgpu_device *adev); bool amdgpu_acpi_is_s0ix_active(struct amdgpu_device *adev); -void amdgpu_choose_low_power_state(struct amdgpu_device *adev); #else static inline bool amdgpu_acpi_is_s0ix_active(struct amdgpu_device *adev) { return false; } static inline bool amdgpu_acpi_is_s3_active(struct amdgpu_device *adev) { return false; } -static inline void amdgpu_choose_low_power_state(struct amdgpu_device *adev) { } #endif void amdgpu_register_gpu_instance(struct amdgpu_device *adev); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c index b7f8f2ff143d..707e131f89d2 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c @@ -1533,22 +1533,4 @@ bool amdgpu_acpi_is_s0ix_active(struct amdgpu_device *adev) #endif /* CONFIG_AMD_PMC */ } -/** - * amdgpu_choose_low_power_state - * - * @adev: amdgpu_device_pointer - * - * Choose the target low power state for the GPU - */ -void amdgpu_choose_low_power_state(struct amdgpu_device *adev) -{ - if (adev->in_runpm) - return; - - if (amdgpu_acpi_is_s0ix_active(adev)) - adev->in_s0ix = true; - else if (amdgpu_acpi_is_s3_active(adev)) - adev->in_s3 = true; -} - #endif /* CONFIG_SUSPEND */ diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index 7f354cd532dc..5ac7bd5942d0 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -4949,15 +4949,13 @@ int amdgpu_device_prepare(struct drm_device *dev) struct amdgpu_device *adev = drm_to_adev(dev); int i, r; - amdgpu_choose_low_power_state(adev); - if (dev->switch_power_state == DRM_SWITCH_POWER_OFF) return 0; /* Evict the majority of BOs before starting suspend sequence */ r = amdgpu_device_evict_resources(adev); if (r) - goto unprepare; + return r; flush_delayed_work(&adev->gfx.gfx_off_delay_work); @@ -4968,15 +4966,10 @@ int amdgpu_device_prepare(struct drm_device *dev) continue; r = adev->ip_blocks[i].version->funcs->prepare_suspend(&adev->ip_blocks[i]); if (r) - goto unprepare; + return r; } return 0; - -unprepare: - adev->in_s0ix = adev->in_s3 = adev->in_s4 = false; - - return r; } /**

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: chemical: pms7003: use aligned_s64 for timestamp" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6ffa698674053e82e811520642db2650d00d2c01 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051243-series-tributary-6e22@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ffa698674053e82e811520642db2650d00d2c01 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 17 Apr 2025 11:52:36 -0500 Subject: [PATCH] iio: chemical: pms7003: use aligned_s64 for timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow the pattern of other drivers and use aligned_s64 for the timestamp. This will ensure that the timestamp is correctly aligned on all architectures. Also move the unaligned.h header while touching this since it was the only one not in alphabetical order. Fixes: 13e945631c2f ("iio:chemical:pms7003: Fix timestamp alignment and prevent data leak.") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250417-iio-more-timestamp-alignment-v1-4-eafac1e… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/chemical/pms7003.c b/drivers/iio/chemical/pms7003.c index d0bd94912e0a..e05ce1f12065 100644 --- a/drivers/iio/chemical/pms7003.c +++ b/drivers/iio/chemical/pms7003.c @@ -5,7 +5,6 @@ * Copyright (c) Tomasz Duszynski <tduszyns(a)gmail.com> */ -#include <linux/unaligned.h> #include <linux/completion.h> #include <linux/device.h> #include <linux/errno.h> @@ -19,6 +18,8 @@ #include <linux/module.h> #include <linux/mutex.h> #include <linux/serdev.h> +#include <linux/types.h> +#include <linux/unaligned.h> #define PMS7003_DRIVER_NAME "pms7003" @@ -76,7 +77,7 @@ struct pms7003_state { /* Used to construct scan to push to the IIO buffer */ struct { u16 data[3]; /* PM1, PM2P5, PM10 */ - s64 ts; + aligned_s64 ts; } scan; };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7606: check for NULL before calling" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 5257d80e22bf27009d6742e4c174f42cfe54e425 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051239-superior-nutlike-e1b7@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5257d80e22bf27009d6742e4c174f42cfe54e425 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Tue, 18 Mar 2025 17:52:09 -0500 Subject: [PATCH] iio: adc: ad7606: check for NULL before calling sw_mode_config() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Check that the sw_mode_config function pointer is not NULL before calling it. Not all buses define this callback, which resulted in a NULL pointer dereference. Fixes: e571c1902116 ("iio: adc: ad7606: move scale_setup as function pointer on chip-info") Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250318-iio-adc-ad7606-improvements-v2-1-4b605427… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7606.c b/drivers/iio/adc/ad7606.c index 1a314fddd7eb..703556eb7257 100644 --- a/drivers/iio/adc/ad7606.c +++ b/drivers/iio/adc/ad7606.c @@ -1236,9 +1236,11 @@ static int ad7616_sw_mode_setup(struct iio_dev *indio_dev) st->write_scale = ad7616_write_scale_sw; st->write_os = &ad7616_write_os_sw; - ret = st->bops->sw_mode_config(indio_dev); - if (ret) - return ret; + if (st->bops->sw_mode_config) { + ret = st->bops->sw_mode_config(indio_dev); + if (ret) + return ret; + } /* Activate Burst mode and SEQEN MODE */ return ad7606_write_mask(st, AD7616_CONFIGURATION_REGISTER, @@ -1268,6 +1270,9 @@ static int ad7606b_sw_mode_setup(struct iio_dev *indio_dev) st->write_scale = ad7606_write_scale_sw; st->write_os = &ad7606_write_os_sw; + if (!st->bops->sw_mode_config) + return 0; + return st->bops->sw_mode_config(indio_dev); }

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051225-rind-sphinx-b9f1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051225-shell-xbox-704b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue." failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 52d349884738c346961e153f195f4c7fe186fcf4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051219-maybe-spilt-5bf6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52d349884738c346961e153f195f4c7fe186fcf4 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sun, 13 Apr 2025 11:34:24 +0100 Subject: [PATCH] iio: adc: ad7266: Fix potential timestamp alignment issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On architectures where an s64 is only 32-bit aligned insufficient padding would be left between the earlier elements and the timestamp. Use aligned_s64 to enforce the correct placement and ensure the storage is large enough. Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") # aligned_s64 is much newer. Reported-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250413103443.2420727-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 18559757f908..7fef2727f89e 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -45,7 +45,7 @@ struct ad7266_state { */ struct { __be16 sample[2]; - s64 timestamp; + aligned_s64 timestamp; } data __aligned(IIO_DMA_MINALIGN); };

7 months

1
0
0 0

[PATCH 6.1 000/569] 6.1.129-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.129 release. There are 569 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 22 Feb 2025 10:44:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.129-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.129-rc2 David Woodhouse <dwmw(a)amazon.co.uk> x86/i8253: Disable PIT timer 0 when not in use Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add NULL pointer check for kzalloc Chao Yu <chao(a)kernel.org> f2fs: fix to wait dio completion Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Hangbin Liu <liuhangbin(a)gmail.com> selftests: rtnetlink: update netdevsim ipsec output format Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: print human readable IP address Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> parport_pc: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> serial: 8250_pci: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> can: ems_pci: move ASIX AX99100 ids to pci_ids.h Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not force clear folio if buffer is referenced Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not output warnings when clearing dirty buffers Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Return right value in iommu_sva_bind_device() Andrew Cooper <andrew.cooper3(a)citrix.com> x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 John Ogness <john.ogness(a)linutronix.de> kdb: Do not assume write() callback available Christian Gmeiner <cgmeiner(a)igalia.com> drm/v3d: Stop active perfmon if it is being destroyed Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Clear the interrupt status for interrupts being disabled Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix issue in irq handling causing irq-flood issue Eric Dumazet <edumazet(a)google.com> ipv6: mcast: add RCU protection to mld_newpack() Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Li Zetao <lizetao1(a)huawei.com> neighbour: delete redundant judgment statements Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> flow_dissector: use RCU protection to fetch dev_net() Eric Dumazet <edumazet(a)google.com> ipv4: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in __ip_rt_update_pmtu() Vladimir Vdovin <deliran(a)verdict.gg> net: ipv4: Cache pmtu for all packet paths if multipath enabled Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ipv4_default_advmss() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Jiri Pirko <jiri(a)nvidia.com> net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: add RCU protection to ip4_dst_hoplimit() Waiman Long <longman(a)redhat.com> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Waiman Long <longman(a)redhat.com> clocksource: Use pr_info() for "Checking clocksource synchronization" message Filipe Manana <fdmanana(a)suse.com> btrfs: fix hole expansion when writing at an offset beyond EOF Wentao Liang <vulab(a)iscas.ac.cn> mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix register settings for hs400(es) mode Nathan Chancellor <nathan(a)kernel.org> arm64: Handle .ARM.attributes section in linker scripts Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: fix race between fork and cgroup.kill Ard Biesheuvel <ardb(a)kernel.org> efi: Avoid cold plugged memory for placing the kernel Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Fedor Pchelkin <pchelkin(a)ispras.ru> can: ctucanfd: handle skb allocation failure Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Stefan Eichenberger <stefan.eichenberger(a)toradex.com> usb: core: fix pipe creation for get_bMaxPacketSize0 Huacai Chen <chenhuacai(a)kernel.org> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)kernel.org> usb: gadget: udc: renesas_usb3: Fix compiler warning Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Sean Christopherson <seanjc(a)google.com> perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Enter guest mode before initializing nested NPT MMU Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Rik van Riel <riel(a)fb.com> x86/mm/tlb: Only trim the mm_cpumask once a second Koichiro Den <koichiro.den(a)canonical.com> selftests: gpio: gpio-sim: Fix missing chip disablements Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Abort event processing on second signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Abort event processing on second signal Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Rakesh Babu Saladi <Saladi.Rakeshbabu(a)microchip.com> PCI: switchtec: Add Microchip PCI100X device IDs Takashi Iwai <tiwai(a)suse.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Aaro Koskinen <aaro.koskinen(a)iki.fi> fbdev: omap: use threaded IRQ for LCD DMA Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Reset device on probe failure Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Petr Tesarik <petr.tesarik.ext(a)huawei.com> xen: remove a confusing comment on auto-translated guest I/O Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/selftests: avoid using uninitialized context Muhammad Adeel <Muhammad.Adeel(a)ibm.com> cgroup: Remove steal time from usage_usec Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Eric Dumazet <edumazet(a)google.com> vxlan: check vxlan_vnigroup_init() return value Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Tulio Fernandes <tuliomf09(a)gmail.com> HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix hang in nfsd4_shutdown_callback Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: clear acl_access/acl_default after releasing them Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix static analyser cppcheck issue Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent excessive coalescing on receive Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only set fullmesh for subflow endp Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix NULL pointer dereference in object->file Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: xilinx: remove excess kernel doc Paul Fertser <fercerpav(a)gmail.com> net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: commit provided buffer state on async Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_req_prep_async with provided buffers Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Darrick J. Wong <djwong(a)kernel.org> xfs: report realtime block quota limits on realtime directories Sean Anderson <sean.anderson(a)linux.dev> gpio: xilinx: Convert gpio_lock to raw spinlock Linus Walleij <linus.walleij(a)linaro.org> gpio: xilinx: Convert to immutable irq_chip Paul Fertser <fercerpav(a)gmail.com> net/ncsi: fix locking in Get MAC Address handling Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void Paolo Bonzini <pbonzini(a)redhat.com> KVM: e500: always restore irqs Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Vadim Fedorenko <vadfed(a)meta.com> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Antonio Borneo <antonio.borneo(a)foss.st.com> pinctrl: stm32: fix array read out of bound Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Thomas Weißschuh <linux(a)weissschuh.net> ptp: Properly handle compat ioctls Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Dan Carpenter <dan.carpenter(a)linaro.org> media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> staging: media: max96712: fix kernel oops when removing module Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> remoteproc: core: Fix ida_free call while not allocated Paolo Abeni <pabeni(a)redhat.com> mptcp: handle fastopen disconnect correctly Paolo Abeni <pabeni(a)redhat.com> mptcp: consolidate suboption status Kyle Tso <kyletso(a)google.com> usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Kyle Tso <kyletso(a)google.com> usb: dwc3: core: Defer the probe until USB power supply ready Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Fix Get/SetInterface return value Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Tim Huang <tim.huang(a)amd.com> drm/amd/display: fix double free issue during amdgpu module unload Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject mismatching sum of field_len with set key length Parth Pancholi <parth.pancholi(a)toradex.com> kbuild: switch from lz4c to lz4 for compression Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reset cb_seq_status after NFS4ERR_DELAY Daniel Lee <chullee(a)google.com> f2fs: Introduce linear search for dentries Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix memory leak in sym_warn_unmet_dep() Sergey Senozhatsky <senozhatsky(a)chromium.org> kconfig: WERROR unmet symbol dependency Masahiro Yamada <masahiroy(a)kernel.org> kconfig: deduplicate code in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: require a space after '#' for valid input Sergey Senozhatsky <senozhatsky(a)chromium.org> kconfig: add warn-unknown-symbols sanity check Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Detlev Casanova <detlev.casanova(a)collabora.com> ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Eric Dumazet <edumazet(a)google.com> net: hsr: fix fill_frame_info() regression vs VLAN packets Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Rafał Miłecki <rafal(a)milecki.pl> bgmac: reduce max frame size to support just MTU 1500 Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Shigeru Yoshida <syoshida(a)redhat.com> vxlan: Fix uninit-value in vxlan_vnifilter_dump() Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: try to close UDP port harness races Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> iavf: allow changing VLAN state without calling PF Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup Ahmad Fatoum <a.fatoum(a)pengutronix.de> gpio: mxc: remove dead code after switch to DT-only Jian Shen <shenjian15(a)huawei.com> net: hns3: fix oops when unload drivers paralleling Alexander Stein <alexander.stein(a)ew.tq-group.com> regulator: core: Add missing newline character pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Oleksij Rempel <linux(a)rempel-privat.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Jianbo Liu <jianbol(a)nvidia.com> xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Luo Yifan <luoyifan(a)cmss.chinamobile.com> tools/bootconfig: Fix the wrong format specifier Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix COPY_NOTIFY xdr buf size calculation John Ogness <john.ogness(a)linutronix.de> serial: 8250: Adjust the timeout for FIFO mode Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Manivannan Sadhasivam <mani(a)kernel.org> PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Damien Le Moal <dlemoal(a)kernel.org> PCI: epf-test: Simplify DMA support checks Mohamed Khalfella <khalfella(a)gmail.com> PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error King Dix <kingdix10(a)qq.com> PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> mtd: hyperbus: hbmc-am654: fix an OF node reference leak Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov9282: Correct the exposure offset Luca Weiss <luca.weiss(a)fairphone.com> media: i2c: imx412: Add missing newline to prints Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: marvell: Add check for clk_enable() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Qasim Ijaz <qasdev00(a)gmail.com> iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Randy Dunlap <rdunlap(a)infradead.org> efi: sysfb_efi: fix W=1 warnings when EFI is not set Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Do not make kmemleak ignore freed address Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix indirect mkey ODP page count Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: pm6150l: add temp sensor and thermal zone config Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Nikita Travkin <nikita(a)trvn.ru> arm64: dts: qcom: sc7180: Drop redundant disable in mdp Nikita Travkin <nikita(a)trvn.ru> arm64: dts: qcom: sc7180: Don't enable lpass clocks by default Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180-idp: use just "port" in panel Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62: Remove duplicate GICR reg Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6125: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7280: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8994: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8916: correct sleep clock frequency Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8994: Describe USB interrupts Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: Fix up USB3 interrupts Marek Vasut <marex(a)denx.de> arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Ma Ke <make_ruc2021(a)163.com> RDMA/srp: Fix error handling in srp_add_port Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Avoid false error about access to uninitialized gids array Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: add i2c clock-div property Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix wdt irq type Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix GICv2 range Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: set DMIC one-wire mode on Damu Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: change BU Power Switch to automatic mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: atmel: fix device_node release in atmel_soc_device_init() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix oops due to unset link speed Chen Ridong <chenridong(a)huawei.com> padata: avoid UAF for reorder_work Chen Ridong <chenridong(a)huawei.com> padata: add pd get/put refcnt helper Chen Ridong <chenridong(a)huawei.com> padata: fix UAF in padata_reorder Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Daniel Xu <dxu(a)dxuuu.xyz> bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: stm32: Add check for clk_enable() Ma Ke <make24(a)iscas.ac.cn> pinctrl: stm32: check devm_kasprintf() returned value Chen Ni <nichen(a)iscas.ac.cn> pinctrl: stm32: Add check for devm_kcalloc Valentin Caron <valentin.caron(a)foss.st.com> pinctrl: stm32: set default gpio line names using pin names Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix theoretical infinite loop Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead invalid authsize Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead icv error Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/sec2 - optimize the error return process Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use only the proper amount of dividers George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Quentin Monnet <qmo(a)kernel.org> libbpf: Fix segfault due to libelf functions not setting errno Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Andrii Nakryiko <andrii(a)kernel.org> libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/rose: prevent integer overflows in rose_setsockopt() Mahdi Arghavani <ma.arghavani(a)yahoo.com> tcp_cubic: fix incorrect HyStart round start detection Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Florian Westphal <fw(a)strlen.de> netfilter: nft_flow_offload: update tcp state flags under lock Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Antoine Tenart <atenart(a)kernel.org> net: avoid race between device unregistration and ethnl ops Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix error message Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32: Add check for clk_enable() Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: adjust allocation of colocated AP data Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Handle specific BSSID in 6GHz scanning Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Geert Uytterhoeven <geert+renesas(a)glider.be> selftests: timers: clocksource-switch: Adapt progress to kselftest framework Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq: ACPI: Fix max-frequency computation Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7915: fix register mapping Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. WangYuli <wangyuli(a)uniontech.com> wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Mickaël Salaün <mic(a)digikod.net> landlock: Handle weird files Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fix data error when recvmsg with MSG_PEEK flag Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix common size calculation for ML element Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: prohibit deactivating all links Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Zichen Xie <zichenxie0106(a)gmail.com> samples/landlock: Fix possible NULL dereference in parse_path() Rob Herring (Arm) <robh(a)kernel.org> mfd: syscon: Fix race in device_node_get_regmap() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: syscon: Use scoped variables with memory allocators to simplify error paths Peter Griffin <peter.griffin(a)linaro.org> mfd: syscon: Add of_syscon_register_regmap() API Peter Griffin <peter.griffin(a)linaro.org> mfd: syscon: Remove extern from function prototypes Karol Przybylski <karprzy7(a)gmail.com> HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> OPP: OF: Fix an OF node leak in _opp_add_static_v2() Eric Dumazet <edumazet(a)google.com> ax25: rcu protect dev->ax25_ptr Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower Marek Vasut <marex(a)denx.de> clk: imx8mp: Fix clkout1/2 support Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com> cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32-lp: Add check for clk_enable() Eric Dumazet <edumazet(a)google.com> inetpeer: do not get a refcount in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: update inetpeer timestamp in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer_v[46]() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Matti Vaittinen <mazziesaccount(a)gmail.com> dt-bindings: mfd: bd71815: Fix rsense and typos He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ACPI: fan: cleanup resources in the error path of .probe() Chen-Yu Tsai <wenst(a)chromium.org> regulator: dt-bindings: mt6315: Drop regulator-compatible property Jiri Kosina <jkosina(a)suse.com> HID: multitouch: fix support for Goodix PID 0x01e9 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: destroy workqueue at rtl_deinit_core Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused dualmac control leftovers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused timer and related code Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: leds: class-multicolor: Fix path to color definitions Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description Mingwei Zheng <zmw12306(a)gmail.com> spi: zynq-qspi: Add check for clk_enable() Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: handle bigger packets Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: annotate data-races around q->perturb_period Barnabás Czémán <barnabas.czeman(a)mainlining.org> wifi: wcn36xx: fix channel survey memory allocation size Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix init_sw_vars leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Thomas Gleixner <tglx(a)linutronix.de> genirq: Make handle_enforce_irqctx() unconditionally available Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Neil Armstrong <neil.armstrong(a)linaro.org> OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Neil Armstrong <neil.armstrong(a)linaro.org> OPP: add index check to assert to avoid buffer overflow in _read_freq() Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Reuse dev_pm_opp_get_freq_indexed() Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Add dev_pm_opp_find_freq_exact_indexed() Manivannan Sadhasivam <mani(a)kernel.org> OPP: Introduce dev_pm_opp_get_freq_indexed() API Manivannan Sadhasivam <mani(a)kernel.org> OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Rearrange entries in pm_opp.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the windows switch between different layers Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Set YUV/RGB overlay mode Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: set safe_to_exit_level before printing it Peter Zijlstra <peterz(a)infradead.org> sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Chengming Zhou <zhouchengming(a)bytedance.com> sched/psi: Use task->psi_flags to clear in CPU migration David Howells <dhowells(a)redhat.com> afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Christophe Leroy <christophe.leroy(a)csgroup.eu> select: Fix unbalanced user_access_end() Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix argument order to timer_sub() Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error check for xa_store in nvme_get_effects_log Eugen Hristev <eugen.hristev(a)linaro.org> pstore/blk: trivial typo fixes Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect Yang Erkun <yangerkun(a)huawei.com> block: retry call probe after request_module in blk_request_module Jinliang Zheng <alexjlzheng(a)gmail.com> fs: fix proc_handler for sysctl_nr_open David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct David Howells <dhowells(a)redhat.com> afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active ------------- Diffstat: .../bindings/leds/leds-class-multicolor.yaml | 2 +- .../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-- .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- .../bindings/regulator/mt6315-regulator.yaml | 6 - Documentation/kbuild/kconfig.rst | 9 ++ Makefile | 6 +- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 2 + arch/alpha/kernel/entry.S | 24 ++- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm/boot/dts/dra7-l4.dtsi | 2 + arch/arm/boot/dts/mt7623.dtsi | 2 +- arch/arm/mach-at91/pm.c | 31 ++-- arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +--- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +--- .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 + .../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++ .../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++ .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +- arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 - arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +- arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +- arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 +- arch/arm64/boot/dts/qcom/pm6150l.dtsi | 35 +++++ arch/arm64/boot/dts/qcom/sc7180-idp.dts | 15 +- .../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 1 - .../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 1 - .../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 +- .../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 12 +- .../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 12 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 9 +- arch/arm64/boot/dts/qcom/sc7180.dtsi | 34 +---- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-- arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++-- arch/arm64/boot/dts/qcom/sm8350.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 - arch/arm64/kernel/cacheinfo.c | 12 +- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/arm64/mm/hugetlbpage.c | 12 ++ arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 9 ++ arch/powerpc/kvm/e500_mmu_host.c | 21 +-- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/Makefile | 2 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/kvm/vsie.c | 25 +++- arch/s390/purgatory/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 1 + arch/x86/events/intel/core.c | 5 +- arch/x86/include/asm/kexec.h | 18 ++- arch/x86/include/asm/mmu.h | 2 + arch/x86/include/asm/mmu_context.h | 1 + arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/i8253.c | 11 +- arch/x86/kernel/machine_kexec_64.c | 45 +++--- arch/x86/kernel/static_call.c | 1 - arch/x86/kvm/hyperv.c | 6 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/svm/nested.c | 10 +- arch/x86/mm/tlb.c | 35 ++++- arch/x86/xen/mmu_pv.c | 79 ++++++++-- arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/fops.c | 5 +- block/genhd.c | 22 ++- block/partitions/ldm.h | 2 +- block/partitions/mac.c | 18 ++- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/fan_core.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-sff.c | 18 ++- drivers/base/regmap/regmap-irq.c | 2 + drivers/block/nbd.c | 1 + drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/imx/clk-imx8mp.c | 5 +- drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sdm845.c | 32 ++-- drivers/clk/qcom/gcc-sm6350.c | 22 ++- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/clocksource/i8253.c | 13 +- drivers/cpufreq/acpi-cpufreq.c | 36 +++-- drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/hisilicon/sec2/sec.h | 3 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 164 ++++++++++----------- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -- drivers/crypto/ixp4xx_crypto.c | 3 + drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/dma/ti/edma.c | 3 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/efi.c | 6 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 3 + drivers/firmware/efi/libstub/relocate.c | 3 + drivers/firmware/efi/sysfb_efi.c | 2 +- drivers/gpio/gpio-bcm-kona.c | 71 +++++++-- drivers/gpio/gpio-mxc.c | 3 +- drivers/gpio/gpio-pca953x.c | 19 --- drivers/gpio/gpio-stmpe.c | 15 +- drivers/gpio/gpio-xilinx.c | 56 +++---- drivers/gpio/gpiolib-acpi.c | 14 ++ .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 + .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 + drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 3 + .../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 5 + .../drm/amd/display/dc/dcn314/dcn314_resource.c | 5 + .../drm/amd/display/dc/dcn315/dcn315_resource.c | 2 + .../drm/amd/display/dc/dcn316/dcn316_resource.c | 2 + .../gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 5 + .../drm/amd/display/dc/dcn321/dcn321_resource.c | 2 + .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/bridge/ite-it6505.c | 65 ++++---- drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 ++- drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +- drivers/gpu/drm/msm/dp/dp_audio.c | 2 +- drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 120 +++++++++++---- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 1 + drivers/gpu/drm/tidss/tidss_dispc.c | 22 +-- drivers/gpu/drm/v3d/v3d_perfmon.c | 5 + drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 +++++--- drivers/hid/hid-core.c | 2 + drivers/hid/hid-multitouch.c | 7 +- drivers/hid/hid-sensor-hub.c | 21 ++- drivers/hid/hid-thrustmaster.c | 8 + drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 +++ drivers/i3c/master.c | 2 +- drivers/i3c/master/i3c-master-cdns.c | 1 + drivers/iio/light/as73211.c | 24 ++- drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/efa/efa_main.c | 9 +- drivers/infiniband/hw/mlx4/main.c | 6 +- drivers/infiniband/hw/mlx5/odp.c | 32 ++-- drivers/infiniband/sw/rxe/rxe_pool.c | 11 +- drivers/infiniband/ulp/srp/ib_srp.c | 1 - drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 ++- drivers/irqchip/irq-apple-aic.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/leds/leds-netxbig.c | 1 + drivers/mailbox/tegra-hsp.c | 6 +- drivers/md/dm-crypt.c | 27 ++-- drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/imx412.c | 42 +++--- drivers/media/i2c/ov5640.c | 1 + drivers/media/i2c/ov9282.c | 2 +- drivers/media/platform/marvell/mcam-core.c | 7 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +- .../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +- .../media/platform/samsung/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +- drivers/media/usb/uvc/uvc_ctrl.c | 8 +- drivers/media/usb/uvc/uvc_driver.c | 70 ++++----- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 1 + drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/memory/tegra/tegra20-emc.c | 8 +- drivers/mfd/lpc_ich.c | 3 +- drivers/mfd/syscon.c | 81 +++++++--- drivers/misc/cardreader/rtsx_usb.c | 15 ++ drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/mtk-sd.c | 31 ++-- drivers/mmc/host/sdhci-msm.c | 53 ++++++- drivers/mtd/hyperbus/hbmc-am654.c | 25 ++-- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/can/ctucanfd/ctucanfd_base.c | 10 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/bgmac.h | 3 +- drivers/net/ethernet/broadcom/tg3.c | 58 ++++++++ drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 31 +++- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++ drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 + drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +-- drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/netdevsim/ipsec.c | 12 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/netdevsim/udp_tunnels.c | 23 +-- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/team/team.c | 11 +- drivers/net/tun.c | 2 +- drivers/net/usb/rtl8150.c | 22 +++ drivers/net/vxlan/vxlan_core.c | 7 +- drivers/net/vxlan/vxlan_vnifilter.c | 5 + drivers/net/wireless/ath/ath11k/dp_rx.c | 1 + drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +- drivers/net/wireless/ath/wcn36xx/main.c | 5 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 +- drivers/net/wireless/mediatek/mt76/usb.c | 4 +- drivers/net/wireless/realtek/rtlwifi/base.c | 29 +--- drivers/net/wireless/realtek/rtlwifi/base.h | 2 - drivers/net/wireless/realtek/rtlwifi/pci.c | 66 ++------- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 --- drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++++++- drivers/nvme/host/core.c | 16 +- drivers/nvme/host/ioctl.c | 8 +- drivers/nvme/host/pci.c | 4 +- drivers/nvmem/core.c | 2 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 7 +- drivers/opp/core.c | 156 ++++++++++++++++---- drivers/opp/of.c | 4 +- drivers/parport/parport_pc.c | 5 + drivers/pci/controller/pcie-rcar-ep.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 51 +++---- drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pci/quirks.c | 12 ++ drivers/pci/switch/switchtec.c | 26 ++++ drivers/pinctrl/pinctrl-cy8c95x0.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 105 +++++++++---- drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++++++++-------- drivers/ptp/ptp_chardev.c | 4 + drivers/ptp/ptp_clock.c | 8 + drivers/ptp/ptp_ocp.c | 2 +- drivers/pwm/pwm-stm32-lp.c | 8 +- drivers/pwm/pwm-stm32.c | 7 +- drivers/regulator/core.c | 2 +- drivers/regulator/of_regulator.c | 14 +- drivers/remoteproc/remoteproc_core.c | 14 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++++++++++--- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 ++-- drivers/scsi/storvsc_drv.c | 1 + drivers/soc/atmel/soc.c | 2 +- drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/spi-zynq-qspi.c | 13 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/staging/media/max96712/max96712.c | 4 +- drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 ++ drivers/tty/serial/8250/8250_pci.c | 10 ++ drivers/tty/serial/8250/8250_port.c | 41 +++++- drivers/tty/serial/sh-sci.c | 25 +++- drivers/tty/serial/xilinx_uartps.c | 10 +- drivers/ufs/core/ufs_bsg.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 31 ++-- drivers/usb/class/cdc-acm.c | 28 +++- drivers/usb/core/hub.c | 14 +- drivers/usb/core/quirks.c | 6 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/core.c | 30 ++-- drivers/usb/dwc3/dwc3-am62.c | 1 + drivers/usb/dwc3/gadget.c | 34 +++++ drivers/usb/gadget/function/f_midi.c | 8 +- drivers/usb/gadget/function/f_tcm.c | 66 ++++----- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 ++ drivers/usb/host/xhci-ring.c | 3 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 +++--- drivers/usb/typec/tcpm/tcpci.c | 13 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- drivers/vfio/iova_bitmap.c | 2 +- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 ++ drivers/video/fbdev/omap/lcd_dma.c | 4 +- drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + drivers/xen/swiotlb-xen.c | 20 ++- fs/afs/dir.c | 7 +- fs/afs/xdr_fs.h | 2 +- fs/afs/yfsclient.c | 5 +- fs/binfmt_flat.c | 2 +- fs/btrfs/file.c | 6 +- fs/btrfs/inode.c | 4 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/super.c | 2 +- fs/btrfs/transaction.c | 4 +- fs/cachefiles/interface.c | 14 +- fs/cachefiles/ondemand.c | 30 +++- fs/exec.c | 29 +++- fs/f2fs/dir.c | 53 +++++-- fs/f2fs/f2fs.h | 6 +- fs/f2fs/file.c | 13 ++ fs/f2fs/inline.c | 5 +- fs/file_table.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +++- fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs42xdr.c | 2 + fs/nfsd/nfs2acl.c | 2 + fs/nfsd/nfs3acl.c | 2 + fs/nfsd/nfs4callback.c | 8 +- fs/nilfs2/inode.c | 10 +- fs/nilfs2/mdt.c | 6 +- fs/nilfs2/page.c | 55 ++++--- fs/nilfs2/page.h | 4 +- fs/nilfs2/segment.c | 4 +- fs/ocfs2/dir.c | 25 +++- fs/ocfs2/quota_global.c | 5 + fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/orangefs/orangefs-debugfs.c | 4 +- fs/proc/array.c | 2 +- fs/pstore/blk.c | 4 +- fs/select.c | 4 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2ops.c | 21 +-- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 ++ fs/ubifs/debug.c | 22 +-- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_qm_bhv.c | 41 ++++-- fs/xfs/xfs_super.c | 11 +- include/linux/binfmts.h | 4 +- include/linux/cgroup-defs.h | 6 +- include/linux/efi.h | 1 + include/linux/i8253.h | 1 + include/linux/ieee80211.h | 11 +- include/linux/iommu.h | 2 +- include/linux/kallsyms.h | 2 +- include/linux/kvm_host.h | 9 ++ include/linux/mfd/syscon.h | 33 +++-- include/linux/mlx5/driver.h | 1 - include/linux/netdevice.h | 8 +- include/linux/pci_ids.h | 4 + include/linux/pm_opp.h | 72 ++++++--- include/linux/pps_kernel.h | 3 +- include/linux/sched.h | 4 +- include/linux/sched/task.h | 1 + include/linux/usb/tcpm.h | 3 +- include/net/ax25.h | 10 +- include/net/inetpeer.h | 12 +- include/net/l3mdev.h | 2 + include/net/net_namespace.h | 15 +- include/net/route.h | 9 +- include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/uapi/linux/input-event-codes.h | 1 + include/ufs/ufs.h | 4 +- io_uring/io_uring.c | 5 +- io_uring/net.c | 5 + io_uring/poll.c | 4 + io_uring/rw.c | 10 ++ kernel/cgroup/cgroup.c | 20 ++- kernel/cgroup/rstat.c | 1 - kernel/debug/kdb/kdb_io.c | 2 + kernel/irq/internals.h | 9 +- kernel/padata.c | 45 ++++-- kernel/power/hibernate.c | 7 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 8 +- kernel/sched/cpufreq_schedutil.c | 4 +- kernel/sched/fair.c | 17 ++- kernel/sched/stats.h | 22 +-- kernel/time/clocksource.c | 9 +- kernel/trace/bpf_trace.c | 2 +- lib/Kconfig.debug | 8 +- lib/maple_tree.c | 22 +-- mm/gup.c | 14 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- net/ax25/af_ax25.c | 23 ++- net/ax25/ax25_dev.c | 4 +- net/ax25/ax25_ip.c | 3 +- net/ax25/ax25_out.c | 22 ++- net/ax25/ax25_route.c | 2 + net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 122 ++++++++++----- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/types.h | 3 - net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/filter.c | 2 +- net/core/flow_dissector.c | 21 +-- net/core/neighbour.c | 11 +- net/core/sysctl_net_core.c | 5 +- net/dsa/slave.c | 7 +- net/ethtool/netlink.c | 2 +- net/hsr/hsr_forward.c | 7 +- net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/icmp.c | 40 ++--- net/ipv4/inetpeer.c | 31 +--- net/ipv4/ip_fragment.c | 15 +- net/ipv4/ipmr_base.c | 3 - net/ipv4/route.c | 56 +++++-- net/ipv4/tcp_cubic.c | 8 +- net/ipv4/udp.c | 4 +- net/ipv6/icmp.c | 6 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/mcast.c | 14 +- net/ipv6/ndisc.c | 36 +++-- net/ipv6/route.c | 7 +- net/ipv6/udp.c | 4 +- net/mac80211/debugfs_netdev.c | 2 +- net/mptcp/options.c | 13 +- net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 5 +- net/mptcp/protocol.h | 30 ++-- net/ncsi/internal.h | 2 + net/ncsi/ncsi-cmd.c | 3 +- net/ncsi/ncsi-manage.c | 38 +++-- net/ncsi/ncsi-pkt.h | 10 ++ net/ncsi/ncsi-rsp.c | 58 ++++++-- net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_flow_offload.c | 16 +- net/nfc/nci/hci.c | 2 + net/openvswitch/datapath.c | 12 +- net/rose/af_rose.c | 40 +++-- net/rose/rose_timer.c | 15 ++ net/sched/sch_api.c | 4 + net/sched/sch_netem.c | 2 +- net/sched/sch_sfq.c | 58 ++++---- net/smc/af_smc.c | 2 +- net/smc/smc_rx.c | 37 +++-- net/smc/smc_rx.h | 8 +- net/tipc/crypto.c | 4 +- net/wireless/scan.c | 35 +++++ net/xfrm/xfrm_replay.c | 10 +- samples/landlock/sandboxer.c | 7 + scripts/Makefile.extrawarn | 5 +- scripts/Makefile.lib | 4 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 ++- scripts/kconfig/conf.c | 6 + scripts/kconfig/confdata.c | 102 ++++++------- scripts/kconfig/lkc_proto.h | 2 + scripts/kconfig/symbol.c | 10 ++ security/landlock/fs.c | 11 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 3 + sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++++ sound/soc/intel/avs/apl.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 ++- sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++- sound/soc/sh/rz-ssi.c | 3 +- sound/soc/soc-pcm.c | 31 +++- sound/soc/sunxi/sun4i-spdif.c | 7 + sound/usb/quirks.c | 2 + tools/bootconfig/main.c | 4 +- tools/lib/bpf/linker.c | 22 +-- tools/lib/bpf/usdt.c | 2 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/testing/ktest/ktest.pl | 7 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + .../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +- tools/testing/selftests/gpio/gpio-sim.sh | 31 +++- tools/testing/selftests/kselftest_harness.h | 24 +-- tools/testing/selftests/landlock/fs_test.c | 3 +- tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/pmtu.sh | 112 +++++++++++--- tools/testing/selftests/net/rtnetlink.sh | 4 +- tools/testing/selftests/net/udpgso.c | 26 ++++ .../selftests/powerpc/benchmarks/gettimeofday.c | 2 +- .../testing/selftests/timers/clocksource-switch.c | 6 +- tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 19 ++- tools/tracing/rtla/src/timerlat_top.c | 20 ++- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 543 files changed, 4585 insertions(+), 2316 deletions(-)

7 months

9
15
0 0

[PATCH v2] gpio: pca953x: fix IRQ storm on system wake up

by Francesco Dolcini

From: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> If an input changes state during wake-up and is used as an interrupt source, the IRQ handler reads the volatile input register to clear the interrupt mask and deassert the IRQ line. However, the IRQ handler is triggered before access to the register is granted, causing the read operation to fail. As a result, the IRQ handler enters a loop, repeatedly printing the "failed reading register" message, until `pca953x_resume` is eventually called, which restores the driver context and enables access to registers. Fix by disabling the IRQ line before entering suspend mode, and re-enabling it after the driver context is restored in `pca953x_resume`. An irq can be disabled with disable_irq() and still wake the system as long as the irq has wake enabled, so the wake-up functionality is preserved. Fixes: b76574300504 ("gpio: pca953x: Restore registers after suspend/resume cycle") Cc: stable(a)vger.kernel.org Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> --- v1 -> v2 - Instead of calling PM ops with disabled interrupts, just disable the irq while going in suspend and re-enable it after restoring the context in resume function. --- drivers/gpio/gpio-pca953x.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c index ab2c0fd428fb..b852e4997629 100644 --- a/drivers/gpio/gpio-pca953x.c +++ b/drivers/gpio/gpio-pca953x.c @@ -1226,6 +1226,8 @@ static int pca953x_restore_context(struct pca953x_chip *chip) guard(mutex)(&chip->i2c_lock); + if (chip->client->irq > 0) + enable_irq(chip->client->irq); regcache_cache_only(chip->regmap, false); regcache_mark_dirty(chip->regmap); ret = pca953x_regcache_sync(chip); @@ -1238,6 +1240,10 @@ static int pca953x_restore_context(struct pca953x_chip *chip) static void pca953x_save_context(struct pca953x_chip *chip) { guard(mutex)(&chip->i2c_lock); + + /* Disable IRQ to prevent early triggering while regmap "cache only" is on */ + if (chip->client->irq > 0) + disable_irq(chip->client->irq); regcache_cache_only(chip->regmap, true); } -- 2.39.5

7 months

5
5
0 0

FAILED: patch "[PATCH] KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a2620f8932fa9fdabc3d78ed6efb004ca409019f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051233-flatfoot-delete-7a4b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a2620f8932fa9fdabc3d78ed6efb004ca409019f Mon Sep 17 00:00:00 2001 From: Mikhail Lobanov <m.lobanov(a)rosa.ru> Date: Mon, 14 Apr 2025 20:12:06 +0300 Subject: [PATCH] KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM). This omission results in triggering a WARN when KVM forces a vCPU INIT after SHUTDOWN interception while the vCPU is in SMM. This situation was reprodused using Syzkaller by: 1) Creating a KVM VM and vCPU 2) Sending a KVM_SMI ioctl to explicitly enter SMM 3) Executing invalid instructions causing consecutive exceptions and eventually a triple fault The issue manifests as follows: WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: <TASK> shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Architecturally, INIT is blocked when the CPU is in SMM, hence KVM's WARN() in kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper emulation of INIT. SHUTDOWN on SVM is a weird edge case where KVM needs to do _something_ sane with the VMCB, since it's technically undefined, and INIT is the least awful choice given KVM's ABI. So, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of SMM to avoid any weirdness (and the WARN). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") Cc: stable(a)vger.kernel.org Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru> Link: https://lore.kernel.org/r/20250414171207.155121-1-m.lobanov@rosa.ru [sean: massage changelog, make it clear this isn't architectural behavior] Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index 699e551ec93b..9864c057187d 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -131,6 +131,7 @@ void kvm_smm_changed(struct kvm_vcpu *vcpu, bool entering_smm) kvm_mmu_reset_context(vcpu); } +EXPORT_SYMBOL_GPL(kvm_smm_changed); void process_smi(struct kvm_vcpu *vcpu) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d5d0c5c3300b..c5470d842aed 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2231,6 +2231,10 @@ static int shutdown_interception(struct kvm_vcpu *vcpu) */ if (!sev_es_guest(vcpu->kvm)) { clear_page(svm->vmcb); +#ifdef CONFIG_KVM_SMM + if (is_smm(vcpu)) + kvm_smm_changed(vcpu, false); +#endif kvm_vcpu_reset(vcpu, true); }

7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a2620f8932fa9fdabc3d78ed6efb004ca409019f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051231-surpass-scone-a484@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a2620f8932fa9fdabc3d78ed6efb004ca409019f Mon Sep 17 00:00:00 2001 From: Mikhail Lobanov <m.lobanov(a)rosa.ru> Date: Mon, 14 Apr 2025 20:12:06 +0300 Subject: [PATCH] KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM). This omission results in triggering a WARN when KVM forces a vCPU INIT after SHUTDOWN interception while the vCPU is in SMM. This situation was reprodused using Syzkaller by: 1) Creating a KVM VM and vCPU 2) Sending a KVM_SMI ioctl to explicitly enter SMM 3) Executing invalid instructions causing consecutive exceptions and eventually a triple fault The issue manifests as follows: WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: <TASK> shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Architecturally, INIT is blocked when the CPU is in SMM, hence KVM's WARN() in kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper emulation of INIT. SHUTDOWN on SVM is a weird edge case where KVM needs to do _something_ sane with the VMCB, since it's technically undefined, and INIT is the least awful choice given KVM's ABI. So, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of SMM to avoid any weirdness (and the WARN). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") Cc: stable(a)vger.kernel.org Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru> Link: https://lore.kernel.org/r/20250414171207.155121-1-m.lobanov@rosa.ru [sean: massage changelog, make it clear this isn't architectural behavior] Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index 699e551ec93b..9864c057187d 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -131,6 +131,7 @@ void kvm_smm_changed(struct kvm_vcpu *vcpu, bool entering_smm) kvm_mmu_reset_context(vcpu); } +EXPORT_SYMBOL_GPL(kvm_smm_changed); void process_smi(struct kvm_vcpu *vcpu) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d5d0c5c3300b..c5470d842aed 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2231,6 +2231,10 @@ static int shutdown_interception(struct kvm_vcpu *vcpu) */ if (!sev_es_guest(vcpu->kvm)) { clear_page(svm->vmcb); +#ifdef CONFIG_KVM_SMM + if (is_smm(vcpu)) + kvm_smm_changed(vcpu, false); +#endif kvm_vcpu_reset(vcpu, true); }

7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a2620f8932fa9fdabc3d78ed6efb004ca409019f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051230-trickle-unspoiled-1f11@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a2620f8932fa9fdabc3d78ed6efb004ca409019f Mon Sep 17 00:00:00 2001 From: Mikhail Lobanov <m.lobanov(a)rosa.ru> Date: Mon, 14 Apr 2025 20:12:06 +0300 Subject: [PATCH] KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM). This omission results in triggering a WARN when KVM forces a vCPU INIT after SHUTDOWN interception while the vCPU is in SMM. This situation was reprodused using Syzkaller by: 1) Creating a KVM VM and vCPU 2) Sending a KVM_SMI ioctl to explicitly enter SMM 3) Executing invalid instructions causing consecutive exceptions and eventually a triple fault The issue manifests as follows: WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: <TASK> shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Architecturally, INIT is blocked when the CPU is in SMM, hence KVM's WARN() in kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper emulation of INIT. SHUTDOWN on SVM is a weird edge case where KVM needs to do _something_ sane with the VMCB, since it's technically undefined, and INIT is the least awful choice given KVM's ABI. So, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of SMM to avoid any weirdness (and the WARN). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") Cc: stable(a)vger.kernel.org Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru> Link: https://lore.kernel.org/r/20250414171207.155121-1-m.lobanov@rosa.ru [sean: massage changelog, make it clear this isn't architectural behavior] Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index 699e551ec93b..9864c057187d 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -131,6 +131,7 @@ void kvm_smm_changed(struct kvm_vcpu *vcpu, bool entering_smm) kvm_mmu_reset_context(vcpu); } +EXPORT_SYMBOL_GPL(kvm_smm_changed); void process_smi(struct kvm_vcpu *vcpu) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d5d0c5c3300b..c5470d842aed 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2231,6 +2231,10 @@ static int shutdown_interception(struct kvm_vcpu *vcpu) */ if (!sev_es_guest(vcpu->kvm)) { clear_page(svm->vmcb); +#ifdef CONFIG_KVM_SMM + if (is_smm(vcpu)) + kvm_smm_changed(vcpu, false); +#endif kvm_vcpu_reset(vcpu, true); }

7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: x86/mmu: Prevent installing hugepages when mem" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 9129633d568edd36aa22bf703b12835153cec985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051217-botch-sloped-8d28@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9129633d568edd36aa22bf703b12835153cec985 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Wed, 30 Apr 2025 15:09:54 -0700 Subject: [PATCH] KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing When changing memory attributes on a subset of a potential hugepage, add the hugepage to the invalidation range tracking to prevent installing a hugepage until the attributes are fully updated. Like the actual hugepage tracking updates in kvm_arch_post_set_memory_attributes(), process only the head and tail pages, as any potential hugepages that are entirely covered by the range will already be tracked. Note, only hugepage chunks whose current attributes are NOT mixed need to be added to the invalidation set, as mixed attributes already prevent installing a hugepage, and it's perfectly safe to install a smaller mapping for a gfn whose attributes aren't changing. Fixes: 8dd2eee9d526 ("KVM: x86/mmu: Handle page fault for private memory") Cc: stable(a)vger.kernel.org Reported-by: Michael Roth <michael.roth(a)amd.com> Tested-by: Michael Roth <michael.roth(a)amd.com> Link: https://lore.kernel.org/r/20250430220954.522672-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 387464ebe8e8..8d1b632e33d2 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -7670,32 +7670,6 @@ void kvm_mmu_pre_destroy_vm(struct kvm *kvm) } #ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES -bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, - struct kvm_gfn_range *range) -{ - /* - * Zap SPTEs even if the slot can't be mapped PRIVATE. KVM x86 only - * supports KVM_MEMORY_ATTRIBUTE_PRIVATE, and so it *seems* like KVM - * can simply ignore such slots. But if userspace is making memory - * PRIVATE, then KVM must prevent the guest from accessing the memory - * as shared. And if userspace is making memory SHARED and this point - * is reached, then at least one page within the range was previously - * PRIVATE, i.e. the slot's possible hugepage ranges are changing. - * Zapping SPTEs in this case ensures KVM will reassess whether or not - * a hugepage can be used for affected ranges. - */ - if (WARN_ON_ONCE(!kvm_arch_has_private_mem(kvm))) - return false; - - /* Unmap the old attribute page. */ - if (range->arg.attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE) - range->attr_filter = KVM_FILTER_SHARED; - else - range->attr_filter = KVM_FILTER_PRIVATE; - - return kvm_unmap_gfn_range(kvm, range); -} - static bool hugepage_test_mixed(struct kvm_memory_slot *slot, gfn_t gfn, int level) { @@ -7714,6 +7688,69 @@ static void hugepage_set_mixed(struct kvm_memory_slot *slot, gfn_t gfn, lpage_info_slot(gfn, slot, level)->disallow_lpage |= KVM_LPAGE_MIXED_FLAG; } +bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, + struct kvm_gfn_range *range) +{ + struct kvm_memory_slot *slot = range->slot; + int level; + + /* + * Zap SPTEs even if the slot can't be mapped PRIVATE. KVM x86 only + * supports KVM_MEMORY_ATTRIBUTE_PRIVATE, and so it *seems* like KVM + * can simply ignore such slots. But if userspace is making memory + * PRIVATE, then KVM must prevent the guest from accessing the memory + * as shared. And if userspace is making memory SHARED and this point + * is reached, then at least one page within the range was previously + * PRIVATE, i.e. the slot's possible hugepage ranges are changing. + * Zapping SPTEs in this case ensures KVM will reassess whether or not + * a hugepage can be used for affected ranges. + */ + if (WARN_ON_ONCE(!kvm_arch_has_private_mem(kvm))) + return false; + + if (WARN_ON_ONCE(range->end <= range->start)) + return false; + + /* + * If the head and tail pages of the range currently allow a hugepage, + * i.e. reside fully in the slot and don't have mixed attributes, then + * add each corresponding hugepage range to the ongoing invalidation, + * e.g. to prevent KVM from creating a hugepage in response to a fault + * for a gfn whose attributes aren't changing. Note, only the range + * of gfns whose attributes are being modified needs to be explicitly + * unmapped, as that will unmap any existing hugepages. + */ + for (level = PG_LEVEL_2M; level <= KVM_MAX_HUGEPAGE_LEVEL; level++) { + gfn_t start = gfn_round_for_level(range->start, level); + gfn_t end = gfn_round_for_level(range->end - 1, level); + gfn_t nr_pages = KVM_PAGES_PER_HPAGE(level); + + if ((start != range->start || start + nr_pages > range->end) && + start >= slot->base_gfn && + start + nr_pages <= slot->base_gfn + slot->npages && + !hugepage_test_mixed(slot, start, level)) + kvm_mmu_invalidate_range_add(kvm, start, start + nr_pages); + + if (end == start) + continue; + + if ((end + nr_pages) > range->end && + (end + nr_pages) <= (slot->base_gfn + slot->npages) && + !hugepage_test_mixed(slot, end, level)) + kvm_mmu_invalidate_range_add(kvm, end, end + nr_pages); + } + + /* Unmap the old attribute page. */ + if (range->arg.attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE) + range->attr_filter = KVM_FILTER_SHARED; + else + range->attr_filter = KVM_FILTER_PRIVATE; + + return kvm_unmap_gfn_range(kvm, range); +} + + + static bool hugepage_has_attrs(struct kvm *kvm, struct kvm_memory_slot *slot, gfn_t gfn, int level, unsigned long attrs) {

7 months

1
0
0 0

FAILED: patch "[PATCH] selftests/mm: compaction_test: support platform with huge" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ab00ddd802f80e31fc9639c652d736fe3913feae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051246-book-chase-1d4c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab00ddd802f80e31fc9639c652d736fe3913feae Mon Sep 17 00:00:00 2001 From: Feng Tang <feng.tang(a)linux.alibaba.com> Date: Wed, 23 Apr 2025 18:36:45 +0800 Subject: [PATCH] selftests/mm: compaction_test: support platform with huge mount of memory When running mm selftest to verify mm patches, 'compaction_test' case failed on an x86 server with 1TB memory. And the root cause is that it has too much free memory than what the test supports. The test case tries to allocate 100000 huge pages, which is about 200 GB for that x86 server, and when it succeeds, it expects it's large than 1/3 of 80% of the free memory in system. This logic only works for platform with 750 GB ( 200 / (1/3) / 80% ) or less free memory, and may raise false alarm for others. Fix it by changing the fixed page number to self-adjustable number according to the real number of free memory. Link: https://lkml.kernel.org/r/20250423103645.2758-1-feng.tang@linux.alibaba.com Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Signed-off-by: Feng Tang <feng.tang(a)linux.alibaba.com> Acked-by: Dev Jain <dev.jain(a)arm.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)inux.alibaba.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sri Jayaramappa <sjayaram(a)akamai.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/compaction_test.c b/tools/testing/selftests/mm/compaction_test.c index 2c3a0eb6b22d..9bc4591c7b16 100644 --- a/tools/testing/selftests/mm/compaction_test.c +++ b/tools/testing/selftests/mm/compaction_test.c @@ -90,6 +90,8 @@ int check_compaction(unsigned long mem_free, unsigned long hugepage_size, int compaction_index = 0; char nr_hugepages[20] = {0}; char init_nr_hugepages[24] = {0}; + char target_nr_hugepages[24] = {0}; + int slen; snprintf(init_nr_hugepages, sizeof(init_nr_hugepages), "%lu", initial_nr_hugepages); @@ -106,11 +108,18 @@ int check_compaction(unsigned long mem_free, unsigned long hugepage_size, goto out; } - /* Request a large number of huge pages. The Kernel will allocate - as much as it can */ - if (write(fd, "100000", (6*sizeof(char))) != (6*sizeof(char))) { - ksft_print_msg("Failed to write 100000 to /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); + /* + * Request huge pages for about half of the free memory. The Kernel + * will allocate as much as it can, and we expect it will get at least 1/3 + */ + nr_hugepages_ul = mem_free / hugepage_size / 2; + snprintf(target_nr_hugepages, sizeof(target_nr_hugepages), + "%lu", nr_hugepages_ul); + + slen = strlen(target_nr_hugepages); + if (write(fd, target_nr_hugepages, slen) != slen) { + ksft_print_msg("Failed to write %lu to /proc/sys/vm/nr_hugepages: %s\n", + nr_hugepages_ul, strerror(errno)); goto close_fd; }

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 95567729173e62e0e60a1f8ad9eb2e1320a8ccac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051236-dense-economy-c808@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 95567729173e62e0e60a1f8ad9eb2e1320a8ccac Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Thu, 24 Apr 2025 17:57:28 -0400 Subject: [PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN race While discussing some userfaultfd relevant issues recently, Andrea noticed a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s. Quote from Andrea, explaining how -EAGAIN was processed, and how this should fix it (taking example of UFFDIO_COPY ioctl): The "mmap_changing" and "stale pmd" conditions are already reported as -EAGAIN written in the copy field, this does not change it. This change removes the subnormal case that left copy.copy uninitialized and required apps to explicitly set the copy field to get deterministic behavior (which is a requirement contrary to the documentation in both the manpage and source code). In turn there's no alteration to backwards compatibility as result of this change because userland will find the copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN and sometime uninitialized. Even then the change only can make a difference to non cooperative users of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not true for the vast majority of apps using userfaultfd or this unintended uninitialized field may have been noticed sooner. Meanwhile, since this bug existed for years, it also almost affects all ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also get affected in the same way: - UFFDIO_CONTINUE - UFFDIO_POISON - UFFDIO_MOVE This patch should have fixed all of them. Link: https://lkml.kernel.org/r/20250424215729.194656-2-peterx@redhat.com Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl") Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index d80f94346199..22f4bf956ba1 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx, user_uffdio_copy = (struct uffdio_copy __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_copy->copy))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_copy, user_uffdio_copy, @@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct userfaultfd_ctx *ctx, user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage, @@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg) user_uffdio_continue = (struct uffdio_continue __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_continue->mapped))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_continue, user_uffdio_continue, @@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(struct userfaultfd_ctx *ctx, unsigned long user_uffdio_poison = (struct uffdio_poison __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_poison->updated))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_poison, user_uffdio_poison, @@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userfaultfd_ctx *ctx, user_uffdio_move = (struct uffdio_move __user *) arg; - if (atomic_read(&ctx->mmap_changing)) - return -EAGAIN; + ret = -EAGAIN; + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_move->move))) + return -EFAULT; + goto out; + } if (copy_from_user(&uffdio_move, user_uffdio_move, /* don't copy "move" last field */

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 95567729173e62e0e60a1f8ad9eb2e1320a8ccac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051235-unusual-viewer-d8fa@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 95567729173e62e0e60a1f8ad9eb2e1320a8ccac Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Thu, 24 Apr 2025 17:57:28 -0400 Subject: [PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN race While discussing some userfaultfd relevant issues recently, Andrea noticed a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s. Quote from Andrea, explaining how -EAGAIN was processed, and how this should fix it (taking example of UFFDIO_COPY ioctl): The "mmap_changing" and "stale pmd" conditions are already reported as -EAGAIN written in the copy field, this does not change it. This change removes the subnormal case that left copy.copy uninitialized and required apps to explicitly set the copy field to get deterministic behavior (which is a requirement contrary to the documentation in both the manpage and source code). In turn there's no alteration to backwards compatibility as result of this change because userland will find the copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN and sometime uninitialized. Even then the change only can make a difference to non cooperative users of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not true for the vast majority of apps using userfaultfd or this unintended uninitialized field may have been noticed sooner. Meanwhile, since this bug existed for years, it also almost affects all ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also get affected in the same way: - UFFDIO_CONTINUE - UFFDIO_POISON - UFFDIO_MOVE This patch should have fixed all of them. Link: https://lkml.kernel.org/r/20250424215729.194656-2-peterx@redhat.com Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl") Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index d80f94346199..22f4bf956ba1 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx, user_uffdio_copy = (struct uffdio_copy __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_copy->copy))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_copy, user_uffdio_copy, @@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct userfaultfd_ctx *ctx, user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage, @@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg) user_uffdio_continue = (struct uffdio_continue __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_continue->mapped))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_continue, user_uffdio_continue, @@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(struct userfaultfd_ctx *ctx, unsigned long user_uffdio_poison = (struct uffdio_poison __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_poison->updated))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_poison, user_uffdio_poison, @@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userfaultfd_ctx *ctx, user_uffdio_move = (struct uffdio_move __user *) arg; - if (atomic_read(&ctx->mmap_changing)) - return -EAGAIN; + ret = -EAGAIN; + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_move->move))) + return -EFAULT; + goto out; + } if (copy_from_user(&uffdio_move, user_uffdio_move, /* don't copy "move" last field */

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 95567729173e62e0e60a1f8ad9eb2e1320a8ccac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051234-legwarmer-usable-d2c7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 95567729173e62e0e60a1f8ad9eb2e1320a8ccac Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Thu, 24 Apr 2025 17:57:28 -0400 Subject: [PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN race While discussing some userfaultfd relevant issues recently, Andrea noticed a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s. Quote from Andrea, explaining how -EAGAIN was processed, and how this should fix it (taking example of UFFDIO_COPY ioctl): The "mmap_changing" and "stale pmd" conditions are already reported as -EAGAIN written in the copy field, this does not change it. This change removes the subnormal case that left copy.copy uninitialized and required apps to explicitly set the copy field to get deterministic behavior (which is a requirement contrary to the documentation in both the manpage and source code). In turn there's no alteration to backwards compatibility as result of this change because userland will find the copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN and sometime uninitialized. Even then the change only can make a difference to non cooperative users of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not true for the vast majority of apps using userfaultfd or this unintended uninitialized field may have been noticed sooner. Meanwhile, since this bug existed for years, it also almost affects all ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also get affected in the same way: - UFFDIO_CONTINUE - UFFDIO_POISON - UFFDIO_MOVE This patch should have fixed all of them. Link: https://lkml.kernel.org/r/20250424215729.194656-2-peterx@redhat.com Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl") Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index d80f94346199..22f4bf956ba1 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx, user_uffdio_copy = (struct uffdio_copy __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_copy->copy))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_copy, user_uffdio_copy, @@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct userfaultfd_ctx *ctx, user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage, @@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg) user_uffdio_continue = (struct uffdio_continue __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_continue->mapped))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_continue, user_uffdio_continue, @@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(struct userfaultfd_ctx *ctx, unsigned long user_uffdio_poison = (struct uffdio_poison __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_poison->updated))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_poison, user_uffdio_poison, @@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userfaultfd_ctx *ctx, user_uffdio_move = (struct uffdio_move __user *) arg; - if (atomic_read(&ctx->mmap_changing)) - return -EAGAIN; + ret = -EAGAIN; + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_move->move))) + return -EFAULT; + goto out; + } if (copy_from_user(&uffdio_move, user_uffdio_move, /* don't copy "move" last field */

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 95567729173e62e0e60a1f8ad9eb2e1320a8ccac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051228-laurel-hypnoses-428f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 95567729173e62e0e60a1f8ad9eb2e1320a8ccac Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Thu, 24 Apr 2025 17:57:28 -0400 Subject: [PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN race While discussing some userfaultfd relevant issues recently, Andrea noticed a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s. Quote from Andrea, explaining how -EAGAIN was processed, and how this should fix it (taking example of UFFDIO_COPY ioctl): The "mmap_changing" and "stale pmd" conditions are already reported as -EAGAIN written in the copy field, this does not change it. This change removes the subnormal case that left copy.copy uninitialized and required apps to explicitly set the copy field to get deterministic behavior (which is a requirement contrary to the documentation in both the manpage and source code). In turn there's no alteration to backwards compatibility as result of this change because userland will find the copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN and sometime uninitialized. Even then the change only can make a difference to non cooperative users of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not true for the vast majority of apps using userfaultfd or this unintended uninitialized field may have been noticed sooner. Meanwhile, since this bug existed for years, it also almost affects all ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also get affected in the same way: - UFFDIO_CONTINUE - UFFDIO_POISON - UFFDIO_MOVE This patch should have fixed all of them. Link: https://lkml.kernel.org/r/20250424215729.194656-2-peterx@redhat.com Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl") Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index d80f94346199..22f4bf956ba1 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx, user_uffdio_copy = (struct uffdio_copy __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_copy->copy))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_copy, user_uffdio_copy, @@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct userfaultfd_ctx *ctx, user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage, @@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg) user_uffdio_continue = (struct uffdio_continue __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_continue->mapped))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_continue, user_uffdio_continue, @@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(struct userfaultfd_ctx *ctx, unsigned long user_uffdio_poison = (struct uffdio_poison __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_poison->updated))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_poison, user_uffdio_poison, @@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userfaultfd_ctx *ctx, user_uffdio_move = (struct uffdio_move __user *) arg; - if (atomic_read(&ctx->mmap_changing)) - return -EAGAIN; + ret = -EAGAIN; + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_move->move))) + return -EFAULT; + goto out; + } if (copy_from_user(&uffdio_move, user_uffdio_move, /* don't copy "move" last field */

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 95567729173e62e0e60a1f8ad9eb2e1320a8ccac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051227-malt-universe-29e7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 95567729173e62e0e60a1f8ad9eb2e1320a8ccac Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Thu, 24 Apr 2025 17:57:28 -0400 Subject: [PATCH] mm/userfaultfd: fix uninitialized output field for -EAGAIN race While discussing some userfaultfd relevant issues recently, Andrea noticed a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s. Quote from Andrea, explaining how -EAGAIN was processed, and how this should fix it (taking example of UFFDIO_COPY ioctl): The "mmap_changing" and "stale pmd" conditions are already reported as -EAGAIN written in the copy field, this does not change it. This change removes the subnormal case that left copy.copy uninitialized and required apps to explicitly set the copy field to get deterministic behavior (which is a requirement contrary to the documentation in both the manpage and source code). In turn there's no alteration to backwards compatibility as result of this change because userland will find the copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN and sometime uninitialized. Even then the change only can make a difference to non cooperative users of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not true for the vast majority of apps using userfaultfd or this unintended uninitialized field may have been noticed sooner. Meanwhile, since this bug existed for years, it also almost affects all ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also get affected in the same way: - UFFDIO_CONTINUE - UFFDIO_POISON - UFFDIO_MOVE This patch should have fixed all of them. Link: https://lkml.kernel.org/r/20250424215729.194656-2-peterx@redhat.com Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl") Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index d80f94346199..22f4bf956ba1 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx, user_uffdio_copy = (struct uffdio_copy __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_copy->copy))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_copy, user_uffdio_copy, @@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct userfaultfd_ctx *ctx, user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage, @@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg) user_uffdio_continue = (struct uffdio_continue __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_continue->mapped))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_continue, user_uffdio_continue, @@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(struct userfaultfd_ctx *ctx, unsigned long user_uffdio_poison = (struct uffdio_poison __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_poison->updated))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_poison, user_uffdio_poison, @@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userfaultfd_ctx *ctx, user_uffdio_move = (struct uffdio_move __user *) arg; - if (atomic_read(&ctx->mmap_changing)) - return -EAGAIN; + ret = -EAGAIN; + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_move->move))) + return -EFAULT; + goto out; + } if (copy_from_user(&uffdio_move, user_uffdio_move, /* don't copy "move" last field */

7 months

1
0
0 0

Re: Patch "s390/entry: Fix last breaking event handling in case of stack corruption" has been added to the 6.6-stable tree

by Heiko Carstens

On Sun, May 11, 2025 at 01:59:02PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > s390/entry: Fix last breaking event handling in case of stack corruption > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > s390-entry-fix-last-breaking-event-handling-in-case-.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This patch shouldn't be applied as it is to 6.6, 6.1, and 5.15 stable kernels, since it won't compile. I'll provide a slightly modified variant.

7 months

2
1
0 0

FAILED: patch "[PATCH] staging: axis-fifo: Correct handling of tx_fifo_depth for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2ca34b508774aaa590fc3698a54204706ecca4ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051209-visible-hassle-6995@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ca34b508774aaa590fc3698a54204706ecca4ba Mon Sep 17 00:00:00 2001 From: Gabriel Shahrouzi <gshahrouzi(a)gmail.com> Date: Fri, 18 Apr 2025 21:29:37 -0400 Subject: [PATCH] staging: axis-fifo: Correct handling of tx_fifo_depth for size validation Remove erroneous subtraction of 4 from the total FIFO depth read from device tree. The stored depth is for checking against total capacity, not initial vacancy. This prevented writes near the FIFO's full size. The check performed just before data transfer, which uses live reads of the TDFV register to determine current vacancy, correctly handles the initial Depth - 4 hardware state and subsequent FIFO fullness. Fixes: 4a965c5f89de ("staging: add driver for Xilinx AXI-Stream FIFO v4.1 IP core") Cc: stable(a)vger.kernel.org Signed-off-by: Gabriel Shahrouzi <gshahrouzi(a)gmail.com> Link: https://lore.kernel.org/r/20250419012937.674924-1-gshahrouzi@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/axis-fifo/axis-fifo.c b/drivers/staging/axis-fifo/axis-fifo.c index 7540c20090c7..04b3dc3cfe7c 100644 --- a/drivers/staging/axis-fifo/axis-fifo.c +++ b/drivers/staging/axis-fifo/axis-fifo.c @@ -775,9 +775,6 @@ static int axis_fifo_parse_dt(struct axis_fifo *fifo) goto end; } - /* IP sets TDFV to fifo depth - 4 so we will do the same */ - fifo->tx_fifo_depth -= 4; - ret = get_dts_property(fifo, "xlnx,use-rx-data", &fifo->has_rx_fifo); if (ret) { dev_err(fifo->dt_device, "missing xlnx,use-rx-data property\n");

7 months

1
0
0 0

FAILED: patch "[PATCH] staging: axis-fifo: Remove hardware resets for user errors" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c6e8d85fafa7193613db37da29c0e8d6e2515b13 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051251-pardon-stellar-d13f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6e8d85fafa7193613db37da29c0e8d6e2515b13 Mon Sep 17 00:00:00 2001 From: Gabriel Shahrouzi <gshahrouzi(a)gmail.com> Date: Fri, 18 Apr 2025 20:43:06 -0400 Subject: [PATCH] staging: axis-fifo: Remove hardware resets for user errors The axis-fifo driver performs a full hardware reset (via reset_ip_core()) in several error paths within the read and write functions. This reset flushes both TX and RX FIFOs and resets the AXI-Stream links. Allow the user to handle the error without causing hardware disruption or data loss in other FIFO paths. Fixes: 4a965c5f89de ("staging: add driver for Xilinx AXI-Stream FIFO v4.1 IP core") Cc: stable(a)vger.kernel.org Signed-off-by: Gabriel Shahrouzi <gshahrouzi(a)gmail.com> Link: https://lore.kernel.org/r/20250419004306.669605-1-gshahrouzi@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/axis-fifo/axis-fifo.c b/drivers/staging/axis-fifo/axis-fifo.c index 04b3dc3cfe7c..351f983ef914 100644 --- a/drivers/staging/axis-fifo/axis-fifo.c +++ b/drivers/staging/axis-fifo/axis-fifo.c @@ -393,16 +393,14 @@ static ssize_t axis_fifo_read(struct file *f, char __user *buf, bytes_available = ioread32(fifo->base_addr + XLLF_RLR_OFFSET); if (!bytes_available) { - dev_err(fifo->dt_device, "received a packet of length 0 - fifo core will be reset\n"); - reset_ip_core(fifo); + dev_err(fifo->dt_device, "received a packet of length 0\n"); ret = -EIO; goto end_unlock; } if (bytes_available > len) { - dev_err(fifo->dt_device, "user read buffer too small (available bytes=%zu user buffer bytes=%zu) - fifo core will be reset\n", + dev_err(fifo->dt_device, "user read buffer too small (available bytes=%zu user buffer bytes=%zu)\n", bytes_available, len); - reset_ip_core(fifo); ret = -EINVAL; goto end_unlock; } @@ -411,8 +409,7 @@ static ssize_t axis_fifo_read(struct file *f, char __user *buf, /* this probably can't happen unless IP * registers were previously mishandled */ - dev_err(fifo->dt_device, "received a packet that isn't word-aligned - fifo core will be reset\n"); - reset_ip_core(fifo); + dev_err(fifo->dt_device, "received a packet that isn't word-aligned\n"); ret = -EIO; goto end_unlock; } @@ -433,7 +430,6 @@ static ssize_t axis_fifo_read(struct file *f, char __user *buf, if (copy_to_user(buf + copied * sizeof(u32), tmp_buf, copy * sizeof(u32))) { - reset_ip_core(fifo); ret = -EFAULT; goto end_unlock; } @@ -542,7 +538,6 @@ static ssize_t axis_fifo_write(struct file *f, const char __user *buf, if (copy_from_user(tmp_buf, buf + copied * sizeof(u32), copy * sizeof(u32))) { - reset_ip_core(fifo); ret = -EFAULT; goto end_unlock; }

7 months

1
0
0 0

FAILED: patch "[PATCH] uio_hv_generic: Fix sysfs creation path for ring buffer" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f31fe8165d365379d858c53bef43254c7d6d1cfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051213-regretful-conceded-2379@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f31fe8165d365379d858c53bef43254c7d6d1cfd Mon Sep 17 00:00:00 2001 From: Naman Jain <namjain(a)linux.microsoft.com> Date: Fri, 2 May 2025 13:18:10 +0530 Subject: [PATCH] uio_hv_generic: Fix sysfs creation path for ring buffer On regular bootup, devices get registered to VMBus first, so when uio_hv_generic driver for a particular device type is probed, the device is already initialized and added, so sysfs creation in hv_uio_probe() works fine. However, when the device is removed and brought back, the channel gets rescinded and the device again gets registered to VMBus. However this time, the uio_hv_generic driver is already registered to probe for that device and in this case sysfs creation is tried before the device's kobject gets initialized completely. Fix this by moving the core logic of sysfs creation of ring buffer, from uio_hv_generic to HyperV's VMBus driver, where the rest of the sysfs attributes for the channels are defined. While doing that, make use of attribute groups and macros, instead of creating sysfs directly, to ensure better error handling and code flow. Problematic path: vmbus_process_offer (A new offer comes for the VMBus device) vmbus_add_channel_work vmbus_device_register |-> device_register | |... | |-> hv_uio_probe | |... | |-> sysfs_create_bin_file (leads to a warning as | the primary channel's kobject, which is used to | create the sysfs file, is not yet initialized) |-> kset_create_and_add |-> vmbus_add_channel_kobj (initialization of the primary channel's kobject happens later) Above code flow is sequential and the warning is always reproducible in this path. Fixes: 9ab877a6ccf8 ("uio_hv_generic: make ring buffer attribute for primary channel") Cc: stable(a)kernel.org Suggested-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Suggested-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Tested-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Link: https://lore.kernel.org/r/20250502074811.2022-2-namjain@linux.microsoft.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 29780f3a7478..0b450e53161e 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -477,4 +477,10 @@ static inline int hv_debug_add_dev_dir(struct hv_device *dev) #endif /* CONFIG_HYPERV_TESTING */ +/* Create and remove sysfs entry for memory mapped ring buffers for a channel */ +int hv_create_ring_sysfs(struct vmbus_channel *channel, + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + struct vm_area_struct *vma)); +int hv_remove_ring_sysfs(struct vmbus_channel *channel); + #endif /* _HYPERV_VMBUS_H */ diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 8d3cff42bdbb..0f16a83cc2d6 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1802,6 +1802,27 @@ static ssize_t subchannel_id_show(struct vmbus_channel *channel, } static VMBUS_CHAN_ATTR_RO(subchannel_id); +static int hv_mmap_ring_buffer_wrapper(struct file *filp, struct kobject *kobj, + const struct bin_attribute *attr, + struct vm_area_struct *vma) +{ + struct vmbus_channel *channel = container_of(kobj, struct vmbus_channel, kobj); + + /* + * hv_(create|remove)_ring_sysfs implementation ensures that mmap_ring_buffer + * is not NULL. + */ + return channel->mmap_ring_buffer(channel, vma); +} + +static struct bin_attribute chan_attr_ring_buffer = { + .attr = { + .name = "ring", + .mode = 0600, + }, + .size = 2 * SZ_2M, + .mmap = hv_mmap_ring_buffer_wrapper, +}; static struct attribute *vmbus_chan_attrs[] = { &chan_attr_out_mask.attr, &chan_attr_in_mask.attr, @@ -1821,6 +1842,11 @@ static struct attribute *vmbus_chan_attrs[] = { NULL }; +static struct bin_attribute *vmbus_chan_bin_attrs[] = { + &chan_attr_ring_buffer, + NULL +}; + /* * Channel-level attribute_group callback function. Returns the permission for * each attribute, and returns 0 if an attribute is not visible. @@ -1841,9 +1867,24 @@ static umode_t vmbus_chan_attr_is_visible(struct kobject *kobj, return attr->mode; } +static umode_t vmbus_chan_bin_attr_is_visible(struct kobject *kobj, + const struct bin_attribute *attr, int idx) +{ + const struct vmbus_channel *channel = + container_of(kobj, struct vmbus_channel, kobj); + + /* Hide ring attribute if channel's ring_sysfs_visible is set to false */ + if (attr == &chan_attr_ring_buffer && !channel->ring_sysfs_visible) + return 0; + + return attr->attr.mode; +} + static const struct attribute_group vmbus_chan_group = { .attrs = vmbus_chan_attrs, - .is_visible = vmbus_chan_attr_is_visible + .bin_attrs = vmbus_chan_bin_attrs, + .is_visible = vmbus_chan_attr_is_visible, + .is_bin_visible = vmbus_chan_bin_attr_is_visible, }; static const struct kobj_type vmbus_chan_ktype = { @@ -1851,6 +1892,63 @@ static const struct kobj_type vmbus_chan_ktype = { .release = vmbus_chan_release, }; +/** + * hv_create_ring_sysfs() - create "ring" sysfs entry corresponding to ring buffers for a channel. + * @channel: Pointer to vmbus_channel structure + * @hv_mmap_ring_buffer: function pointer for initializing the function to be called on mmap of + * channel's "ring" sysfs node, which is for the ring buffer of that channel. + * Function pointer is of below type: + * int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + * struct vm_area_struct *vma)) + * This has a pointer to the channel and a pointer to vm_area_struct, + * used for mmap, as arguments. + * + * Sysfs node for ring buffer of a channel is created along with other fields, however its + * visibility is disabled by default. Sysfs creation needs to be controlled when the use-case + * is running. + * For example, HV_NIC device is used either by uio_hv_generic or hv_netvsc at any given point of + * time, and "ring" sysfs is needed only when uio_hv_generic is bound to that device. To avoid + * exposing the ring buffer by default, this function is reponsible to enable visibility of + * ring for userspace to use. + * Note: Race conditions can happen with userspace and it is not encouraged to create new + * use-cases for this. This was added to maintain backward compatibility, while solving + * one of the race conditions in uio_hv_generic while creating sysfs. + * + * Returns 0 on success or error code on failure. + */ +int hv_create_ring_sysfs(struct vmbus_channel *channel, + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + struct vm_area_struct *vma)) +{ + struct kobject *kobj = &channel->kobj; + + channel->mmap_ring_buffer = hv_mmap_ring_buffer; + channel->ring_sysfs_visible = true; + + return sysfs_update_group(kobj, &vmbus_chan_group); +} +EXPORT_SYMBOL_GPL(hv_create_ring_sysfs); + +/** + * hv_remove_ring_sysfs() - remove ring sysfs entry corresponding to ring buffers for a channel. + * @channel: Pointer to vmbus_channel structure + * + * Hide "ring" sysfs for a channel by changing its is_visible attribute and updating sysfs group. + * + * Returns 0 on success or error code on failure. + */ +int hv_remove_ring_sysfs(struct vmbus_channel *channel) +{ + struct kobject *kobj = &channel->kobj; + int ret; + + channel->ring_sysfs_visible = false; + ret = sysfs_update_group(kobj, &vmbus_chan_group); + channel->mmap_ring_buffer = NULL; + return ret; +} +EXPORT_SYMBOL_GPL(hv_remove_ring_sysfs); + /* * vmbus_add_channel_kobj - setup a sub-directory under device/channels */ diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 1b19b5647495..69c1df0f4ca5 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -131,15 +131,12 @@ static void hv_uio_rescind(struct vmbus_channel *channel) vmbus_device_unregister(channel->device_obj); } -/* Sysfs API to allow mmap of the ring buffers +/* Function used for mmap of ring buffer sysfs interface. * The ring buffer is allocated as contiguous memory by vmbus_open */ -static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, - const struct bin_attribute *attr, - struct vm_area_struct *vma) +static int +hv_uio_ring_mmap(struct vmbus_channel *channel, struct vm_area_struct *vma) { - struct vmbus_channel *channel - = container_of(kobj, struct vmbus_channel, kobj); void *ring_buffer = page_address(channel->ringbuffer_page); if (channel->state != CHANNEL_OPENED_STATE) @@ -149,15 +146,6 @@ static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, channel->ringbuffer_pagecount << PAGE_SHIFT); } -static const struct bin_attribute ring_buffer_bin_attr = { - .attr = { - .name = "ring", - .mode = 0600, - }, - .size = 2 * SZ_2M, - .mmap = hv_uio_ring_mmap, -}; - /* Callback from VMBUS subsystem when new channel created. */ static void hv_uio_new_channel(struct vmbus_channel *new_sc) @@ -178,8 +166,7 @@ hv_uio_new_channel(struct vmbus_channel *new_sc) /* Disable interrupts on sub channel */ new_sc->inbound.ring_buffer->interrupt_mask = 1; set_channel_read_mode(new_sc, HV_CALL_ISR); - - ret = sysfs_create_bin_file(&new_sc->kobj, &ring_buffer_bin_attr); + ret = hv_create_ring_sysfs(new_sc, hv_uio_ring_mmap); if (ret) { dev_err(device, "sysfs create ring bin file failed; %d\n", ret); vmbus_close(new_sc); @@ -350,10 +337,18 @@ hv_uio_probe(struct hv_device *dev, goto fail_close; } - ret = sysfs_create_bin_file(&channel->kobj, &ring_buffer_bin_attr); - if (ret) - dev_notice(&dev->device, - "sysfs create ring bin file failed; %d\n", ret); + /* + * This internally calls sysfs_update_group, which returns a non-zero value if it executes + * before sysfs_create_group. This is expected as the 'ring' will be created later in + * vmbus_device_register() -> vmbus_add_channel_kobj(). Thus, no need to check the return + * value and print warning. + * + * Creating/exposing sysfs in driver probe is not encouraged as it can lead to race + * conditions with userspace. For backward compatibility, "ring" sysfs could not be removed + * or decoupled from uio_hv_generic probe. Userspace programs can make use of inotify + * APIs to make sure that ring is created. + */ + hv_create_ring_sysfs(channel, hv_uio_ring_mmap); hv_set_drvdata(dev, pdata); @@ -375,7 +370,7 @@ hv_uio_remove(struct hv_device *dev) if (!pdata) return; - sysfs_remove_bin_file(&dev->channel->kobj, &ring_buffer_bin_attr); + hv_remove_ring_sysfs(dev->channel); uio_unregister_device(&pdata->info); hv_uio_cleanup(dev, pdata); diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 675959fb97ba..d6ffe01962c2 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -1002,6 +1002,12 @@ struct vmbus_channel { /* The max size of a packet on this channel */ u32 max_pkt_size; + + /* function to mmap ring buffer memory to the channel's sysfs ring attribute */ + int (*mmap_ring_buffer)(struct vmbus_channel *channel, struct vm_area_struct *vma); + + /* boolean to control visibility of sysfs for ring buffer */ + bool ring_sysfs_visible; }; #define lock_requestor(channel, flags) \

7 months

1
0
0 0

FAILED: patch "[PATCH] uio_hv_generic: Fix sysfs creation path for ring buffer" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f31fe8165d365379d858c53bef43254c7d6d1cfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051212-blah-famine-0e8e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f31fe8165d365379d858c53bef43254c7d6d1cfd Mon Sep 17 00:00:00 2001 From: Naman Jain <namjain(a)linux.microsoft.com> Date: Fri, 2 May 2025 13:18:10 +0530 Subject: [PATCH] uio_hv_generic: Fix sysfs creation path for ring buffer On regular bootup, devices get registered to VMBus first, so when uio_hv_generic driver for a particular device type is probed, the device is already initialized and added, so sysfs creation in hv_uio_probe() works fine. However, when the device is removed and brought back, the channel gets rescinded and the device again gets registered to VMBus. However this time, the uio_hv_generic driver is already registered to probe for that device and in this case sysfs creation is tried before the device's kobject gets initialized completely. Fix this by moving the core logic of sysfs creation of ring buffer, from uio_hv_generic to HyperV's VMBus driver, where the rest of the sysfs attributes for the channels are defined. While doing that, make use of attribute groups and macros, instead of creating sysfs directly, to ensure better error handling and code flow. Problematic path: vmbus_process_offer (A new offer comes for the VMBus device) vmbus_add_channel_work vmbus_device_register |-> device_register | |... | |-> hv_uio_probe | |... | |-> sysfs_create_bin_file (leads to a warning as | the primary channel's kobject, which is used to | create the sysfs file, is not yet initialized) |-> kset_create_and_add |-> vmbus_add_channel_kobj (initialization of the primary channel's kobject happens later) Above code flow is sequential and the warning is always reproducible in this path. Fixes: 9ab877a6ccf8 ("uio_hv_generic: make ring buffer attribute for primary channel") Cc: stable(a)kernel.org Suggested-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Suggested-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Tested-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Link: https://lore.kernel.org/r/20250502074811.2022-2-namjain@linux.microsoft.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 29780f3a7478..0b450e53161e 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -477,4 +477,10 @@ static inline int hv_debug_add_dev_dir(struct hv_device *dev) #endif /* CONFIG_HYPERV_TESTING */ +/* Create and remove sysfs entry for memory mapped ring buffers for a channel */ +int hv_create_ring_sysfs(struct vmbus_channel *channel, + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + struct vm_area_struct *vma)); +int hv_remove_ring_sysfs(struct vmbus_channel *channel); + #endif /* _HYPERV_VMBUS_H */ diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 8d3cff42bdbb..0f16a83cc2d6 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1802,6 +1802,27 @@ static ssize_t subchannel_id_show(struct vmbus_channel *channel, } static VMBUS_CHAN_ATTR_RO(subchannel_id); +static int hv_mmap_ring_buffer_wrapper(struct file *filp, struct kobject *kobj, + const struct bin_attribute *attr, + struct vm_area_struct *vma) +{ + struct vmbus_channel *channel = container_of(kobj, struct vmbus_channel, kobj); + + /* + * hv_(create|remove)_ring_sysfs implementation ensures that mmap_ring_buffer + * is not NULL. + */ + return channel->mmap_ring_buffer(channel, vma); +} + +static struct bin_attribute chan_attr_ring_buffer = { + .attr = { + .name = "ring", + .mode = 0600, + }, + .size = 2 * SZ_2M, + .mmap = hv_mmap_ring_buffer_wrapper, +}; static struct attribute *vmbus_chan_attrs[] = { &chan_attr_out_mask.attr, &chan_attr_in_mask.attr, @@ -1821,6 +1842,11 @@ static struct attribute *vmbus_chan_attrs[] = { NULL }; +static struct bin_attribute *vmbus_chan_bin_attrs[] = { + &chan_attr_ring_buffer, + NULL +}; + /* * Channel-level attribute_group callback function. Returns the permission for * each attribute, and returns 0 if an attribute is not visible. @@ -1841,9 +1867,24 @@ static umode_t vmbus_chan_attr_is_visible(struct kobject *kobj, return attr->mode; } +static umode_t vmbus_chan_bin_attr_is_visible(struct kobject *kobj, + const struct bin_attribute *attr, int idx) +{ + const struct vmbus_channel *channel = + container_of(kobj, struct vmbus_channel, kobj); + + /* Hide ring attribute if channel's ring_sysfs_visible is set to false */ + if (attr == &chan_attr_ring_buffer && !channel->ring_sysfs_visible) + return 0; + + return attr->attr.mode; +} + static const struct attribute_group vmbus_chan_group = { .attrs = vmbus_chan_attrs, - .is_visible = vmbus_chan_attr_is_visible + .bin_attrs = vmbus_chan_bin_attrs, + .is_visible = vmbus_chan_attr_is_visible, + .is_bin_visible = vmbus_chan_bin_attr_is_visible, }; static const struct kobj_type vmbus_chan_ktype = { @@ -1851,6 +1892,63 @@ static const struct kobj_type vmbus_chan_ktype = { .release = vmbus_chan_release, }; +/** + * hv_create_ring_sysfs() - create "ring" sysfs entry corresponding to ring buffers for a channel. + * @channel: Pointer to vmbus_channel structure + * @hv_mmap_ring_buffer: function pointer for initializing the function to be called on mmap of + * channel's "ring" sysfs node, which is for the ring buffer of that channel. + * Function pointer is of below type: + * int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + * struct vm_area_struct *vma)) + * This has a pointer to the channel and a pointer to vm_area_struct, + * used for mmap, as arguments. + * + * Sysfs node for ring buffer of a channel is created along with other fields, however its + * visibility is disabled by default. Sysfs creation needs to be controlled when the use-case + * is running. + * For example, HV_NIC device is used either by uio_hv_generic or hv_netvsc at any given point of + * time, and "ring" sysfs is needed only when uio_hv_generic is bound to that device. To avoid + * exposing the ring buffer by default, this function is reponsible to enable visibility of + * ring for userspace to use. + * Note: Race conditions can happen with userspace and it is not encouraged to create new + * use-cases for this. This was added to maintain backward compatibility, while solving + * one of the race conditions in uio_hv_generic while creating sysfs. + * + * Returns 0 on success or error code on failure. + */ +int hv_create_ring_sysfs(struct vmbus_channel *channel, + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + struct vm_area_struct *vma)) +{ + struct kobject *kobj = &channel->kobj; + + channel->mmap_ring_buffer = hv_mmap_ring_buffer; + channel->ring_sysfs_visible = true; + + return sysfs_update_group(kobj, &vmbus_chan_group); +} +EXPORT_SYMBOL_GPL(hv_create_ring_sysfs); + +/** + * hv_remove_ring_sysfs() - remove ring sysfs entry corresponding to ring buffers for a channel. + * @channel: Pointer to vmbus_channel structure + * + * Hide "ring" sysfs for a channel by changing its is_visible attribute and updating sysfs group. + * + * Returns 0 on success or error code on failure. + */ +int hv_remove_ring_sysfs(struct vmbus_channel *channel) +{ + struct kobject *kobj = &channel->kobj; + int ret; + + channel->ring_sysfs_visible = false; + ret = sysfs_update_group(kobj, &vmbus_chan_group); + channel->mmap_ring_buffer = NULL; + return ret; +} +EXPORT_SYMBOL_GPL(hv_remove_ring_sysfs); + /* * vmbus_add_channel_kobj - setup a sub-directory under device/channels */ diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 1b19b5647495..69c1df0f4ca5 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -131,15 +131,12 @@ static void hv_uio_rescind(struct vmbus_channel *channel) vmbus_device_unregister(channel->device_obj); } -/* Sysfs API to allow mmap of the ring buffers +/* Function used for mmap of ring buffer sysfs interface. * The ring buffer is allocated as contiguous memory by vmbus_open */ -static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, - const struct bin_attribute *attr, - struct vm_area_struct *vma) +static int +hv_uio_ring_mmap(struct vmbus_channel *channel, struct vm_area_struct *vma) { - struct vmbus_channel *channel - = container_of(kobj, struct vmbus_channel, kobj); void *ring_buffer = page_address(channel->ringbuffer_page); if (channel->state != CHANNEL_OPENED_STATE) @@ -149,15 +146,6 @@ static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, channel->ringbuffer_pagecount << PAGE_SHIFT); } -static const struct bin_attribute ring_buffer_bin_attr = { - .attr = { - .name = "ring", - .mode = 0600, - }, - .size = 2 * SZ_2M, - .mmap = hv_uio_ring_mmap, -}; - /* Callback from VMBUS subsystem when new channel created. */ static void hv_uio_new_channel(struct vmbus_channel *new_sc) @@ -178,8 +166,7 @@ hv_uio_new_channel(struct vmbus_channel *new_sc) /* Disable interrupts on sub channel */ new_sc->inbound.ring_buffer->interrupt_mask = 1; set_channel_read_mode(new_sc, HV_CALL_ISR); - - ret = sysfs_create_bin_file(&new_sc->kobj, &ring_buffer_bin_attr); + ret = hv_create_ring_sysfs(new_sc, hv_uio_ring_mmap); if (ret) { dev_err(device, "sysfs create ring bin file failed; %d\n", ret); vmbus_close(new_sc); @@ -350,10 +337,18 @@ hv_uio_probe(struct hv_device *dev, goto fail_close; } - ret = sysfs_create_bin_file(&channel->kobj, &ring_buffer_bin_attr); - if (ret) - dev_notice(&dev->device, - "sysfs create ring bin file failed; %d\n", ret); + /* + * This internally calls sysfs_update_group, which returns a non-zero value if it executes + * before sysfs_create_group. This is expected as the 'ring' will be created later in + * vmbus_device_register() -> vmbus_add_channel_kobj(). Thus, no need to check the return + * value and print warning. + * + * Creating/exposing sysfs in driver probe is not encouraged as it can lead to race + * conditions with userspace. For backward compatibility, "ring" sysfs could not be removed + * or decoupled from uio_hv_generic probe. Userspace programs can make use of inotify + * APIs to make sure that ring is created. + */ + hv_create_ring_sysfs(channel, hv_uio_ring_mmap); hv_set_drvdata(dev, pdata); @@ -375,7 +370,7 @@ hv_uio_remove(struct hv_device *dev) if (!pdata) return; - sysfs_remove_bin_file(&dev->channel->kobj, &ring_buffer_bin_attr); + hv_remove_ring_sysfs(dev->channel); uio_unregister_device(&pdata->info); hv_uio_cleanup(dev, pdata); diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 675959fb97ba..d6ffe01962c2 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -1002,6 +1002,12 @@ struct vmbus_channel { /* The max size of a packet on this channel */ u32 max_pkt_size; + + /* function to mmap ring buffer memory to the channel's sysfs ring attribute */ + int (*mmap_ring_buffer)(struct vmbus_channel *channel, struct vm_area_struct *vma); + + /* boolean to control visibility of sysfs for ring buffer */ + bool ring_sysfs_visible; }; #define lock_requestor(channel, flags) \

7 months

1
0
0 0

FAILED: patch "[PATCH] uio_hv_generic: Fix sysfs creation path for ring buffer" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f31fe8165d365379d858c53bef43254c7d6d1cfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051211-renewably-acclimate-72f0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f31fe8165d365379d858c53bef43254c7d6d1cfd Mon Sep 17 00:00:00 2001 From: Naman Jain <namjain(a)linux.microsoft.com> Date: Fri, 2 May 2025 13:18:10 +0530 Subject: [PATCH] uio_hv_generic: Fix sysfs creation path for ring buffer On regular bootup, devices get registered to VMBus first, so when uio_hv_generic driver for a particular device type is probed, the device is already initialized and added, so sysfs creation in hv_uio_probe() works fine. However, when the device is removed and brought back, the channel gets rescinded and the device again gets registered to VMBus. However this time, the uio_hv_generic driver is already registered to probe for that device and in this case sysfs creation is tried before the device's kobject gets initialized completely. Fix this by moving the core logic of sysfs creation of ring buffer, from uio_hv_generic to HyperV's VMBus driver, where the rest of the sysfs attributes for the channels are defined. While doing that, make use of attribute groups and macros, instead of creating sysfs directly, to ensure better error handling and code flow. Problematic path: vmbus_process_offer (A new offer comes for the VMBus device) vmbus_add_channel_work vmbus_device_register |-> device_register | |... | |-> hv_uio_probe | |... | |-> sysfs_create_bin_file (leads to a warning as | the primary channel's kobject, which is used to | create the sysfs file, is not yet initialized) |-> kset_create_and_add |-> vmbus_add_channel_kobj (initialization of the primary channel's kobject happens later) Above code flow is sequential and the warning is always reproducible in this path. Fixes: 9ab877a6ccf8 ("uio_hv_generic: make ring buffer attribute for primary channel") Cc: stable(a)kernel.org Suggested-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Suggested-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Tested-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Link: https://lore.kernel.org/r/20250502074811.2022-2-namjain@linux.microsoft.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 29780f3a7478..0b450e53161e 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -477,4 +477,10 @@ static inline int hv_debug_add_dev_dir(struct hv_device *dev) #endif /* CONFIG_HYPERV_TESTING */ +/* Create and remove sysfs entry for memory mapped ring buffers for a channel */ +int hv_create_ring_sysfs(struct vmbus_channel *channel, + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + struct vm_area_struct *vma)); +int hv_remove_ring_sysfs(struct vmbus_channel *channel); + #endif /* _HYPERV_VMBUS_H */ diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 8d3cff42bdbb..0f16a83cc2d6 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1802,6 +1802,27 @@ static ssize_t subchannel_id_show(struct vmbus_channel *channel, } static VMBUS_CHAN_ATTR_RO(subchannel_id); +static int hv_mmap_ring_buffer_wrapper(struct file *filp, struct kobject *kobj, + const struct bin_attribute *attr, + struct vm_area_struct *vma) +{ + struct vmbus_channel *channel = container_of(kobj, struct vmbus_channel, kobj); + + /* + * hv_(create|remove)_ring_sysfs implementation ensures that mmap_ring_buffer + * is not NULL. + */ + return channel->mmap_ring_buffer(channel, vma); +} + +static struct bin_attribute chan_attr_ring_buffer = { + .attr = { + .name = "ring", + .mode = 0600, + }, + .size = 2 * SZ_2M, + .mmap = hv_mmap_ring_buffer_wrapper, +}; static struct attribute *vmbus_chan_attrs[] = { &chan_attr_out_mask.attr, &chan_attr_in_mask.attr, @@ -1821,6 +1842,11 @@ static struct attribute *vmbus_chan_attrs[] = { NULL }; +static struct bin_attribute *vmbus_chan_bin_attrs[] = { + &chan_attr_ring_buffer, + NULL +}; + /* * Channel-level attribute_group callback function. Returns the permission for * each attribute, and returns 0 if an attribute is not visible. @@ -1841,9 +1867,24 @@ static umode_t vmbus_chan_attr_is_visible(struct kobject *kobj, return attr->mode; } +static umode_t vmbus_chan_bin_attr_is_visible(struct kobject *kobj, + const struct bin_attribute *attr, int idx) +{ + const struct vmbus_channel *channel = + container_of(kobj, struct vmbus_channel, kobj); + + /* Hide ring attribute if channel's ring_sysfs_visible is set to false */ + if (attr == &chan_attr_ring_buffer && !channel->ring_sysfs_visible) + return 0; + + return attr->attr.mode; +} + static const struct attribute_group vmbus_chan_group = { .attrs = vmbus_chan_attrs, - .is_visible = vmbus_chan_attr_is_visible + .bin_attrs = vmbus_chan_bin_attrs, + .is_visible = vmbus_chan_attr_is_visible, + .is_bin_visible = vmbus_chan_bin_attr_is_visible, }; static const struct kobj_type vmbus_chan_ktype = { @@ -1851,6 +1892,63 @@ static const struct kobj_type vmbus_chan_ktype = { .release = vmbus_chan_release, }; +/** + * hv_create_ring_sysfs() - create "ring" sysfs entry corresponding to ring buffers for a channel. + * @channel: Pointer to vmbus_channel structure + * @hv_mmap_ring_buffer: function pointer for initializing the function to be called on mmap of + * channel's "ring" sysfs node, which is for the ring buffer of that channel. + * Function pointer is of below type: + * int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + * struct vm_area_struct *vma)) + * This has a pointer to the channel and a pointer to vm_area_struct, + * used for mmap, as arguments. + * + * Sysfs node for ring buffer of a channel is created along with other fields, however its + * visibility is disabled by default. Sysfs creation needs to be controlled when the use-case + * is running. + * For example, HV_NIC device is used either by uio_hv_generic or hv_netvsc at any given point of + * time, and "ring" sysfs is needed only when uio_hv_generic is bound to that device. To avoid + * exposing the ring buffer by default, this function is reponsible to enable visibility of + * ring for userspace to use. + * Note: Race conditions can happen with userspace and it is not encouraged to create new + * use-cases for this. This was added to maintain backward compatibility, while solving + * one of the race conditions in uio_hv_generic while creating sysfs. + * + * Returns 0 on success or error code on failure. + */ +int hv_create_ring_sysfs(struct vmbus_channel *channel, + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + struct vm_area_struct *vma)) +{ + struct kobject *kobj = &channel->kobj; + + channel->mmap_ring_buffer = hv_mmap_ring_buffer; + channel->ring_sysfs_visible = true; + + return sysfs_update_group(kobj, &vmbus_chan_group); +} +EXPORT_SYMBOL_GPL(hv_create_ring_sysfs); + +/** + * hv_remove_ring_sysfs() - remove ring sysfs entry corresponding to ring buffers for a channel. + * @channel: Pointer to vmbus_channel structure + * + * Hide "ring" sysfs for a channel by changing its is_visible attribute and updating sysfs group. + * + * Returns 0 on success or error code on failure. + */ +int hv_remove_ring_sysfs(struct vmbus_channel *channel) +{ + struct kobject *kobj = &channel->kobj; + int ret; + + channel->ring_sysfs_visible = false; + ret = sysfs_update_group(kobj, &vmbus_chan_group); + channel->mmap_ring_buffer = NULL; + return ret; +} +EXPORT_SYMBOL_GPL(hv_remove_ring_sysfs); + /* * vmbus_add_channel_kobj - setup a sub-directory under device/channels */ diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 1b19b5647495..69c1df0f4ca5 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -131,15 +131,12 @@ static void hv_uio_rescind(struct vmbus_channel *channel) vmbus_device_unregister(channel->device_obj); } -/* Sysfs API to allow mmap of the ring buffers +/* Function used for mmap of ring buffer sysfs interface. * The ring buffer is allocated as contiguous memory by vmbus_open */ -static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, - const struct bin_attribute *attr, - struct vm_area_struct *vma) +static int +hv_uio_ring_mmap(struct vmbus_channel *channel, struct vm_area_struct *vma) { - struct vmbus_channel *channel - = container_of(kobj, struct vmbus_channel, kobj); void *ring_buffer = page_address(channel->ringbuffer_page); if (channel->state != CHANNEL_OPENED_STATE) @@ -149,15 +146,6 @@ static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, channel->ringbuffer_pagecount << PAGE_SHIFT); } -static const struct bin_attribute ring_buffer_bin_attr = { - .attr = { - .name = "ring", - .mode = 0600, - }, - .size = 2 * SZ_2M, - .mmap = hv_uio_ring_mmap, -}; - /* Callback from VMBUS subsystem when new channel created. */ static void hv_uio_new_channel(struct vmbus_channel *new_sc) @@ -178,8 +166,7 @@ hv_uio_new_channel(struct vmbus_channel *new_sc) /* Disable interrupts on sub channel */ new_sc->inbound.ring_buffer->interrupt_mask = 1; set_channel_read_mode(new_sc, HV_CALL_ISR); - - ret = sysfs_create_bin_file(&new_sc->kobj, &ring_buffer_bin_attr); + ret = hv_create_ring_sysfs(new_sc, hv_uio_ring_mmap); if (ret) { dev_err(device, "sysfs create ring bin file failed; %d\n", ret); vmbus_close(new_sc); @@ -350,10 +337,18 @@ hv_uio_probe(struct hv_device *dev, goto fail_close; } - ret = sysfs_create_bin_file(&channel->kobj, &ring_buffer_bin_attr); - if (ret) - dev_notice(&dev->device, - "sysfs create ring bin file failed; %d\n", ret); + /* + * This internally calls sysfs_update_group, which returns a non-zero value if it executes + * before sysfs_create_group. This is expected as the 'ring' will be created later in + * vmbus_device_register() -> vmbus_add_channel_kobj(). Thus, no need to check the return + * value and print warning. + * + * Creating/exposing sysfs in driver probe is not encouraged as it can lead to race + * conditions with userspace. For backward compatibility, "ring" sysfs could not be removed + * or decoupled from uio_hv_generic probe. Userspace programs can make use of inotify + * APIs to make sure that ring is created. + */ + hv_create_ring_sysfs(channel, hv_uio_ring_mmap); hv_set_drvdata(dev, pdata); @@ -375,7 +370,7 @@ hv_uio_remove(struct hv_device *dev) if (!pdata) return; - sysfs_remove_bin_file(&dev->channel->kobj, &ring_buffer_bin_attr); + hv_remove_ring_sysfs(dev->channel); uio_unregister_device(&pdata->info); hv_uio_cleanup(dev, pdata); diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 675959fb97ba..d6ffe01962c2 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -1002,6 +1002,12 @@ struct vmbus_channel { /* The max size of a packet on this channel */ u32 max_pkt_size; + + /* function to mmap ring buffer memory to the channel's sysfs ring attribute */ + int (*mmap_ring_buffer)(struct vmbus_channel *channel, struct vm_area_struct *vma); + + /* boolean to control visibility of sysfs for ring buffer */ + bool ring_sysfs_visible; }; #define lock_requestor(channel, flags) \

7 months

1
0
0 0

FAILED: patch "[PATCH] uio_hv_generic: Fix sysfs creation path for ring buffer" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f31fe8165d365379d858c53bef43254c7d6d1cfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051210-wieldable-haunt-9fa2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f31fe8165d365379d858c53bef43254c7d6d1cfd Mon Sep 17 00:00:00 2001 From: Naman Jain <namjain(a)linux.microsoft.com> Date: Fri, 2 May 2025 13:18:10 +0530 Subject: [PATCH] uio_hv_generic: Fix sysfs creation path for ring buffer On regular bootup, devices get registered to VMBus first, so when uio_hv_generic driver for a particular device type is probed, the device is already initialized and added, so sysfs creation in hv_uio_probe() works fine. However, when the device is removed and brought back, the channel gets rescinded and the device again gets registered to VMBus. However this time, the uio_hv_generic driver is already registered to probe for that device and in this case sysfs creation is tried before the device's kobject gets initialized completely. Fix this by moving the core logic of sysfs creation of ring buffer, from uio_hv_generic to HyperV's VMBus driver, where the rest of the sysfs attributes for the channels are defined. While doing that, make use of attribute groups and macros, instead of creating sysfs directly, to ensure better error handling and code flow. Problematic path: vmbus_process_offer (A new offer comes for the VMBus device) vmbus_add_channel_work vmbus_device_register |-> device_register | |... | |-> hv_uio_probe | |... | |-> sysfs_create_bin_file (leads to a warning as | the primary channel's kobject, which is used to | create the sysfs file, is not yet initialized) |-> kset_create_and_add |-> vmbus_add_channel_kobj (initialization of the primary channel's kobject happens later) Above code flow is sequential and the warning is always reproducible in this path. Fixes: 9ab877a6ccf8 ("uio_hv_generic: make ring buffer attribute for primary channel") Cc: stable(a)kernel.org Suggested-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Suggested-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Tested-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Link: https://lore.kernel.org/r/20250502074811.2022-2-namjain@linux.microsoft.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 29780f3a7478..0b450e53161e 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -477,4 +477,10 @@ static inline int hv_debug_add_dev_dir(struct hv_device *dev) #endif /* CONFIG_HYPERV_TESTING */ +/* Create and remove sysfs entry for memory mapped ring buffers for a channel */ +int hv_create_ring_sysfs(struct vmbus_channel *channel, + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + struct vm_area_struct *vma)); +int hv_remove_ring_sysfs(struct vmbus_channel *channel); + #endif /* _HYPERV_VMBUS_H */ diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 8d3cff42bdbb..0f16a83cc2d6 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1802,6 +1802,27 @@ static ssize_t subchannel_id_show(struct vmbus_channel *channel, } static VMBUS_CHAN_ATTR_RO(subchannel_id); +static int hv_mmap_ring_buffer_wrapper(struct file *filp, struct kobject *kobj, + const struct bin_attribute *attr, + struct vm_area_struct *vma) +{ + struct vmbus_channel *channel = container_of(kobj, struct vmbus_channel, kobj); + + /* + * hv_(create|remove)_ring_sysfs implementation ensures that mmap_ring_buffer + * is not NULL. + */ + return channel->mmap_ring_buffer(channel, vma); +} + +static struct bin_attribute chan_attr_ring_buffer = { + .attr = { + .name = "ring", + .mode = 0600, + }, + .size = 2 * SZ_2M, + .mmap = hv_mmap_ring_buffer_wrapper, +}; static struct attribute *vmbus_chan_attrs[] = { &chan_attr_out_mask.attr, &chan_attr_in_mask.attr, @@ -1821,6 +1842,11 @@ static struct attribute *vmbus_chan_attrs[] = { NULL }; +static struct bin_attribute *vmbus_chan_bin_attrs[] = { + &chan_attr_ring_buffer, + NULL +}; + /* * Channel-level attribute_group callback function. Returns the permission for * each attribute, and returns 0 if an attribute is not visible. @@ -1841,9 +1867,24 @@ static umode_t vmbus_chan_attr_is_visible(struct kobject *kobj, return attr->mode; } +static umode_t vmbus_chan_bin_attr_is_visible(struct kobject *kobj, + const struct bin_attribute *attr, int idx) +{ + const struct vmbus_channel *channel = + container_of(kobj, struct vmbus_channel, kobj); + + /* Hide ring attribute if channel's ring_sysfs_visible is set to false */ + if (attr == &chan_attr_ring_buffer && !channel->ring_sysfs_visible) + return 0; + + return attr->attr.mode; +} + static const struct attribute_group vmbus_chan_group = { .attrs = vmbus_chan_attrs, - .is_visible = vmbus_chan_attr_is_visible + .bin_attrs = vmbus_chan_bin_attrs, + .is_visible = vmbus_chan_attr_is_visible, + .is_bin_visible = vmbus_chan_bin_attr_is_visible, }; static const struct kobj_type vmbus_chan_ktype = { @@ -1851,6 +1892,63 @@ static const struct kobj_type vmbus_chan_ktype = { .release = vmbus_chan_release, }; +/** + * hv_create_ring_sysfs() - create "ring" sysfs entry corresponding to ring buffers for a channel. + * @channel: Pointer to vmbus_channel structure + * @hv_mmap_ring_buffer: function pointer for initializing the function to be called on mmap of + * channel's "ring" sysfs node, which is for the ring buffer of that channel. + * Function pointer is of below type: + * int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + * struct vm_area_struct *vma)) + * This has a pointer to the channel and a pointer to vm_area_struct, + * used for mmap, as arguments. + * + * Sysfs node for ring buffer of a channel is created along with other fields, however its + * visibility is disabled by default. Sysfs creation needs to be controlled when the use-case + * is running. + * For example, HV_NIC device is used either by uio_hv_generic or hv_netvsc at any given point of + * time, and "ring" sysfs is needed only when uio_hv_generic is bound to that device. To avoid + * exposing the ring buffer by default, this function is reponsible to enable visibility of + * ring for userspace to use. + * Note: Race conditions can happen with userspace and it is not encouraged to create new + * use-cases for this. This was added to maintain backward compatibility, while solving + * one of the race conditions in uio_hv_generic while creating sysfs. + * + * Returns 0 on success or error code on failure. + */ +int hv_create_ring_sysfs(struct vmbus_channel *channel, + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, + struct vm_area_struct *vma)) +{ + struct kobject *kobj = &channel->kobj; + + channel->mmap_ring_buffer = hv_mmap_ring_buffer; + channel->ring_sysfs_visible = true; + + return sysfs_update_group(kobj, &vmbus_chan_group); +} +EXPORT_SYMBOL_GPL(hv_create_ring_sysfs); + +/** + * hv_remove_ring_sysfs() - remove ring sysfs entry corresponding to ring buffers for a channel. + * @channel: Pointer to vmbus_channel structure + * + * Hide "ring" sysfs for a channel by changing its is_visible attribute and updating sysfs group. + * + * Returns 0 on success or error code on failure. + */ +int hv_remove_ring_sysfs(struct vmbus_channel *channel) +{ + struct kobject *kobj = &channel->kobj; + int ret; + + channel->ring_sysfs_visible = false; + ret = sysfs_update_group(kobj, &vmbus_chan_group); + channel->mmap_ring_buffer = NULL; + return ret; +} +EXPORT_SYMBOL_GPL(hv_remove_ring_sysfs); + /* * vmbus_add_channel_kobj - setup a sub-directory under device/channels */ diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 1b19b5647495..69c1df0f4ca5 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -131,15 +131,12 @@ static void hv_uio_rescind(struct vmbus_channel *channel) vmbus_device_unregister(channel->device_obj); } -/* Sysfs API to allow mmap of the ring buffers +/* Function used for mmap of ring buffer sysfs interface. * The ring buffer is allocated as contiguous memory by vmbus_open */ -static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, - const struct bin_attribute *attr, - struct vm_area_struct *vma) +static int +hv_uio_ring_mmap(struct vmbus_channel *channel, struct vm_area_struct *vma) { - struct vmbus_channel *channel - = container_of(kobj, struct vmbus_channel, kobj); void *ring_buffer = page_address(channel->ringbuffer_page); if (channel->state != CHANNEL_OPENED_STATE) @@ -149,15 +146,6 @@ static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, channel->ringbuffer_pagecount << PAGE_SHIFT); } -static const struct bin_attribute ring_buffer_bin_attr = { - .attr = { - .name = "ring", - .mode = 0600, - }, - .size = 2 * SZ_2M, - .mmap = hv_uio_ring_mmap, -}; - /* Callback from VMBUS subsystem when new channel created. */ static void hv_uio_new_channel(struct vmbus_channel *new_sc) @@ -178,8 +166,7 @@ hv_uio_new_channel(struct vmbus_channel *new_sc) /* Disable interrupts on sub channel */ new_sc->inbound.ring_buffer->interrupt_mask = 1; set_channel_read_mode(new_sc, HV_CALL_ISR); - - ret = sysfs_create_bin_file(&new_sc->kobj, &ring_buffer_bin_attr); + ret = hv_create_ring_sysfs(new_sc, hv_uio_ring_mmap); if (ret) { dev_err(device, "sysfs create ring bin file failed; %d\n", ret); vmbus_close(new_sc); @@ -350,10 +337,18 @@ hv_uio_probe(struct hv_device *dev, goto fail_close; } - ret = sysfs_create_bin_file(&channel->kobj, &ring_buffer_bin_attr); - if (ret) - dev_notice(&dev->device, - "sysfs create ring bin file failed; %d\n", ret); + /* + * This internally calls sysfs_update_group, which returns a non-zero value if it executes + * before sysfs_create_group. This is expected as the 'ring' will be created later in + * vmbus_device_register() -> vmbus_add_channel_kobj(). Thus, no need to check the return + * value and print warning. + * + * Creating/exposing sysfs in driver probe is not encouraged as it can lead to race + * conditions with userspace. For backward compatibility, "ring" sysfs could not be removed + * or decoupled from uio_hv_generic probe. Userspace programs can make use of inotify + * APIs to make sure that ring is created. + */ + hv_create_ring_sysfs(channel, hv_uio_ring_mmap); hv_set_drvdata(dev, pdata); @@ -375,7 +370,7 @@ hv_uio_remove(struct hv_device *dev) if (!pdata) return; - sysfs_remove_bin_file(&dev->channel->kobj, &ring_buffer_bin_attr); + hv_remove_ring_sysfs(dev->channel); uio_unregister_device(&pdata->info); hv_uio_cleanup(dev, pdata); diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 675959fb97ba..d6ffe01962c2 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -1002,6 +1002,12 @@ struct vmbus_channel { /* The max size of a packet on this channel */ u32 max_pkt_size; + + /* function to mmap ring buffer memory to the channel's sysfs ring attribute */ + int (*mmap_ring_buffer)(struct vmbus_channel *channel, struct vm_area_struct *vma); + + /* boolean to control visibility of sysfs for ring buffer */ + bool ring_sysfs_visible; }; #define lock_requestor(channel, flags) \

7 months

1
0
0 0

[PATCH v2] clk: meson-g12a: fix missing spicc clks to clk_sel

by Da Xue

HHI_SPICC_CLK_CNTL bits 25:23 controls spicc clk_sel. It is missing fclk_div 2 and gp0_pll which causes the spicc module to output the incorrect clocks for spicc sclk at 2.5x the expected rate. Add the missing clocks resolves this. Fixes: a18c8e0b7697 ("clk: meson: g12a: add support for the SPICC SCLK Source clocks") Cc: <stable(a)vger.kernel.org> # 6.1 Signed-off-by: Da Xue <da(a)libre.computer> --- Changelog: v1 -> v2: add Fixes as an older version of the patch was incorrectly sent as v1 --- drivers/clk/meson/g12a.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/clk/meson/g12a.c b/drivers/clk/meson/g12a.c index 4f92b83965d5a..892862bf39996 100644 --- a/drivers/clk/meson/g12a.c +++ b/drivers/clk/meson/g12a.c @@ -4099,8 +4099,10 @@ static const struct clk_parent_data spicc_sclk_parent_data[] = { { .hw = &g12a_clk81.hw }, { .hw = &g12a_fclk_div4.hw }, { .hw = &g12a_fclk_div3.hw }, + { .hw = &g12a_fclk_div2.hw }, { .hw = &g12a_fclk_div5.hw }, { .hw = &g12a_fclk_div7.hw }, + { .hw = &g12a_gp0_pll.hw, }, }; static struct clk_regmap g12a_spicc0_sclk_sel = { -- 2.39.5

7 months

2
1
0 0

[PATCH v2] drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()

by Fabio Estevam

From: Fabio Estevam <festevam(a)denx.de> Since commit 559358282e5b ("drm/fb-helper: Don't use the preferred depth for the BPP default"), RGB565 displays such as the CFAF240320X no longer render correctly: colors are distorted and the content is shown twice horizontally. This regression is due to the fbdev emulation layer defaulting to 32 bits per pixel, whereas the display expects 16 bpp (RGB565). As a result, the framebuffer data is incorrectly interpreted by the panel. Fix the issue by calling drm_client_setup_with_fourcc() with a format explicitly selected based on the display's bits-per-pixel value. For 16 bpp, use DRM_FORMAT_RGB565; for other values, fall back to the previous behavior. This ensures that the allocated framebuffer format matches the hardware expectations, avoiding color and layout corruption. Tested on a CFAF240320X display with an RGB565 configuration, confirming correct colors and layout after applying this patch. Cc: stable(a)vger.kernel.org Fixes: 559358282e5b ("drm/fb-helper: Don't use the preferred depth for the BPP default") Signed-off-by: Fabio Estevam <festevam(a)denx.de> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> --- Changes since v1: - Improved the commit log. - Added Thomas' Reviewed-by tag. - Added more maintainers on Cc as panel-mipi-dbi.c has been marked as orphan. drivers/gpu/drm/tiny/panel-mipi-dbi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/tiny/panel-mipi-dbi.c b/drivers/gpu/drm/tiny/panel-mipi-dbi.c index 0460ecaef4bd..23914a9f7fd3 100644 --- a/drivers/gpu/drm/tiny/panel-mipi-dbi.c +++ b/drivers/gpu/drm/tiny/panel-mipi-dbi.c @@ -390,7 +390,10 @@ static int panel_mipi_dbi_spi_probe(struct spi_device *spi) spi_set_drvdata(spi, drm); - drm_client_setup(drm, NULL); + if (bpp == 16) + drm_client_setup_with_fourcc(drm, DRM_FORMAT_RGB565); + else + drm_client_setup_with_fourcc(drm, DRM_FORMAT_RGB888); return 0; } -- 2.34.1

7 months

3
3
0 0

[PATCH] wifi: mt76: disable napi on driver removal

by Fedor Pchelkin

A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024 RIP: 0010:__netif_napi_del_locked+0xf0/0x100 Call Trace: <TASK> mt76_dma_cleanup+0x54/0x2f0 [mt76] mt7921_pci_remove+0xd5/0x190 [mt7921e] pci_device_remove+0x47/0xc0 device_release_driver_internal+0x19e/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xb0 __do_sys_delete_module.isra.0+0x197/0x2e0 do_syscall_64+0x7b/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e Tested with mt7921e but the same pattern can be actually applied to other mt76 drivers calling mt76_dma_cleanup() during removal. Tx napi is enabled in their *_dma_init() functions and only toggled off and on again inside their suspend/resume/reset paths. So it should be okay to disable tx napi in such a generic way. Found by Linux Verification Center (linuxtesting.org). Fixes: 2ac515a5d74f ("mt76: mt76x02: use napi polling for tx cleanup") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/net/wireless/mediatek/mt76/dma.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/mediatek/mt76/dma.c b/drivers/net/wireless/mediatek/mt76/dma.c index 844af16ee551..35b4ec91979e 100644 --- a/drivers/net/wireless/mediatek/mt76/dma.c +++ b/drivers/net/wireless/mediatek/mt76/dma.c @@ -1011,6 +1011,7 @@ void mt76_dma_cleanup(struct mt76_dev *dev) int i; mt76_worker_disable(&dev->tx_worker); + napi_disable(&dev->tx_napi); netif_napi_del(&dev->tx_napi); for (i = 0; i < ARRAY_SIZE(dev->phys); i++) { -- 2.49.0

7 months

2
1
0 0

[PATCH 6.1.y 2/2] drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()

by jianqi.ren.cn＠windriver.com

From: Abhinav Kumar <quic_abhinavk(a)quicinc.com> [ Upstream commit aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 ] For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by an atomic_disable() but without an atomic_mode_set(). This results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in the atomic_enable() as the dpu_encoder's connector was cleared in the atomic_disable() but not re-assigned as there was no atomic_mode_set() call. Fix the NULL ptr access by moving the assignment for atomic_enable() and also use drm_atomic_get_new_connector_for_encoder() to get the connector from the atomic_state. Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support") Reported-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Closes: https://gitlab.freedesktop.org/drm/msm/-/issues/59 Suggested-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Tested-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> # SM8350-HDK Patchwork: https://patchwork.freedesktop.org/patch/606729/ Link: https://lore.kernel.org/r/20240731191723.3050932-1-quic_abhinavk@quicinc.com Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c index c7fcd617b48c..94f352253c74 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c @@ -1101,8 +1101,6 @@ static void dpu_encoder_virt_atomic_mode_set(struct drm_encoder *drm_enc, cstate->num_mixers = num_lm; - dpu_enc->connector = conn_state->connector; - for (i = 0; i < dpu_enc->num_phys_encs; i++) { struct dpu_encoder_phys *phys = dpu_enc->phys_encs[i]; @@ -1192,6 +1190,9 @@ static void dpu_encoder_virt_atomic_enable(struct drm_encoder *drm_enc, dpu_enc = to_dpu_encoder_virt(drm_enc); mutex_lock(&dpu_enc->enc_lock); + + dpu_enc->connector = drm_atomic_get_new_connector_for_encoder(state, drm_enc); + cur_mode = &dpu_enc->base.crtc->state->adjusted_mode; trace_dpu_enc_enable(DRMID(drm_enc), cur_mode->hdisplay, -- 2.34.1

7 months

1
0
0 0

[PATCH] usb: cdnsp: Fix issue with detecting command completion event

by Pawel Laszczak

In some cases, there is a small-time gap in which CMD_RING_BUSY can be cleared by controller but adding command completion event to event ring will be delayed. As the result driver will return error code. This behavior has been detected on usbtest driver (test 9) with configuration including ep1in/ep1out bulk and ep2in/ep2out isoc endpoint. Probably this gap occurred because controller was busy with adding some other events to event ring. The CMD_RING_BUSY is cleared to '0' when the Command Descriptor has been executed and not when command completion event has been added to event ring. To fix this issue for this test the small delay is sufficient less than 10us) but to make sure the problem doesn't happen again in the future the patch introduce 3 retries to check with delay about 100us before returning error code Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-gadget.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index f773518185c9..0eb11b5dd9d3 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -547,6 +547,7 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) dma_addr_t cmd_deq_dma; union cdnsp_trb *event; u32 cycle_state; + u32 retry = 3; int ret, val; u64 cmd_dma; u32 flags; @@ -578,8 +579,23 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) flags = le32_to_cpu(event->event_cmd.flags); /* Check the owner of the TRB. */ - if ((flags & TRB_CYCLE) != cycle_state) + if ((flags & TRB_CYCLE) != cycle_state) { + /* + *Give some extra time to get chance controller + * to finish command before returning error code. + * Checking CMD_RING_BUSY is not sufficient because + * this bit is cleared to '0' when the Command + * Descriptor has been executed by controller + * and not when command completion event has + * be added to event ring. + */ + if (retry--) { + usleep_range(90, 100); + continue; + } + return -EINVAL; + } cmd_dma = le64_to_cpu(event->event_cmd.cmd_trb); -- 2.43.0

7 months

2
2
0 0

[merged mm-nonmm-stable] ipc-fix-to-protect-ipcs-lookups-using-rcu.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ipc: fix to protect IPCS lookups using RCU has been removed from the -mm tree. Its filename was ipc-fix-to-protect-ipcs-lookups-using-rcu.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jeongjun Park <aha310510(a)gmail.com> Subject: ipc: fix to protect IPCS lookups using RCU Date: Thu, 24 Apr 2025 23:33:22 +0900 syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() is protected by rwsem, but this is not enough. If it is not protected by RCU read-critical region, when idr_for_each() calls radix_tree_node_free() through call_rcu() to free the radix_tree_node structure, the node will be freed immediately, and when reading the next node in radix_tree_for_each_slot(), the already freed memory may be read. Therefore, we need to add code to make sure that idr_for_each() is protected within the RCU read-critical region when we call it in shm_destroy_orphaned(). Link: https://lkml.kernel.org/r/20250424143322.18830-1-aha310510@gmail.com Fixes: b34a6b1da371 ("ipc: introduce shm_rmid_forced sysctl") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Reported-by: syzbot+a2b84e569d06ca3a949c(a)syzkaller.appspotmail.com Cc: Jeongjun Park <aha310510(a)gmail.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Vasiliy Kulikov <segoon(a)openwall.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- ipc/shm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/ipc/shm.c~ipc-fix-to-protect-ipcs-lookups-using-rcu +++ a/ipc/shm.c @@ -431,8 +431,11 @@ static int shm_try_destroy_orphaned(int void shm_destroy_orphaned(struct ipc_namespace *ns) { down_write(&shm_ids(ns).rwsem); - if (shm_ids(ns).in_use) + if (shm_ids(ns).in_use) { + rcu_read_lock(); idr_for_each(&shm_ids(ns).ipcs_idr, &shm_try_destroy_orphaned, ns); + rcu_read_unlock(); + } up_write(&shm_ids(ns).rwsem); } _ Patches currently in -mm which might be from aha310510(a)gmail.com are mm-vmalloc-fix-data-race-in-show_numa_info.patch

7 months

1
0
0 0

[merged mm-nonmm-stable] watchdog-fix-watchdog-may-detect-false-positive-of-softlockup.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: watchdog: fix watchdog may detect false positive of softlockup has been removed from the -mm tree. Its filename was watchdog-fix-watchdog-may-detect-false-positive-of-softlockup.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Luo Gengkun <luogengkun(a)huaweicloud.com> Subject: watchdog: fix watchdog may detect false positive of softlockup Date: Mon, 21 Apr 2025 03:50:21 +0000 When updating `watchdog_thresh`, there is a race condition between writing the new `watchdog_thresh` value and stopping the old watchdog timer. If the old timer triggers during this window, it may falsely detect a softlockup due to the old interval and the new `watchdog_thresh` value being used. The problem can be described as follow: # We asuume previous watchdog_thresh is 60, so the watchdog timer is # coming every 24s. echo 10 > /proc/sys/kernel/watchdog_thresh (User space) | +------>+ update watchdog_thresh (We are in kernel now) | | # using old interval and new `watchdog_thresh` +------>+ watchdog hrtimer (irq context: detect softlockup) | | +-------+ | | + softlockup_stop_all To fix this problem, introduce a shadow variable for `watchdog_thresh`. The update to the actual `watchdog_thresh` is delayed until after the old timer is stopped, preventing false positives. The following testcase may help to understand this problem. --------------------------------------------- echo RT_RUNTIME_SHARE > /sys/kernel/debug/sched/features echo -1 > /proc/sys/kernel/sched_rt_runtime_us echo 0 > /sys/kernel/debug/sched/fair_server/cpu3/runtime echo 60 > /proc/sys/kernel/watchdog_thresh taskset -c 3 chrt -r 99 /bin/bash -c "while true;do true; done" & echo 10 > /proc/sys/kernel/watchdog_thresh & --------------------------------------------- The test case above first removes the throttling restrictions for real-time tasks. It then sets watchdog_thresh to 60 and executes a real-time task ,a simple while(1) loop, on cpu3. Consequently, the final command gets blocked because the presence of this real-time thread prevents kworker:3 from being selected by the scheduler. This eventually triggers a softlockup detection on cpu3 due to watchdog_timer_fn operating with inconsistent variable - using both the old interval and the updated watchdog_thresh simultaneously. [nysal(a)linux.ibm.com: fix the SOFTLOCKUP_DETECTOR=n case] Link: https://lkml.kernel.org/r/20250502111120.282690-1-nysal@linux.ibm.com Link: https://lkml.kernel.org/r/20250421035021.3507649-1-luogengkun@huaweicloud.c… Signed-off-by: Luo Gengkun <luogengkun(a)huaweicloud.com> Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> Cc: Doug Anderson <dianders(a)chromium.org> Cc: Joel Granados <joel.granados(a)kernel.org> Cc: Song Liu <song(a)kernel.org> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: "Nysal Jan K.A." <nysal(a)linux.ibm.com> Cc: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/watchdog.c | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) --- a/kernel/watchdog.c~watchdog-fix-watchdog-may-detect-false-positive-of-softlockup +++ a/kernel/watchdog.c @@ -47,6 +47,7 @@ int __read_mostly watchdog_user_enabled static int __read_mostly watchdog_hardlockup_user_enabled = WATCHDOG_HARDLOCKUP_DEFAULT; static int __read_mostly watchdog_softlockup_user_enabled = 1; int __read_mostly watchdog_thresh = 10; +static int __read_mostly watchdog_thresh_next; static int __read_mostly watchdog_hardlockup_available; struct cpumask watchdog_cpumask __read_mostly; @@ -870,12 +871,20 @@ int lockup_detector_offline_cpu(unsigned return 0; } -static void __lockup_detector_reconfigure(void) +static void __lockup_detector_reconfigure(bool thresh_changed) { cpus_read_lock(); watchdog_hardlockup_stop(); softlockup_stop_all(); + /* + * To prevent watchdog_timer_fn from using the old interval and + * the new watchdog_thresh at the same time, which could lead to + * false softlockup reports, it is necessary to update the + * watchdog_thresh after the softlockup is completed. + */ + if (thresh_changed) + watchdog_thresh = READ_ONCE(watchdog_thresh_next); set_sample_period(); lockup_detector_update_enable(); if (watchdog_enabled && watchdog_thresh) @@ -888,7 +897,7 @@ static void __lockup_detector_reconfigur void lockup_detector_reconfigure(void) { mutex_lock(&watchdog_mutex); - __lockup_detector_reconfigure(); + __lockup_detector_reconfigure(false); mutex_unlock(&watchdog_mutex); } @@ -908,27 +917,29 @@ static __init void lockup_detector_setup return; mutex_lock(&watchdog_mutex); - __lockup_detector_reconfigure(); + __lockup_detector_reconfigure(false); softlockup_initialized = true; mutex_unlock(&watchdog_mutex); } #else /* CONFIG_SOFTLOCKUP_DETECTOR */ -static void __lockup_detector_reconfigure(void) +static void __lockup_detector_reconfigure(bool thresh_changed) { cpus_read_lock(); watchdog_hardlockup_stop(); + if (thresh_changed) + watchdog_thresh = READ_ONCE(watchdog_thresh_next); lockup_detector_update_enable(); watchdog_hardlockup_start(); cpus_read_unlock(); } void lockup_detector_reconfigure(void) { - __lockup_detector_reconfigure(); + __lockup_detector_reconfigure(false); } static inline void lockup_detector_setup(void) { - __lockup_detector_reconfigure(); + __lockup_detector_reconfigure(false); } #endif /* !CONFIG_SOFTLOCKUP_DETECTOR */ @@ -946,11 +957,11 @@ void lockup_detector_soft_poweroff(void) #ifdef CONFIG_SYSCTL /* Propagate any changes to the watchdog infrastructure */ -static void proc_watchdog_update(void) +static void proc_watchdog_update(bool thresh_changed) { /* Remove impossible cpus to keep sysctl output clean. */ cpumask_and(&watchdog_cpumask, &watchdog_cpumask, cpu_possible_mask); - __lockup_detector_reconfigure(); + __lockup_detector_reconfigure(thresh_changed); } /* @@ -984,7 +995,7 @@ static int proc_watchdog_common(int whic } else { err = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (!err && old != READ_ONCE(*param)) - proc_watchdog_update(); + proc_watchdog_update(false); } mutex_unlock(&watchdog_mutex); return err; @@ -1035,11 +1046,13 @@ static int proc_watchdog_thresh(const st mutex_lock(&watchdog_mutex); - old = READ_ONCE(watchdog_thresh); + watchdog_thresh_next = READ_ONCE(watchdog_thresh); + + old = watchdog_thresh_next; err = proc_dointvec_minmax(table, write, buffer, lenp, ppos); - if (!err && write && old != READ_ONCE(watchdog_thresh)) - proc_watchdog_update(); + if (!err && write && old != READ_ONCE(watchdog_thresh_next)) + proc_watchdog_update(true); mutex_unlock(&watchdog_mutex); return err; @@ -1060,7 +1073,7 @@ static int proc_watchdog_cpumask(const s err = proc_do_large_bitmap(table, write, buffer, lenp, ppos); if (!err && write) - proc_watchdog_update(); + proc_watchdog_update(false); mutex_unlock(&watchdog_mutex); return err; @@ -1080,7 +1093,7 @@ static const struct ctl_table watchdog_s }, { .procname = "watchdog_thresh", - .data = &watchdog_thresh, + .data = &watchdog_thresh_next, .maxlen = sizeof(int), .mode = 0644, .proc_handler = proc_watchdog_thresh, _ Patches currently in -mm which might be from luogengkun(a)huaweicloud.com are

7 months

1
0
0 0

[merged mm-stable] mm-fix-ratelimit_pages-update-error-in-dirty_ratio_handler.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix ratelimit_pages update error in dirty_ratio_handler() has been removed from the -mm tree. Its filename was mm-fix-ratelimit_pages-update-error-in-dirty_ratio_handler.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jinliang Zheng <alexjlzheng(a)tencent.com> Subject: mm: fix ratelimit_pages update error in dirty_ratio_handler() Date: Tue, 15 Apr 2025 17:02:32 +0800 In dirty_ratio_handler(), vm_dirty_bytes must be set to zero before calling writeback_set_ratelimit(), as global_dirty_limits() always prioritizes the value of vm_dirty_bytes. It's domain_dirty_limits() that's relevant here, not node_dirty_ok: dirty_ratio_handler writeback_set_ratelimit global_dirty_limits(&dirty_thresh) <- ratelimit_pages based on dirty_thresh domain_dirty_limits if (bytes) <- bytes = vm_dirty_bytes <--------+ thresh = f1(bytes) <- prioritizes vm_dirty_bytes | else | thresh = f2(ratio) | ratelimit_pages = f3(dirty_thresh) | vm_dirty_bytes = 0 <- it's late! ---------------------+ This causes ratelimit_pages to still use the value calculated based on vm_dirty_bytes, which is wrong now. The impact visible to userspace is difficult to capture directly because there is no procfs/sysfs interface exported to user space. However, it will have a real impact on the balance of dirty pages. For example: 1. On default, we have vm_dirty_ratio=40, vm_dirty_bytes=0 2. echo 8192 > dirty_bytes, then vm_dirty_bytes=8192, vm_dirty_ratio=0, and ratelimit_pages is calculated based on vm_dirty_bytes now. 3. echo 20 > dirty_ratio, then since vm_dirty_bytes is not reset to zero when writeback_set_ratelimit() -> global_dirty_limits() -> domain_dirty_limits() is called, reallimit_pages is still calculated based on vm_dirty_bytes instead of vm_dirty_ratio. This does not conform to the actual intent of the user. Link: https://lkml.kernel.org/r/20250415090232.7544-1-alexjlzheng@tencent.com Fixes: 9d823e8f6b1b ("writeback: per task dirty rate limit") Signed-off-by: Jinliang Zheng <alexjlzheng(a)tencent.com> Reviewed-by: MengEn Sun <mengensun(a)tencent.com> Cc: Andrea Righi <andrea(a)betterlinux.com> Cc: Fenggaung Wu <fengguang.wu(a)intel.com> Cc: Jinliang Zheng <alexjlzheng(a)tencent.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page-writeback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/page-writeback.c~mm-fix-ratelimit_pages-update-error-in-dirty_ratio_handler +++ a/mm/page-writeback.c @@ -520,8 +520,8 @@ static int dirty_ratio_handler(const str ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (ret == 0 && write && vm_dirty_ratio != old_ratio) { - writeback_set_ratelimit(); vm_dirty_bytes = 0; + writeback_set_ratelimit(); } return ret; } _ Patches currently in -mm which might be from alexjlzheng(a)tencent.com are

7 months

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-correct-dirty-flags-set-for-both-present-and-swap-pte.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: userfaultfd: correct dirty flags set for both present and swap pte has been removed from the -mm tree. Its filename was mm-userfaultfd-correct-dirty-flags-set-for-both-present-and-swap-pte.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Barry Song <v-songbaohua(a)oppo.com> Subject: mm: userfaultfd: correct dirty flags set for both present and swap pte Date: Fri, 9 May 2025 10:09:12 +1200 As David pointed out, what truly matters for mremap and userfaultfd move operations is the soft dirty bit. The current comment and implementation��which always sets the dirty bit for present PTEs and fails to set the soft dirty bit for swap PTEs��are incorrect. This could break features like Checkpoint-Restore in Userspace (CRIU). This patch updates the behavior to correctly set the soft dirty bit for both present and swap PTEs in accordance with mremap. Link: https://lkml.kernel.org/r/20250508220912.7275-1-21cnbao@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> Reported-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/linux-mm/02f14ee1-923f-47e3-a994-4950afb9afcc@redha… Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- a/mm/userfaultfd.c~mm-userfaultfd-correct-dirty-flags-set-for-both-present-and-swap-pte +++ a/mm/userfaultfd.c @@ -1064,8 +1064,13 @@ static int move_present_pte(struct mm_st src_folio->index = linear_page_index(dst_vma, dst_addr); orig_dst_pte = mk_pte(&src_folio->page, dst_vma->vm_page_prot); - /* Follow mremap() behavior and treat the entry dirty after the move */ - orig_dst_pte = pte_mkwrite(pte_mkdirty(orig_dst_pte), dst_vma); + /* Set soft dirty bit so userspace can notice the pte was moved */ +#ifdef CONFIG_MEM_SOFT_DIRTY + orig_dst_pte = pte_mksoft_dirty(orig_dst_pte); +#endif + if (pte_dirty(orig_src_pte)) + orig_dst_pte = pte_mkdirty(orig_dst_pte); + orig_dst_pte = pte_mkwrite(orig_dst_pte, dst_vma); set_pte_at(mm, dst_addr, dst_pte, orig_dst_pte); out: @@ -1100,6 +1105,9 @@ static int move_swap_pte(struct mm_struc } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); +#ifdef CONFIG_MEM_SOFT_DIRTY + orig_src_pte = pte_swp_mksoft_dirty(orig_src_pte); +#endif set_pte_at(mm, dst_addr, dst_pte, orig_src_pte); double_pt_unlock(dst_ptl, src_ptl); _ Patches currently in -mm which might be from v-songbaohua(a)oppo.com are

7 months

1
0
0 0

[merged mm-hotfixes-stable] mm-page_alloc-fix-race-condition-in-unaccepted-memory-handling.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc: fix race condition in unaccepted memory handling has been removed from the -mm tree. Its filename was mm-page_alloc-fix-race-condition-in-unaccepted-memory-handling.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm/page_alloc: fix race condition in unaccepted memory handling Date: Tue, 6 May 2025 16:32:07 +0300 The page allocator tracks the number of zones that have unaccepted memory using static_branch_enc/dec() and uses that static branch in hot paths to determine if it needs to deal with unaccepted memory. Borislav and Thomas pointed out that the tracking is racy: operations on static_branch are not serialized against adding/removing unaccepted pages to/from the zone. Sanity checks inside static_branch machinery detects it: WARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0 The comment around the WARN() explains the problem: /* * Warn about the '-1' case though; since that means a * decrement is concurrent with a first (0->1) increment. IOW * people are trying to disable something that wasn't yet fully * enabled. This suggests an ordering problem on the user side. */ The effect of this static_branch optimization is only visible on microbenchmark. Instead of adding more complexity around it, remove it altogether. Link: https://lkml.kernel.org/r/20250506133207.1009676-1-kirill.shutemov@linux.in… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Link: https://lore.kernel.org/all/20250506092445.GBaBnVXXyvnazly6iF@fat_crate.loc… Reported-by: Borislav Petkov <bp(a)alien8.de> Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reported-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/internal.h | 1 mm/mm_init.c | 1 mm/page_alloc.c | 47 ---------------------------------------------- 3 files changed, 49 deletions(-) --- a/mm/internal.h~mm-page_alloc-fix-race-condition-in-unaccepted-memory-handling +++ a/mm/internal.h @@ -1590,7 +1590,6 @@ unsigned long move_page_tables(struct pa #ifdef CONFIG_UNACCEPTED_MEMORY void accept_page(struct page *page); -void unaccepted_cleanup_work(struct work_struct *work); #else /* CONFIG_UNACCEPTED_MEMORY */ static inline void accept_page(struct page *page) { --- a/mm/mm_init.c~mm-page_alloc-fix-race-condition-in-unaccepted-memory-handling +++ a/mm/mm_init.c @@ -1441,7 +1441,6 @@ static void __meminit zone_init_free_lis #ifdef CONFIG_UNACCEPTED_MEMORY INIT_LIST_HEAD(&zone->unaccepted_pages); - INIT_WORK(&zone->unaccepted_cleanup, unaccepted_cleanup_work); #endif } --- a/mm/page_alloc.c~mm-page_alloc-fix-race-condition-in-unaccepted-memory-handling +++ a/mm/page_alloc.c @@ -7172,16 +7172,8 @@ bool has_managed_dma(void) #ifdef CONFIG_UNACCEPTED_MEMORY -/* Counts number of zones with unaccepted pages. */ -static DEFINE_STATIC_KEY_FALSE(zones_with_unaccepted_pages); - static bool lazy_accept = true; -void unaccepted_cleanup_work(struct work_struct *work) -{ - static_branch_dec(&zones_with_unaccepted_pages); -} - static int __init accept_memory_parse(char *p) { if (!strcmp(p, "lazy")) { @@ -7206,11 +7198,7 @@ static bool page_contains_unaccepted(str static void __accept_page(struct zone *zone, unsigned long *flags, struct page *page) { - bool last; - list_del(&page->lru); - last = list_empty(&zone->unaccepted_pages); - account_freepages(zone, -MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, -MAX_ORDER_NR_PAGES); __ClearPageUnaccepted(page); @@ -7219,28 +7207,6 @@ static void __accept_page(struct zone *z accept_memory(page_to_phys(page), PAGE_SIZE << MAX_PAGE_ORDER); __free_pages_ok(page, MAX_PAGE_ORDER, FPI_TO_TAIL); - - if (last) { - /* - * There are two corner cases: - * - * - If allocation occurs during the CPU bring up, - * static_branch_dec() cannot be used directly as - * it causes a deadlock on cpu_hotplug_lock. - * - * Instead, use schedule_work() to prevent deadlock. - * - * - If allocation occurs before workqueues are initialized, - * static_branch_dec() should be called directly. - * - * Workqueues are initialized before CPU bring up, so this - * will not conflict with the first scenario. - */ - if (system_wq) - schedule_work(&zone->unaccepted_cleanup); - else - unaccepted_cleanup_work(&zone->unaccepted_cleanup); - } } void accept_page(struct page *page) @@ -7277,20 +7243,12 @@ static bool try_to_accept_memory_one(str return true; } -static inline bool has_unaccepted_memory(void) -{ - return static_branch_unlikely(&zones_with_unaccepted_pages); -} - static bool cond_accept_memory(struct zone *zone, unsigned int order, int alloc_flags) { long to_accept, wmark; bool ret = false; - if (!has_unaccepted_memory()) - return false; - if (list_empty(&zone->unaccepted_pages)) return false; @@ -7328,22 +7286,17 @@ static bool __free_unaccepted(struct pag { struct zone *zone = page_zone(page); unsigned long flags; - bool first = false; if (!lazy_accept) return false; spin_lock_irqsave(&zone->lock, flags); - first = list_empty(&zone->unaccepted_pages); list_add_tail(&page->lru, &zone->unaccepted_pages); account_freepages(zone, MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, MAX_ORDER_NR_PAGES); __SetPageUnaccepted(page); spin_unlock_irqrestore(&zone->lock, flags); - if (first) - static_branch_inc(&zones_with_unaccepted_pages); - return true; } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are

7 months

1
0
0 0

[merged mm-hotfixes-stable] mm-page_alloc-ensure-try_alloc_pages-plays-well-with-unaccepted-memory.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc: ensure try_alloc_pages() plays well with unaccepted memory has been removed from the -mm tree. Its filename was mm-page_alloc-ensure-try_alloc_pages-plays-well-with-unaccepted-memory.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm/page_alloc: ensure try_alloc_pages() plays well with unaccepted memory Date: Tue, 6 May 2025 14:25:08 +0300 try_alloc_pages() will not attempt to allocate memory if the system has *any* unaccepted memory. Memory is accepted as needed and can remain in the system indefinitely, causing the interface to always fail. Rather than immediately giving up, attempt to use already accepted memory on free lists. Pass 'alloc_flags' to cond_accept_memory() and do not accept new memory for ALLOC_TRYLOCK requests. Found via code inspection - only BPF uses this at present and the runtime effects are unclear. Link: https://lkml.kernel.org/r/20250506112509.905147-2-kirill.shutemov@linux.int… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: 97769a53f117 ("mm, bpf: Introduce try_alloc_pages() for opportunistic page allocation") Cc: Alexei Starovoitov <ast(a)kernel.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-ensure-try_alloc_pages-plays-well-with-unaccepted-memory +++ a/mm/page_alloc.c @@ -290,7 +290,8 @@ EXPORT_SYMBOL(nr_online_nodes); #endif static bool page_contains_unaccepted(struct page *page, unsigned int order); -static bool cond_accept_memory(struct zone *zone, unsigned int order); +static bool cond_accept_memory(struct zone *zone, unsigned int order, + int alloc_flags); static bool __free_unaccepted(struct page *page); int page_group_by_mobility_disabled __read_mostly; @@ -3611,7 +3612,7 @@ retry: } } - cond_accept_memory(zone, order); + cond_accept_memory(zone, order, alloc_flags); /* * Detect whether the number of free pages is below high @@ -3638,7 +3639,7 @@ check_alloc_wmark: gfp_mask)) { int ret; - if (cond_accept_memory(zone, order)) + if (cond_accept_memory(zone, order, alloc_flags)) goto try_this_zone; /* @@ -3691,7 +3692,7 @@ try_this_zone: return page; } else { - if (cond_accept_memory(zone, order)) + if (cond_accept_memory(zone, order, alloc_flags)) goto try_this_zone; /* Try again if zone has deferred pages */ @@ -4844,7 +4845,7 @@ unsigned long alloc_pages_bulk_noprof(gf goto failed; } - cond_accept_memory(zone, 0); + cond_accept_memory(zone, 0, alloc_flags); retry_this_zone: mark = wmark_pages(zone, alloc_flags & ALLOC_WMARK_MASK) + nr_pages; if (zone_watermark_fast(zone, 0, mark, @@ -4853,7 +4854,7 @@ retry_this_zone: break; } - if (cond_accept_memory(zone, 0)) + if (cond_accept_memory(zone, 0, alloc_flags)) goto retry_this_zone; /* Try again if zone has deferred pages */ @@ -7281,7 +7282,8 @@ static inline bool has_unaccepted_memory return static_branch_unlikely(&zones_with_unaccepted_pages); } -static bool cond_accept_memory(struct zone *zone, unsigned int order) +static bool cond_accept_memory(struct zone *zone, unsigned int order, + int alloc_flags) { long to_accept, wmark; bool ret = false; @@ -7292,6 +7294,10 @@ static bool cond_accept_memory(struct zo if (list_empty(&zone->unaccepted_pages)) return false; + /* Bailout, since try_to_accept_memory_one() needs to take a lock */ + if (alloc_flags & ALLOC_TRYLOCK) + return false; + wmark = promo_wmark_pages(zone); /* @@ -7348,7 +7354,8 @@ static bool page_contains_unaccepted(str return false; } -static bool cond_accept_memory(struct zone *zone, unsigned int order) +static bool cond_accept_memory(struct zone *zone, unsigned int order, + int alloc_flags) { return false; } @@ -7419,11 +7426,6 @@ struct page *try_alloc_pages_noprof(int if (!pcp_allowed_order(order)) return NULL; -#ifdef CONFIG_UNACCEPTED_MEMORY - /* Bailout, since try_to_accept_memory_one() needs to take a lock */ - if (has_unaccepted_memory()) - return NULL; -#endif /* Bailout, since _deferred_grow_zone() needs to take a lock */ if (deferred_pages_enabled()) return NULL; _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are

7 months

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-fix-incorrect-fallback-for-subpool.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: hugetlb: fix incorrect fallback for subpool has been removed from the -mm tree. Its filename was mm-hugetlb-fix-incorrect-fallback-for-subpool.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wupeng Ma <mawupeng1(a)huawei.com> Subject: mm: hugetlb: fix incorrect fallback for subpool Date: Thu, 10 Apr 2025 14:26:33 +0800 During our testing with hugetlb subpool enabled, we observe that hstate->resv_huge_pages may underflow into negative values. Root cause analysis reveals a race condition in subpool reservation fallback handling as follow: hugetlb_reserve_pages() /* Attempt subpool reservation */ gbl_reserve = hugepage_subpool_get_pages(spool, chg); /* Global reservation may fail after subpool allocation */ if (hugetlb_acct_memory(h, gbl_reserve) < 0) goto out_put_pages; out_put_pages: /* This incorrectly restores reservation to subpool */ hugepage_subpool_put_pages(spool, chg); When hugetlb_acct_memory() fails after subpool allocation, the current implementation over-commits subpool reservations by returning the full 'chg' value instead of the actual allocated 'gbl_reserve' amount. This discrepancy propagates to global reservations during subsequent releases, eventually causing resv_huge_pages underflow. This problem can be trigger easily with the following steps: 1. reverse hugepage for hugeltb allocation 2. mount hugetlbfs with min_size to enable hugetlb subpool 3. alloc hugepages with two task(make sure the second will fail due to insufficient amount of hugepages) 4. with for a few seconds and repeat step 3 which will make hstate->resv_huge_pages to go below zero. To fix this problem, return corrent amount of pages to subpool during the fallback after hugepage_subpool_get_pages is called. Link: https://lkml.kernel.org/r/20250410062633.3102457-1-mawupeng1@huawei.com Fixes: 1c5ecae3a93f ("hugetlbfs: add minimum size accounting to subpools") Signed-off-by: Wupeng Ma <mawupeng1(a)huawei.com> Tested-by: Joshua Hahn <joshua.hahnjy(a)gmail.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Ma Wupeng <mawupeng1(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-incorrect-fallback-for-subpool +++ a/mm/hugetlb.c @@ -3010,7 +3010,7 @@ struct folio *alloc_hugetlb_folio(struct struct hugepage_subpool *spool = subpool_vma(vma); struct hstate *h = hstate_vma(vma); struct folio *folio; - long retval, gbl_chg; + long retval, gbl_chg, gbl_reserve; map_chg_state map_chg; int ret, idx; struct hugetlb_cgroup *h_cg = NULL; @@ -3163,8 +3163,16 @@ out_uncharge_cgroup_reservation: hugetlb_cgroup_uncharge_cgroup_rsvd(idx, pages_per_huge_page(h), h_cg); out_subpool_put: - if (map_chg) - hugepage_subpool_put_pages(spool, 1); + /* + * put page to subpool iff the quota of subpool's rsv_hpages is used + * during hugepage_subpool_get_pages. + */ + if (map_chg && !gbl_chg) { + gbl_reserve = hugepage_subpool_put_pages(spool, 1); + hugetlb_acct_memory(h, -gbl_reserve); + } + + out_end_reservation: if (map_chg != MAP_CHG_ENFORCED) vma_end_reservation(h, vma, addr); @@ -7239,7 +7247,7 @@ bool hugetlb_reserve_pages(struct inode struct vm_area_struct *vma, vm_flags_t vm_flags) { - long chg = -1, add = -1; + long chg = -1, add = -1, spool_resv, gbl_resv; struct hstate *h = hstate_inode(inode); struct hugepage_subpool *spool = subpool_inode(inode); struct resv_map *resv_map; @@ -7374,8 +7382,16 @@ bool hugetlb_reserve_pages(struct inode return true; out_put_pages: - /* put back original number of pages, chg */ - (void)hugepage_subpool_put_pages(spool, chg); + spool_resv = chg - gbl_reserve; + if (spool_resv) { + /* put sub pool's reservation back, chg - gbl_reserve */ + gbl_resv = hugepage_subpool_put_pages(spool, spool_resv); + /* + * subpool's reserved pages can not be put back due to race, + * return to hstate. + */ + hugetlb_acct_memory(h, -gbl_resv); + } out_uncharge_cgroup: hugetlb_cgroup_uncharge_cgroup_rsvd(hstate_index(h), chg * pages_per_huge_page(h), h_cg); _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are

7 months

1
0
0 0

[PATCH] clk: meson-g12a: fix missing spicc clks to clk_sel

by Da Xue

HHI_SPICC_CLK_CNTL bits 25:23 controls spicc clk_sel. It is missing fclk_div 2 and gp0_pll which causes the spicc module to output the incorrect clocks for spicc sclk at 2.5x the expected rate. Add the missing clocks resolves this. Cc: <stable(a)vger.kernel.org> # 6.1.x: a18c8e0: clk: meson: g12a: add Signed-off-by: Da Xue <da(a)libre.computer> --- drivers/clk/meson/g12a.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/clk/meson/g12a.c b/drivers/clk/meson/g12a.c index 4f92b83965d5a..892862bf39996 100644 --- a/drivers/clk/meson/g12a.c +++ b/drivers/clk/meson/g12a.c @@ -4099,8 +4099,10 @@ static const struct clk_parent_data spicc_sclk_parent_data[] = { { .hw = &g12a_clk81.hw }, { .hw = &g12a_fclk_div4.hw }, { .hw = &g12a_fclk_div3.hw }, + { .hw = &g12a_fclk_div2.hw }, { .hw = &g12a_fclk_div5.hw }, { .hw = &g12a_fclk_div7.hw }, + { .hw = &g12a_gp0_pll.hw, }, }; static struct clk_regmap g12a_spicc0_sclk_sel = { -- 2.39.5

7 months, 1 week

2
1
0 0

[PATCH v2] kbuild: Disable -Wdefault-const-init-unsafe

by Nathan Chancellor

A new on by default warning in clang [1] aims to flags instances where const variables without static or thread local storage or const members in aggregate types are not initialized because it can lead to an indeterminate value. This is quite noisy for the kernel due to instances originating from header files such as: drivers/gpu/drm/i915/gt/intel_ring.h:62:2: error: default initialization of an object of type 'typeof (ring->size)' (aka 'const unsigned int') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe] 62 | typecheck(typeof(ring->size), next); | ^ include/linux/typecheck.h:10:9: note: expanded from macro 'typecheck' 10 | ({ type __dummy; \ | ^ include/net/ip.h:478:14: error: default initialization of an object of type 'typeof (rt->dst.expires)' (aka 'const unsigned long') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe] 478 | if (mtu && time_before(jiffies, rt->dst.expires)) | ^ include/linux/jiffies.h:138:26: note: expanded from macro 'time_before' 138 | #define time_before(a,b) time_after(b,a) | ^ include/linux/jiffies.h:128:3: note: expanded from macro 'time_after' 128 | (typecheck(unsigned long, a) && \ | ^ include/linux/typecheck.h:11:12: note: expanded from macro 'typecheck' 11 | typeof(x) __dummy2; \ | ^ include/linux/list.h:409:27: warning: default initialization of an object of type 'union (unnamed union at include/linux/list.h:409:27)' with const member leaves the object uninitialized [-Wdefault-const-init-field-unsafe] 409 | struct list_head *next = smp_load_acquire(&head->next); | ^ include/asm-generic/barrier.h:176:29: note: expanded from macro 'smp_load_acquire' 176 | #define smp_load_acquire(p) __smp_load_acquire(p) | ^ arch/arm64/include/asm/barrier.h:164:59: note: expanded from macro '__smp_load_acquire' 164 | union { __unqual_scalar_typeof(*p) __val; char __c[1]; } __u; \ | ^ include/linux/list.h:409:27: note: member '__val' declared 'const' here crypto/scatterwalk.c:66:22: error: default initialization of an object of type 'struct scatter_walk' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe] 66 | struct scatter_walk walk; | ^ include/crypto/algapi.h:112:15: note: member 'addr' declared 'const' here 112 | void *const addr; | ^ fs/hugetlbfs/inode.c:733:24: error: default initialization of an object of type 'struct vm_area_struct' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe] 733 | struct vm_area_struct pseudo_vma; | ^ include/linux/mm_types.h:803:20: note: member 'vm_flags' declared 'const' here 803 | const vm_flags_t vm_flags; | ^ Silencing the instances from typecheck.h is difficult because '= {}' is not available in older but supported compilers and '= {0}' would cause warnings about a literal 0 being treated as NULL. While it might be possible to come up with a local hack to silence the warning for clang-21+, it may not be worth it since -Wuninitialized will still trigger if an uninitialized const variable is actually used. In all audited cases of the "field" variant of the warning, the members are either not used in the particular call path, modified through other means such as memset() / memcpy() because the containing object is not const, or are within a union with other non-const members. Since this warning does not appear to have a high signal to noise ratio, just disable it. Cc: stable(a)vger.kernel.org Link: https://github.com/llvm/llvm-project/commit/576161cb6069e2c7656a8ef530727a0… [1] Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Closes: https://lore.kernel.org/CA+G9fYuNjKcxFKS_MKPRuga32XbndkLGcY-PVuoSwzv6VWbY=w… Reported-by: Marcus Seyfarth <m.seyfarth(a)gmail.com> Closes: https://github.com/ClangBuiltLinux/linux/issues/2088 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Changes in v2: - Disable -Wdefault-const-init-var-unsafe as well, as '= {}' does not work in typecheck() for all supported compilers and it may not be worth a local hack. - Link to v1: https://lore.kernel.org/r/20250501-default-const-init-clang-v1-0-3d2c6c185d… --- scripts/Makefile.extrawarn | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn index d88acdf40855..fd649c68e198 100644 --- a/scripts/Makefile.extrawarn +++ b/scripts/Makefile.extrawarn @@ -37,6 +37,18 @@ KBUILD_CFLAGS += -Wno-gnu # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219 KBUILD_CFLAGS += $(call cc-disable-warning, format-overflow-non-kprintf) KBUILD_CFLAGS += $(call cc-disable-warning, format-truncation-non-kprintf) + +# Clang may emit a warning when a const variable, such as the dummy variables +# in typecheck(), or const member of an aggregate type are not initialized, +# which can result in unexpected behavior. However, in many audited cases of +# the "field" variant of the warning, this is intentional because the field is +# never used within a particular call path, the field is within a union with +# other non-const members, or the containing object is not const so the field +# can be modified via memcpy() / memset(). While the variable warning also gets +# disabled with this same switch, there should not be too much coverage lost +# because -Wuninitialized will still flag when an uninitialized const variable +# is used. +KBUILD_CFLAGS += $(call cc-disable-warning, default-const-init-unsafe) else # gcc inanely warns about local variables called 'main' --- base-commit: 92a09c47464d040866cf2b4cd052bc60555185fb change-id: 20250430-default-const-init-clang-b6e21b8d03b6 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

7 months, 1 week

2
3
0 0

[PATCH] rtc: fix data race in rtc_dev_poll()

by Jeongjun Park

I found data-race in my fuzzer: ================================================================== BUG: KCSAN: data-race in rtc_dev_poll / rtc_handle_legacy_irq write to 0xffff88800b307380 of 8 bytes by interrupt on cpu 1: rtc_handle_legacy_irq+0x58/0xb0 drivers/rtc/interface.c:624 rtc_pie_update_irq+0x75/0x90 drivers/rtc/interface.c:672 __run_hrtimer kernel/time/hrtimer.c:1761 [inline] __hrtimer_run_queues+0x2c4/0x5d0 kernel/time/hrtimer.c:1825 hrtimer_interrupt+0x214/0x4a0 kernel/time/hrtimer.c:1887 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline] .... read to 0xffff88800b307380 of 8 bytes by task 11566 on cpu 0: rtc_dev_poll+0x6c/0xa0 drivers/rtc/dev.c:198 vfs_poll include/linux/poll.h:82 [inline] select_poll_one fs/select.c:480 [inline] do_select+0x95f/0x1030 fs/select.c:536 core_sys_select+0x284/0x6d0 fs/select.c:677 do_pselect.constprop.0+0x118/0x150 fs/select.c:759 .... value changed: 0x00000000000801c0 -> 0x00000000000802c0 ================================================================== rtc_dev_poll() is reading rtc->irq_data without a spinlock for some unknown reason. This causes a data-race, so we need to add a spinlock to fix it. Cc: <stable(a)vger.kernel.org> Fixes: e824290e5dcf ("[PATCH] RTC subsystem: dev interface") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- drivers/rtc/dev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/rtc/dev.c b/drivers/rtc/dev.c index 0eeae5bcc3aa..a6570a5a938a 100644 --- a/drivers/rtc/dev.c +++ b/drivers/rtc/dev.c @@ -195,7 +195,9 @@ static __poll_t rtc_dev_poll(struct file *file, poll_table *wait) poll_wait(file, &rtc->irq_queue, wait); + spin_lock_irq(&rtc->irq_lock); data = rtc->irq_data; + spin_unlock_irq(&rtc->irq_lock); return (data != 0) ? (EPOLLIN | EPOLLRDNORM) : 0; } --

7 months, 1 week

1
0
0 0

+ mm-vmscan-avoid-signedness-error-for-gcc-54.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: vmscan: avoid signedness error for GCC 5.4 has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmscan-avoid-signedness-error-for-gcc-54.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: WangYuli <wangyuli(a)uniontech.com> Subject: mm: vmscan: avoid signedness error for GCC 5.4 Date: Wed, 7 May 2025 12:08:27 +0800 To the GCC 5.4 compiler, (MAX_NR_TIERS - 1) (i.e., (4U - 1)) is unsigned, whereas tier is a signed integer. Then, the __types_ok check within the __careful_cmp_once macro failed, triggered BUILD_BUG_ON. Use min_t instead of min to circumvent this compiler error. Fix follow error with gcc 5.4: mm/vmscan.c: In function `read_ctrl_pos': mm/vmscan.c:3166:728: error: call to `__compiletime_assert_887' declared with attribute error: min(tier, 4U - 1) signedness error Link: https://lkml.kernel.org/r/62726950F697595A+20250507040827.1147510-1-wangyul… Fixes: 37a260870f2c ("mm/mglru: rework type selection") Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/vmscan.c~mm-vmscan-avoid-signedness-error-for-gcc-54 +++ a/mm/vmscan.c @@ -3163,7 +3163,7 @@ static void read_ctrl_pos(struct lruvec pos->gain = gain; pos->refaulted = pos->total = 0; - for (i = tier % MAX_NR_TIERS; i <= min(tier, MAX_NR_TIERS - 1); i++) { + for (i = tier % MAX_NR_TIERS; i <= min_t(int, tier, MAX_NR_TIERS - 1); i++) { pos->refaulted += lrugen->avg_refaulted[type][i] + atomic_long_read(&lrugen->refaulted[hist][type][i]); pos->total += lrugen->avg_total[type][i] + _ Patches currently in -mm which might be from wangyuli(a)uniontech.com are mm-vmscan-avoid-signedness-error-for-gcc-54.patch ocfs2-o2net_idle_timer-rename-del_timer_sync-in-comment.patch treewide-fix-typo-previlege.patch

7 months, 1 week

2
1
0 0

[REGRESSION][BISECTED] Commit 60e3318e3e900 in stable/linux-6.1.y breaks cifs client failover to another server in DFS namespace

by Andrew Paniakin

Commit 60e3318e3e900 ("cifs: use fs_context for automounts") was released in v6.1.54 and broke the failover when one of the servers inside DFS becomes unavailable. We reproduced the problem on the EC2 instances of different types. Reverting aforementioned commint on top of the latest stable verison v6.1.94 helps to resolve the problem. Earliest working version is v6.2-rc1. There were two big merges of CIFS fixes: [1] and [2]. We would like to ask for the help to investigate this problem and if some of those patches need to be backported. Also, is it safe to just revert problematic commit until proper fixes/backports will be available? We will help to do testing and confirm if fix works, but let me also list the steps we used to reproduce the problem if it will help to identify the problem: 1. Create Active Directory domain eg. 'corp.fsxtest.local' in AWS Directory Service with: - three AWS FSX file systems filesystem1..filesystem3 - three Windows servers; They have DFS installed as per https://learn.microsoft.com/en-us/windows-server/storage/dfs-namespaces/dfs…: - dfs-srv1: EC2AMAZ-2EGTM59 - dfs-srv2: EC2AMAZ-1N36PRD - dfs-srv3: EC2AMAZ-0PAUH2U 2. Create DFS namespace eg. 'dfs-namespace' in Windows server 2008 mode and three folders targets in it: - referral-a mapped to filesystem1.corp.local - referral-b mapped to filesystem2.corp.local - referral-c mapped to filesystem3.corp.local - local folders dfs-srv1..dfs-srv3 in C:\DFSRoots\dfs-namespace of every Windows server. This helps to quickly define underlying server when DFS is mounted. 3. Enabled cifs debug logs: ``` echo 'module cifs +p' > /sys/kernel/debug/dynamic_debug/control echo 'file fs/cifs/* +p' > /sys/kernel/debug/dynamic_debug/control echo 7 > /proc/fs/cifs/cifsFYI ``` 4. Mount DFS namespace on Amazon Linux 2023 instance running any vanilla kernel v6.1.54+: ``` dmesg -c &>/dev/null cd /mnt mount -t cifs -o cred=/mnt/creds,echo_interval=5 \ //corp.fsxtest.local/dfs-namespace \ ./dfs-namespace ``` 5. List DFS root, it's also required to avoid recursive mounts that happen during regular 'ls' run: ``` sh -c 'ls dfs-namespace' dfs-srv2 referral-a referral-b ``` The DFS server is EC2AMAZ-1N36PRD, it's also listed in mount: ``` [root@ip-172-31-2-82 mnt]# mount | grep dfs //corp.fsxtest.local/dfs-namespace on /mnt/dfs-namespace type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.11.26,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) //EC2AMAZ-1N36PRD.corp.fsxtest.local/dfs-namespace/referral-a on /mnt/dfs-namespace/referral-a type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.12.80,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) ``` List files in first folder: ``` sh -c 'ls dfs-namespace/referral-a' filea.txt.txt ``` 6. Shutdown DFS server-2. List DFS root again, server changed from dfs-srv2 to dfs-srv1 EC2AMAZ-2EGTM59: ``` sh -c 'ls dfs-namespace' dfs-srv1 referral-a referral-b ``` 7. Try to list files in another folder, this causes ls to fail with error: ``` sh -c 'ls dfs-namespace/referral-b' ls: cannot access 'dfs-namespace/referral-b': No route to host``` Sometimes it's also 'Operation now in progress' error. mount shows the same output: ``` //corp.fsxtest.local/dfs-namespace on /mnt/dfs-namespace type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.11.26,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) //EC2AMAZ-1N36PRD.corp.fsxtest.local/dfs-namespace/referral-a on /mnt/dfs-namespace/referral-a type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.12.80,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) ``` I also attached kernel debug logs from this test. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Reported-by: Andrei Paniakin <apanyaki(a)amazon.com> Bisected-by: Simba Bonga <simbarb(a)amazon.com> --- #regzbot introduced: v6.1.54..v6.2-rc1

7 months, 1 week

3
12
0 0

[PATCH] ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction

by Peter Ujfalusi

The firmware does not provide any information for capture streams via the shared pipeline registers. To avoid reporting invalid delay value for capture streams to user space we need to disable it. Fixes: af74dbd0dbcf ("ASoC: SOF: ipc4-pcm: allocate time info for pcm delay feature") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> --- sound/soc/sof/ipc4-pcm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/sof/ipc4-pcm.c b/sound/soc/sof/ipc4-pcm.c index 52903503cf3b..8eee3e1aadf9 100644 --- a/sound/soc/sof/ipc4-pcm.c +++ b/sound/soc/sof/ipc4-pcm.c @@ -799,7 +799,8 @@ static int sof_ipc4_pcm_setup(struct snd_sof_dev *sdev, struct snd_sof_pcm *spcm spcm->stream[stream].private = stream_priv; - if (!support_info) + /* Delay reporting is only supported on playback */ + if (!support_info || stream == SNDRV_PCM_STREAM_CAPTURE) continue; time_info = kzalloc(sizeof(*time_info), GFP_KERNEL); -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH] ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext

by Peter Ujfalusi

The header.numid is set to scontrol->comp_id in bytes_ext_get and it is ignored during bytes_ext_put. The use of comp_id is not quite great as it is kernel internal identification number. Set the header.numid to SOF_CTRL_CMD_BINARY during get and validate the numid during put to provide consistent and compatible identification number as IPC3. For IPC4 existing tooling also ignored the numid but with the use of SOF_CTRL_CMD_BINARY the different handling of the blobs can be dropped, providing better user experience. Reported-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com> Closes: https://github.com/thesofproject/linux/issues/5282 Fixes: a062c8899fed ("ASoC: SOF: ipc4-control: Add support for bytes control get and put") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> --- sound/soc/sof/ipc4-control.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sound/soc/sof/ipc4-control.c b/sound/soc/sof/ipc4-control.c index 576f407cd456..976a4794d610 100644 --- a/sound/soc/sof/ipc4-control.c +++ b/sound/soc/sof/ipc4-control.c @@ -531,6 +531,14 @@ static int sof_ipc4_bytes_ext_put(struct snd_sof_control *scontrol, return -EINVAL; } + /* Check header id */ + if (header.numid != SOF_CTRL_CMD_BINARY) { + dev_err_ratelimited(scomp->dev, + "Incorrect numid for bytes put %d\n", + header.numid); + return -EINVAL; + } + /* Verify the ABI header first */ if (copy_from_user(&abi_hdr, tlvd->tlv, sizeof(abi_hdr))) return -EFAULT; @@ -613,7 +621,8 @@ static int _sof_ipc4_bytes_ext_get(struct snd_sof_control *scontrol, if (data_size > size) return -ENOSPC; - header.numid = scontrol->comp_id; + /* Set header id and length */ + header.numid = SOF_CTRL_CMD_BINARY; header.length = data_size; if (copy_to_user(tlvd, &header, sizeof(struct snd_ctl_tlv))) -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH] ASoc: SOF: topology: connect DAI to a single DAI link

by Peter Ujfalusi

From: Kai Vehmanen <kai.vehmanen(a)linux.intel.com> The partial matching of DAI widget to link names, can cause problems if one of the widget names is a substring of another. E.g. with names "Foo1" and Foo10", it's not possible to correctly link up "Foo1". Modify the logic so that if multiple DAI links match the widget stream name, prioritize a full match if one is found. Fixes: fe88788779fc ("ASoC: SOF: topology: Use partial match for connecting DAI link and DAI widget") Link: https://github.com/thesofproject/linux/issues/5308 Signed-off-by: Kai Vehmanen <kai.vehmanen(a)linux.intel.com> Reviewed-by: Péter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> --- sound/soc/sof/topology.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/sound/soc/sof/topology.c b/sound/soc/sof/topology.c index 2d4e660b19d5..d612d693efc3 100644 --- a/sound/soc/sof/topology.c +++ b/sound/soc/sof/topology.c @@ -1071,7 +1071,7 @@ static int sof_connect_dai_widget(struct snd_soc_component *scomp, struct snd_sof_dai *dai) { struct snd_soc_card *card = scomp->card; - struct snd_soc_pcm_runtime *rtd; + struct snd_soc_pcm_runtime *rtd, *full, *partial; struct snd_soc_dai *cpu_dai; int stream; int i; @@ -1088,12 +1088,22 @@ static int sof_connect_dai_widget(struct snd_soc_component *scomp, else goto end; + full = NULL; + partial = NULL; list_for_each_entry(rtd, &card->rtd_list, list) { /* does stream match DAI link ? */ - if (!rtd->dai_link->stream_name || - !strstr(rtd->dai_link->stream_name, w->sname)) - continue; + if (rtd->dai_link->stream_name) { + if (!strcmp(rtd->dai_link->stream_name, w->sname)) { + full = rtd; + break; + } else if (strstr(rtd->dai_link->stream_name, w->sname)) { + partial = rtd; + } + } + } + rtd = full ? full : partial; + if (rtd) { for_each_rtd_cpu_dais(rtd, i, cpu_dai) { /* * Please create DAI widget in the right order -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH] ASoC: SOF: Intel: hda-bus: Use PIO mode on ACE2+ platforms

by Peter Ujfalusi

Keep using the PIO mode for commands on ACE2+ platforms, similarly how the legacy stack is configured. Fixes: 05cf17f1bf6d ("ASoC: SOF: Intel: hda-bus: Use PIO mode for Lunar Lake") Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- sound/soc/sof/intel/hda-bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/sof/intel/hda-bus.c b/sound/soc/sof/intel/hda-bus.c index b1be03011d7e..6492e1cefbfb 100644 --- a/sound/soc/sof/intel/hda-bus.c +++ b/sound/soc/sof/intel/hda-bus.c @@ -76,7 +76,7 @@ void sof_hda_bus_init(struct snd_sof_dev *sdev, struct device *dev) snd_hdac_ext_bus_init(bus, dev, &bus_core_ops, sof_hda_ext_ops); - if (chip && chip->hw_ip_version == SOF_INTEL_ACE_2_0) + if (chip && chip->hw_ip_version >= SOF_INTEL_ACE_2_0) bus->use_pio_for_commands = true; #else snd_hdac_ext_bus_init(bus, dev, NULL, NULL); -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH 5.15 00/55] 5.15.182-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.182 release. There are 55 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 10 May 2025 11:25:42 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.182-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.182-rc2 Tudor Ambarus <tudor.ambarus(a)linaro.org> dm: fix copying after src array boundaries Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Thomas Gleixner <tglx(a)linutronix.de> irqchip/gic-v2m: Mark a few functions __init Xiang wangx <wangxiang(a)cdjrlc.com> irqchip/gic-v2m: Add const to of_device_id Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix deadlock issue when externel_lb and reset are executed together Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: add support for external loopback test Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Brett Creeley <brett.creeley(a)intel.com> ice: Refactor promiscuous functions Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Biao Huang <biao.huang(a)mediatek.com> net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_scmi/bus.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 ++--- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-gic-v2m.c | 8 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 ++- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 119 ++++++-- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 3 + drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 61 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 26 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_fltr.c | 58 ++++ drivers/net/ethernet/intel/ice/ice_fltr.h | 12 + drivers/net/ethernet/intel/ice/ice_main.c | 49 +-- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 139 ++++----- drivers/net/ethernet/mediatek/mtk_star_emac.c | 339 ++++++++++++--------- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/phy/microchip.c | 46 +-- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/nvme/host/tcp.c | 31 +- drivers/of/device.c | 7 +- drivers/pci/controller/dwc/pci-imx6.c | 5 +- kernel/trace/trace.c | 5 +- net/ipv4/udp_offload.c | 61 +++- net/sched/act_mirred.c | 22 +- net/sched/sch_drr.c | 9 +- net/sched/sch_ets.c | 9 +- net/sched/sch_hfsc.c | 2 +- net/sched/sch_qfq.c | 11 +- sound/usb/format.c | 3 +- 65 files changed, 926 insertions(+), 505 deletions(-)

7 months, 1 week

6
5
0 0

[PATCH 6.6 000/129] 6.6.90-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.90 release. There are 129 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 10 May 2025 11:25:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.90-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.90-rc2 Tudor Ambarus <tudor.ambarus(a)linaro.org> dm: fix copying after src array boundaries Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix possible null pointer dereference at secondary interrupter removal Marc Zyngier <maz(a)kernel.org> usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/amd/display: Fix slab-use-after-free in hdcp Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Shyam Saini <shyamsaini(a)linux.microsoft.com> drivers: base: handle module_kobject creation Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: globalize lookup_or_create_module_kobject() Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: param: rename locate_module_kobject Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Limit time spent with xHC interrupts disabled during bus resume Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: support setting interrupt moderation IMOD for secondary interrupters Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: check if 'requested segments' exceeds ERST capacity Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add helper to set an interrupters interrupt moderation interval Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: add support to allocate several interrupters Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: split free interrupter into separate remove and free parts Lukas Wunner <lukas(a)wunner.de> xhci: Clean up stale comment on ERST_SIZE macro Jonathan Bell <jonathan(a)raspberrypi.com> xhci: Use more than one Event Ring segment Lukas Wunner <lukas(a)wunner.de> xhci: Set DESI bits in ERDP register correctly Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Samuel Holland <samuel.holland(a)sifive.com> riscv: Pass patch_text() the length in bytes Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Rob Herring (Arm) <robh(a)kernel.org> ASoC: Use of_property_read_bool() Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix RX error handling Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Add range check for CMD_RTS Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix LEN_MASK Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Sathesh B Edara <sedara(a)marvell.com> octeon_ep: Fix host hang issue during device reboot Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix broken taprio gate states after clock jump Chad Monroe <chad(a)monroe.io> net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM Jacob Keller <jacob.e.keller(a)intel.com> igc: fix lock order in igc_ptp_reset Da Xue <da(a)libre.computer> net: mdio: mux-meson-gxl: set reversed bit when using internal phy Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Keith Busch <kbusch(a)kernel.org> nvme-pci: fix queue unquiesce check on slot_reset Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix buffer overflow at UMP SysEx message conversion Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Shannon Nelson <shannon.nelson(a)amd.com> pds_core: remove write-after-free of client_id Shannon Nelson <shannon.nelson(a)amd.com> pds_core: specify auxiliary_device to be created Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make pdsc_auxbus_dev_del() void Shannon Nelson <shannon.nelson(a)amd.com> pds_core: delete VF dev on reset Shannon Nelson <shannon.nelson(a)amd.com> pds_core: check health in devcmd wait Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: copy RX timestamp to new fragments Abhishek Chauhan <quic_abchauha(a)quicinc.com> net: Rename mono_delivery_time to tstamp_type for scalabilty En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Ido Schimmel <idosch(a)nvidia.com> vxlan: vnifilter: Fix unlocked deletion of default FDB entry Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Fix dash warning Murad Masimov <m.masimov(a)mt-integration.ru> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Chen Linxuan <chenlinxuan(a)uniontech.com> drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Check for ld-option support Donet Tom <donettom(a)linux.ibm.com> book3s64/radix : Align section vmemmap start address to PAGE_SIZE Sheetal <sheetal(a)nvidia.com> ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Robin Murphy <robin.murphy(a)arm.com> iommu: Handle race with default domain setup Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Ryan Matthews <ryanmatthews(a)fastmail.com> Revert "PCI: imx6: Skip controller_id generation logic for i.MX7D" Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: extend changes_pkt_data with cases w/o subprograms Eduard Zingerman <eddyz87(a)gmail.com> bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: validate that tail call invalidates packet pointers Eduard Zingerman <eddyz87(a)gmail.com> bpf: consider that tail calls invalidate packet pointers Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: freplace tests for tracking of changes_packet_data Eduard Zingerman <eddyz87(a)gmail.com> bpf: check changes_pkt_data property for extension programs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: test for changing packet data from global functions Eduard Zingerman <eddyz87(a)gmail.com> bpf: track changes_pkt_data property for global functions Eduard Zingerman <eddyz87(a)gmail.com> bpf: refactor bpf_helper_changes_pkt_data to use helper number Eduard Zingerman <eddyz87(a)gmail.com> bpf: add find_containing_subprog() utility function Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix setting policy limits when frequency tables are used Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Jethro Donaldson <devel(a)jro.nz> smb: client: fix zero length for mkdir POSIX create context Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in kerberos authentication Shouye Liu <shouyeliu(a)tencent.com> platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line LongPing Wei <weilongping(a)oppo.com> dm-bufio: don't schedule in atomic context Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not take trace_event_sem in print_event_fields() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Don't fail set_cs_timing when delays are zero Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: repeat setting reserved region nid if array is doubled Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: pass size instead of end to memblock_set_node() Stephan Gerhold <stephan.gerhold(a)linaro.org> irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Sean Christopherson <seanjc(a)google.com> perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/fdinfo: Protect against driver unbind Dave Chen <davechen(a)synology.com> btrfs: fix COW handling in run_delalloc_nocow() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Geoffrey D. Bennett <g(a)b4.vu> ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() Christian Heusel <christian(a)heusel.eu> Revert "rndis_host: Flag RNDIS modems as WWAN devices" ------------- Diffstat: Makefile | 4 +- .../boot/dts/nxp/imx/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/boot/dts/st/stm32mp251.dtsi | 9 +- arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/powerpc/boot/wrapper | 6 +- arch/powerpc/mm/book3s64/radix_pgtable.c | 17 +- arch/riscv/include/asm/patch.h | 2 +- arch/riscv/kernel/patch.c | 14 +- arch/riscv/kernel/probes/kprobes.c | 18 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 7 +- arch/x86/events/intel/core.c | 2 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/base/module.c | 13 +- drivers/bluetooth/btusb.c | 101 ++++++++--- drivers/cpufreq/cpufreq.c | 42 ++++- drivers/cpufreq/cpufreq_ondemand.c | 3 +- drivers/cpufreq/freq_table.c | 6 +- drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_ffa/driver.c | 3 +- drivers/firmware/arm_scmi/bus.c | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 56 +++--- drivers/gpu/drm/drm_file.c | 6 + drivers/gpu/drm/i915/pxp/intel_pxp_gsccs.h | 8 +- drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 +++++---- drivers/iommu/intel/iommu.c | 4 +- drivers/iommu/iommu.c | 18 ++ drivers/irqchip/irq-qcom-mpm.c | 3 + drivers/md/dm-bufio.c | 9 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 5 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 49 +++--- drivers/net/ethernet/amd/pds_core/core.h | 7 +- drivers/net/ethernet/amd/pds_core/dev.c | 11 +- drivers/net/ethernet/amd/pds_core/devlink.c | 7 +- drivers/net/ethernet/amd/pds_core/main.c | 23 ++- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 ++- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 ++-- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 +++- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 +++++---- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 ++- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/igc/igc_ptp.c | 6 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 14 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/ethernet/mscc/ocelot.c | 194 +++++++++++++++++++-- drivers/net/ethernet/mscc/ocelot_vcap.c | 1 + drivers/net/ethernet/vertexcom/mse102x.c | 36 +++- drivers/net/mdio/mdio-mux-meson-gxl.c | 3 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/vxlan/vxlan_vnifilter.c | 8 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 1 - drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/tcp.c | 31 +++- drivers/pci/controller/dwc/pci-imx6.c | 3 +- drivers/platform/x86/amd/pmc/pmc.c | 7 +- .../x86/intel/uncore-frequency/uncore-frequency.c | 13 +- drivers/spi/spi-tegra114.c | 6 +- drivers/usb/host/xhci-debugfs.c | 2 +- drivers/usb/host/xhci-hub.c | 30 ++-- drivers/usb/host/xhci-mem.c | 175 +++++++++++++++---- drivers/usb/host/xhci-ring.c | 4 +- drivers/usb/host/xhci.c | 80 ++++++--- drivers/usb/host/xhci.h | 20 ++- fs/btrfs/inode.c | 9 +- fs/smb/client/smb2pdu.c | 1 + fs/smb/server/auth.c | 14 +- fs/smb/server/smb2pdu.c | 5 - include/linux/bpf.h | 1 + include/linux/bpf_verifier.h | 1 + include/linux/cpufreq.h | 83 ++++++--- include/linux/filter.h | 2 +- include/linux/module.h | 2 + include/linux/pds/pds_core_if.h | 1 + include/linux/skbuff.h | 52 ++++-- include/net/inet_frag.h | 4 +- include/soc/mscc/ocelot_vcap.h | 2 + include/sound/ump_convert.h | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/verifier.c | 81 +++++++-- kernel/params.c | 6 +- kernel/trace/trace.c | 5 +- kernel/trace/trace_output.c | 4 +- mm/memblock.c | 12 +- net/bluetooth/l2cap_core.c | 3 + net/bridge/netfilter/nf_conntrack_bridge.c | 6 +- net/core/dev.c | 2 +- net/core/filter.c | 73 ++++---- net/ieee802154/6lowpan/reassembly.c | 2 +- net/ipv4/inet_fragment.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_output.c | 9 +- net/ipv4/tcp_output.c | 14 +- net/ipv4/udp_offload.c | 61 ++++++- net/ipv6/ip6_output.c | 6 +- net/ipv6/netfilter.c | 6 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/reassembly.c | 2 +- net/ipv6/tcp_ipv6.c | 2 +- net/sched/act_bpf.c | 4 +- net/sched/cls_bpf.c | 4 +- net/sched/sch_drr.c | 16 +- net/sched/sch_ets.c | 17 +- net/sched/sch_hfsc.c | 10 +- net/sched/sch_htb.c | 2 + net/sched/sch_qfq.c | 18 +- sound/soc/codecs/ak4613.c | 4 +- sound/soc/soc-core.c | 36 ++-- sound/soc/soc-pcm.c | 5 +- sound/usb/endpoint.c | 7 + sound/usb/format.c | 3 +- .../selftests/bpf/prog_tests/changes_pkt_data.c | 107 ++++++++++++ .../testing/selftests/bpf/progs/changes_pkt_data.c | 39 +++++ .../bpf/progs/changes_pkt_data_freplace.c | 18 ++ tools/testing/selftests/bpf/progs/verifier_sock.c | 56 ++++++ 143 files changed, 1763 insertions(+), 662 deletions(-)

7 months, 1 week

8
8
0 0

Re: [PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy

by Don.Brace＠microchip.com

---------- Forwarded message --------- From: Zhu Wei <zhuwei(a)sangfor.com.cn> Date: Thu, May 8, 2025 at 7:57 AM Subject: [PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy To: <don.brace(a)microchip.com>, <kevin.barnett(a)microchip.com> Cc: <dinghui(a)sangfor.com.cn>, <zengzhicong(a)sangfor.com.cn>, <James.Bottomley(a)hansenpartnership.com>, <martin.petersen(a)oracle.com>, <storagedev(a)microchip.com>, <linux-scsi(a)vger.kernel.org>, <linux-kernel(a)vger.kernel.org>, <stable(a)vger.kernel.org>, Zhu Wei <zhuwei(a)sangfor.com.cn> There is a race condition between pqi_sdev_destroy and pqi_tmf_worker. After pqi_free_device is released, pqi_tmf_worker will still use device. Don: Thank-you for your patch, however we recently applied a similar patch to our internal repo. Don: But more checking is done for removed devices. Don: When this patch has been tested internally, we will post it up for review. Don: I will add a Reported-By tag with your name. Don: So Nak. kasan report: [ 1933.765810] ================================================================== [ 1933.771862] scsi 15:0:20:0: Direct-Access ATA WDC WUH722222AL WTS2 PQ: 0 ANSI: 6 [ 1933.779190] BUG: KASAN: use-after-free in pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] [ 1933.779194] Read of size 4 at addr ffff88954c490480 by task kworker/2:2/518186 [ 1933.779201] CPU: 2 PID: 518186 Comm: kworker/2:2 Kdump: loaded Tainted: G U OE 4.19.90-89.16.v2401.osc.sfc.6.11.1.0108.ky10.x86_64+debug #1 [ 1933.779203] Source Version: v6.11.1.0108+0~65323201.20250328 [ 1933.779205] Hardware name: SANGFOR S2122-S12L/ASERVER-P-2000, BIOS TYR.2.00.0100 05/18/2019 [ 1933.779213] Workqueue: events pqi_tmf_worker [smartpqi] [ 1933.779216] Call Trace: [ 1933.779225] dump_stack+0x8b/0xb9 [ 1933.779239] print_address_description+0x65/0x2b0 [ 1933.779249] kasan_report+0x14b/0x290 [ 1933.779255] pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] [ 1933.779264] pqi_device_reset_handler+0x174f/0x1f30 [smartpqi] [ 1933.779284] process_one_work+0x65f/0x12d0 [ 1933.806306] worker_thread+0x87/0xb50 [ 1933.806315] kthread+0x2e9/0x3a0 [ 1933.806323] ret_from_fork+0x1f/0x40 [ 1933.843994] Allocated by task 579094: [ 1933.875361] save_stack+0x19/0x80 [ 1933.892366] kasan_kmalloc+0xa0/0xd0 [ 1933.892373] kmem_cache_alloc+0xbb/0x1c0 [ 1933.892378] getname_flags+0xba/0x500 [ 1933.892384] user_path_at_empty+0x1d/0x40 [ 1933.892389] vfs_statx+0xb9/0x140 [ 1933.892397] __do_sys_newstat+0x77/0xd0 [ 1933.913179] do_syscall_64+0xa4/0x430 [ 1933.913187] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 1933.933381] Freed by task 579094: [ 1933.933389] save_stack+0x19/0x80 [ 1933.933392] __kasan_slab_free+0x130/0x180 [ 1933.933396] kmem_cache_free+0x78/0x1e0 [ 1933.933401] filename_lookup+0x216/0x400 [ 1933.933405] vfs_statx+0xb9/0x140 [ 1933.933407] __do_sys_newstat+0x77/0xd0 [ 1933.933417] do_syscall_64+0xa4/0x430 [ 1933.933432] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 1933.956837] [ 1933.956842] The buggy address belongs to the object at ffff88954c490000 which belongs to the cache names_cache of size 4096 [ 1933.956845] The buggy address is located 1152 bytes inside of 4096-byte region [ffff88954c490000, ffff88954c491000) [ 1933.956851] The buggy address belongs to the page: [ 1934.297352] page:ffffea0055312400 count:1 mapcount:0 mapping:ffff888100580f00 index:0x0 compound_mapcount: 0 [ 1934.309566] flags: 0x57ffffc0008100(slab|head) [ 1934.316370] raw: 0057ffffc0008100 0000000000000000 dead000000000200 ffff888100580f00 [ 1934.326518] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 1934.338191] page dumped because: kasan: bad access detected [ 1934.346177] [ 1934.350031] Memory state around the buggy address: [ 1934.357220] ffff88954c490380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.366854] ffff88954c490400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.376474] >ffff88954c490480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.386094] ^ [ 1934.391684] ffff88954c490500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.402601] ffff88954c490580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.412228] ================================================================== Before pqi_sdev_destroy executes pqi_free_device, cancel the pqi_tmf_worker of the corresponding device. Fixes: 2d80f4054f7f ("scsi: smartpqi: Update deleting a LUN via sysfs") Signed-off-by: Zhu Wei <zhuwei(a)sangfor.com.cn> --- drivers/scsi/smartpqi/smartpqi_init.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c index 8a26eca4fdc9..102ed7501f08 100644 --- a/drivers/scsi/smartpqi/smartpqi_init.c +++ b/drivers/scsi/smartpqi/smartpqi_init.c @@ -6581,6 +6581,8 @@ static void pqi_sdev_destroy(struct scsi_device *sdev) struct pqi_scsi_dev *device; int mutex_acquired; unsigned long flags; + unsigned int lun; + struct pqi_tmf_work *tmf_work; ctrl_info = shost_to_hba(sdev->host); @@ -6607,6 +6609,8 @@ static void pqi_sdev_destroy(struct scsi_device *sdev) mutex_unlock(&ctrl_info->scan_mutex); pqi_dev_info(ctrl_info, "removed", device); + for (lun = 0, tmf_work = device->tmf_work; lun < PQI_MAX_LUNS_PER_DEVICE; lun++, tmf_work++) + cancel_work_sync(&tmf_work->work_struct); pqi_free_device(device); } -- 2.43.0

7 months, 1 week

2
1
0 0

[PATCH] soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events

by Johan Hovold

The PMIC GLINK driver is currently generating DisplayPort hotplug notifications whenever something is connected to (or disconnected from) a port regardless of the type of notification sent by the firmware. These notifications are forwarded to user space by the DRM subsystem as connector "change" uevents: KERNEL[1556.223776] change /devices/platform/soc(a)0/ae00000.display-subsystem/ae01000.display-controller/drm/card0 (drm) ACTION=change DEVPATH=/devices/platform/soc(a)0/ae00000.display-subsystem/ae01000.display-controller/drm/card0 SUBSYSTEM=drm HOTPLUG=1 CONNECTOR=36 DEVNAME=/dev/dri/card0 DEVTYPE=drm_minor SEQNUM=4176 MAJOR=226 MINOR=0 On the Lenovo ThinkPad X13s and T14s, the PMIC GLINK firmware sends two identical notifications with orientation information when connecting a charger, each generating a bogus DRM hotplug event. On the X13s, two such notification are also sent every 90 seconds while a charger remains connected, which again are forwarded to user space: port = 1, svid = ff00, mode = 255, hpd_state = 0 payload = 01 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 00 Note that the firmware only sends on of these when connecting an ethernet adapter. Fix the spurious hotplug events by only forwarding hotplug notifications for the Type-C DisplayPort service id. This also reduces the number of uevents from four to two when an actual DisplayPort altmode device is connected: port = 0, svid = ff01, mode = 2, hpd_state = 0 payload = 00 01 02 00 f2 0c 01 ff 03 00 00 00 00 00 00 00 port = 0, svid = ff01, mode = 2, hpd_state = 1 payload = 00 01 02 00 f2 0c 01 ff 43 00 00 00 00 00 00 00 Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Reported-by: Clayton Craft <clayton(a)craftyguy.net> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- Clayton reported seeing display flickering with recent RC kernels, which may possibly be related to these spurious events being generated with even greater frequency. That still remains to be fully understood, but the spurious events, that on the X13s are generated every 90 seconds, should be fixed either way. Johan drivers/soc/qcom/pmic_glink_altmode.c | 30 +++++++++++++++++---------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index bd06ce161804..7f11acd33323 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -218,21 +218,29 @@ static void pmic_glink_altmode_worker(struct work_struct *work) { struct pmic_glink_altmode_port *alt_port = work_to_altmode_port(work); struct pmic_glink_altmode *altmode = alt_port->altmode; + enum drm_connector_status conn_status; typec_switch_set(alt_port->typec_switch, alt_port->orientation); - if (alt_port->svid == USB_TYPEC_DP_SID && alt_port->mode == 0xff) - pmic_glink_altmode_safe(altmode, alt_port); - else if (alt_port->svid == USB_TYPEC_DP_SID) - pmic_glink_altmode_enable_dp(altmode, alt_port, alt_port->mode, - alt_port->hpd_state, alt_port->hpd_irq); - else - pmic_glink_altmode_enable_usb(altmode, alt_port); + if (alt_port->svid == USB_TYPEC_DP_SID) { + if (alt_port->mode == 0xff) { + pmic_glink_altmode_safe(altmode, alt_port); + } else { + pmic_glink_altmode_enable_dp(altmode, alt_port, + alt_port->mode, + alt_port->hpd_state, + alt_port->hpd_irq); + } - drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, - alt_port->hpd_state ? - connector_status_connected : - connector_status_disconnected); + if (alt_port->hpd_state) + conn_status = connector_status_connected; + else + conn_status = connector_status_disconnected; + + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, conn_status); + } else { + pmic_glink_altmode_enable_usb(altmode, alt_port); + } pmic_glink_altmode_request(altmode, ALTMODE_PAN_ACK, alt_port->index); } -- 2.48.1

7 months, 1 week

5
9
0 0

[PATCH] ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override

by Mingcong Bai

The vendor name for MECHREVO was incorrectly spelled in commit b53f09ecd602 ("ACPI: resource: Do IRQ override on MECHREV GM7XG0M"). Correct this typo in this trivial patch. Cc: stable(a)vger.kernel.org Fixes: b53f09ecd602 ("ACPI: resource: Do IRQ override on MECHREV GM7XG0M") Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- drivers/acpi/resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c index 14c7bac4100b..7d59c6c9185f 100644 --- a/drivers/acpi/resource.c +++ b/drivers/acpi/resource.c @@ -534,7 +534,7 @@ static const struct dmi_system_id irq1_level_low_skip_override[] = { */ static const struct dmi_system_id irq1_edge_low_force_override[] = { { - /* MECHREV Jiaolong17KS Series GM7XG0M */ + /* MECHREVO Jiaolong17KS Series GM7XG0M */ .matches = { DMI_MATCH(DMI_BOARD_NAME, "GM7XG0M"), }, -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH v2] drm/dp: Fix Write_Status_Update_Request AUX request format

by Wayne Lin

[Why] Notice AUX request format of I2C-over-AUX with Write_Status_Update_Request flag set is incorrect. It should be address only request without length and data like: "SYNC->COM3:0 (= 0110)|0000-> 0000|0000-> 0|7-bit I2C address (the same as the last)-> STOP->". [How] Refer to DP v2.1 Table 2-178, correct the Write_Status_Update_Request to be address only request. Note that we might receive 0 returned by aux->transfer() when receive reply I2C_ACK|AUX_ACK of Write_Status_Update_Request transaction. Which indicating all data bytes get written. We should avoid to return 0 bytes get transferred under this case. V2: - Add checking condition before restoring msg->buffer and msg->size. (Limonciello Mario) - Revise unclear comment to appropriately describe the idea. (Jani Nikula) Fixes: 68ec2a2a2481 ("drm/dp: Use I2C_WRITE_STATUS_UPDATE to drain partial I2C_WRITE requests") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/display/drm_dp_helper.c | 54 +++++++++++++++++++++---- 1 file changed, 47 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c index 57828f2b7b5a..c71a1395a2d6 100644 --- a/drivers/gpu/drm/display/drm_dp_helper.c +++ b/drivers/gpu/drm/display/drm_dp_helper.c @@ -1857,6 +1857,12 @@ static u32 drm_dp_i2c_functionality(struct i2c_adapter *adapter) I2C_FUNC_10BIT_ADDR; } +static inline bool +drm_dp_i2c_msg_is_write_status_update(struct drm_dp_aux_msg *msg) +{ + return ((msg->request & ~DP_AUX_I2C_MOT) == DP_AUX_I2C_WRITE_STATUS_UPDATE); +} + static void drm_dp_i2c_msg_write_status_update(struct drm_dp_aux_msg *msg) { /* @@ -1965,6 +1971,7 @@ MODULE_PARM_DESC(dp_aux_i2c_speed_khz, static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) { unsigned int retry, defer_i2c; + struct drm_dp_aux_msg orig_msg = *msg; int ret; /* * DP1.2 sections 2.7.7.1.5.6.1 and 2.7.7.1.6.6.1: A DP Source device @@ -1976,6 +1983,12 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) int max_retries = max(7, drm_dp_i2c_retry_count(msg, dp_aux_i2c_speed_khz)); for (retry = 0, defer_i2c = 0; retry < (max_retries + defer_i2c); retry++) { + if (drm_dp_i2c_msg_is_write_status_update(msg)) { + /* Address only transaction */ + msg->buffer = NULL; + msg->size = 0; + } + ret = aux->transfer(aux, msg); if (ret < 0) { if (ret == -EBUSY) @@ -1993,7 +2006,7 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) else drm_dbg_kms(aux->drm_dev, "%s: transaction failed: %d\n", aux->name, ret); - return ret; + goto out; } @@ -2008,7 +2021,8 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) case DP_AUX_NATIVE_REPLY_NACK: drm_dbg_kms(aux->drm_dev, "%s: native nack (result=%d, size=%zu)\n", aux->name, ret, msg->size); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; case DP_AUX_NATIVE_REPLY_DEFER: drm_dbg_kms(aux->drm_dev, "%s: native defer\n", aux->name); @@ -2027,24 +2041,41 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) default: drm_err(aux->drm_dev, "%s: invalid native reply %#04x\n", aux->name, msg->reply); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; } switch (msg->reply & DP_AUX_I2C_REPLY_MASK) { case DP_AUX_I2C_REPLY_ACK: + /* + * When DPTx sets Write_Status_Update_Request flag to + * ask DPRx for the write status, the AUX reply from + * DPRx will be I2C_ACK|AUX_ACK if I2C write request + * completes successfully. Such AUX transaction is for + * status checking only, so no new data is written by + * aux->transfer(). In this case, here we have to + * report all original data get written. Otherwise, + * drm_dp_i2c_drain_msg() takes returned value 0 as + * an error. + */ + if (drm_dp_i2c_msg_is_write_status_update(msg) && ret == 0) + ret = orig_msg.size; + /* * Both native ACK and I2C ACK replies received. We * can assume the transfer was successful. */ if (ret != msg->size) drm_dp_i2c_msg_write_status_update(msg); - return ret; + + goto out; case DP_AUX_I2C_REPLY_NACK: drm_dbg_kms(aux->drm_dev, "%s: I2C nack (result=%d, size=%zu)\n", aux->name, ret, msg->size); aux->i2c_nack_count++; - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; case DP_AUX_I2C_REPLY_DEFER: drm_dbg_kms(aux->drm_dev, "%s: I2C defer\n", aux->name); @@ -2063,12 +2094,21 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) default: drm_err(aux->drm_dev, "%s: invalid I2C reply %#04x\n", aux->name, msg->reply); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; } } drm_dbg_kms(aux->drm_dev, "%s: Too many retries, giving up\n", aux->name); - return -EREMOTEIO; + ret = -EREMOTEIO; +out: + /* In case we change original msg by Write_Status_Update case*/ + if (drm_dp_i2c_msg_is_write_status_update(msg)) { + msg->buffer = orig_msg.buffer; + msg->size = orig_msg.size; + } + + return ret; } static void drm_dp_i2c_msg_set_request(struct drm_dp_aux_msg *msg, -- 2.43.0

7 months, 1 week

2
1
0 0

[PATCH v5 00/26] Add support for HEVC and VP9 codecs in decoder

by Dikshita Agarwal

Hi All, This patch series adds initial support for the HEVC(H.265) and VP9 codecs in iris decoder. The objective of this work is to extend the decoder's capabilities to handle HEVC and VP9 codec streams, including necessary format handling and buffer management. In addition, the series also includes a set of fixes to address issues identified during testing of these additional codecs. These patches also address the comments and feedback received from the RFC patches previously sent. I have made the necessary improvements based on the community's suggestions. Changes in v5: - Splitted patch 01/25 in two patches (Bryan) - Link to v4: https://lore.kernel.org/r/20250507-video-iris-hevc-vp9-v4-0-58db3660ac61@qu… Changes in v4: - Splitted patch patch 06/23 in two patches (Bryan) - Simplified the conditional logic in patch 13/23 (Bryan) - Improved commit description for patch patch 13/23 (Nicolas) - Fix the value of H265_NUM_TILE_ROW macro (Neil) - Link to v3: https://lore.kernel.org/r/20250502-qcom-iris-hevc-vp9-v3-0-552158a10a7d@qui… Changes in v3: - Introduced two wrappers with explicit names to handle destroy internal buffers (Nicolas) - Used sub state check instead of introducing new boolean (Vikash) - Addressed other comments (Vikash) - Reorderd patches to have all fixes patches first (Dmitry) - Link to v2: https://lore.kernel.org/r/20250428-qcom-iris-hevc-vp9-v2-0-3a6013ecb8a5@qui… Changes in v2: - Added Changes to make sure all buffers are released in session close (bryna) - Added tracking for flush responses to fix a timing issue. - Added a handling to fix timing issue in reconfig - Splitted patch 06/20 in two patches (Bryan) - Added missing fixes tag (bryan) - Updated fluster report (Nicolas) - Link to v1: https://lore.kernel.org/r/20250408-iris-dec-hevc-vp9-v1-0-acd258778bd6@quic… Changes sinces RFC: - Added additional fixes to address issues identified during further testing. - Moved typo fix to a seperate patch [Neil] - Reordered the patches for better logical flow and clarity [Neil, Dmitry] - Added fixes tag wherever applicable [Neil, Dmitry] - Removed the default case in the switch statement for codecs [Bryan] - Replaced if-else statements with switch-case [Bryan] - Added comments for mbpf [Bryan] - RFC: https://lore.kernel.org/linux-media/20250305104335.3629945-1-quic_dikshita@… These patches are tested on SM8250 and SM8550 with v4l2-ctl and Gstreamer for HEVC and VP9 decoders, at the same time ensured that the existing H264 decoder functionality remains uneffected. Note: 1 of the fluster compliance test is fixed with firmware [3] [3]: https://lore.kernel.org/linux-firmware/1a511921-446d-cdc4-0203-084c88a5dc1e… The result of fluster test on SM8550: 131/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 - 2 testcase failed due to CRC mismatch - RAP_A_docomo_6 - RAP_B_Bossen_2 - BUG reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4392 Analysis - First few frames in this discarded by firmware and are sent to driver with 0 filled length. Driver send such buffers to client with timestamp 0 and payload set to 0 and make buf state to VB2_BUF_STATE_ERROR. Such buffers should be dropped by GST. But instead, the first frame displayed as green frame and when a valid buffer is sent to client later with same 0 timestamp, its dropped, leading to CRC mismatch for first frame. 235/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 2 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - 1 testcase failed due to unsupported stream - vp90-2-16-intra-only.webm The result of fluster test on SM8250: 133/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 232/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug raised: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 5 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - vp90-2-21-resize_inter_320x240_5_1-2.webm - vp90-2-21-resize_inter_320x240_7_1-2.webm - vp90-2-18-resize.ivf - 1 testcase failed with CRC mismatch - vp90-2-16-intra-only.webm Analysis: First few frames are marked by firmware as NO_SHOW frame. Driver make buf state to VB2_BUF_STATE_ERROR for such frames. Such buffers should be dropped by GST. But instead, the first frame is being displayed and when a valid buffer is sent to client later with same timestamp, its dropped, leading to CRC mismatch for first frame. To: Vikash Garodia <quic_vgarodia(a)quicinc.com> To: Abhinav Kumar <quic_abhinavk(a)quicinc.com> To: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> To: Mauro Carvalho Chehab <mchehab(a)kernel.org> To: Stefan Schmidt <stefan.schmidt(a)linaro.org> To: Hans Verkuil <hverkuil(a)xs4all.nl> Cc: linux-media(a)vger.kernel.org Cc: linux-arm-msm(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Cc: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Cc: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Dikshita Agarwal (26): media: iris: Skip destroying internal buffer if not dequeued media: iris: Verify internal buffer release on close media: iris: Update CAPTURE format info based on OUTPUT format media: iris: Avoid updating frame size to firmware during reconfig media: iris: Drop port check for session property response media: iris: Prevent HFI queue writes when core is in deinit state media: iris: Remove error check for non-zero v4l2 controls media: iris: Remove deprecated property setting to firmware media: iris: Fix missing function pointer initialization media: iris: Fix NULL pointer dereference media: iris: Fix typo in depth variable media: iris: Track flush responses to prevent premature completion media: iris: Fix buffer preparation failure during resolution change media: iris: Send V4L2_BUF_FLAG_ERROR for capture buffers with 0 filled length media: iris: Skip flush on first sequence change media: iris: Remove unnecessary re-initialization of flush completion media: iris: Add handling for corrupt and drop frames media: iris: Add handling for no show frames media: iris: Improve last flag handling media: iris: Remove redundant buffer count check in stream off media: iris: Add a comment to explain usage of MBPS media: iris: Add HEVC and VP9 formats for decoder media: iris: Add platform capabilities for HEVC and VP9 decoders media: iris: Set mandatory properties for HEVC and VP9 decoders. media: iris: Add internal buffer calculation for HEVC and VP9 decoders media: iris: Add codec specific check for VP9 decoder drain handling drivers/media/platform/qcom/iris/iris_buffer.c | 35 +- drivers/media/platform/qcom/iris/iris_buffer.h | 3 +- drivers/media/platform/qcom/iris/iris_ctrls.c | 35 +- drivers/media/platform/qcom/iris/iris_hfi_common.h | 1 + .../platform/qcom/iris/iris_hfi_gen1_command.c | 48 ++- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 5 +- .../platform/qcom/iris/iris_hfi_gen1_response.c | 37 +- .../platform/qcom/iris/iris_hfi_gen2_command.c | 143 +++++++- .../platform/qcom/iris/iris_hfi_gen2_defines.h | 5 + .../platform/qcom/iris/iris_hfi_gen2_response.c | 56 ++- drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +- drivers/media/platform/qcom/iris/iris_instance.h | 6 + .../platform/qcom/iris/iris_platform_common.h | 28 +- .../media/platform/qcom/iris/iris_platform_gen2.c | 198 ++++++++-- .../platform/qcom/iris/iris_platform_qcs8300.h | 126 +++++-- .../platform/qcom/iris/iris_platform_sm8250.c | 15 +- drivers/media/platform/qcom/iris/iris_state.c | 2 +- drivers/media/platform/qcom/iris/iris_state.h | 1 + drivers/media/platform/qcom/iris/iris_vb2.c | 18 +- drivers/media/platform/qcom/iris/iris_vdec.c | 116 +++--- drivers/media/platform/qcom/iris/iris_vdec.h | 11 + drivers/media/platform/qcom/iris/iris_vidc.c | 36 +- drivers/media/platform/qcom/iris/iris_vpu_buffer.c | 397 ++++++++++++++++++++- drivers/media/platform/qcom/iris/iris_vpu_buffer.h | 46 ++- 24 files changed, 1159 insertions(+), 211 deletions(-) --- base-commit: b64b134942c8cf4801ea288b3fd38b509aedec21 change-id: 20250508-video-iris-hevc-vp9-bd35d588500f Best regards, -- Dikshita Agarwal <quic_dikshita(a)quicinc.com>

7 months, 1 week

3
18
0 0

[PATCH v1] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach

by RD Babiera

This patch fixes Type-C compliance test TD 4.7.6 - Try.SNK DRP Connect SNKAS. tVbusON has a limit of 275ms when entering SRC_ATTACHED. Compliance testers can interpret the TryWait.Src to Attached.Src transition after Try.Snk as being in Attached.Src the entire time, so ~170ms is lost to the debounce timer. Setting the data role can be a costly operation in host mode, and when completed after 100ms can cause Type-C compliance test check TD 4.7.5.V.4 to fail. Turn VBUS on before tcpm_set_roles to meet timing requirement. Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 784fa23102f9..e099a3c4428d 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4355,17 +4355,6 @@ static int tcpm_src_attach(struct tcpm_port *port) tcpm_enable_auto_vbus_discharge(port, true); - ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, - TYPEC_SOURCE, tcpm_data_role_for_source(port)); - if (ret < 0) - return ret; - - if (port->pd_supported) { - ret = port->tcpc->set_pd_rx(port->tcpc, true); - if (ret < 0) - goto out_disable_mux; - } - /* * USB Type-C specification, version 1.2, * chapter 4.5.2.2.8.1 (Attached.SRC Requirements) @@ -4375,13 +4364,24 @@ static int tcpm_src_attach(struct tcpm_port *port) (polarity == TYPEC_POLARITY_CC2 && port->cc1 == TYPEC_CC_RA)) { ret = tcpm_set_vconn(port, true); if (ret < 0) - goto out_disable_pd; + return ret; } ret = tcpm_set_vbus(port, true); if (ret < 0) goto out_disable_vconn; + ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, TYPEC_SOURCE, + tcpm_data_role_for_source(port)); + if (ret < 0) + goto out_disable_vbus; + + if (port->pd_supported) { + ret = port->tcpc->set_pd_rx(port->tcpc, true); + if (ret < 0) + goto out_disable_mux; + } + port->pd_capable = false; port->partner = NULL; @@ -4392,14 +4392,14 @@ static int tcpm_src_attach(struct tcpm_port *port) return 0; -out_disable_vconn: - tcpm_set_vconn(port, false); -out_disable_pd: - if (port->pd_supported) - port->tcpc->set_pd_rx(port->tcpc, false); out_disable_mux: tcpm_mux_set(port, TYPEC_STATE_SAFE, USB_ROLE_NONE, TYPEC_ORIENTATION_NONE); +out_disable_vbus: + tcpm_set_vbus(port, false); +out_disable_vconn: + tcpm_set_vconn(port, false); + return ret; } base-commit: 615dca38c2eae55aff80050275931c87a812b48c -- 2.49.0.967.g6a0df3ecc3-goog

7 months, 1 week

3
4
0 0

[PATCH] perf/arm-cmn: Fix REQ2/SNP2 mixup

by Robin Murphy

Somehow the encodings for REQ2/SNP2 channels in XP events got mixed up... Unmix them. CC: stable(a)vger.kernel.org Fixes: 23760a014417 ("perf/arm-cmn: Add CMN-700 support") Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> --- drivers/perf/arm-cmn.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c index d4fe30ff225b..aa2908313558 100644 --- a/drivers/perf/arm-cmn.c +++ b/drivers/perf/arm-cmn.c @@ -727,8 +727,8 @@ static umode_t arm_cmn_event_attr_is_visible(struct kobject *kobj, if ((chan == 5 && cmn->rsp_vc_num < 2) || (chan == 6 && cmn->dat_vc_num < 2) || - (chan == 7 && cmn->snp_vc_num < 2) || - (chan == 8 && cmn->req_vc_num < 2)) + (chan == 7 && cmn->req_vc_num < 2) || + (chan == 8 && cmn->snp_vc_num < 2)) return 0; } @@ -882,8 +882,8 @@ static umode_t arm_cmn_event_attr_is_visible(struct kobject *kobj, _CMN_EVENT_XP(pub_##_name, (_event) | (4 << 5)), \ _CMN_EVENT_XP(rsp2_##_name, (_event) | (5 << 5)), \ _CMN_EVENT_XP(dat2_##_name, (_event) | (6 << 5)), \ - _CMN_EVENT_XP(snp2_##_name, (_event) | (7 << 5)), \ - _CMN_EVENT_XP(req2_##_name, (_event) | (8 << 5)) + _CMN_EVENT_XP(req2_##_name, (_event) | (7 << 5)), \ + _CMN_EVENT_XP(snp2_##_name, (_event) | (8 << 5)) #define CMN_EVENT_XP_DAT(_name, _event) \ _CMN_EVENT_XP_PORT(dat_##_name, (_event) | (3 << 5)), \ -- 2.39.2.101.g768bb238c484.dirty

7 months, 1 week

2
1
0 0

Inquiry

by Philip Burchett

Greetings, Supplier. Please give us your most recent catalog; we would want to order from you. I look forward to your feedback. Philip Burchett

7 months, 1 week

1
0
0 0

[PATCH] arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs

by Gabor Juhos

The two alarm LEDs of on the uDPU board are stopped working since commit 78efa53e715e ("leds: Init leds class earlier"). The LEDs are driven by the GPIO{15,16} pins of the North Bridge GPIO controller. These pins are part of the 'spi_quad' pin group for which the 'spi' function is selected via the default pinctrl state of the 'spi' node. This is wrong however, since in order to allow controlling the LEDs, the pins should use the 'gpio' function. Before the commit mentined above, the 'spi' function is selected first by the pinctrl core before probing the spi driver, but then it gets overridden to 'gpio' implicitly via the devm_gpiod_get_index_optional() call from the 'leds-gpio' driver. After the commit, the LED subsystem gets initialized before the SPI subsystem, so the function of the pin group remains 'spi' which in turn prevents controlling of the LEDs. Despite the change of the initialization order, the root cause is that the pinctrl state definition is wrong since its initial commit 0d45062cfc89 ("arm64: dts: marvell: Add device tree for uDPU board"), To fix the problem, override the function in the 'spi_quad_pins' node to 'gpio' and move the pinctrl state definition from the 'spi' node into the 'leds' node. Cc: stable(a)vger.kernel.org # needs adjustment for < 6.1 Fixes: 0d45062cfc89 ("arm64: dts: marvell: Add device tree for uDPU board") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> Signed-off-by: Imre Kaloz <kaloz(a)openwrt.org> --- Notes: 1. DTB check shows a bunch of warnings, but none of those are new: DTC [C] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/watchdog@8300: failed to match any schema with compatible: ['marvell,armada-3700-wdt'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/serial@12000: failed to match any schema with compatible: ['marvell,armada-3700-uart'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/serial@12200: failed to match any schema with compatible: ['marvell,armada-3700-uart-ext'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/nb-periph-clk@13000: failed to match any schema with compatible: ['marvell,armada-3700-periph-clock-nb', 'syscon'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/sb-periph-clk@18000: failed to match any schema with compatible: ['marvell,armada-3700-periph-clock-sb'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/tbg@13200: failed to match any schema with compatible: ['marvell,armada-3700-tbg-clock'] <...>/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: pinctrl@13800: reg: [[79872, 256], [80896, 32]] is too long from schema $id: http://devicetree.org/schemas/mfd/syscon-common.yaml# arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/pinctrl@13800: failed to match any schema with compatible: ['marvell,armada3710-nb-pinctrl', 'syscon', 'simple-mfd'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/pinctrl@13800/xtal-clk: failed to match any schema with compatible: ['marvell,armada-3700-xtal-clock'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/phy@18300: failed to match any schema with compatible: ['marvell,comphy-a3700'] <...>/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: pinctrl@18800: reg: [[100352, 256], [101376, 32]] is too long from schema $id: http://devicetree.org/schemas/mfd/syscon-common.yaml# arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/pinctrl@18800: failed to match any schema with compatible: ['marvell,armada3710-sb-pinctrl', 'syscon', 'simple-mfd'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/ethernet@30000: failed to match any schema with compatible: ['marvell,armada-3700-neta'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/ethernet@40000: failed to match any schema with compatible: ['marvell,armada-3700-neta'] <...>/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: usb@58000: Unevaluated properties are not allowed ('marvell,usb-misc-reg' was unexpected) from schema $id: http://devicetree.org/schemas/usb/generic-xhci.yaml# arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/system-controller@5d800: failed to match any schema with compatible: ['marvell,armada-3700-usb2-host-device-misc', 'syscon'] <...>/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: usb@5e000: phy-names:0: 'usb' was expected from schema $id: http://devicetree.org/schemas/usb/generic-ehci.yaml# arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/xor@60900: failed to match any schema with compatible: ['marvell,armada-3700-xor'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/bus@d0000000/mailbox@b0000: failed to match any schema with compatible: ['marvell,armada-3700-rwtm-mailbox'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /soc/pcie@d0070000: failed to match any schema with compatible: ['marvell,armada-3700-pcie'] arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtb: /firmware/armada-3700-rwtm: failed to match any schema with compatible: ['marvell,armada-3700-rwtm-firmware'] 2. Just for the record, here is the bisect log: git bisect start # status: waiting for both good and bad commits # bad: [7cdabafc001202de9984f22c973305f424e0a8b7] Merge tag 'trace-v6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace git bisect bad 7cdabafc001202de9984f22c973305f424e0a8b7 # status: waiting for good commit(s), bad commit known # good: [0c3836482481200ead7b416ca80c68a29cfdaabd] Linux 6.10 git bisect good 0c3836482481200ead7b416ca80c68a29cfdaabd # bad: [fcc79e1714e8c2b8e216dc3149812edd37884eef] Merge tag 'net-next-6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next git bisect bad fcc79e1714e8c2b8e216dc3149812edd37884eef # good: [26bb0d3f38a764b743a3ad5c8b6e5b5044d7ceb4] Merge tag 'for-6.12/block-20240913' of git://git.kernel.dk/linux git bisect good 26bb0d3f38a764b743a3ad5c8b6e5b5044d7ceb4 # bad: [5e5466433d266046790c0af40a15af0a6be139a1] Merge tag 'char-misc-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc git bisect bad 5e5466433d266046790c0af40a15af0a6be139a1 # good: [de848da12f752170c2ebe114804a985314fd5a6a] Merge tag 'drm-next-2024-09-19' of https://gitlab.freedesktop.org/drm/kernel git bisect good de848da12f752170c2ebe114804a985314fd5a6a # bad: [962ad08780a5bfb3240bc793e565181eacfceafb] Merge tag 'pinctrl-v6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl git bisect bad 962ad08780a5bfb3240bc793e565181eacfceafb # good: [440b65232829fad69947b8de983c13a525cc8871] Merge tag 'bpf-next-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next git bisect good 440b65232829fad69947b8de983c13a525cc8871 # good: [f8ffbc365f703d74ecca8ca787318d05bbee2bf7] Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs git bisect good f8ffbc365f703d74ecca8ca787318d05bbee2bf7 # good: [18ba6034468e7949a9e2c2cf28e2e123b4fe7a50] Merge tag 'nfsd-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux git bisect good 18ba6034468e7949a9e2c2cf28e2e123b4fe7a50 # bad: [bb78146c18ac67f22cabb2448b501bcac30f8801] Merge branch 'pci/controller/xilinx' git bisect bad bb78146c18ac67f22cabb2448b501bcac30f8801 # bad: [b893f8ea38c530c2c8a337c3429f9f37e6bf65e8] Merge branch 'pci/controller/brcmstb' git bisect bad b893f8ea38c530c2c8a337c3429f9f37e6bf65e8 # bad: [207bcb73fb08841e242fa1d66e1d0381836da562] Merge branch 'pci/dt-bindings' git bisect bad 207bcb73fb08841e242fa1d66e1d0381836da562 # good: [e642aa6b38762a2af3a7e0c5e6dac5841c15dea0] Merge branch 'pci/iommu' git bisect good e642aa6b38762a2af3a7e0c5e6dac5841c15dea0 # good: [f500a2f1282750fb344ce535d78071cf1493efd1] dt-bindings: PCI: imx6q-pcie: Add reg-name "dbi2" and "atu" for i.MX8M PCIe Endpoint git bisect good f500a2f1282750fb344ce535d78071cf1493efd1 # bad: [d774674f3492740503a3cd3f5da131d088202f1b] Merge branch 'pci/pwrctl' git bisect bad d774674f3492740503a3cd3f5da131d088202f1b # bad: [759ec28242894f2006a1606c1d6e9aca48cecfcf] PCI/NPEM: Add _DSM PCIe SSD status LED management git bisect bad 759ec28242894f2006a1606c1d6e9aca48cecfcf # bad: [4e893545ef8712d25f3176790ebb95beb073637e] PCI/NPEM: Add Native PCIe Enclosure Management support git bisect bad 4e893545ef8712d25f3176790ebb95beb073637e # bad: [78efa53e715e21a97c722dba20f8437a0860521e] leds: Init leds class earlier git bisect bad 78efa53e715e21a97c722dba20f8437a0860521e # first bad commit: [78efa53e715e21a97c722dba20f8437a0860521e] leds: Init leds class earlier --- arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi b/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi index 3a9b6907185d0363dff41178543a0210ce99dbf7..24282084570787630cb0beeab3997b943bdf45dc 100644 --- a/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi @@ -26,6 +26,8 @@ memory@0 { leds { compatible = "gpio-leds"; + pinctrl-names = "default"; + pinctrl-0 = <&spi_quad_pins>; led-power1 { label = "udpu:green:power"; @@ -82,8 +84,6 @@ &sdhci0 { &spi0 { status = "okay"; - pinctrl-names = "default"; - pinctrl-0 = <&spi_quad_pins>; flash@0 { compatible = "jedec,spi-nor"; @@ -108,6 +108,10 @@ partition@180000 { }; }; +&spi_quad_pins { + function = "gpio"; +}; + &pinctrl_nb { i2c2_recovery_pins: i2c2-recovery-pins { groups = "i2c2"; --- base-commit: 92a09c47464d040866cf2b4cd052bc60555185fb change-id: 20250509-udpu-alarm-led-fix-62828f7e11eb Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

7 months, 1 week

1
0
0 0

[PATCH 0/2] Deal with clang's -Wdefault-const-init-unsafe

by Nathan Chancellor

A new on by default warning in clang aims to flag cases where a const variable or field is not initialized and has no default value (i.e., not static or thread local). The field version of the warning triggers in several places within the kernel that are not problematic so it is disabled in the first patch. The variable version of the warning only triggers in one place, the typecheck() macro, so I opted to silence it in that one place to keep it enabled until it can be proved to be problematic enough to disable it. --- Nathan Chancellor (2): kbuild: Disable -Wdefault-const-init-field-unsafe include/linux/typecheck.h: Zero initialize dummy variables include/linux/typecheck.h | 4 ++-- scripts/Makefile.extrawarn | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) --- base-commit: ebd297a2affadb6f6f4d2e5d975c1eda18ac762d change-id: 20250430-default-const-init-clang-b6e21b8d03b6 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

7 months, 1 week

5
12
0 0

[PATCH 2/2] nvmem: zynqmp_nvmem: unbreak driver after cleanup

by srini＠kernel.org

From: Peter Korsgaard <peter(a)korsgaard.com> Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") changed the driver to expect the device pointer to be passed as the "context", but in nvmem the context parameter comes from nvmem_config.priv which is never set - Leading to null pointer exceptions when the device is accessed. Fixes: 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Korsgaard <peter(a)korsgaard.com> Reviewed-by: Michal Simek <michal.simek(a)amd.com> Tested-by: Michal Simek <michal.simek(a)amd.com> Signed-off-by: Srinivas Kandagatla <srini(a)kernel.org> --- drivers/nvmem/zynqmp_nvmem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/nvmem/zynqmp_nvmem.c b/drivers/nvmem/zynqmp_nvmem.c index 8682adaacd69..7da717d6c7fa 100644 --- a/drivers/nvmem/zynqmp_nvmem.c +++ b/drivers/nvmem/zynqmp_nvmem.c @@ -213,6 +213,7 @@ static int zynqmp_nvmem_probe(struct platform_device *pdev) econfig.word_size = 1; econfig.size = ZYNQMP_NVMEM_SIZE; econfig.dev = dev; + econfig.priv = dev; econfig.add_legacy_fixed_of_cells = true; econfig.reg_read = zynqmp_nvmem_read; econfig.reg_write = zynqmp_nvmem_write; -- 2.43.0

7 months, 1 week

1
0
0 0

[PATCH 6.12] sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash

by Omar Sandoval

From: Omar Sandoval <osandov(a)fb.com> commit bbce3de72be56e4b5f68924b7da9630cc89aa1a8 upstream. There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX, which sometimes results in a crash. The offending case is when dequeue_entities() is called to dequeue a delayed group entity, and then the entity's parent's dequeue is delayed. In that case: 1. In the if (entity_is_task(se)) else block at the beginning of dequeue_entities(), slice is set to cfs_rq_min_slice(group_cfs_rq(se)). If the entity was delayed, then it has no queued tasks, so cfs_rq_min_slice() returns U64_MAX. 2. The first for_each_sched_entity() loop dequeues the entity. 3. If the entity was its parent's only child, then the next iteration tries to dequeue the parent. 4. If the parent's dequeue needs to be delayed, then it breaks from the first for_each_sched_entity() loop _without updating slice_. 5. The second for_each_sched_entity() loop sets the parent's ->slice to the saved slice, which is still U64_MAX. This throws off subsequent calculations with potentially catastrophic results. A manifestation we saw in production was: 6. In update_entity_lag(), se->slice is used to calculate limit, which ends up as a huge negative number. 7. limit is used in se->vlag = clamp(vlag, -limit, limit). Because limit is negative, vlag > limit, so se->vlag is set to the same huge negative number. 8. In place_entity(), se->vlag is scaled, which overflows and results in another huge (positive or negative) number. 9. The adjusted lag is subtracted from se->vruntime, which increases or decreases se->vruntime by a huge number. 10. pick_eevdf() calls entity_eligible()/vruntime_eligible(), which incorrectly returns false because the vruntime is so far from the other vruntimes on the queue, causing the (vruntime - cfs_rq->min_vruntime) * load calulation to overflow. 11. Nothing appears to be eligible, so pick_eevdf() returns NULL. 12. pick_next_entity() tries to dereference the return value of pick_eevdf() and crashes. Dumping the cfs_rq states from the core dumps with drgn showed tell-tale huge vruntime ranges and bogus vlag values, and I also traced se->slice being set to U64_MAX on live systems (which was usually "benign" since the rest of the runqueue needed to be in a particular state to crash). Fix it in dequeue_entities() by always setting slice from the first non-empty cfs_rq. Fixes: aef6987d8954 ("sched/eevdf: Propagate min_slice up the cgroup hierarchy") Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lkml.kernel.org/r/f0c2d1072be229e1bdddc73c0703919a8b00c652.17455709… --- Stable backport to 6.12.y resolving a trivial conflict in the patch context. Thanks, Omar kernel/sched/fair.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index ceb023629d48..990d0828bf2a 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -7182,9 +7182,6 @@ static int dequeue_entities(struct rq *rq, struct sched_entity *se, int flags) idle_h_nr_running = task_has_idle_policy(p); if (!task_sleep && !task_delayed) h_nr_delayed = !!se->sched_delayed; - } else { - cfs_rq = group_cfs_rq(se); - slice = cfs_rq_min_slice(cfs_rq); } for_each_sched_entity(se) { @@ -7194,6 +7191,7 @@ static int dequeue_entities(struct rq *rq, struct sched_entity *se, int flags) if (p && &p->se == se) return -1; + slice = cfs_rq_min_slice(cfs_rq); break; } -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH 6.6.y v2] btrfs: always fallback to buffered write if the inode requires checksum

by Qu Wenruo

commit 968f19c5b1b7d5595423b0ac0020cc18dfed8cb5 upstream. [BUG] It is a long known bug that VM image on btrfs can lead to data csum mismatch, if the qemu is using direct-io for the image (this is commonly known as cache mode 'none'). [CAUSE] Inside the VM, if the fs is EXT4 or XFS, or even NTFS from Windows, the fs is allowed to dirty/modify the folio even if the folio is under writeback (as long as the address space doesn't have AS_STABLE_WRITES flag inherited from the block device). This is a valid optimization to improve the concurrency, and since these filesystems have no extra checksum on data, the content change is not a problem at all. But the final write into the image file is handled by btrfs, which needs the content not to be modified during writeback, or the checksum will not match the data (checksum is calculated before submitting the bio). So EXT4/XFS/NTRFS assume they can modify the folio under writeback, but btrfs requires no modification, this leads to the false csum mismatch. This is only a controlled example, there are even cases where multi-thread programs can submit a direct IO write, then another thread modifies the direct IO buffer for whatever reason. For such cases, btrfs has no sane way to detect such cases and leads to false data csum mismatch. [FIX] I have considered the following ideas to solve the problem: - Make direct IO to always skip data checksum This not only requires a new incompatible flag, as it breaks the current per-inode NODATASUM flag. But also requires extra handling for no csum found cases. And this also reduces our checksum protection. - Let hardware handle all the checksum AKA, just nodatasum mount option. That requires trust for hardware (which is not that trustful in a lot of cases), and it's not generic at all. - Always fallback to buffered write if the inode requires checksum This was suggested by Christoph, and is the solution utilized by this patch. The cost is obvious, the extra buffer copying into page cache, thus it reduces the performance. But at least it's still user configurable, if the end user still wants the zero-copy performance, just set NODATASUM flag for the inode (which is a common practice for VM images on btrfs). Since we cannot trust user space programs to keep the buffer consistent during direct IO, we have no choice but always falling back to buffered IO. At least by this, we avoid the more deadly false data checksum mismatch error. CC: stable(a)vger.kernel.org # 6.6 Suggested-by: Christoph Hellwig <hch(a)infradead.org> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> [ Fix a conflict due to the movement of the function. ] --- Changelog: v2: - Remove the incorrectly included direct-io.c "git am" automatically included the not-yet-exist file into the diff. --- fs/btrfs/file.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index e794606e7c78..f1456c745c6d 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1515,6 +1515,23 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) goto buffered; } + /* + * We can't control the folios being passed in, applications can write + * to them while a direct IO write is in progress. This means the + * content might change after we calculated the data checksum. + * Therefore we can end up storing a checksum that doesn't match the + * persisted data. + * + * To be extra safe and avoid false data checksum mismatch, if the + * inode requires data checksum, just fallback to buffered IO. + * For buffered IO we have full control of page cache and can ensure + * no one is modifying the content during writeback. + */ + if (!(BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) { + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + goto buffered; + } + /* * The iov_iter can be mapped to the same file range we are writing to. * If that's the case, then we will deadlock in the iomap code, because -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH] x86/mtrr: Check if fixed-range MTRR exists in `mtrr_save_fixed_ranges`

by Jiaqing Zhao

When suspending, `save_processor_state` calls `mtrr_save_fixed_ranges` to save fixed-range MTRRs. On platforms without MTRR or fixed-range MTRR support, accessing MTRR MSRs triggers unchecked MSR access error. Make sure fixed-range MTRR is supported before access to prevent such error. Fixes: 3ebad5905609 ("[PATCH] x86: Save and restore the fixed-range MTRRs of the BSP when suspending") Cc: stable(a)vger.kernel.org Signed-off-by: Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> --- arch/x86/kernel/cpu/mtrr/generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c index e2c6b471d230..ca37b374d1b0 100644 --- a/arch/x86/kernel/cpu/mtrr/generic.c +++ b/arch/x86/kernel/cpu/mtrr/generic.c @@ -593,7 +593,7 @@ static void get_fixed_ranges(mtrr_type *frs) void mtrr_save_fixed_ranges(void *info) { - if (boot_cpu_has(X86_FEATURE_MTRR)) + if (boot_cpu_has(X86_FEATURE_MTRR) && mtrr_state.have_fixed) get_fixed_ranges(mtrr_state.fixed_ranges); } -- 2.43.0

7 months, 1 week

2
1
0 0

[PATCH v3] wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Ensure that the hdr_trans_tlv command is included in the broadcast wtbl to prevent the IPv6 and multicast packet from being dropped by the chip. Cc: stable(a)vger.kernel.org Fixes: cb1353ef3473 ("wifi: mt76: mt7925: integrate *mlo_sta_cmd and *sta_cmd") Reported-by: Benjamin Xiao <fossben(a)pm.me> Tested-by: Niklas Schnelle <niks(a)kernel.org> Link: https://lore.kernel.org/lkml/EmWnO5b-acRH1TXbGnkx41eJw654vmCR-8_xMBaPMwexCn… --- v2: add tested-by tag v3: add more info in commit --- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index a42b584634ab..fd756f0d18f8 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -2183,14 +2183,14 @@ mt7925_mcu_sta_cmd(struct mt76_phy *phy, mt7925_mcu_sta_mld_tlv(skb, info->vif, info->link_sta->sta); mt7925_mcu_sta_eht_mld_tlv(skb, info->vif, info->link_sta->sta); } - - mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta); } if (!info->enable) { mt7925_mcu_sta_remove_tlv(skb); mt76_connac_mcu_add_tlv(skb, STA_REC_MLD_OFF, sizeof(struct tlv)); + } else { + mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta); } return mt76_mcu_skb_send_msg(dev, skb, info->cmd, true); -- 2.34.1

7 months, 1 week

2
1
0 0

[PATCHv3] thunderbolt: do not double dequeue a request

by Sergey Senozhatsky

Some of our devices crash in tb_cfg_request_dequeue(): general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65 RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0 Call Trace: <TASK> ? tb_cfg_request_dequeue+0x2d/0xa0 tb_cfg_request_work+0x33/0x80 worker_thread+0x386/0x8f0 kthread+0xed/0x110 ret_from_fork+0x38/0x50 ret_from_fork_asm+0x1b/0x30 The circumstances are unclear, however, the theory is that tb_cfg_request_work() can be scheduled twice for a request: first time via frame.callback from ring_work() and second time from tb_cfg_request(). Both times kworkers will execute tb_cfg_request_dequeue(), which results in double list_del() from the ctl->request_queue (the list poison deference hints at it: 0xdead000000000122). Do not dequeue requests that don't have TB_CFG_REQUEST_ACTIVE bit set. Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: stable(a)vger.kernel.org --- v3: tweaked commit message drivers/thunderbolt/ctl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/thunderbolt/ctl.c b/drivers/thunderbolt/ctl.c index cd15e84c47f4..1db2e951b53f 100644 --- a/drivers/thunderbolt/ctl.c +++ b/drivers/thunderbolt/ctl.c @@ -151,6 +151,11 @@ static void tb_cfg_request_dequeue(struct tb_cfg_request *req) struct tb_ctl *ctl = req->ctl; mutex_lock(&ctl->request_queue_lock); + if (!test_bit(TB_CFG_REQUEST_ACTIVE, &req->flags)) { + mutex_unlock(&ctl->request_queue_lock); + return; + } + list_del(&req->list); clear_bit(TB_CFG_REQUEST_ACTIVE, &req->flags); if (test_bit(TB_CFG_REQUEST_CANCELED, &req->flags)) -- 2.49.0.395.g12beb8f557-goog

7 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] ksmbd: Fix UAF in __close_file_table_ids" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 36991c1ccde2d5a521577c448ffe07fcccfe104d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050939-activism-hesitant-7576@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 36991c1ccde2d5a521577c448ffe07fcccfe104d Mon Sep 17 00:00:00 2001 From: Sean Heelan <seanheelan(a)gmail.com> Date: Tue, 6 May 2025 22:04:52 +0900 Subject: [PATCH] ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while another thread holds a reference to it. The existing checks on fp->refcount are not sufficient to prevent this. The fix takes ft->lock around the section which removes the file from the file table. This prevents two threads acquiring the same file pointer via __close_file_table_ids, as well as the other functions which retrieve a file from the IDR and which already use this same lock. Cc: stable(a)vger.kernel.org Signed-off-by: Sean Heelan <seanheelan(a)gmail.com> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 1f8fa3468173..dfed6fce8904 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -661,21 +661,40 @@ __close_file_table_ids(struct ksmbd_file_table *ft, bool (*skip)(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp)) { - unsigned int id; - struct ksmbd_file *fp; - int num = 0; + struct ksmbd_file *fp; + unsigned int id = 0; + int num = 0; - idr_for_each_entry(ft->idr, fp, id) { - if (skip(tcon, fp)) + while (1) { + write_lock(&ft->lock); + fp = idr_get_next(ft->idr, &id); + if (!fp) { + write_unlock(&ft->lock); + break; + } + + if (skip(tcon, fp) || + !atomic_dec_and_test(&fp->refcount)) { + id++; + write_unlock(&ft->lock); continue; + } set_close_state_blocked_works(fp); + idr_remove(ft->idr, fp->volatile_id); + fp->volatile_id = KSMBD_NO_FID; + write_unlock(&ft->lock); + + down_write(&fp->f_ci->m_lock); + list_del_init(&fp->node); + up_write(&fp->f_ci->m_lock); - if (!atomic_dec_and_test(&fp->refcount)) - continue; __ksmbd_close_fd(ft, fp); + num++; + id++; } + return num; }

7 months, 1 week

1
0
0 0

[PATCH 6.14 000/183] 6.14.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.6 release. There are 183 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 09 May 2025 18:37:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.6-rc1 Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Change btree_insert_node() assertion to error Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/amd/display: Fix slab-use-after-free in hdcp Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Penglei Jiang <superman.xpt(a)gmail.com> btrfs: fix the inode leak in btrfs_iget() David Sterba <dsterba(a)suse.com> btrfs: pass struct btrfs_inode to btrfs_iget_locked() David Sterba <dsterba(a)suse.com> btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() Qu Wenruo <wqu(a)suse.com> btrfs: expose per-inode stable writes flag Shyam Saini <shyamsaini(a)linux.microsoft.com> drivers: base: handle module_kobject creation Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: globalize lookup_or_create_module_kobject() Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: param: rename locate_module_kobject Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: skip reporting zone for new block group Naohiro Aota <naohiro.aota(a)wdc.com> block: introduce zone capacity helper Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Richard Zhu <hongxing.zhu(a)nxp.com> arm64: dts: imx95: Correct the range of PCIe app-reg region Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Ming Lei <ming.lei(a)redhat.com> ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd Ming Lei <ming.lei(a)redhat.com> ublk: simplify aborting ublk request Ming Lei <ming.lei(a)redhat.com> ublk: remove __ublk_quiesce_dev() Uday Shankar <ushankar(a)purestorage.com> ublk: improve detection and handling of ublk server exit Ming Lei <ming.lei(a)redhat.com> ublk: move device reset into ublk_ch_release() Uday Shankar <ushankar(a)purestorage.com> ublk: properly serialize all FETCH_REQs Ming Lei <ming.lei(a)redhat.com> ublk: add helper of ublk_need_map_io() Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 Kenneth Graunke <kenneth(a)whitecape.org> drm/xe: Invalidate L3 read-only cachelines for geometry streams too Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Fix locking order in ivpu_job_submit Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Abort all jobs after command queue unregister Zhenhua Huang <quic_zhenhuah(a)quicinc.com> mm, slab: clean up slab->obj_exts always Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix RX error handling Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Add range check for CMD_RTS Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix LEN_MASK Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Sathesh B Edara <sedara(a)marvell.com> octeon_ep: Fix host hang issue during device reboot Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Sagi Maimon <sagi.maimon(a)adtran.com> ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations Jibin Zhang <jibin.zhang(a)mediatek.com> net: use sock_gen_put() when sk_state is TCP_TIME_WAIT Vadim Fedorenko <vadim.fedorenko(a)linux.dev> bnxt_en: fix module unload sequence Alexander Stein <alexander.stein(a)ew.tq-group.com> ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Olivier Moysan <olivier.moysan(a)foss.st.com> ASoC: stm32: sai: add a check on minimal kernel frequency Olivier Moysan <olivier.moysan(a)foss.st.com> ASoC: stm32: sai: skip useless iterations on kernel rate loop Alistair Francis <alistair.francis(a)wdc.com> nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS Alistair Francis <alistair23(a)gmail.com> nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Kashyap Desai <kashyap.desai(a)broadcom.com> bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix ethtool selftest output in one of the failure cases Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix error handling path in bnxt_init_chip() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-mic regression on other ASUS models Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix broken taprio gate states after clock jump Chad Monroe <chad(a)monroe.io> net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM Jacob Keller <jacob.e.keller(a)intel.com> igc: fix lock order in igc_ptp_reset Larysa Zaremba <larysa.zaremba(a)intel.com> idpf: protect shutdown from reset Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> idpf: fix potential memory leak on kcalloc() failure Da Xue <da(a)libre.computer> net: mdio: mux-meson-gxl: set reversed bit when using internal phy Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Russell Cloran <rcloran(a)gmail.com> drm/mipi-dbi: Fix blanking for non-16 bit formats Maxime Ripard <mripard(a)kernel.org> drm/tests: shmem: Fix memleak Keith Busch <kbusch(a)kernel.org> nvme-pci: fix queue unquiesce check on slot_reset Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix buffer overflow at UMP SysEx message conversion Maulik Shah <maulik.shah(a)oss.qualcomm.com> pinctrl: qcom: Fix PINGROUP definition for sm8750 John Harrison <John.C.Harrison(a)Intel.com> drm/xe/guc: Fix capture of steering registers Keoseong Park <keosung.park(a)samsung.com> scsi: ufs: core: Remove redundant query_complete trace Madhu Chittim <madhu.chittim(a)intel.com> idpf: fix offloads support for encapsulated packets Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Paul Greenwalt <paul.greenwalt(a)intel.com> ice: fix Get Tx Topology AQ command error on E830 Karol Kolacinski <karol.kolacinski(a)intel.com> ice: Remove unnecessary ice_is_e8xx() functions Karol Kolacinski <karol.kolacinski(a)intel.com> ice: Don't check device type when checking GNSS presence Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Shannon Nelson <shannon.nelson(a)amd.com> pds_core: remove write-after-free of client_id Shannon Nelson <shannon.nelson(a)amd.com> pds_core: specify auxiliary_device to be created Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make pdsc_auxbus_dev_del() void Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Justin Lai <justinlai0215(a)realtek.com> rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation Vadim Fedorenko <vadim.fedorenko(a)linux.dev> bnxt_en: improve TX timestamping FIFO configuration Sathesh B Edara <sedara(a)marvell.com> octeon_ep_vf: Resolve netdevice usage count issue Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: copy RX timestamp to new fragments Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Avoid redundant buffer allocation Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: ACPI: Re-sync CPU boost state on system resume Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: acpi: Set policy->boost_supported Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Introduce policy->boost_supported flag Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Raju Rangoju <Raju.Rangoju(a)amd.com> spi: spi-mem: Add fix to avoid divide error Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Correct DCT interrupt handling Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: TC, Continue the attr process even if encap entry is invalid Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Vlad Dogaru <vdogaru(a)nvidia.com> net/mlx5e: Use custom tunnel header for vxlan gbp e.kubanski <e.kubanski(a)partner.samsung.com> xsk: Fix offset calculation in unaligned mode e.kubanski <e.kubanski(a)partner.samsung.com> xsk: Fix race condition in AF_XDP generic RX path Ido Schimmel <idosch(a)nvidia.com> vxlan: vnifilter: Fix unlocked deletion of default FDB entry Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Fix dash warning Murad Masimov <m.masimov(a)mt-integration.ru> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: fix the check for the SCRATCH register upon resume Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: don't warn if the NIC is gone in resume Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: back off on continuous errors Chen Linxuan <chenlinxuan(a)uniontech.com> drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Enable speaker for HP platform Aneesh Kumar K.V (Arm) <aneesh.kumar(a)kernel.org> iommu/arm-smmu-v3: Add missing S2FWB feature detection Chenyuan Yang <chenyuan0y(a)gmail.com> ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Check for ld-option support Hui Wang <hui.wang(a)canonical.com> pinctrl: imx: Return NULL if no group is matched and found Anthony Iliopoulos <ailiop(a)suse.com> powerpc64/ftrace: fix module loading without patchable function entries Donet Tom <donettom(a)linux.ibm.com> book3s64/radix : Align section vmemmap start address to PAGE_SIZE Sheetal <sheetal(a)nvidia.com> ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Nico Pache <npache(a)redhat.com> firmware: cs_dsp: tests: Depend on FW_CS_DSP rather then enabling it Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF Alan Huang <mmpgouride(a)gmail.com> bcachefs: Remove incorrect __counted_by annotation Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix setting policy limits when frequency tables are used Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Jethro Donaldson <devel(a)jro.nz> smb: client: fix zero length for mkdir POSIX create context Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in session logoff Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in kerberos authentication Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_session_rpc_open Shouye Liu <shouyeliu(a)tencent.com> platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles Nicolin Chen <nicolinc(a)nvidia.com> iommu: Fix two issues in iommu_copy_struct_from_user() Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Balbir Singh <balbirs(a)nvidia.com> iommu/arm-smmu-v3: Fix pgsize_bit for sva domains Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Janne Grunau <j(a)jannau.net> drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix offset for HDP remap in nbio v7.11 Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line LongPing Wei <weilongping(a)oppo.com> dm-bufio: don't schedule in atomic context Ard Biesheuvel <ardb(a)kernel.org> x86/boot/sev: Support memory acceptance in the EFI stub under SVSM Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not take trace_event_sem in print_event_fields() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Don't fail set_cs_timing when delays are zero Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: repeat setting reserved region nid if array is doubled Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: pass size instead of end to memblock_set_node() Stephan Gerhold <stephan.gerhold(a)linaro.org> irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Sean Christopherson <seanjc(a)google.com> perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Only check the group flag for X86 leader Christian Marangi <ansuelsmth(a)gmail.com> pinctrl: airoha: fix wrong PHY LED mapping and PHY2 LED defines Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/fdinfo: Protect against driver unbind Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode Dave Chen <davechen(a)synology.com> btrfs: fix COW handling in run_delalloc_nocow() Josef Bacik <josef(a)toxicpanda.com> btrfs: adjust subpage bit start based on sectorsize Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Geoffrey D. Bennett <g(a)b4.vu> ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek - Add more HP laptops which need mute led fixup Christian Heusel <christian(a)heusel.eu> Revert "rndis_host: Flag RNDIS modems as WWAN devices" ------------- Diffstat: Makefile | 4 +- .../boot/dts/nxp/imx/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/boot/dts/freescale/imx95.dtsi | 8 +- arch/arm64/boot/dts/st/stm32mp251.dtsi | 9 +- arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/powerpc/boot/wrapper | 6 +- arch/powerpc/kernel/module_64.c | 4 - arch/powerpc/mm/book3s64/radix_pgtable.c | 17 +- arch/x86/boot/compressed/mem.c | 5 +- arch/x86/boot/compressed/sev.c | 40 ++ arch/x86/boot/compressed/sev.h | 2 + arch/x86/events/core.c | 2 +- arch/x86/events/intel/core.c | 2 +- arch/x86/events/perf_event.h | 9 +- drivers/accel/ivpu/ivpu_drv.c | 32 +- drivers/accel/ivpu/ivpu_drv.h | 2 + drivers/accel/ivpu/ivpu_hw_btrs.h | 2 +- drivers/accel/ivpu/ivpu_job.c | 111 ++++- drivers/accel/ivpu/ivpu_job.h | 1 + drivers/accel/ivpu/ivpu_mmu.c | 3 +- drivers/accel/ivpu/ivpu_pm.c | 18 +- drivers/accel/ivpu/ivpu_sysfs.c | 5 +- drivers/base/module.c | 13 +- drivers/block/ublk_drv.c | 552 +++++++++++---------- drivers/bluetooth/btintel_pcie.c | 57 ++- drivers/bluetooth/btusb.c | 101 ++-- drivers/cpufreq/acpi-cpufreq.c | 14 + drivers/cpufreq/cpufreq.c | 42 +- drivers/cpufreq/cpufreq_ondemand.c | 3 +- drivers/cpufreq/freq_table.c | 10 +- drivers/cpufreq/intel_pstate.c | 3 + drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_ffa/driver.c | 3 +- drivers/firmware/arm_scmi/bus.c | 3 + drivers/firmware/cirrus/Kconfig | 5 +- drivers/gpu/drm/Kconfig | 2 +- drivers/gpu/drm/amd/amdgpu/nbio_v7_11.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 - .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 56 +-- drivers/gpu/drm/drm_file.c | 6 + drivers/gpu/drm/drm_mipi_dbi.c | 6 +- drivers/gpu/drm/i915/pxp/intel_pxp_gsccs.h | 8 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/gpu/drm/tests/drm_gem_shmem_test.c | 3 + drivers/gpu/drm/xe/instructions/xe_gpu_commands.h | 1 + drivers/gpu/drm/xe/xe_guc_capture.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 13 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 6 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 21 +- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-qcom-mpm.c | 3 + drivers/md/dm-bufio.c | 9 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 5 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 39 +- drivers/net/ethernet/amd/pds_core/core.h | 7 +- drivers/net/ethernet/amd/pds_core/devlink.c | 7 +- drivers/net/ethernet/amd/pds_core/main.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 18 +- drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 38 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 29 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 1 + drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 ++- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice.h | 5 - drivers/net/ethernet/intel/ice/ice_common.c | 208 ++++---- drivers/net/ethernet/intel/ice/ice_common.h | 7 +- drivers/net/ethernet/intel/ice/ice_ddp.c | 10 +- drivers/net/ethernet/intel/ice/ice_gnss.c | 31 +- drivers/net/ethernet/intel/ice/ice_gnss.h | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 2 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 137 ++--- drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 235 +++------ drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 11 +- drivers/net/ethernet/intel/ice/ice_type.h | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/idpf/idpf.h | 18 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 76 ++- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 6 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 4 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 18 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 +- .../ethernet/mellanox/mlx5/core/en/reporter_tx.c | 6 +- .../ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c | 32 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 5 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/ethernet/mscc/ocelot.c | 6 + drivers/net/ethernet/realtek/rtase/rtase_main.c | 4 +- drivers/net/ethernet/vertexcom/mse102x.c | 36 +- drivers/net/mdio/mdio-mux-meson-gxl.c | 3 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/vxlan/vxlan_vnifilter.c | 8 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/intel/iwlwifi/iwl-csr.h | 1 + drivers/net/wireless/intel/iwlwifi/iwl-trans.c | 28 +- drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 7 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 24 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 9 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 16 +- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 2 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 1 - drivers/nvme/host/Kconfig | 1 + drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/tcp.c | 31 +- drivers/nvme/target/Kconfig | 1 + drivers/pinctrl/freescale/pinctrl-imx.c | 6 +- drivers/pinctrl/mediatek/pinctrl-airoha.c | 159 +++--- drivers/pinctrl/qcom/pinctrl-sm8750.c | 4 +- drivers/platform/x86/amd/pmc/pmc.c | 7 +- drivers/platform/x86/dell/alienware-wmi.c | 9 + .../x86/intel/uncore-frequency/uncore-frequency.c | 13 +- drivers/ptp/ptp_ocp.c | 52 +- drivers/spi/spi-mem.c | 6 +- drivers/spi/spi-tegra114.c | 6 +- drivers/ufs/core/ufshcd.c | 2 - fs/bcachefs/btree_update_interior.c | 17 +- fs/bcachefs/error.c | 8 + fs/bcachefs/error.h | 2 + fs/bcachefs/xattr_format.h | 8 +- fs/btrfs/btrfs_inode.h | 8 + fs/btrfs/extent_io.c | 2 +- fs/btrfs/file.c | 1 - fs/btrfs/inode.c | 152 +++--- fs/btrfs/ioctl.c | 1 + fs/btrfs/zoned.c | 18 +- fs/smb/client/smb2pdu.c | 1 + fs/smb/server/auth.c | 14 +- fs/smb/server/mgmt/user_session.c | 20 +- fs/smb/server/mgmt/user_session.h | 1 + fs/smb/server/smb2pdu.c | 9 - include/linux/blkdev.h | 67 ++- include/linux/cpufreq.h | 86 ++-- include/linux/iommu.h | 8 +- include/linux/module.h | 2 + include/net/bluetooth/hci.h | 4 +- include/net/bluetooth/hci_core.h | 20 +- include/net/bluetooth/hci_sync.h | 3 + include/net/xdp_sock.h | 3 - include/net/xsk_buff_pool.h | 4 +- include/sound/ump_convert.h | 2 +- kernel/params.c | 6 +- kernel/trace/trace.c | 5 +- kernel/trace/trace_output.c | 4 +- mm/memblock.c | 12 +- mm/slub.c | 27 +- net/bluetooth/hci_conn.c | 181 +------ net/bluetooth/hci_event.c | 15 +- net/bluetooth/hci_sync.c | 150 +++++- net/bluetooth/iso.c | 26 +- net/bluetooth/l2cap_core.c | 3 + net/ipv4/tcp_offload.c | 2 +- net/ipv4/udp_offload.c | 61 ++- net/ipv6/tcpv6_offload.c | 2 +- net/sched/sch_drr.c | 16 +- net/sched/sch_ets.c | 17 +- net/sched/sch_hfsc.c | 10 +- net/sched/sch_htb.c | 2 + net/sched/sch_qfq.c | 18 +- net/xdp/xsk.c | 6 +- net/xdp/xsk_buff_pool.c | 1 + sound/pci/hda/patch_realtek.c | 23 +- sound/soc/amd/acp/acp-i2s.c | 2 +- sound/soc/codecs/Kconfig | 5 +- sound/soc/generic/simple-card-utils.c | 4 +- sound/soc/renesas/rz-ssi.c | 2 +- sound/soc/sdw_utils/soc_sdw_rt_dmic.c | 2 + sound/soc/soc-core.c | 32 +- sound/soc/soc-pcm.c | 5 +- sound/soc/stm/stm32_sai_sub.c | 16 +- sound/usb/endpoint.c | 7 + sound/usb/format.c | 3 +- 194 files changed, 2373 insertions(+), 1773 deletions(-)

7 months, 1 week

15
198
0 0

[PATCH] wifi: mt76: mt7925: fix host interrupt register initialization

by Mingyen Hsieh

From: Michael Lo <michael.lo(a)mediatek.com> ensure proper interrupt handling and aligns with the hardware spec by updating the register offset for MT_WFDMA0_HOST_INT_ENA. Cc: stable(a)vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Michael Lo <michael.lo(a)mediatek.com> Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 3 --- drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c index c7b5dc1dbb34..2e20ecc71207 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c @@ -490,9 +490,6 @@ static int mt7925_pci_suspend(struct device *device) /* disable interrupt */ mt76_wr(dev, dev->irq_map->host_irq_enable, 0); - mt76_wr(dev, MT_WFDMA0_HOST_INT_DIS, - dev->irq_map->tx.all_complete_mask | - MT_INT_RX_DONE_ALL | MT_INT_MCU_CMD); mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0x0); diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/regs.h b/drivers/net/wireless/mediatek/mt76/mt7925/regs.h index 985794a40c1a..547489092c29 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/regs.h +++ b/drivers/net/wireless/mediatek/mt76/mt7925/regs.h @@ -28,7 +28,7 @@ #define MT_MDP_TO_HIF 0 #define MT_MDP_TO_WM 1 -#define MT_WFDMA0_HOST_INT_ENA MT_WFDMA0(0x228) +#define MT_WFDMA0_HOST_INT_ENA MT_WFDMA0(0x204) #define MT_WFDMA0_HOST_INT_DIS MT_WFDMA0(0x22c) #define HOST_RX_DONE_INT_ENA4 BIT(12) #define HOST_RX_DONE_INT_ENA5 BIT(13) -- 2.34.1

7 months, 1 week

1
0
0 0

[PATCH v3 0/3] configfs: fix bugs

by Zijun Hu

Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v3: - To both Andreas Hindborg and Breno Leitao. - Link to v2: https://lore.kernel.org/r/20250415-fix_configfs-v2-0-fcd527dd1824@quicinc.c… Changes in v2: - Drop the last patch which seems wrong. - Link to v1: https://lore.kernel.org/r/20250408-fix_configfs-v1-0-5a4c88805df7@quicinc.c… --- Zijun Hu (3): configfs: Delete semicolon from macro type_print() definition configfs: Do not override creating attribute file failure in populate_attrs() configfs: Correct error value returned by API config_item_set_name() fs/configfs/dir.c | 4 ++-- fs/configfs/item.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) --- base-commit: eae324ca644554d5ce363186bee820a088bb74ab change-id: 20250408-fix_configfs-699743163c64 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

7 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] firmware: arm_scmi: Fix timeout checks on polling path" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c23c03bf1faa1e76be1eba35bad6da6a2a7c95ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050945-multitude-powdered-34d0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c23c03bf1faa1e76be1eba35bad6da6a2a7c95ee Mon Sep 17 00:00:00 2001 From: Cristian Marussi <cristian.marussi(a)arm.com> Date: Mon, 10 Mar 2025 17:58:00 +0000 Subject: [PATCH] firmware: arm_scmi: Fix timeout checks on polling path Polling mode transactions wait for a reply busy-looping without holding a spinlock, but currently the timeout checks are based only on elapsed time: as a result we could hit a false positive whenever our busy-looping thread is pre-empted and scheduled out for a time greater than the polling timeout. Change the checks at the end of the busy-loop to make sure that the polling wasn't indeed successful or an out-of-order reply caused the polling to be forcibly terminated. Fixes: 31d2f803c19c ("firmware: arm_scmi: Add sync_cmds_completed_on_ret transport flag") Reported-by: Huangjie <huangjie1663(a)phytium.com.cn> Closes: https://lore.kernel.org/arm-scmi/20250123083323.2363749-1-jackhuang021@gmai… Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> Cc: stable(a)vger.kernel.org # 5.18.x Message-Id: <20250310175800.1444293-1-cristian.marussi(a)arm.com> Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index 1c75a4c9c371..0390d5ff195e 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -1248,7 +1248,8 @@ static void xfer_put(const struct scmi_protocol_handle *ph, } static bool scmi_xfer_done_no_timeout(struct scmi_chan_info *cinfo, - struct scmi_xfer *xfer, ktime_t stop) + struct scmi_xfer *xfer, ktime_t stop, + bool *ooo) { struct scmi_info *info = handle_to_scmi_info(cinfo->handle); @@ -1257,7 +1258,7 @@ static bool scmi_xfer_done_no_timeout(struct scmi_chan_info *cinfo, * in case of out-of-order receptions of delayed responses */ return info->desc->ops->poll_done(cinfo, xfer) || - try_wait_for_completion(&xfer->done) || + (*ooo = try_wait_for_completion(&xfer->done)) || ktime_after(ktime_get(), stop); } @@ -1274,15 +1275,17 @@ static int scmi_wait_for_reply(struct device *dev, const struct scmi_desc *desc, * itself to support synchronous commands replies. */ if (!desc->sync_cmds_completed_on_ret) { + bool ooo = false; + /* * Poll on xfer using transport provided .poll_done(); * assumes no completion interrupt was available. */ ktime_t stop = ktime_add_ms(ktime_get(), timeout_ms); - spin_until_cond(scmi_xfer_done_no_timeout(cinfo, - xfer, stop)); - if (ktime_after(ktime_get(), stop)) { + spin_until_cond(scmi_xfer_done_no_timeout(cinfo, xfer, + stop, &ooo)); + if (!ooo && !info->desc->ops->poll_done(cinfo, xfer)) { dev_err(dev, "timed out in resp(caller: %pS) - polling\n", (void *)_RET_IP_);

7 months, 1 week

1
0
0 0

Linux 6.14.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.6 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul-imx6ull-opos6ul.dtsi | 3 arch/arm64/boot/dts/freescale/imx95.dtsi | 8 arch/arm64/boot/dts/st/stm32mp251.dtsi | 9 arch/arm64/kernel/proton-pack.c | 2 arch/parisc/math-emu/driver.c | 16 arch/powerpc/boot/wrapper | 6 arch/powerpc/kernel/module_64.c | 4 arch/powerpc/mm/book3s64/radix_pgtable.c | 17 arch/x86/boot/compressed/mem.c | 5 arch/x86/boot/compressed/sev.c | 40 arch/x86/boot/compressed/sev.h | 2 arch/x86/events/core.c | 2 arch/x86/events/intel/core.c | 2 arch/x86/events/perf_event.h | 9 drivers/accel/ivpu/ivpu_drv.c | 32 drivers/accel/ivpu/ivpu_drv.h | 2 drivers/accel/ivpu/ivpu_hw_btrs.h | 2 drivers/accel/ivpu/ivpu_job.c | 111 +- drivers/accel/ivpu/ivpu_job.h | 1 drivers/accel/ivpu/ivpu_mmu.c | 3 drivers/accel/ivpu/ivpu_pm.c | 18 drivers/accel/ivpu/ivpu_sysfs.c | 5 drivers/base/module.c | 13 drivers/block/ublk_drv.c | 550 +++++----- drivers/bluetooth/btintel_pcie.c | 57 - drivers/bluetooth/btusb.c | 101 + drivers/cpufreq/acpi-cpufreq.c | 14 drivers/cpufreq/cpufreq.c | 42 drivers/cpufreq/cpufreq_ondemand.c | 3 drivers/cpufreq/freq_table.c | 10 drivers/cpufreq/intel_pstate.c | 3 drivers/edac/altera_edac.c | 9 drivers/edac/altera_edac.h | 2 drivers/firmware/arm_ffa/driver.c | 3 drivers/firmware/arm_scmi/bus.c | 3 drivers/firmware/cirrus/Kconfig | 5 drivers/gpu/drm/Kconfig | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_11.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 56 - drivers/gpu/drm/drm_file.c | 6 drivers/gpu/drm/drm_mipi_dbi.c | 6 drivers/gpu/drm/i915/pxp/intel_pxp_gsccs.h | 8 drivers/gpu/drm/nouveau/nouveau_fence.c | 2 drivers/gpu/drm/tests/drm_gem_shmem_test.c | 3 drivers/gpu/drm/xe/instructions/xe_gpu_commands.h | 1 drivers/gpu/drm/xe/xe_guc_capture.c | 2 drivers/gpu/drm/xe/xe_ring_ops.c | 13 drivers/i2c/busses/i2c-imx-lpi2c.c | 4 drivers/iommu/amd/init.c | 8 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 6 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 21 drivers/iommu/intel/iommu.c | 4 drivers/irqchip/irq-qcom-mpm.c | 3 drivers/md/dm-bufio.c | 9 drivers/md/dm-integrity.c | 2 drivers/md/dm-table.c | 5 drivers/mmc/host/renesas_sdhi_core.c | 10 drivers/net/dsa/ocelot/felix_vsc9959.c | 5 drivers/net/ethernet/amd/pds_core/auxbus.c | 39 drivers/net/ethernet/amd/pds_core/core.h | 7 drivers/net/ethernet/amd/pds_core/devlink.c | 7 drivers/net/ethernet/amd/pds_core/main.c | 11 drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 18 drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 20 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 40 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 29 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 1 drivers/net/ethernet/dlink/dl2k.c | 2 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/freescale/fec_main.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 drivers/net/ethernet/intel/ice/ice.h | 5 drivers/net/ethernet/intel/ice/ice_common.c | 208 +-- drivers/net/ethernet/intel/ice/ice_common.h | 7 drivers/net/ethernet/intel/ice/ice_ddp.c | 10 drivers/net/ethernet/intel/ice/ice_gnss.c | 29 drivers/net/ethernet/intel/ice/ice_gnss.h | 4 drivers/net/ethernet/intel/ice/ice_lib.c | 2 drivers/net/ethernet/intel/ice/ice_ptp.c | 133 +- drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 235 +--- drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 11 drivers/net/ethernet/intel/ice/ice_type.h | 9 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 drivers/net/ethernet/intel/idpf/idpf.h | 18 drivers/net/ethernet/intel/idpf/idpf_lib.c | 76 - drivers/net/ethernet/intel/idpf/idpf_main.c | 1 drivers/net/ethernet/intel/igc/igc_ptp.c | 6 drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 2 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 4 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 18 drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c | 32 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 5 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 drivers/net/ethernet/microchip/lan743x_main.c | 8 drivers/net/ethernet/microchip/lan743x_main.h | 1 drivers/net/ethernet/mscc/ocelot.c | 6 drivers/net/ethernet/realtek/rtase/rtase_main.c | 4 drivers/net/ethernet/vertexcom/mse102x.c | 36 drivers/net/mdio/mdio-mux-meson-gxl.c | 3 drivers/net/usb/rndis_host.c | 16 drivers/net/vxlan/vxlan_vnifilter.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 drivers/net/wireless/intel/iwlwifi/iwl-csr.h | 1 drivers/net/wireless/intel/iwlwifi/iwl-trans.c | 28 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 7 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 24 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 9 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 16 drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 2 drivers/net/wireless/purelifi/plfxlc/mac.c | 1 drivers/nvme/host/Kconfig | 1 drivers/nvme/host/pci.c | 2 drivers/nvme/host/tcp.c | 31 drivers/nvme/target/Kconfig | 1 drivers/pinctrl/freescale/pinctrl-imx.c | 6 drivers/pinctrl/mediatek/pinctrl-airoha.c | 159 +- drivers/pinctrl/qcom/pinctrl-sm8750.c | 4 drivers/platform/x86/amd/pmc/pmc.c | 7 drivers/platform/x86/dell/alienware-wmi.c | 9 drivers/platform/x86/intel/uncore-frequency/uncore-frequency.c | 13 drivers/ptp/ptp_ocp.c | 52 drivers/spi/spi-mem.c | 6 drivers/spi/spi-tegra114.c | 6 drivers/ufs/core/ufshcd.c | 2 fs/bcachefs/btree_update_interior.c | 17 fs/bcachefs/error.c | 8 fs/bcachefs/error.h | 2 fs/bcachefs/xattr_format.h | 8 fs/btrfs/btrfs_inode.h | 8 fs/btrfs/extent_io.c | 2 fs/btrfs/file.c | 1 fs/btrfs/inode.c | 154 +- fs/btrfs/ioctl.c | 1 fs/btrfs/zoned.c | 18 fs/smb/client/smb2pdu.c | 1 fs/smb/server/auth.c | 14 fs/smb/server/mgmt/user_session.c | 20 fs/smb/server/mgmt/user_session.h | 1 fs/smb/server/smb2pdu.c | 9 include/linux/blkdev.h | 67 - include/linux/cpufreq.h | 86 + include/linux/iommu.h | 8 include/linux/module.h | 2 include/net/bluetooth/hci.h | 4 include/net/bluetooth/hci_core.h | 20 include/net/bluetooth/hci_sync.h | 3 include/net/xdp_sock.h | 3 include/net/xsk_buff_pool.h | 4 include/sound/ump_convert.h | 2 kernel/params.c | 6 kernel/trace/trace.c | 5 kernel/trace/trace_output.c | 4 mm/memblock.c | 12 mm/slub.c | 27 net/bluetooth/hci_conn.c | 181 --- net/bluetooth/hci_event.c | 15 net/bluetooth/hci_sync.c | 150 ++ net/bluetooth/iso.c | 26 net/bluetooth/l2cap_core.c | 3 net/ipv4/tcp_offload.c | 2 net/ipv4/udp_offload.c | 61 + net/ipv6/tcpv6_offload.c | 2 net/sched/sch_drr.c | 16 net/sched/sch_ets.c | 17 net/sched/sch_hfsc.c | 10 net/sched/sch_htb.c | 2 net/sched/sch_qfq.c | 18 net/xdp/xsk.c | 6 net/xdp/xsk_buff_pool.c | 1 sound/pci/hda/patch_realtek.c | 23 sound/soc/amd/acp/acp-i2s.c | 2 sound/soc/codecs/Kconfig | 5 sound/soc/generic/simple-card-utils.c | 4 sound/soc/renesas/rz-ssi.c | 2 sound/soc/sdw_utils/soc_sdw_rt_dmic.c | 2 sound/soc/soc-core.c | 32 sound/soc/soc-pcm.c | 5 sound/soc/stm/stm32_sai_sub.c | 16 sound/usb/endpoint.c | 7 sound/usb/format.c | 3 194 files changed, 2365 insertions(+), 1765 deletions(-) Aaron Kling (1): spi: tegra114: Don't fail set_cs_timing when delays are zero Alan Huang (1): bcachefs: Remove incorrect __counted_by annotation Alexander Stein (1): ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Alistair Francis (2): nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS Aneesh Kumar K.V (Arm) (1): iommu/arm-smmu-v3: Add missing S2FWB feature detection Anthony Iliopoulos (1): powerpc64/ftrace: fix module loading without patchable function entries Ard Biesheuvel (1): x86/boot/sev: Support memory acceptance in the EFI stub under SVSM Balbir Singh (1): iommu/arm-smmu-v3: Fix pgsize_bit for sva domains Benjamin Marzinski (1): dm: always update the array size in realloc_argv on success Chad Monroe (1): net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM Chen Linxuan (1): drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' Chenyuan Yang (1): ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init() Chris Bainbridge (1): drm/amd/display: Fix slab-use-after-free in hdcp Chris Chiu (1): ALSA: hda/realtek - Add more HP laptops which need mute led fixup Chris Mi (1): net/mlx5: E-switch, Fix error handling for enabling roce Christian Bruel (2): arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs Christian Heusel (1): Revert "rndis_host: Flag RNDIS modems as WWAN devices" Christian Marangi (1): pinctrl: airoha: fix wrong PHY LED mapping and PHY2 LED defines Clark Wang (1): i2c: imx-lpi2c: Fix clock count when probe defers Claudiu Beznea (1): ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS() Cong Wang (5): sch_htb: make htb_qlen_notify() idempotent sch_drr: make drr_qlen_notify() idempotent sch_hfsc: make hfsc_qlen_notify() idempotent sch_qfq: make qfq_qlen_notify() idempotent sch_ets: make est_qlen_notify() idempotent Cosmin Ratiu (1): net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover Cristian Marussi (1): firmware: arm_scmi: Balance device refcount when destroying devices Da Xue (1): net: mdio: mux-meson-gxl: set reversed bit when using internal phy Daniel Golle (1): net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array Dave Chen (1): btrfs: fix COW handling in run_delalloc_nocow() David Sterba (2): btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() btrfs: pass struct btrfs_inode to btrfs_iget_locked() Donet Tom (1): book3s64/radix : Align section vmemmap start address to PAGE_SIZE Emmanuel Grumbach (2): wifi: iwlwifi: don't warn if the NIC is gone in resume wifi: iwlwifi: fix the check for the SCRATCH register upon resume En-Wei Wu (1): Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() Felix Fietkau (1): net: ipv6: fix UDPv6 GSO segmentation with NAT Geert Uytterhoeven (1): ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Geoffrey D. Bennett (1): ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() Greg Kroah-Hartman (1): Linux 6.14.6 Hao Lan (1): net: hns3: fixed debugfs tm_qset size Helge Deller (1): parisc: Fix double SIGFPE crash Hui Wang (1): pinctrl: imx: Return NULL if no group is matched and found Ido Schimmel (1): vxlan: vnifilter: Fix unlocked deletion of default FDB entry Jacob Keller (1): igc: fix lock order in igc_ptp_reset Janne Grunau (1): drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS Jeongjun Park (1): tracing: Fix oob write in trace_seq_to_buffer() Jethro Donaldson (1): smb: client: fix zero length for mkdir POSIX create context Jian Shen (2): net: hns3: store rx VLAN tag offload state for VF net: hns3: defer calling ptp_clock_register() Jianbo Liu (1): net/mlx5e: TC, Continue the attr process even if encap entry is invalid Jibin Zhang (1): net: use sock_gen_put() when sk_state is TCP_TIME_WAIT Joachim Priesner (1): ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Johannes Berg (1): wifi: iwlwifi: back off on continuous errors John Harrison (1): drm/xe/guc: Fix capture of steering registers Josef Bacik (1): btrfs: adjust subpage bit start based on sectorsize Justin Lai (1): rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation Kailang Yang (1): ALSA: hda/realtek - Enable speaker for HP platform Kalesh AP (1): bnxt_en: Fix ethtool selftest output in one of the failure cases Kan Liang (1): perf/x86/intel: Only check the group flag for X86 leader Karol Kolacinski (2): ice: Don't check device type when checking GNSS presence ice: Remove unnecessary ice_is_e8xx() functions Karol Wachowski (4): accel/ivpu: Correct DCT interrupt handling accel/ivpu: Abort all jobs after command queue unregister accel/ivpu: Fix locking order in ivpu_job_submit accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW Kashyap Desai (1): bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() Keith Busch (1): nvme-pci: fix queue unquiesce check on slot_reset Kenneth Graunke (1): drm/xe: Invalidate L3 read-only cachelines for geometry streams too Kent Overstreet (1): bcachefs: Change btree_insert_node() assertion to error Keoseong Park (1): scsi: ufs: core: Remove redundant query_complete trace Kiran K (2): Bluetooth: btintel_pcie: Avoid redundant buffer allocation Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths Kurt Borja (1): platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 Larysa Zaremba (1): idpf: protect shutdown from reset Leo Li (1): drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF Lijo Lazar (1): drm/amdgpu: Fix offset for HDP remap in nbio v7.11 LongPing Wei (1): dm-bufio: don't schedule in atomic context Louis-Alexis Eyraud (2): net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Luiz Augusto von Dentz (2): Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync Madhavan Srinivasan (2): powerpc/boot: Check for ld-option support powerpc/boot: Fix dash warning Madhu Chittim (1): idpf: fix offloads support for encapsulated packets Maor Gottlieb (1): net/mlx5: E-Switch, Initialize MAC Address for Default GID Mario Limonciello (2): platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Mattias Barthel (1): net: fec: ERR007885 Workaround for conventional TX Maulik Shah (1): pinctrl: qcom: Fix PINGROUP definition for sm8750 Maxime Ripard (1): drm/tests: shmem: Fix memleak Michael Chan (1): bnxt_en: Fix ethtool -d byte order for 32-bit values Michael Liang (1): nvme-tcp: fix premature queue removal and I/O failover Michal Swiatkowski (1): idpf: fix potential memory leak on kcalloc() failure Mikulas Patocka (1): dm-integrity: fix a warning on invalid table line Ming Lei (5): ublk: add helper of ublk_need_map_io() ublk: move device reset into ublk_ch_release() ublk: remove __ublk_quiesce_dev() ublk: simplify aborting ublk request ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd Mingcong Bai (1): iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Murad Masimov (1): wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Namjae Jeon (1): ksmbd: fix use-after-free in ksmbd_session_rpc_open Naohiro Aota (2): block: introduce zone capacity helper btrfs: zoned: skip reporting zone for new block group Nico Pache (1): firmware: cs_dsp: tests: Depend on FW_CS_DSP rather then enabling it Nicolin Chen (2): iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids iommu: Fix two issues in iommu_copy_struct_from_user() Niravkumar L Rabara (2): EDAC/altera: Test the correct error reg offset EDAC/altera: Set DDR and SDMMC interrupt mask before registration Olivier Moysan (2): ASoC: stm32: sai: skip useless iterations on kernel rate loop ASoC: stm32: sai: add a check on minimal kernel frequency Paul Greenwalt (1): ice: fix Get Tx Topology AQ command error on E830 Pauli Virtanen (1): Bluetooth: L2CAP: copy RX timestamp to new fragments Pavel Paklov (1): iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Penglei Jiang (1): btrfs: fix the inode leak in btrfs_iget() Philipp Stanner (1): drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Qu Wenruo (1): btrfs: expose per-inode stable writes flag Rafael J. Wysocki (2): cpufreq: Avoid using inconsistent policy->min and policy->max cpufreq: Fix setting policy limits when frequency tables are used Raju Rangoju (1): spi: spi-mem: Add fix to avoid divide error Richard Fitzgerald (1): ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB Richard Zhu (1): arm64: dts: imx95: Correct the range of PCIe app-reg region Ruslan Piasetskyi (1): mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Russell Cloran (1): drm/mipi-dbi: Fix blanking for non-16 bit formats Sagi Maimon (1): ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations Sathesh B Edara (2): octeon_ep_vf: Resolve netdevice usage count issue octeon_ep: Fix host hang issue during device reboot Sean Christopherson (1): perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Sean Heelan (2): ksmbd: fix use-after-free in kerberos authentication ksmbd: fix use-after-free in session logoff Shannon Nelson (3): pds_core: make pdsc_auxbus_dev_del() void pds_core: specify auxiliary_device to be created pds_core: remove write-after-free of client_id Sheetal (1): ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Shouye Liu (1): platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Shravya KN (1): bnxt_en: Fix error handling path in bnxt_init_chip() Shruti Parab (2): bnxt_en: Fix coredump logic to free allocated buffer bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shyam Saini (3): kernel: param: rename locate_module_kobject kernel: globalize lookup_or_create_module_kobject() drivers: base: handle module_kobject creation Simon Horman (1): net: dlink: Correct endianness handling of led_mode Somnath Kotur (1): bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() Srinivas Pandruvada (1): cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode Stefan Wahren (4): net: vertexcom: mse102x: Fix possible stuck of SPI interrupt net: vertexcom: mse102x: Fix LEN_MASK net: vertexcom: mse102x: Add range check for CMD_RTS net: vertexcom: mse102x: Fix RX error handling Stephan Gerhold (1): irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Steven Rostedt (1): tracing: Do not take trace_event_sem in print_event_fields() Sudeep Holla (1): firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Sébastien Szymanski (1): ARM: dts: opos6ul: add ksz8081 phy properties Takashi Iwai (2): ALSA: ump: Fix buffer overflow at UMP SysEx message conversion ALSA: hda/realtek: Fix built-mic regression on other ASUS models Thangaraj Samynathan (1): net: lan743x: Fix memleak issue when GSO enabled Tudor Ambarus (1): dm: fix copying after src array boundaries Tvrtko Ursulin (1): drm/fdinfo: Protect against driver unbind Uday Shankar (2): ublk: properly serialize all FETCH_REQs ublk: improve detection and handling of ublk server exit Vadim Fedorenko (2): bnxt_en: improve TX timestamping FIFO configuration bnxt_en: fix module unload sequence Venkata Prasad Potturu (1): ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Victor Nogueira (4): net_sched: drr: Fix double list add in class with netem as child qdisc net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc net_sched: ets: Fix double list add in class with netem as child qdisc net_sched: qfq: Fix double list add in class with netem as child qdisc Viresh Kumar (3): cpufreq: Introduce policy->boost_supported flag cpufreq: acpi: Set policy->boost_supported cpufreq: ACPI: Re-sync CPU boost state on system resume Vishal Badole (1): amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Vlad Dogaru (1): net/mlx5e: Use custom tunnel header for vxlan gbp Vladimir Oltean (2): net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID net: dsa: felix: fix broken taprio gate states after clock jump Wei Yang (2): mm/memblock: pass size instead of end to memblock_set_node() mm/memblock: repeat setting reserved region nid if array is doubled Wentao Liang (1): wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Will Deacon (1): arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Xuanqiang Luo (1): ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Yonglong Liu (1): net: hns3: fix an interrupt residual problem Zhenhua Huang (1): mm, slab: clean up slab->obj_exts always e.kubanski (2): xsk: Fix race condition in AF_XDP generic RX path xsk: Fix offset calculation in unaligned mode

7 months, 1 week

1
1
0 0

Linux 6.12.28

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.28 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul-imx6ull-opos6ul.dtsi | 3 arch/arm64/boot/dts/freescale/imx95.dtsi | 8 arch/arm64/boot/dts/st/stm32mp251.dtsi | 9 arch/arm64/kernel/proton-pack.c | 2 arch/parisc/include/uapi/asm/socket.h | 10 arch/parisc/math-emu/driver.c | 16 arch/powerpc/boot/wrapper | 6 arch/powerpc/mm/book3s64/radix_pgtable.c | 17 arch/x86/boot/compressed/mem.c | 5 arch/x86/boot/compressed/sev.c | 40 + arch/x86/boot/compressed/sev.h | 2 arch/x86/events/core.c | 2 arch/x86/events/intel/core.c | 2 arch/x86/events/perf_event.h | 9 block/blk-mq-cpumap.c | 3 drivers/accel/ivpu/ivpu_drv.c | 38 - drivers/accel/ivpu/ivpu_drv.h | 9 drivers/accel/ivpu/ivpu_hw_btrs.h | 2 drivers/accel/ivpu/ivpu_job.c | 125 +++- drivers/accel/ivpu/ivpu_job.h | 1 drivers/accel/ivpu/ivpu_jsm_msg.c | 3 drivers/accel/ivpu/ivpu_mmu.c | 3 drivers/accel/ivpu/ivpu_pm.c | 18 drivers/accel/ivpu/ivpu_sysfs.c | 5 drivers/accel/ivpu/vpu_boot_api.h | 45 - drivers/accel/ivpu/vpu_jsm_api.h | 303 ++++++++-- drivers/android/binder.c | 2 drivers/base/module.c | 13 drivers/bluetooth/btintel_pcie.c | 57 + drivers/bluetooth/btusb.c | 137 +++- drivers/cpufreq/cpufreq.c | 42 + drivers/cpufreq/cpufreq_ondemand.c | 3 drivers/cpufreq/freq_table.c | 6 drivers/cpufreq/intel_pstate.c | 3 drivers/edac/altera_edac.c | 9 drivers/edac/altera_edac.h | 2 drivers/firmware/arm_ffa/driver.c | 3 drivers/firmware/arm_scmi/bus.c | 3 drivers/gpu/drm/Kconfig | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_11.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 56 - drivers/gpu/drm/drm_file.c | 6 drivers/gpu/drm/drm_mipi_dbi.c | 6 drivers/gpu/drm/i915/pxp/intel_pxp_gsccs.h | 8 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/nouveau/nouveau_fence.c | 2 drivers/gpu/drm/tests/drm_gem_shmem_test.c | 3 drivers/gpu/drm/xe/xe_hw_engine.c | 12 drivers/i2c/busses/i2c-imx-lpi2c.c | 4 drivers/iommu/amd/init.c | 8 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 6 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 19 drivers/iommu/intel/iommu.c | 4 drivers/irqchip/irq-qcom-mpm.c | 3 drivers/md/dm-bufio.c | 9 drivers/md/dm-integrity.c | 2 drivers/md/dm-table.c | 5 drivers/mmc/host/renesas_sdhi_core.c | 10 drivers/net/dsa/ocelot/felix_vsc9959.c | 5 drivers/net/ethernet/amd/pds_core/auxbus.c | 39 - drivers/net/ethernet/amd/pds_core/core.h | 7 drivers/net/ethernet/amd/pds_core/devlink.c | 7 drivers/net/ethernet/amd/pds_core/main.c | 11 drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 18 drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 20 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 40 + drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 29 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 1 drivers/net/ethernet/dlink/dl2k.c | 2 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/freescale/fec_main.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 +- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 drivers/net/ethernet/intel/idpf/idpf.h | 18 drivers/net/ethernet/intel/idpf/idpf_lib.c | 76 -- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 drivers/net/ethernet/intel/igc/igc_ptp.c | 6 drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 2 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 4 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 18 drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c | 32 - drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 5 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 drivers/net/ethernet/microchip/lan743x_main.c | 8 drivers/net/ethernet/microchip/lan743x_main.h | 1 drivers/net/ethernet/mscc/ocelot.c | 6 drivers/net/ethernet/realtek/rtase/rtase_main.c | 4 drivers/net/ethernet/vertexcom/mse102x.c | 36 - drivers/net/mdio/mdio-mux-meson-gxl.c | 3 drivers/net/usb/rndis_host.c | 16 drivers/net/vxlan/vxlan_vnifilter.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 drivers/net/wireless/intel/iwlwifi/iwl-csr.h | 1 drivers/net/wireless/intel/iwlwifi/iwl-trans.c | 1 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 24 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 9 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 13 drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 2 drivers/net/wireless/purelifi/plfxlc/mac.c | 1 drivers/nvme/host/Kconfig | 1 drivers/nvme/host/pci.c | 2 drivers/nvme/host/tcp.c | 31 - drivers/nvme/target/Kconfig | 1 drivers/pinctrl/freescale/pinctrl-imx.c | 6 drivers/platform/x86/amd/pmc/pmc.c | 7 drivers/platform/x86/intel/uncore-frequency/uncore-frequency.c | 13 drivers/ptp/ptp_ocp.c | 52 + drivers/spi/spi-tegra114.c | 6 drivers/ufs/core/ufshcd.c | 2 fs/bcachefs/xattr_format.h | 8 fs/btrfs/extent_io.c | 2 fs/btrfs/inode.c | 9 fs/smb/client/smb2pdu.c | 1 fs/smb/server/auth.c | 14 fs/smb/server/mgmt/user_session.c | 20 fs/smb/server/mgmt/user_session.h | 1 fs/smb/server/smb2pdu.c | 9 include/linux/cpufreq.h | 83 +- include/linux/iommu.h | 8 include/linux/module.h | 2 include/net/bluetooth/hci.h | 4 include/net/bluetooth/hci_core.h | 20 include/net/bluetooth/hci_sync.h | 3 include/net/xdp_sock.h | 3 include/net/xsk_buff_pool.h | 2 include/sound/ump_convert.h | 2 kernel/params.c | 6 kernel/trace/trace.c | 5 kernel/trace/trace_output.c | 4 mm/memblock.c | 12 mm/slub.c | 27 net/bluetooth/hci_conn.c | 189 ------ net/bluetooth/hci_event.c | 15 net/bluetooth/hci_sync.c | 150 ++++ net/bluetooth/iso.c | 26 net/bluetooth/l2cap_core.c | 3 net/ipv4/tcp_offload.c | 2 net/ipv4/udp_offload.c | 61 +- net/ipv6/tcpv6_offload.c | 2 net/sched/sch_drr.c | 16 net/sched/sch_ets.c | 17 net/sched/sch_hfsc.c | 10 net/sched/sch_htb.c | 2 net/sched/sch_qfq.c | 18 net/xdp/xsk.c | 6 net/xdp/xsk_buff_pool.c | 1 sound/pci/hda/patch_realtek.c | 20 sound/soc/amd/acp/acp-i2s.c | 2 sound/soc/codecs/Kconfig | 5 sound/soc/generic/simple-card-utils.c | 4 sound/soc/sdw_utils/soc_sdw_rt_dmic.c | 2 sound/soc/soc-core.c | 32 - sound/soc/soc-pcm.c | 5 sound/usb/endpoint.c | 7 sound/usb/format.c | 3 169 files changed, 1846 insertions(+), 983 deletions(-) Aaron Kling (1): spi: tegra114: Don't fail set_cs_timing when delays are zero Aaron Ma (1): Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x Alan Huang (1): bcachefs: Remove incorrect __counted_by annotation Alexander Stein (1): ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Alistair Francis (2): nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS Andrew Kreimer (1): accel/ivpu: Fix a typo Andrzej Kacprowski (1): accel/ivpu: Update VPU FW API headers Ard Biesheuvel (1): x86/boot/sev: Support memory acceptance in the EFI stub under SVSM Balbir Singh (1): iommu/arm-smmu-v3: Fix pgsize_bit for sva domains Benjamin Marzinski (1): dm: always update the array size in realloc_argv on success Carlos Llamas (1): binder: fix offset calculation in debug log Chad Monroe (1): net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM Chen Linxuan (1): drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' Chenyuan Yang (1): ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init() Chris Bainbridge (1): drm/amd/display: Fix slab-use-after-free in hdcp Chris Mi (1): net/mlx5: E-switch, Fix error handling for enabling roce Christian Bruel (2): arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs Christian Heusel (1): Revert "rndis_host: Flag RNDIS modems as WWAN devices" Christian Hewitt (1): Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Clark Wang (1): i2c: imx-lpi2c: Fix clock count when probe defers Cong Wang (5): sch_htb: make htb_qlen_notify() idempotent sch_drr: make drr_qlen_notify() idempotent sch_hfsc: make hfsc_qlen_notify() idempotent sch_qfq: make qfq_qlen_notify() idempotent sch_ets: make est_qlen_notify() idempotent Cosmin Ratiu (1): net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover Cristian Marussi (1): firmware: arm_scmi: Balance device refcount when destroying devices Da Xue (1): net: mdio: mux-meson-gxl: set reversed bit when using internal phy Daniel Golle (1): net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array Daniel Wagner (1): blk-mq: create correct map for fallback case Dave Chen (1): btrfs: fix COW handling in run_delalloc_nocow() Donet Tom (1): book3s64/radix : Align section vmemmap start address to PAGE_SIZE Dorian Cruveiller (1): Bluetooth: btusb: Add new VID/PID for WCN785x Emmanuel Grumbach (2): wifi: iwlwifi: don't warn if the NIC is gone in resume wifi: iwlwifi: fix the check for the SCRATCH register upon resume En-Wei Wu (1): Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() Felix Fietkau (1): net: ipv6: fix UDPv6 GSO segmentation with NAT Geert Uytterhoeven (1): ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Geoffrey D. Bennett (1): ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() Greg Kroah-Hartman (1): Linux 6.12.28 Hao Lan (1): net: hns3: fixed debugfs tm_qset size Helge Deller (1): parisc: Fix double SIGFPE crash Hui Wang (1): pinctrl: imx: Return NULL if no group is matched and found Ido Schimmel (1): vxlan: vnifilter: Fix unlocked deletion of default FDB entry Iulia Tanasescu (1): Bluetooth: hci_conn: Remove alloc from critical section Jacob Keller (1): igc: fix lock order in igc_ptp_reset Janne Grunau (1): drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS Jeongjun Park (1): tracing: Fix oob write in trace_seq_to_buffer() Jethro Donaldson (1): smb: client: fix zero length for mkdir POSIX create context Jian Shen (2): net: hns3: store rx VLAN tag offload state for VF net: hns3: defer calling ptp_clock_register() Jianbo Liu (1): net/mlx5e: TC, Continue the attr process even if encap entry is invalid Jibin Zhang (1): net: use sock_gen_put() when sk_state is TCP_TIME_WAIT Joachim Priesner (1): ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Josef Bacik (1): btrfs: adjust subpage bit start based on sectorsize Justin Lai (1): rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation Kailang Yang (1): ALSA: hda/realtek - Enable speaker for HP platform Kalesh AP (1): bnxt_en: Fix ethtool selftest output in one of the failure cases Kan Liang (1): perf/x86/intel: Only check the group flag for X86 leader Karol Wachowski (5): accel/ivpu: Correct DCT interrupt handling accel/ivpu: Use xa_alloc_cyclic() instead of custom function accel/ivpu: Abort all jobs after command queue unregister accel/ivpu: Fix locking order in ivpu_job_submit accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW Kashyap Desai (1): bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() Keith Busch (1): nvme-pci: fix queue unquiesce check on slot_reset Keoseong Park (1): scsi: ufs: core: Remove redundant query_complete trace Kiran K (2): Bluetooth: btintel_pcie: Avoid redundant buffer allocation Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths Larysa Zaremba (1): idpf: protect shutdown from reset Leo Li (1): drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF Lijo Lazar (1): drm/amdgpu: Fix offset for HDP remap in nbio v7.11 LongPing Wei (1): dm-bufio: don't schedule in atomic context Louis-Alexis Eyraud (2): net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Luiz Augusto von Dentz (2): Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync Madhavan Srinivasan (2): powerpc/boot: Check for ld-option support powerpc/boot: Fix dash warning Madhu Chittim (1): idpf: fix offloads support for encapsulated packets Maor Gottlieb (1): net/mlx5: E-Switch, Initialize MAC Address for Default GID Mario Limonciello (2): platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Mark Dietzer (1): Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x Mattias Barthel (1): net: fec: ERR007885 Workaround for conventional TX Maxime Ripard (1): drm/tests: shmem: Fix memleak Michael Chan (1): bnxt_en: Fix ethtool -d byte order for 32-bit values Michael Liang (1): nvme-tcp: fix premature queue removal and I/O failover Michal Swiatkowski (1): idpf: fix potential memory leak on kcalloc() failure Mikulas Patocka (1): dm-integrity: fix a warning on invalid table line Mingcong Bai (1): iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Murad Masimov (1): wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Namjae Jeon (1): ksmbd: fix use-after-free in ksmbd_session_rpc_open Nicolin Chen (2): iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids iommu: Fix two issues in iommu_copy_struct_from_user() Niranjana Vishwanathapura (1): drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change Niravkumar L Rabara (2): EDAC/altera: Test the correct error reg offset EDAC/altera: Set DDR and SDMMC interrupt mask before registration Pauli Virtanen (1): Bluetooth: L2CAP: copy RX timestamp to new fragments Pavel Paklov (1): iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Philipp Stanner (1): drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Pranjal Shrivastava (1): net: Fix the devmem sock opts and msgs for parisc Rafael J. Wysocki (2): cpufreq: Avoid using inconsistent policy->min and policy->max cpufreq: Fix setting policy limits when frequency tables are used Richard Fitzgerald (1): ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB Richard Zhu (1): arm64: dts: imx95: Correct the range of PCIe app-reg region Ruslan Piasetskyi (1): mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Russell Cloran (1): drm/mipi-dbi: Fix blanking for non-16 bit formats Sagi Maimon (1): ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations Sathesh B Edara (2): octeon_ep_vf: Resolve netdevice usage count issue octeon_ep: Fix host hang issue during device reboot Sean Christopherson (1): perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Sean Heelan (2): ksmbd: fix use-after-free in kerberos authentication ksmbd: fix use-after-free in session logoff Shannon Nelson (3): pds_core: make pdsc_auxbus_dev_del() void pds_core: specify auxiliary_device to be created pds_core: remove write-after-free of client_id Sheetal (1): ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Shouye Liu (1): platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Shravya KN (1): bnxt_en: Fix error handling path in bnxt_init_chip() Shruti Parab (2): bnxt_en: Fix coredump logic to free allocated buffer bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shyam Saini (3): kernel: param: rename locate_module_kobject kernel: globalize lookup_or_create_module_kobject() drivers: base: handle module_kobject creation Simon Horman (1): net: dlink: Correct endianness handling of led_mode Somnath Kotur (1): bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() Srinivas Pandruvada (1): cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode Stefan Wahren (4): net: vertexcom: mse102x: Fix possible stuck of SPI interrupt net: vertexcom: mse102x: Fix LEN_MASK net: vertexcom: mse102x: Add range check for CMD_RTS net: vertexcom: mse102x: Fix RX error handling Stephan Gerhold (1): irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Steven Rostedt (1): tracing: Do not take trace_event_sem in print_event_fields() Sudeep Holla (1): firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Sébastien Szymanski (1): ARM: dts: opos6ul: add ksz8081 phy properties Takashi Iwai (2): ALSA: ump: Fix buffer overflow at UMP SysEx message conversion ALSA: hda/realtek: Fix built-mic regression on other ASUS models Thangaraj Samynathan (1): net: lan743x: Fix memleak issue when GSO enabled Tomasz Rusinowicz (1): accel/ivpu: Make DB_ID and JOB_ID allocations incremental Tudor Ambarus (1): dm: fix copying after src array boundaries Tvrtko Ursulin (1): drm/fdinfo: Protect against driver unbind Vadim Fedorenko (2): bnxt_en: improve TX timestamping FIFO configuration bnxt_en: fix module unload sequence Venkata Prasad Potturu (1): ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Victor Nogueira (4): net_sched: drr: Fix double list add in class with netem as child qdisc net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc net_sched: ets: Fix double list add in class with netem as child qdisc net_sched: qfq: Fix double list add in class with netem as child qdisc Vishal Badole (1): amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Vlad Dogaru (1): net/mlx5e: Use custom tunnel header for vxlan gbp Vladimir Oltean (2): net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID net: dsa: felix: fix broken taprio gate states after clock jump Wei Yang (2): mm/memblock: pass size instead of end to memblock_set_node() mm/memblock: repeat setting reserved region nid if array is doubled Wentao Liang (1): wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Will Deacon (1): arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Xuanqiang Luo (1): ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Yonglong Liu (1): net: hns3: fix an interrupt residual problem Zhenhua Huang (1): mm, slab: clean up slab->obj_exts always Zijun Hu (3): Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x Bluetooth: btusb: Add one more ID 0x13d3:0x3623 for Qualcomm WCN785x Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x e.kubanski (1): xsk: Fix race condition in AF_XDP generic RX path

7 months, 1 week

1
1
0 0

Linux 6.6.90

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.90 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul-imx6ull-opos6ul.dtsi | 3 arch/arm64/boot/dts/st/stm32mp251.dtsi | 9 arch/arm64/kernel/proton-pack.c | 2 arch/parisc/math-emu/driver.c | 16 arch/powerpc/boot/wrapper | 6 arch/powerpc/mm/book3s64/radix_pgtable.c | 17 arch/riscv/include/asm/patch.h | 2 arch/riscv/kernel/patch.c | 14 arch/riscv/kernel/probes/kprobes.c | 18 arch/riscv/net/bpf_jit_comp64.c | 7 arch/x86/events/intel/core.c | 2 arch/x86/include/asm/kvm-x86-ops.h | 1 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kvm/svm/svm.c | 13 arch/x86/kvm/vmx/vmx.c | 11 arch/x86/kvm/x86.c | 3 drivers/base/module.c | 13 drivers/bluetooth/btusb.c | 101 +++-- drivers/cpufreq/cpufreq.c | 42 +- drivers/cpufreq/cpufreq_ondemand.c | 3 drivers/cpufreq/freq_table.c | 6 drivers/edac/altera_edac.c | 9 drivers/edac/altera_edac.h | 2 drivers/firmware/arm_ffa/driver.c | 3 drivers/firmware/arm_scmi/bus.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 56 +- drivers/gpu/drm/drm_file.c | 6 drivers/gpu/drm/i915/pxp/intel_pxp_gsccs.h | 8 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/nouveau/nouveau_fence.c | 2 drivers/i2c/busses/i2c-imx-lpi2c.c | 4 drivers/iommu/amd/init.c | 8 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 ++-- drivers/iommu/intel/iommu.c | 4 drivers/iommu/iommu.c | 18 drivers/irqchip/irq-qcom-mpm.c | 3 drivers/md/dm-bufio.c | 9 drivers/md/dm-integrity.c | 2 drivers/md/dm-table.c | 5 drivers/mmc/host/renesas_sdhi_core.c | 10 drivers/net/dsa/ocelot/felix_vsc9959.c | 5 drivers/net/ethernet/amd/pds_core/auxbus.c | 49 +- drivers/net/ethernet/amd/pds_core/core.h | 7 drivers/net/ethernet/amd/pds_core/dev.c | 11 drivers/net/ethernet/amd/pds_core/devlink.c | 7 drivers/net/ethernet/amd/pds_core/main.c | 23 + drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 + drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 20 - drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 38 + drivers/net/ethernet/dlink/dl2k.c | 2 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/freescale/fec_main.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 ++-- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 - drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 drivers/net/ethernet/intel/igc/igc_ptp.c | 6 drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 2 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 14 drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 drivers/net/ethernet/microchip/lan743x_main.c | 8 drivers/net/ethernet/microchip/lan743x_main.h | 1 drivers/net/ethernet/mscc/ocelot.c | 194 +++++++++- drivers/net/ethernet/mscc/ocelot_vcap.c | 1 drivers/net/ethernet/vertexcom/mse102x.c | 36 + drivers/net/mdio/mdio-mux-meson-gxl.c | 3 drivers/net/usb/rndis_host.c | 16 drivers/net/vxlan/vxlan_vnifilter.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 drivers/net/wireless/purelifi/plfxlc/mac.c | 1 drivers/nvme/host/pci.c | 2 drivers/nvme/host/tcp.c | 31 + drivers/pci/controller/dwc/pci-imx6.c | 3 drivers/platform/x86/amd/pmc/pmc.c | 7 drivers/platform/x86/intel/uncore-frequency/uncore-frequency.c | 13 drivers/spi/spi-tegra114.c | 6 drivers/usb/host/xhci-debugfs.c | 2 drivers/usb/host/xhci-hub.c | 30 - drivers/usb/host/xhci-mem.c | 175 +++++++-- drivers/usb/host/xhci-ring.c | 4 drivers/usb/host/xhci.c | 80 ++-- drivers/usb/host/xhci.h | 20 - fs/btrfs/inode.c | 9 fs/smb/client/smb2pdu.c | 1 fs/smb/server/auth.c | 14 fs/smb/server/smb2pdu.c | 5 include/linux/bpf.h | 1 include/linux/bpf_verifier.h | 1 include/linux/cpufreq.h | 83 ++-- include/linux/filter.h | 2 include/linux/module.h | 2 include/linux/pds/pds_core_if.h | 1 include/linux/skbuff.h | 52 ++ include/net/inet_frag.h | 4 include/soc/mscc/ocelot_vcap.h | 2 include/sound/ump_convert.h | 2 kernel/bpf/core.c | 2 kernel/bpf/verifier.c | 81 +++- kernel/params.c | 6 kernel/trace/trace.c | 5 kernel/trace/trace_output.c | 4 mm/memblock.c | 12 net/bluetooth/l2cap_core.c | 3 net/bridge/netfilter/nf_conntrack_bridge.c | 6 net/core/dev.c | 2 net/core/filter.c | 75 +-- net/ieee802154/6lowpan/reassembly.c | 2 net/ipv4/inet_fragment.c | 2 net/ipv4/ip_fragment.c | 2 net/ipv4/ip_output.c | 9 net/ipv4/tcp_output.c | 14 net/ipv4/udp_offload.c | 61 +++ net/ipv6/ip6_output.c | 6 net/ipv6/netfilter.c | 6 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 net/ipv6/reassembly.c | 2 net/ipv6/tcp_ipv6.c | 2 net/sched/act_bpf.c | 4 net/sched/cls_bpf.c | 4 net/sched/sch_drr.c | 16 net/sched/sch_ets.c | 17 net/sched/sch_hfsc.c | 10 net/sched/sch_htb.c | 2 net/sched/sch_qfq.c | 18 sound/soc/codecs/ak4613.c | 4 sound/soc/soc-core.c | 36 - sound/soc/soc-pcm.c | 5 sound/usb/endpoint.c | 7 sound/usb/format.c | 3 tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c | 107 +++++ tools/testing/selftests/bpf/progs/changes_pkt_data.c | 39 ++ tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c | 18 tools/testing/selftests/bpf/progs/verifier_sock.c | 56 ++ 142 files changed, 1757 insertions(+), 650 deletions(-) Aaron Kling (1): spi: tegra114: Don't fail set_cs_timing when delays are zero Abhishek Chauhan (1): net: Rename mono_delivery_time to tstamp_type for scalabilty Benjamin Marzinski (1): dm: always update the array size in realloc_argv on success Chad Monroe (1): net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM Chen Linxuan (1): drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' Chris Bainbridge (1): drm/amd/display: Fix slab-use-after-free in hdcp Chris Mi (1): net/mlx5: E-switch, Fix error handling for enabling roce Christian Bruel (2): arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs Christian Heusel (1): Revert "rndis_host: Flag RNDIS modems as WWAN devices" Christian Hewitt (1): Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Clark Wang (1): i2c: imx-lpi2c: Fix clock count when probe defers Cong Wang (5): sch_htb: make htb_qlen_notify() idempotent sch_drr: make drr_qlen_notify() idempotent sch_hfsc: make hfsc_qlen_notify() idempotent sch_qfq: make qfq_qlen_notify() idempotent sch_ets: make est_qlen_notify() idempotent Cristian Marussi (1): firmware: arm_scmi: Balance device refcount when destroying devices Da Xue (1): net: mdio: mux-meson-gxl: set reversed bit when using internal phy Dave Chen (1): btrfs: fix COW handling in run_delalloc_nocow() Donet Tom (1): book3s64/radix : Align section vmemmap start address to PAGE_SIZE Eduard Zingerman (10): bpf: add find_containing_subprog() utility function bpf: refactor bpf_helper_changes_pkt_data to use helper number bpf: track changes_pkt_data property for global functions selftests/bpf: test for changing packet data from global functions bpf: check changes_pkt_data property for extension programs selftests/bpf: freplace tests for tracking of changes_packet_data bpf: consider that tail calls invalidate packet pointers selftests/bpf: validate that tail call invalidates packet pointers bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs selftests/bpf: extend changes_pkt_data with cases w/o subprograms En-Wei Wu (1): Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() Felix Fietkau (1): net: ipv6: fix UDPv6 GSO segmentation with NAT Geert Uytterhoeven (1): ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Geoffrey D. Bennett (1): ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() Greg Kroah-Hartman (1): Linux 6.6.90 Hao Lan (1): net: hns3: fixed debugfs tm_qset size Helge Deller (1): parisc: Fix double SIGFPE crash Ido Schimmel (1): vxlan: vnifilter: Fix unlocked deletion of default FDB entry Jacob Keller (1): igc: fix lock order in igc_ptp_reset Jason Gunthorpe (1): iommu/arm-smmu-v3: Use the new rb tree helpers Jeongjun Park (1): tracing: Fix oob write in trace_seq_to_buffer() Jethro Donaldson (1): smb: client: fix zero length for mkdir POSIX create context Jian Shen (2): net: hns3: store rx VLAN tag offload state for VF net: hns3: defer calling ptp_clock_register() Joachim Priesner (1): ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Jonathan Bell (1): xhci: Use more than one Event Ring segment Keith Busch (1): nvme-pci: fix queue unquiesce check on slot_reset LongPing Wei (1): dm-bufio: don't schedule in atomic context Louis-Alexis Eyraud (2): net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Lukas Wunner (2): xhci: Set DESI bits in ERDP register correctly xhci: Clean up stale comment on ERST_SIZE macro Madhavan Srinivasan (2): powerpc/boot: Check for ld-option support powerpc/boot: Fix dash warning Maor Gottlieb (1): net/mlx5: E-Switch, Initialize MAC Address for Default GID Marc Zyngier (1): usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() Mario Limonciello (2): platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Mathias Nyman (6): xhci: split free interrupter into separate remove and free parts xhci: add support to allocate several interrupters xhci: Add helper to set an interrupters interrupt moderation interval xhci: support setting interrupt moderation IMOD for secondary interrupters xhci: Limit time spent with xHC interrupts disabled during bus resume xhci: fix possible null pointer dereference at secondary interrupter removal Mattias Barthel (1): net: fec: ERR007885 Workaround for conventional TX Michael Chan (1): bnxt_en: Fix ethtool -d byte order for 32-bit values Michael Liang (1): nvme-tcp: fix premature queue removal and I/O failover Mikulas Patocka (1): dm-integrity: fix a warning on invalid table line Mingcong Bai (1): iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Murad Masimov (1): wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Nicolin Chen (1): iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Niklas Neronin (1): usb: xhci: check if 'requested segments' exceeds ERST capacity Niravkumar L Rabara (2): EDAC/altera: Test the correct error reg offset EDAC/altera: Set DDR and SDMMC interrupt mask before registration Pauli Virtanen (1): Bluetooth: L2CAP: copy RX timestamp to new fragments Pavel Paklov (1): iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Philipp Stanner (1): drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Rafael J. Wysocki (2): cpufreq: Avoid using inconsistent policy->min and policy->max cpufreq: Fix setting policy limits when frequency tables are used Richard Zhu (1): PCI: imx6: Skip controller_id generation logic for i.MX7D Rob Herring (Arm) (1): ASoC: Use of_property_read_bool() Robin Murphy (1): iommu: Handle race with default domain setup Ruslan Piasetskyi (1): mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Ryan Matthews (1): Revert "PCI: imx6: Skip controller_id generation logic for i.MX7D" Samuel Holland (1): riscv: Pass patch_text() the length in bytes Sathesh B Edara (1): octeon_ep: Fix host hang issue during device reboot Sean Christopherson (2): perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Sean Heelan (1): ksmbd: fix use-after-free in kerberos authentication Shannon Nelson (5): pds_core: check health in devcmd wait pds_core: delete VF dev on reset pds_core: make pdsc_auxbus_dev_del() void pds_core: specify auxiliary_device to be created pds_core: remove write-after-free of client_id Sheetal (1): ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Shouye Liu (1): platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Shruti Parab (2): bnxt_en: Fix coredump logic to free allocated buffer bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shyam Saini (3): kernel: param: rename locate_module_kobject kernel: globalize lookup_or_create_module_kobject() drivers: base: handle module_kobject creation Simon Horman (1): net: dlink: Correct endianness handling of led_mode Stefan Wahren (4): net: vertexcom: mse102x: Fix possible stuck of SPI interrupt net: vertexcom: mse102x: Fix LEN_MASK net: vertexcom: mse102x: Add range check for CMD_RTS net: vertexcom: mse102x: Fix RX error handling Stephan Gerhold (1): irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Steven Rostedt (1): tracing: Do not take trace_event_sem in print_event_fields() Sudeep Holla (1): firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Sébastien Szymanski (1): ARM: dts: opos6ul: add ksz8081 phy properties Takashi Iwai (1): ALSA: ump: Fix buffer overflow at UMP SysEx message conversion Thangaraj Samynathan (1): net: lan743x: Fix memleak issue when GSO enabled Tudor Ambarus (1): dm: fix copying after src array boundaries Tvrtko Ursulin (1): drm/fdinfo: Protect against driver unbind Victor Nogueira (4): net_sched: drr: Fix double list add in class with netem as child qdisc net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc net_sched: ets: Fix double list add in class with netem as child qdisc net_sched: qfq: Fix double list add in class with netem as child qdisc Vishal Badole (1): amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Vladimir Oltean (3): net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID net: dsa: felix: fix broken taprio gate states after clock jump Wei Yang (2): mm/memblock: pass size instead of end to memblock_set_node() mm/memblock: repeat setting reserved region nid if array is doubled Wentao Liang (1): wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Will Deacon (1): arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Xuanqiang Luo (1): ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Yonglong Liu (1): net: hns3: fix an interrupt residual problem

7 months, 1 week

1
1
0 0

Linux 6.1.138

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.138 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 arch/arm64/kernel/proton-pack.c | 2 arch/parisc/math-emu/driver.c | 16 arch/x86/events/intel/core.c | 2 arch/x86/include/asm/kexec.h | 18 arch/x86/include/asm/kvm-x86-ops.h | 1 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/machine_kexec_64.c | 45 - arch/x86/kvm/svm/svm.c | 13 arch/x86/kvm/vmx/vmx.c | 11 arch/x86/kvm/x86.c | 3 drivers/cpufreq/cpufreq.c | 42 drivers/cpufreq/cpufreq_ondemand.c | 3 drivers/cpufreq/freq_table.c | 6 drivers/edac/altera_edac.c | 9 drivers/edac/altera_edac.h | 2 drivers/firmware/arm_ffa/driver.c | 3 drivers/firmware/arm_scmi/bus.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 429 +++++----- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.h | 5 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/nouveau/nouveau_fence.c | 2 drivers/i2c/busses/i2c-imx-lpi2c.c | 4 drivers/iommu/amd/init.c | 8 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 - drivers/iommu/intel/iommu.c | 4 drivers/irqchip/irq-gic-v2m.c | 8 drivers/irqchip/irq-qcom-mpm.c | 3 drivers/md/dm-bufio.c | 3 drivers/md/dm-integrity.c | 2 drivers/md/dm-table.c | 5 drivers/md/md.c | 27 drivers/md/md.h | 2 drivers/md/raid0.c | 16 drivers/md/raid5.c | 41 drivers/mmc/host/renesas_sdhi_core.c | 10 drivers/net/dsa/ocelot/felix_vsc9959.c | 5 drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 20 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 38 drivers/net/ethernet/dlink/dl2k.c | 2 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/freescale/fec_main.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 drivers/net/ethernet/microchip/lan743x_main.c | 8 drivers/net/ethernet/microchip/lan743x_main.h | 1 drivers/net/ethernet/mscc/ocelot.c | 194 ++++ drivers/net/ethernet/mscc/ocelot_vcap.c | 1 drivers/net/ethernet/vertexcom/mse102x.c | 36 drivers/net/phy/microchip.c | 46 - drivers/net/usb/rndis_host.c | 16 drivers/net/vxlan/vxlan_vnifilter.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 drivers/net/wireless/purelifi/plfxlc/mac.c | 1 drivers/nvme/host/tcp.c | 31 drivers/pci/controller/dwc/pci-imx6.c | 5 drivers/platform/x86/intel/uncore-frequency/uncore-frequency.c | 13 fs/smb/server/auth.c | 14 fs/smb/server/smb2pdu.c | 5 fs/xfs/libxfs/xfs_attr_remote.c | 1 fs/xfs/libxfs/xfs_bmap.c | 130 ++- fs/xfs/libxfs/xfs_da_btree.c | 20 fs/xfs/libxfs/xfs_inode_buf.c | 47 - fs/xfs/libxfs/xfs_sb.c | 7 fs/xfs/scrub/attr.c | 5 fs/xfs/xfs_aops.c | 54 - fs/xfs/xfs_attr_item.c | 88 +- fs/xfs/xfs_bmap_util.c | 61 - fs/xfs/xfs_bmap_util.h | 2 fs/xfs/xfs_dquot.c | 1 fs/xfs/xfs_icache.c | 2 fs/xfs/xfs_inode.c | 14 fs/xfs/xfs_iomap.c | 81 + fs/xfs/xfs_reflink.c | 20 fs/xfs/xfs_rtalloc.c | 2 include/linux/cpufreq.h | 83 + include/soc/mscc/ocelot_vcap.h | 2 kernel/trace/trace.c | 5 net/ipv4/udp_offload.c | 61 + net/sched/sch_drr.c | 16 net/sched/sch_ets.c | 17 net/sched/sch_hfsc.c | 10 net/sched/sch_htb.c | 2 net/sched/sch_qfq.c | 18 sound/soc/codecs/ak4613.c | 4 sound/soc/soc-core.c | 36 sound/soc/soc-pcm.c | 5 sound/usb/format.c | 3 101 files changed, 1467 insertions(+), 837 deletions(-) Benjamin Marzinski (1): dm: always update the array size in realloc_argv on success Bhawanpreet Lakha (1): drm/amd/display: Change HDCP update sequence for DM Chris Bainbridge (1): drm/amd/display: Fix slab-use-after-free in hdcp Chris Mi (1): net/mlx5: E-switch, Fix error handling for enabling roce Christian Heusel (1): Revert "rndis_host: Flag RNDIS modems as WWAN devices" Christian Hewitt (1): Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Christoph Hellwig (4): xfs: fix error returns from xfs_bmapi_write xfs: fix xfs_bmap_add_extent_delay_real for partial conversions xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent xfs: fix freeing speculative preallocations for preallocated files Clark Wang (1): i2c: imx-lpi2c: Fix clock count when probe defers Cong Wang (5): sch_htb: make htb_qlen_notify() idempotent sch_drr: make drr_qlen_notify() idempotent sch_hfsc: make hfsc_qlen_notify() idempotent sch_qfq: make qfq_qlen_notify() idempotent sch_ets: make est_qlen_notify() idempotent Cristian Marussi (1): firmware: arm_scmi: Balance device refcount when destroying devices Darrick J. Wong (7): xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 xfs: validate recovered name buffers when recovering xattr items xfs: revert commit 44af6c7e59b12 xfs: allow symlinks with short remote targets xfs: allow unlinked symlinks and dirs with zero size xfs: restrict when we try to align cow fork delalloc to cowextsz hints Felix Fietkau (1): net: ipv6: fix UDPv6 GSO segmentation with NAT Fiona Klute (1): net: phy: microchip: force IRQ polling mode for lan88xx Geert Uytterhoeven (1): ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Greg Kroah-Hartman (2): Revert "x86/kexec: Allocate PGD for x86_64 transition page tables separately" Linux 6.1.138 Hao Lan (1): net: hns3: fixed debugfs tm_qset size Helge Deller (1): parisc: Fix double SIGFPE crash Ido Schimmel (1): vxlan: vnifilter: Fix unlocked deletion of default FDB entry Jason Gunthorpe (1): iommu/arm-smmu-v3: Use the new rb tree helpers Jeongjun Park (1): tracing: Fix oob write in trace_seq_to_buffer() Jian Shen (2): net: hns3: store rx VLAN tag offload state for VF net: hns3: defer calling ptp_clock_register() Joachim Priesner (1): ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset LongPing Wei (1): dm-bufio: don't schedule in atomic context Louis-Alexis Eyraud (2): net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Maor Gottlieb (1): net/mlx5: E-Switch, Initialize MAC Address for Default GID Mario Limonciello (1): drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Mattias Barthel (1): net: fec: ERR007885 Workaround for conventional TX Michael Chan (1): bnxt_en: Fix ethtool -d byte order for 32-bit values Michael Liang (1): nvme-tcp: fix premature queue removal and I/O failover Mikulas Patocka (1): dm-integrity: fix a warning on invalid table line Mingcong Bai (1): iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Murad Masimov (1): wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Nicolin Chen (1): iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Niravkumar L Rabara (2): EDAC/altera: Test the correct error reg offset EDAC/altera: Set DDR and SDMMC interrupt mask before registration Pavel Paklov (1): iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Philipp Stanner (1): drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Rafael J. Wysocki (2): cpufreq: Avoid using inconsistent policy->min and policy->max cpufreq: Fix setting policy limits when frequency tables are used Richard Zhu (1): PCI: imx6: Skip controller_id generation logic for i.MX7D Rob Herring (Arm) (1): ASoC: Use of_property_read_bool() Ruslan Piasetskyi (1): mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Sean Christopherson (2): perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Sean Heelan (1): ksmbd: fix use-after-free in kerberos authentication Sheetal (1): ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Shouye Liu (1): platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Shruti Parab (2): bnxt_en: Fix coredump logic to free allocated buffer bnxt_en: Fix out-of-bound memcpy() during ethtool -w Simon Horman (1): net: dlink: Correct endianness handling of led_mode Srinivasan Shanmugam (1): drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c Stefan Wahren (4): net: vertexcom: mse102x: Fix possible stuck of SPI interrupt net: vertexcom: mse102x: Fix LEN_MASK net: vertexcom: mse102x: Add range check for CMD_RTS net: vertexcom: mse102x: Fix RX error handling Stephan Gerhold (1): irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Sudeep Holla (1): firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Suzuki K Poulose (1): irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Sébastien Szymanski (1): ARM: dts: opos6ul: add ksz8081 phy properties Thangaraj Samynathan (1): net: lan743x: Fix memleak issue when GSO enabled Thomas Gleixner (1): irqchip/gic-v2m: Mark a few functions __init Tudor Ambarus (1): dm: fix copying after src array boundaries Victor Nogueira (4): net_sched: drr: Fix double list add in class with netem as child qdisc net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc net_sched: ets: Fix double list add in class with netem as child qdisc net_sched: qfq: Fix double list add in class with netem as child qdisc Vishal Badole (1): amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Vladimir Oltean (3): net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID net: dsa: felix: fix broken taprio gate states after clock jump Wengang Wang (1): xfs: make sure sb_fdblocks is non-negative Wentao Liang (1): wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Will Deacon (1): arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Xuanqiang Luo (1): ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Yonglong Liu (1): net: hns3: fix an interrupt residual problem Yu Kuai (1): md: move initialization and destruction of 'io_acct_set' to md.c Zhang Yi (4): xfs: match lock mode in xfs_buffered_write_iomap_begin() xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset xfs: convert delayed extents to unwritten when zeroing post eof blocks hersen wu (1): drm/amd/display: phase2 enable mst hdcp multiple displays

7 months, 1 week

1
1
0 0

Linux 5.15.182

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.182 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 arch/arm64/kernel/proton-pack.c | 2 arch/parisc/math-emu/driver.c | 16 arch/x86/include/asm/kvm-x86-ops.h | 1 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kvm/svm/svm.c | 13 arch/x86/kvm/vmx/vmx.c | 11 arch/x86/kvm/x86.c | 3 drivers/edac/altera_edac.c | 9 drivers/edac/altera_edac.h | 2 drivers/firmware/arm_scmi/bus.c | 3 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/nouveau/nouveau_fence.c | 2 drivers/i2c/busses/i2c-imx-lpi2c.c | 4 drivers/iommu/amd/init.c | 8 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 +-- drivers/iommu/intel/iommu.c | 4 drivers/irqchip/irq-gic-v2m.c | 8 drivers/md/dm-integrity.c | 2 drivers/md/dm-table.c | 5 drivers/mmc/host/renesas_sdhi_core.c | 10 drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 20 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 38 + drivers/net/ethernet/dlink/dl2k.c | 2 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/freescale/fec_main.c | 7 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 119 +++- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 3 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 61 +- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 26 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 drivers/net/ethernet/intel/ice/ice_fltr.c | 58 ++ drivers/net/ethernet/intel/ice/ice_fltr.h | 12 drivers/net/ethernet/intel/ice/ice_main.c | 49 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 139 ++--- drivers/net/ethernet/mediatek/mtk_star_emac.c | 341 +++++++------ drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 drivers/net/ethernet/microchip/lan743x_main.c | 8 drivers/net/ethernet/microchip/lan743x_main.h | 1 drivers/net/phy/microchip.c | 46 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 drivers/nvme/host/tcp.c | 31 + drivers/of/device.c | 7 drivers/pci/controller/dwc/pci-imx6.c | 5 drivers/target/target_core_file.c | 3 drivers/target/target_core_iblock.c | 4 drivers/target/target_core_sbc.c | 6 kernel/trace/trace.c | 5 net/ipv4/udp_offload.c | 61 ++ net/sched/act_mirred.c | 22 net/sched/sch_drr.c | 9 net/sched/sch_ets.c | 9 net/sched/sch_hfsc.c | 2 net/sched/sch_qfq.c | 11 sound/usb/format.c | 3 67 files changed, 933 insertions(+), 493 deletions(-) Benjamin Marzinski (1): dm: always update the array size in realloc_argv on success Biao Huang (1): net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs Brett Creeley (1): ice: Refactor promiscuous functions Chris Mi (1): net/mlx5: E-switch, Fix error handling for enabling roce Christian Hewitt (1): Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Clark Wang (1): i2c: imx-lpi2c: Fix clock count when probe defers Cristian Marussi (1): firmware: arm_scmi: Balance device refcount when destroying devices Felix Fietkau (1): net: ipv6: fix UDPv6 GSO segmentation with NAT Fiona Klute (1): net: phy: microchip: force IRQ polling mode for lan88xx Greg Kroah-Hartman (1): Linux 5.15.182 Hao Lan (1): net: hns3: fixed debugfs tm_qset size Helge Deller (1): parisc: Fix double SIGFPE crash Jakub Kicinski (1): net/sched: act_mirred: don't override retval if we already lost the skb Jason Gunthorpe (1): iommu/arm-smmu-v3: Use the new rb tree helpers Jeongjun Park (1): tracing: Fix oob write in trace_seq_to_buffer() Jian Shen (2): net: hns3: store rx VLAN tag offload state for VF net: hns3: defer calling ptp_clock_register() Joachim Priesner (1): ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Louis-Alexis Eyraud (2): net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Maor Gottlieb (1): net/mlx5: E-Switch, Initialize MAC Address for Default GID Mattias Barthel (1): net: fec: ERR007885 Workaround for conventional TX Michael Chan (1): bnxt_en: Fix ethtool -d byte order for 32-bit values Michael Liang (1): nvme-tcp: fix premature queue removal and I/O failover Mike Christie (1): scsi: target: Fix WRITE_SAME No Data Buffer crash Mikulas Patocka (1): dm-integrity: fix a warning on invalid table line Mingcong Bai (1): iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Nicolin Chen (1): iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Niravkumar L Rabara (2): EDAC/altera: Test the correct error reg offset EDAC/altera: Set DDR and SDMMC interrupt mask before registration Pavel Paklov (1): iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Philipp Stanner (1): drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Richard Zhu (1): PCI: imx6: Skip controller_id generation logic for i.MX7D Ruslan Piasetskyi (1): mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Sean Christopherson (1): KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Sergey Shtylyov (1): of: module: add buffer overflow check in of_modalias() Shruti Parab (2): bnxt_en: Fix coredump logic to free allocated buffer bnxt_en: Fix out-of-bound memcpy() during ethtool -w Simon Horman (1): net: dlink: Correct endianness handling of led_mode Suzuki K Poulose (1): irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Sébastien Szymanski (1): ARM: dts: opos6ul: add ksz8081 phy properties Thangaraj Samynathan (1): net: lan743x: Fix memleak issue when GSO enabled Thomas Gleixner (1): irqchip/gic-v2m: Mark a few functions __init Tudor Ambarus (1): dm: fix copying after src array boundaries Victor Nogueira (4): net_sched: drr: Fix double list add in class with netem as child qdisc net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc net_sched: ets: Fix double list add in class with netem as child qdisc net_sched: qfq: Fix double list add in class with netem as child qdisc Vishal Badole (1): amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Wentao Liang (1): wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Will Deacon (1): arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Xiang wangx (1): irqchip/gic-v2m: Add const to of_device_id Xuanqiang Luo (1): ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Yonglong Liu (3): net: hns3: add support for external loopback test net: hns3: fix an interrupt residual problem net: hns3: fix deadlock issue when externel_lb and reset are executed together

7 months, 1 week

1
1
0 0

[PATCH 6.12 000/164] 6.12.28-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.28 release. There are 164 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 09 May 2025 18:37:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.28-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.28-rc1 Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/amd/display: Fix slab-use-after-free in hdcp Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Shyam Saini <shyamsaini(a)linux.microsoft.com> drivers: base: handle module_kobject creation Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: globalize lookup_or_create_module_kobject() Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: param: rename locate_module_kobject Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Richard Zhu <hongxing.zhu(a)nxp.com> arm64: dts: imx95: Correct the range of PCIe app-reg region Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Fix locking order in ivpu_job_submit Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Abort all jobs after command queue unregister Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Update VPU FW API headers Andrew Kreimer <algonell(a)gmail.com> accel/ivpu: Fix a typo Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Use xa_alloc_cyclic() instead of custom function Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> accel/ivpu: Make DB_ID and JOB_ID allocations incremental Pranjal Shrivastava <praan(a)google.com> net: Fix the devmem sock opts and msgs for parisc Alan Huang <mmpgouride(a)gmail.com> bcachefs: Remove incorrect __counted_by annotation Zhenhua Huang <quic_zhenhuah(a)quicinc.com> mm, slab: clean up slab->obj_exts always Daniel Wagner <wagi(a)kernel.org> blk-mq: create correct map for fallback case Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix RX error handling Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Add range check for CMD_RTS Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix LEN_MASK Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Sathesh B Edara <sedara(a)marvell.com> octeon_ep: Fix host hang issue during device reboot Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Sagi Maimon <sagi.maimon(a)adtran.com> ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations Jibin Zhang <jibin.zhang(a)mediatek.com> net: use sock_gen_put() when sk_state is TCP_TIME_WAIT Vadim Fedorenko <vadim.fedorenko(a)linux.dev> bnxt_en: fix module unload sequence Alexander Stein <alexander.stein(a)ew.tq-group.com> ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Alistair Francis <alistair.francis(a)wdc.com> nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS Alistair Francis <alistair23(a)gmail.com> nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Kashyap Desai <kashyap.desai(a)broadcom.com> bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix ethtool selftest output in one of the failure cases Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix error handling path in bnxt_init_chip() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-mic regression on other ASUS models Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix broken taprio gate states after clock jump Chad Monroe <chad(a)monroe.io> net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM Jacob Keller <jacob.e.keller(a)intel.com> igc: fix lock order in igc_ptp_reset Larysa Zaremba <larysa.zaremba(a)intel.com> idpf: protect shutdown from reset Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> idpf: fix potential memory leak on kcalloc() failure Da Xue <da(a)libre.computer> net: mdio: mux-meson-gxl: set reversed bit when using internal phy Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Russell Cloran <rcloran(a)gmail.com> drm/mipi-dbi: Fix blanking for non-16 bit formats Maxime Ripard <mripard(a)kernel.org> drm/tests: shmem: Fix memleak Keith Busch <kbusch(a)kernel.org> nvme-pci: fix queue unquiesce check on slot_reset Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix buffer overflow at UMP SysEx message conversion Keoseong Park <keosung.park(a)samsung.com> scsi: ufs: core: Remove redundant query_complete trace Madhu Chittim <madhu.chittim(a)intel.com> idpf: fix offloads support for encapsulated packets Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Shannon Nelson <shannon.nelson(a)amd.com> pds_core: remove write-after-free of client_id Shannon Nelson <shannon.nelson(a)amd.com> pds_core: specify auxiliary_device to be created Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make pdsc_auxbus_dev_del() void Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Justin Lai <justinlai0215(a)realtek.com> rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation Vadim Fedorenko <vadim.fedorenko(a)linux.dev> bnxt_en: improve TX timestamping FIFO configuration Sathesh B Edara <sedara(a)marvell.com> octeon_ep_vf: Resolve netdevice usage count issue Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: copy RX timestamp to new fragments Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Avoid redundant buffer allocation Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: hci_conn: Remove alloc from critical section Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Correct DCT interrupt handling Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: TC, Continue the attr process even if encap entry is invalid Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Vlad Dogaru <vdogaru(a)nvidia.com> net/mlx5e: Use custom tunnel header for vxlan gbp e.kubanski <e.kubanski(a)partner.samsung.com> xsk: Fix race condition in AF_XDP generic RX path Ido Schimmel <idosch(a)nvidia.com> vxlan: vnifilter: Fix unlocked deletion of default FDB entry Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Fix dash warning Murad Masimov <m.masimov(a)mt-integration.ru> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: fix the check for the SCRATCH register upon resume Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: don't warn if the NIC is gone in resume Chen Linxuan <chenlinxuan(a)uniontech.com> drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Enable speaker for HP platform Chenyuan Yang <chenyuan0y(a)gmail.com> ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Check for ld-option support Hui Wang <hui.wang(a)canonical.com> pinctrl: imx: Return NULL if no group is matched and found Donet Tom <donettom(a)linux.ibm.com> book3s64/radix : Align section vmemmap start address to PAGE_SIZE Sheetal <sheetal(a)nvidia.com> ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix setting policy limits when frequency tables are used Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Jethro Donaldson <devel(a)jro.nz> smb: client: fix zero length for mkdir POSIX create context Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in session logoff Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in kerberos authentication Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_session_rpc_open Shouye Liu <shouyeliu(a)tencent.com> platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles Nicolin Chen <nicolinc(a)nvidia.com> iommu: Fix two issues in iommu_copy_struct_from_user() Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Balbir Singh <balbirs(a)nvidia.com> iommu/arm-smmu-v3: Fix pgsize_bit for sva domains Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Janne Grunau <j(a)jannau.net> drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix offset for HDP remap in nbio v7.11 Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line LongPing Wei <weilongping(a)oppo.com> dm-bufio: don't schedule in atomic context Ard Biesheuvel <ardb(a)kernel.org> x86/boot/sev: Support memory acceptance in the EFI stub under SVSM Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not take trace_event_sem in print_event_fields() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Don't fail set_cs_timing when delays are zero Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: repeat setting reserved region nid if array is doubled Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: pass size instead of end to memblock_set_node() Stephan Gerhold <stephan.gerhold(a)linaro.org> irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Sean Christopherson <seanjc(a)google.com> perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Only check the group flag for X86 leader Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/fdinfo: Protect against driver unbind Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode Dave Chen <davechen(a)synology.com> btrfs: fix COW handling in run_delalloc_nocow() Josef Bacik <josef(a)toxicpanda.com> btrfs: adjust subpage bit start based on sectorsize Carlos Llamas <cmllamas(a)google.com> binder: fix offset calculation in debug log Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Geoffrey D. Bennett <g(a)b4.vu> ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() Christian Heusel <christian(a)heusel.eu> Revert "rndis_host: Flag RNDIS modems as WWAN devices" Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x Dorian Cruveiller <doriancruveiller(a)gmail.com> Bluetooth: btusb: Add new VID/PID for WCN785x Mark Dietzer <git(a)doridian.net> Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: btusb: Add one more ID 0x13d3:0x3623 for Qualcomm WCN785x Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x Aaron Ma <aaron.ma(a)canonical.com> Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x ------------- Diffstat: Makefile | 4 +- .../boot/dts/nxp/imx/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/boot/dts/freescale/imx95.dtsi | 8 +- arch/arm64/boot/dts/st/stm32mp251.dtsi | 9 +- arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/include/uapi/asm/socket.h | 10 +- arch/parisc/math-emu/driver.c | 16 +- arch/powerpc/boot/wrapper | 6 +- arch/powerpc/mm/book3s64/radix_pgtable.c | 17 +- arch/x86/boot/compressed/mem.c | 5 +- arch/x86/boot/compressed/sev.c | 40 +++ arch/x86/boot/compressed/sev.h | 2 + arch/x86/events/core.c | 2 +- arch/x86/events/intel/core.c | 2 +- arch/x86/events/perf_event.h | 9 +- block/blk-mq-cpumap.c | 3 +- drivers/accel/ivpu/ivpu_drv.c | 38 +-- drivers/accel/ivpu/ivpu_drv.h | 9 + drivers/accel/ivpu/ivpu_hw_btrs.h | 2 +- drivers/accel/ivpu/ivpu_job.c | 125 ++++++--- drivers/accel/ivpu/ivpu_job.h | 1 + drivers/accel/ivpu/ivpu_jsm_msg.c | 3 +- drivers/accel/ivpu/ivpu_mmu.c | 3 +- drivers/accel/ivpu/ivpu_pm.c | 18 +- drivers/accel/ivpu/ivpu_sysfs.c | 5 +- drivers/accel/ivpu/vpu_boot_api.h | 45 +-- drivers/accel/ivpu/vpu_jsm_api.h | 303 ++++++++++++++++++--- drivers/android/binder.c | 2 +- drivers/base/module.c | 13 +- drivers/bluetooth/btintel_pcie.c | 57 ++-- drivers/bluetooth/btusb.c | 137 ++++++++-- drivers/cpufreq/cpufreq.c | 42 ++- drivers/cpufreq/cpufreq_ondemand.c | 3 +- drivers/cpufreq/freq_table.c | 6 +- drivers/cpufreq/intel_pstate.c | 3 + drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_ffa/driver.c | 3 +- drivers/firmware/arm_scmi/bus.c | 3 + drivers/gpu/drm/Kconfig | 2 +- drivers/gpu/drm/amd/amdgpu/nbio_v7_11.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 -- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 56 ++-- drivers/gpu/drm/drm_file.c | 6 + drivers/gpu/drm/drm_mipi_dbi.c | 6 +- drivers/gpu/drm/i915/pxp/intel_pxp_gsccs.h | 8 +- drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/gpu/drm/tests/drm_gem_shmem_test.c | 3 + drivers/gpu/drm/xe/xe_hw_engine.c | 12 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 6 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 19 +- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-qcom-mpm.c | 3 + drivers/md/dm-bufio.c | 9 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 5 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 39 ++- drivers/net/ethernet/amd/pds_core/core.h | 7 +- drivers/net/ethernet/amd/pds_core/devlink.c | 7 +- drivers/net/ethernet/amd/pds_core/main.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 18 +- drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 38 ++- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 29 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 1 + drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 +++--- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/idpf/idpf.h | 18 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 76 ++---- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 6 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 4 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 18 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 +- .../ethernet/mellanox/mlx5/core/en/reporter_tx.c | 6 +- .../ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c | 32 ++- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 5 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/ethernet/mscc/ocelot.c | 6 + drivers/net/ethernet/realtek/rtase/rtase_main.c | 4 +- drivers/net/ethernet/vertexcom/mse102x.c | 36 ++- drivers/net/mdio/mdio-mux-meson-gxl.c | 3 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/vxlan/vxlan_vnifilter.c | 8 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/intel/iwlwifi/iwl-csr.h | 1 + drivers/net/wireless/intel/iwlwifi/iwl-trans.c | 1 - drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 24 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 9 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 13 +- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 2 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 1 - drivers/nvme/host/Kconfig | 1 + drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/tcp.c | 31 ++- drivers/nvme/target/Kconfig | 1 + drivers/pinctrl/freescale/pinctrl-imx.c | 6 +- drivers/platform/x86/amd/pmc/pmc.c | 7 +- .../x86/intel/uncore-frequency/uncore-frequency.c | 13 +- drivers/ptp/ptp_ocp.c | 52 +++- drivers/spi/spi-tegra114.c | 6 +- drivers/ufs/core/ufshcd.c | 2 - fs/bcachefs/xattr_format.h | 8 +- fs/btrfs/extent_io.c | 2 +- fs/btrfs/inode.c | 9 +- fs/smb/client/smb2pdu.c | 1 + fs/smb/server/auth.c | 14 +- fs/smb/server/mgmt/user_session.c | 20 +- fs/smb/server/mgmt/user_session.h | 1 + fs/smb/server/smb2pdu.c | 9 - include/linux/cpufreq.h | 83 ++++-- include/linux/iommu.h | 8 +- include/linux/module.h | 2 + include/net/bluetooth/hci.h | 4 +- include/net/bluetooth/hci_core.h | 20 +- include/net/bluetooth/hci_sync.h | 3 + include/net/xdp_sock.h | 3 - include/net/xsk_buff_pool.h | 2 + include/sound/ump_convert.h | 2 +- kernel/params.c | 6 +- kernel/trace/trace.c | 5 +- kernel/trace/trace_output.c | 4 +- mm/memblock.c | 12 +- mm/slub.c | 27 +- net/bluetooth/hci_conn.c | 189 +------------ net/bluetooth/hci_event.c | 15 +- net/bluetooth/hci_sync.c | 150 +++++++++- net/bluetooth/iso.c | 26 +- net/bluetooth/l2cap_core.c | 3 + net/ipv4/tcp_offload.c | 2 +- net/ipv4/udp_offload.c | 61 ++++- net/ipv6/tcpv6_offload.c | 2 +- net/sched/sch_drr.c | 16 +- net/sched/sch_ets.c | 17 +- net/sched/sch_hfsc.c | 10 +- net/sched/sch_htb.c | 2 + net/sched/sch_qfq.c | 18 +- net/xdp/xsk.c | 6 +- net/xdp/xsk_buff_pool.c | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/soc/amd/acp/acp-i2s.c | 2 +- sound/soc/codecs/Kconfig | 5 +- sound/soc/generic/simple-card-utils.c | 4 +- sound/soc/sdw_utils/soc_sdw_rt_dmic.c | 2 + sound/soc/soc-core.c | 32 +-- sound/soc/soc-pcm.c | 5 +- sound/usb/endpoint.c | 7 + sound/usb/format.c | 3 +- 169 files changed, 1851 insertions(+), 988 deletions(-)

7 months, 1 week

10
173
0 0

[PATCH v3 0/4]{topost} dma-mapping: benchmark: Add support for dma_map_sg

by Qinxin Xia

Modify the framework to adapt to more map modes, add benchmark support for dma_map_sg, and add support sg map mode in ioctl. The result: [root@localhost]# ./dma_map_benchmark -m 1 -g 8 -t 8 -s 30 -d 2 dma mapping mode: DMA_MAP_SG_MODE dma mapping benchmark: threads:8 seconds:30 node:-1 dir:FROM_DEVICE granule/sg_nents: 8 average map latency(us):1.4 standard deviation:0.3 average unmap latency(us):1.3 standard deviation:0.3 [root@localhost]# ./dma_map_benchmark -m 0 -g 8 -t 8 -s 30 -d 2 dma mapping mode: DMA_MAP_SINGLE_MODE dma mapping benchmark: threads:8 seconds:30 node:-1 dir:FROM_DEVICE granule/sg_nents: 8 average map latency(us):1.0 standard deviation:0.3 average unmap latency(us):1.3 standard deviation:0.5 --- Changes since V2: - Address the comments from Barry and ALOK, some commit information and function input parameter names are modified to make them more accurate. - Link: https://lore.kernel.org/all/20250506030100.394376-1-xiaqinxin@huawei.com/ Changes since V1: - Address the comments from Barry, added some comments and changed the unmap type to void. - Link: https://lore.kernel.org/lkml/20250212022718.1995504-1-xiaqinxin@huawei.com/ Qinxin Xia (4): dma-mapping: benchmark: Add padding to ensure uABI remained consistent dma-mapping: benchmark: modify the framework to adapt to more map modes dma-mapping: benchmark: add support for dma_map_sg selftests/dma: Add dma_map_sg support include/linux/map_benchmark.h | 46 +++- kernel/dma/map_benchmark.c | 225 ++++++++++++++++-- .../testing/selftests/dma/dma_map_benchmark.c | 16 +- 3 files changed, 252 insertions(+), 35 deletions(-) -- 2.33.0

7 months, 1 week

3
7
0 0

[PATCH v3 0/4] clk: qcom: Add camera clock controller support for sc8180x

by Satya Priya Kakitapalli

This series adds support for camera clock controller base driver, bindings and DT support on sc8180x platform. Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> --- Changes in v3: - Drop Fixes tag in patch [1/4]. Dropped unused gpu_iref and aggre_ufs_card_2 clk bindings. - Move the allOf block below required block in bindings patch. - Remove the unused cam_cc_parent_data_7 and cam_cc_parent_map_7 in the driver patch. Reported by kernel test bot. - Link to v2: https://lore.kernel.org/r/20250430-sc8180x-camcc-support-v2-0-6bbb514f467c@… Changes in v2: - New patch [1/4] to add all the missing gcc bindings along with the required GCC_CAMERA_AHB_CLOCK - As per Konrad's comments, add the camera AHB clock dependency in the DT and yaml bindings. - As per Vladimir's comments, update the Kconfig to add the SC8180X config in correct alphanumerical order. - Link to v1: https://lore.kernel.org/r/20250422-sc8180x-camcc-support-v1-0-691614d13f06@… --- Satya Priya Kakitapalli (4): dt-bindings: clock: qcom: Add missing bindings on gcc-sc8180x dt-bindings: clock: Add Qualcomm SC8180X Camera clock controller clk: qcom: camcc-sc8180x: Add SC8180X camera clock controller driver arm64: dts: qcom: Add camera clock controller for sc8180x .../bindings/clock/qcom,sc8180x-camcc.yaml | 67 + arch/arm64/boot/dts/qcom/sc8180x.dtsi | 14 + drivers/clk/qcom/Kconfig | 10 + drivers/clk/qcom/Makefile | 1 + drivers/clk/qcom/camcc-sc8180x.c | 2889 ++++++++++++++++++++ include/dt-bindings/clock/qcom,gcc-sc8180x.h | 10 + include/dt-bindings/clock/qcom,sc8180x-camcc.h | 181 ++ 7 files changed, 3172 insertions(+) --- base-commit: bc8aa6cdadcc00862f2b5720e5de2e17f696a081 change-id: 20250422-sc8180x-camcc-support-9a82507d2a39 Best regards, -- Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com>

7 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] mm, slab: clean up slab->obj_exts always" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x be8250786ca94952a19ce87f98ad9906448bc9ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050521-crispy-study-e836@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be8250786ca94952a19ce87f98ad9906448bc9ef Mon Sep 17 00:00:00 2001 From: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Date: Mon, 21 Apr 2025 15:52:32 +0800 Subject: [PATCH] mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or due to an error, shutdown_mem_profiling() is called: slab->obj_exts which previously allocated remains. It won't be cleared by unaccount_slab() because of mem_alloc_profiling_enabled() not true. It's incorrect, slab->obj_exts should always be cleaned up in unaccount_slab() to avoid following error: [...]BUG: Bad page state in process... .. [...]page dumped because: page still charged to cgroup [andriy.shevchenko(a)linux.intel.com: fold need_slab_obj_ext() into its only user] Fixes: 21c690a349ba ("mm: introduce slabobj_ext to support slab object extensions") Cc: stable(a)vger.kernel.org Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Acked-by: David Rientjes <rientjes(a)google.com> Acked-by: Harry Yoo <harry.yoo(a)oracle.com> Tested-by: Harry Yoo <harry.yoo(a)oracle.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Link: https://patch.msgid.link/20250421075232.2165527-1-quic_zhenhuah@quicinc.com Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slub.c b/mm/slub.c index dc9e729e1d26..be8b09e09d30 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2028,8 +2028,7 @@ int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s, return 0; } -/* Should be called only if mem_alloc_profiling_enabled() */ -static noinline void free_slab_obj_exts(struct slab *slab) +static inline void free_slab_obj_exts(struct slab *slab) { struct slabobj_ext *obj_exts; @@ -2049,18 +2048,6 @@ static noinline void free_slab_obj_exts(struct slab *slab) slab->obj_exts = 0; } -static inline bool need_slab_obj_ext(void) -{ - if (mem_alloc_profiling_enabled()) - return true; - - /* - * CONFIG_MEMCG creates vector of obj_cgroup objects conditionally - * inside memcg_slab_post_alloc_hook. No other users for now. - */ - return false; -} - #else /* CONFIG_SLAB_OBJ_EXT */ static inline void init_slab_obj_exts(struct slab *slab) @@ -2077,11 +2064,6 @@ static inline void free_slab_obj_exts(struct slab *slab) { } -static inline bool need_slab_obj_ext(void) -{ - return false; -} - #endif /* CONFIG_SLAB_OBJ_EXT */ #ifdef CONFIG_MEM_ALLOC_PROFILING @@ -2129,7 +2111,7 @@ __alloc_tagging_slab_alloc_hook(struct kmem_cache *s, void *object, gfp_t flags) static inline void alloc_tagging_slab_alloc_hook(struct kmem_cache *s, void *object, gfp_t flags) { - if (need_slab_obj_ext()) + if (mem_alloc_profiling_enabled()) __alloc_tagging_slab_alloc_hook(s, object, flags); } @@ -2601,8 +2583,12 @@ static __always_inline void account_slab(struct slab *slab, int order, static __always_inline void unaccount_slab(struct slab *slab, int order, struct kmem_cache *s) { - if (memcg_kmem_online() || need_slab_obj_ext()) - free_slab_obj_exts(slab); + /* + * The slab object extensions should now be freed regardless of + * whether mem_alloc_profiling_enabled() or not because profiling + * might have been disabled after slab->obj_exts got allocated. + */ + free_slab_obj_exts(slab); mod_node_page_state(slab_pgdat(slab), cache_vmstat_idx(s), -(PAGE_SIZE << order));

7 months, 1 week

4
6
0 0

[PATCH net] net: qede: Initialize qede_ll_ops with designated initializer

by Nathan Chancellor

After a recent change [1] in clang's randstruct implementation to randomize structures that only contain function pointers, there is an error because qede_ll_ops get randomized but does not use a designated initializer for the first member: drivers/net/ethernet/qlogic/qede/qede_main.c:206:2: error: a randomized struct can only be initialized with a designated initializer 206 | { | ^ Explicitly initialize the common member using a designated initializer to fix the build. Cc: stable(a)vger.kernel.org Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Link: https://github.com/llvm/llvm-project/commit/04364fb888eea6db9811510607bed4b… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index 99df00c30b8c..b5d744d2586f 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -203,7 +203,7 @@ static struct pci_driver qede_pci_driver = { }; static struct qed_eth_cb_ops qede_ll_ops = { - { + .common = { #ifdef CONFIG_RFS_ACCEL .arfs_filter_op = qede_arfs_filter_op, #endif --- base-commit: 9540984da649d46f699c47f28c68bbd3c9d99e4c change-id: 20250507-qede-fix-clang-randstruct-13d8c593cb58 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

7 months, 1 week

3
2
0 0

[PATCH] LoongArch: Prevent cond_resched() occurring within kernel-fpu

by Tianyang Zhang

When CONFIG_PREEMPT_COUNT is not configured (i.e. CONFIG_PREEMPT_NONE/ CONFIG_PREEMPT_VOLUNTARY), preempt_disable() / preempt_enable() merely acts as a barrier(). However, in these cases cond_resched() can still trigger a context switch and modify the CSR.EUEN, resulting in do_fpu() exception being activated within the kernel-fpu critical sections, as demonstrated in the following path: dcn32_calculate_wm_and_dlg() DC_FP_START() dcn32_calculate_wm_and_dlg_fpu() dcn32_find_dummy_latency_index_for_fw_based_mclk_switch() dcn32_internal_validate_bw() dcn32_enable_phantom_stream() dc_create_stream_for_sink() kzalloc(GFP_KERNEL) __kmem_cache_alloc_node() __cond_resched() DC_FP_END() This patch is similar to commit d021985 (x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs). It uses local_bh_disable() instead of preempt_disable() for non-RT kernels so it can avoid the cond_resched() issue, and also extend the kernel-fpu application scenarios to the softirq context. Cc: stable(a)vger.kernel.org Signed-off-by: Tianyang Zhang <zhangtianyang(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/kernel/kfpu.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/arch/loongarch/kernel/kfpu.c b/arch/loongarch/kernel/kfpu.c index ec5b28e570c9..4e469b021cf4 100644 --- a/arch/loongarch/kernel/kfpu.c +++ b/arch/loongarch/kernel/kfpu.c @@ -18,11 +18,28 @@ static unsigned int euen_mask = CSR_EUEN_FPEN; static DEFINE_PER_CPU(bool, in_kernel_fpu); static DEFINE_PER_CPU(unsigned int, euen_current); +static inline void fpregs_lock(void) +{ + if (!IS_ENABLED(CONFIG_PREEMPT_RT)) + local_bh_disable(); + else + preempt_disable(); +} + +static inline void fpregs_unlock(void) +{ + if (!IS_ENABLED(CONFIG_PREEMPT_RT)) + local_bh_enable(); + else + preempt_enable(); +} + void kernel_fpu_begin(void) { unsigned int *euen_curr; - preempt_disable(); + if (!irqs_disabled()) + fpregs_lock(); WARN_ON(this_cpu_read(in_kernel_fpu)); @@ -73,7 +90,8 @@ void kernel_fpu_end(void) this_cpu_write(in_kernel_fpu, false); - preempt_enable(); + if (!irqs_disabled()) + fpregs_unlock(); } EXPORT_SYMBOL_GPL(kernel_fpu_end); -- 2.20.1

7 months, 1 week

1
0
0 0

Re: [PATCH] um: work around sched_yield not yielding in time-travel mode

by Sasha Levin

[ Sasha's backport helper bot ] Hi, Summary of potential issues: ⚠️ Found matching upstream commit but patch is missing proper reference to it Found matching upstream commit: 887c5c12e80c8424bd471122d2e8b6b462e12874 WARNING: Author mismatch between patch and found commit: Backport author: Benjamin Berg<benjamin(a)sipsolutions.net> Commit author: Benjamin Berg<benjamin.berg(a)intel.com> Note: The patch differs from the upstream commit: --- 1: 887c5c12e80c8 < -: ------------- um: work around sched_yield not yielding in time-travel mode -: ------------- > 1: aeaee199900ee Linux 6.14.5 --- Results of testing on various branches: | Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.14.y | Success | Success | | stable/linux-6.12.y | Success | Success | | stable/linux-6.6.y | Success | Success | | stable/linux-6.1.y | Success | Success | | stable/linux-5.15.y | Success | Success | | stable/linux-5.10.y | Success | Success | | stable/linux-5.4.y | Success | Success |

7 months, 1 week

1
0
0 0

[PATCH 6.6.y] btrfs: always fallback to buffered write if the inode requires checksum

by Qu Wenruo

commit 968f19c5b1b7d5595423b0ac0020cc18dfed8cb5 upstream. [BUG] It is a long known bug that VM image on btrfs can lead to data csum mismatch, if the qemu is using direct-io for the image (this is commonly known as cache mode 'none'). [CAUSE] Inside the VM, if the fs is EXT4 or XFS, or even NTFS from Windows, the fs is allowed to dirty/modify the folio even if the folio is under writeback (as long as the address space doesn't have AS_STABLE_WRITES flag inherited from the block device). This is a valid optimization to improve the concurrency, and since these filesystems have no extra checksum on data, the content change is not a problem at all. But the final write into the image file is handled by btrfs, which needs the content not to be modified during writeback, or the checksum will not match the data (checksum is calculated before submitting the bio). So EXT4/XFS/NTRFS assume they can modify the folio under writeback, but btrfs requires no modification, this leads to the false csum mismatch. This is only a controlled example, there are even cases where multi-thread programs can submit a direct IO write, then another thread modifies the direct IO buffer for whatever reason. For such cases, btrfs has no sane way to detect such cases and leads to false data csum mismatch. [FIX] I have considered the following ideas to solve the problem: - Make direct IO to always skip data checksum This not only requires a new incompatible flag, as it breaks the current per-inode NODATASUM flag. But also requires extra handling for no csum found cases. And this also reduces our checksum protection. - Let hardware handle all the checksum AKA, just nodatasum mount option. That requires trust for hardware (which is not that trustful in a lot of cases), and it's not generic at all. - Always fallback to buffered write if the inode requires checksum This was suggested by Christoph, and is the solution utilized by this patch. The cost is obvious, the extra buffer copying into page cache, thus it reduces the performance. But at least it's still user configurable, if the end user still wants the zero-copy performance, just set NODATASUM flag for the inode (which is a common practice for VM images on btrfs). Since we cannot trust user space programs to keep the buffer consistent during direct IO, we have no choice but always falling back to buffered IO. At least by this, we avoid the more deadly false data checksum mismatch error. CC: stable(a)vger.kernel.org # 6.6 Suggested-by: Christoph Hellwig <hch(a)infradead.org> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> [ Fix a conflict due to the movement of the function. ] --- fs/btrfs/file.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index e794606e7c78..f1456c745c6d 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1515,6 +1515,23 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) goto buffered; } + /* + * We can't control the folios being passed in, applications can write + * to them while a direct IO write is in progress. This means the + * content might change after we calculated the data checksum. + * Therefore we can end up storing a checksum that doesn't match the + * persisted data. + * + * To be extra safe and avoid false data checksum mismatch, if the + * inode requires data checksum, just fallback to buffered IO. + * For buffered IO we have full control of page cache and can ensure + * no one is modifying the content during writeback. + */ + if (!(BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) { + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + goto buffered; + } + /* * The iov_iter can be mapped to the same file range we are writing to. * If that's the case, then we will deadlock in the iomap code, because -- 2.49.0

7 months, 1 week

4
5
0 0

[PATCH] bcachefs: Change btree_insert_node() assertion to error

by Kent Overstreet

Debug for https://github.com/koverstreet/bcachefs/issues/843 Print useful debug info and go emergency read-only. (cherry picked from commit 63c3b8f616cc95bb1fcc6101c92485d41c535d7c) Signed-off-by: Kent Overstreet <kent.overstreet(a)linux.dev> --- fs/bcachefs/btree_update_interior.c | 17 ++++++++++++++++- fs/bcachefs/error.c | 8 ++++++++ fs/bcachefs/error.h | 2 ++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/fs/bcachefs/btree_update_interior.c b/fs/bcachefs/btree_update_interior.c index e4e7c804625e..e9be8b5571a4 100644 --- a/fs/bcachefs/btree_update_interior.c +++ b/fs/bcachefs/btree_update_interior.c @@ -35,6 +35,8 @@ static const char * const bch2_btree_update_modes[] = { NULL }; +static void bch2_btree_update_to_text(struct printbuf *, struct btree_update *); + static int bch2_btree_insert_node(struct btree_update *, struct btree_trans *, btree_path_idx_t, struct btree *, struct keylist *); static void bch2_btree_update_add_new_node(struct btree_update *, struct btree *); @@ -1782,11 +1784,24 @@ static int bch2_btree_insert_node(struct btree_update *as, struct btree_trans *t int ret; lockdep_assert_held(&c->gc_lock); - BUG_ON(!btree_node_intent_locked(path, b->c.level)); BUG_ON(!b->c.level); BUG_ON(!as || as->b); bch2_verify_keylist_sorted(keys); + if (!btree_node_intent_locked(path, b->c.level)) { + struct printbuf buf = PRINTBUF; + bch2_log_msg_start(c, &buf); + prt_printf(&buf, "%s(): node not locked at level %u\n", + __func__, b->c.level); + bch2_btree_update_to_text(&buf, as); + bch2_btree_path_to_text(&buf, trans, path_idx); + + bch2_print_string_as_lines(KERN_ERR, buf.buf); + printbuf_exit(&buf); + bch2_fs_emergency_read_only(c); + return -EIO; + } + ret = bch2_btree_node_lock_write(trans, path, &b->c); if (ret) return ret; diff --git a/fs/bcachefs/error.c b/fs/bcachefs/error.c index 038da6a61f6b..6cbf4819e923 100644 --- a/fs/bcachefs/error.c +++ b/fs/bcachefs/error.c @@ -11,6 +11,14 @@ #define FSCK_ERR_RATELIMIT_NR 10 +void bch2_log_msg_start(struct bch_fs *c, struct printbuf *out) +{ +#ifdef BCACHEFS_LOG_PREFIX + prt_printf(out, bch2_log_msg(c, "")); +#endif + printbuf_indent_add(out, 2); +} + bool bch2_inconsistent_error(struct bch_fs *c) { set_bit(BCH_FS_error, &c->flags); diff --git a/fs/bcachefs/error.h b/fs/bcachefs/error.h index 7acf2a27ca28..5730eb6b2f38 100644 --- a/fs/bcachefs/error.h +++ b/fs/bcachefs/error.h @@ -18,6 +18,8 @@ struct work_struct; /* Error messages: */ +void bch2_log_msg_start(struct bch_fs *, struct printbuf *); + /* * Inconsistency errors: The on disk data is inconsistent. If these occur during * initial recovery, they don't indicate a bug in the running code - we walk all -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH 5.10.y] of: module: add buffer overflow check in of_modalias()

by Uwe Kleine-König

From: Sergey Shtylyov <s.shtylyov(a)omp.ru> commit cf7385cb26ac4f0ee6c7385960525ad534323252 upstream. In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). Fixes: bc575064d688 ("of/device: use of_property_for_each_string to parse compatible strings") Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Link: https://lore.kernel.org/r/bbfc6be0-c687-62b6-d015-5141b93f313e@omp.ru Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Uwe Kleine-König <ukleinek(a)debian.org> --- drivers/of/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/of/device.c b/drivers/of/device.c index 3a547793135c..93f08f18f6b3 100644 --- a/drivers/of/device.c +++ b/drivers/of/device.c @@ -231,14 +231,15 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T', of_node_get_device_type(dev->of_node)); tsize = csize; + if (csize >= len) + csize = len > 0 ? len - 1 : 0; len -= csize; - if (str) - str += csize; + str += csize; of_property_for_each_string(dev->of_node, "compatible", p, compat) { csize = strlen(compat) + 1; tsize += csize; - if (csize > len) + if (csize >= len) continue; csize = snprintf(str, len, "C%s", compat); base-commit: 024a4a45fdf87218e3c0925475b05a27bcea103f -- 2.47.2

7 months, 1 week

2
1
0 0

[PATCH 5.15.y] of: module: add buffer overflow check in of_modalias()

by Uwe Kleine-König

From: Sergey Shtylyov <s.shtylyov(a)omp.ru> commit cf7385cb26ac4f0ee6c7385960525ad534323252 upstream. In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). Fixes: bc575064d688 ("of/device: use of_property_for_each_string to parse compatible strings") Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Link: https://lore.kernel.org/r/bbfc6be0-c687-62b6-d015-5141b93f313e@omp.ru Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Uwe Kleine-König <ukleinek(a)debian.org> --- drivers/of/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/of/device.c b/drivers/of/device.c index 19c42a9dcba9..f503bb10b10b 100644 --- a/drivers/of/device.c +++ b/drivers/of/device.c @@ -257,14 +257,15 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T', of_node_get_device_type(dev->of_node)); tsize = csize; + if (csize >= len) + csize = len > 0 ? len - 1 : 0; len -= csize; - if (str) - str += csize; + str += csize; of_property_for_each_string(dev->of_node, "compatible", p, compat) { csize = strlen(compat) + 1; tsize += csize; - if (csize > len) + if (csize >= len) continue; csize = snprintf(str, len, "C%s", compat); base-commit: 16fdf2c7111bd6927f16c3e811f5086fecebbf00 -- 2.47.2

7 months, 1 week

2
1
0 0

[PATCH 5.15.y] btrfs: do not clean up repair bio if submit fails

by bin.lan.cn＠windriver.com

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit 8cbc3001a3264d998d6b6db3e23f935c158abd4d ] The submit helper will always run bio_endio() on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs because we race with the endio function that is cleaning up the bio. Instead just return BLK_STS_OK as the repair function has to continue to process the rest of the pages, and the endio for the repair bio will do the appropriate cleanup for the page that it was given. Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> [Minor context change fixed.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- fs/btrfs/extent_io.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 346fc46d019b..a1946d62911c 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -2624,7 +2624,6 @@ int btrfs_repair_one_sector(struct inode *inode, const int icsum = bio_offset >> fs_info->sectorsize_bits; struct bio *repair_bio; struct btrfs_io_bio *repair_io_bio; - blk_status_t status; btrfs_debug(fs_info, "repair read error: read error at %llu", start); @@ -2664,13 +2663,13 @@ int btrfs_repair_one_sector(struct inode *inode, "repair read error: submitting new read to mirror %d", failrec->this_mirror); - status = submit_bio_hook(inode, repair_bio, failrec->this_mirror, - failrec->bio_flags); - if (status) { - free_io_failure(failure_tree, tree, failrec); - bio_put(repair_bio); - } - return blk_status_to_errno(status); + /* + * At this point we have a bio, so any errors from submit_bio_hook() + * will be handled by the endio on the repair_bio, so we can't return an + * error here. + */ + submit_bio_hook(inode, repair_bio, failrec->this_mirror, failrec->bio_flags); + return BLK_STS_OK; } static void end_page_read(struct page *page, bool uptodate, u64 start, u32 len) -- 2.34.1

7 months, 1 week

2
1
0 0

[PATCH 5.4.y] of: module: add buffer overflow check in of_modalias()

by Uwe Kleine-König

From: Sergey Shtylyov <s.shtylyov(a)omp.ru> commit cf7385cb26ac4f0ee6c7385960525ad534323252 upstream. In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). Fixes: bc575064d688 ("of/device: use of_property_for_each_string to parse compatible strings") Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Link: https://lore.kernel.org/r/bbfc6be0-c687-62b6-d015-5141b93f313e@omp.ru Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Uwe Kleine-König <ukleinek(a)debian.org> --- drivers/of/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/of/device.c b/drivers/of/device.c index 7fb870097a84..ee3467730dac 100644 --- a/drivers/of/device.c +++ b/drivers/of/device.c @@ -213,14 +213,15 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T', of_node_get_device_type(dev->of_node)); tsize = csize; + if (csize >= len) + csize = len > 0 ? len - 1 : 0; len -= csize; - if (str) - str += csize; + str += csize; of_property_for_each_string(dev->of_node, "compatible", p, compat) { csize = strlen(compat) + 1; tsize += csize; - if (csize > len) + if (csize >= len) continue; csize = snprintf(str, len, "C%s", compat); base-commit: 2c8115e4757809ffd537ed9108da115026d3581f -- 2.47.2

7 months, 1 week

2
1
0 0

+ mm-userfaultfd-correct-dirty-flags-set-for-both-present-and-swap-pte.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: userfaultfd: correct dirty flags set for both present and swap pte has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-userfaultfd-correct-dirty-flags-set-for-both-present-and-swap-pte.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Barry Song <v-songbaohua(a)oppo.com> Subject: mm: userfaultfd: correct dirty flags set for both present and swap pte Date: Fri, 9 May 2025 10:09:12 +1200 As David pointed out, what truly matters for mremap and userfaultfd move operations is the soft dirty bit. The current comment and implementation��which always sets the dirty bit for present PTEs and fails to set the soft dirty bit for swap PTEs��are incorrect. This could break features like Checkpoint-Restore in Userspace (CRIU). This patch updates the behavior to correctly set the soft dirty bit for both present and swap PTEs in accordance with mremap. Link: https://lkml.kernel.org/r/20250508220912.7275-1-21cnbao@gmail.com Fixes: adef440691bab ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> Reported-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/linux-mm/02f14ee1-923f-47e3-a994-4950afb9afcc@redha… Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- a/mm/userfaultfd.c~mm-userfaultfd-correct-dirty-flags-set-for-both-present-and-swap-pte +++ a/mm/userfaultfd.c @@ -1064,8 +1064,13 @@ static int move_present_pte(struct mm_st src_folio->index = linear_page_index(dst_vma, dst_addr); orig_dst_pte = mk_pte(&src_folio->page, dst_vma->vm_page_prot); - /* Follow mremap() behavior and treat the entry dirty after the move */ - orig_dst_pte = pte_mkwrite(pte_mkdirty(orig_dst_pte), dst_vma); + /* Set soft dirty bit so userspace can notice the pte was moved */ +#ifdef CONFIG_MEM_SOFT_DIRTY + orig_dst_pte = pte_mksoft_dirty(orig_dst_pte); +#endif + if (pte_dirty(orig_src_pte)) + orig_dst_pte = pte_mkdirty(orig_dst_pte); + orig_dst_pte = pte_mkwrite(orig_dst_pte, dst_vma); set_pte_at(mm, dst_addr, dst_pte, orig_dst_pte); out: @@ -1100,6 +1105,9 @@ static int move_swap_pte(struct mm_struc } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); +#ifdef CONFIG_MEM_SOFT_DIRTY + orig_src_pte = pte_swp_mksoft_dirty(orig_src_pte); +#endif set_pte_at(mm, dst_addr, dst_pte, orig_src_pte); double_pt_unlock(dst_ptl, src_ptl); _ Patches currently in -mm which might be from v-songbaohua(a)oppo.com are mm-userfaultfd-correct-dirty-flags-set-for-both-present-and-swap-pte.patch

7 months, 1 week

1
0
0 0

[PATCH v3] block, scsi: sd_zbc: Respect bio vector limits for report zones buffer

by Steve Siwinski

The report zones buffer size is currently limited by the HBA's maximum segment count to ensure the buffer can be mapped. However, the block layer further limits the number of iovec entries to 1024 when allocating a bio. To avoid allocation of buffers too large to be mapped, further restrict the maximum buffer size to BIO_MAX_INLINE_VECS. Replace the UIO_MAXIOV symbolic name with the more contextually appropriate BIO_MAX_INLINE_VECS. Fixes: b091ac616846 ("sd_zbc: Fix report zones buffer allocation") Cc: stable(a)vger.kernel.org Signed-off-by: Steve Siwinski <ssiwinski(a)atto.com> --- block/bio.c | 2 +- drivers/scsi/sd_zbc.c | 6 +++++- include/linux/bio.h | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/block/bio.c b/block/bio.c index 4e6c85a33d74..4be592d37fb6 100644 --- a/block/bio.c +++ b/block/bio.c @@ -611,7 +611,7 @@ struct bio *bio_kmalloc(unsigned short nr_vecs, gfp_t gfp_mask) { struct bio *bio; - if (nr_vecs > UIO_MAXIOV) + if (nr_vecs > BIO_MAX_INLINE_VECS) return NULL; return kmalloc(struct_size(bio, bi_inline_vecs, nr_vecs), gfp_mask); } diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c index 7a447ff600d2..a8db66428f80 100644 --- a/drivers/scsi/sd_zbc.c +++ b/drivers/scsi/sd_zbc.c @@ -169,6 +169,7 @@ static void *sd_zbc_alloc_report_buffer(struct scsi_disk *sdkp, unsigned int nr_zones, size_t *buflen) { struct request_queue *q = sdkp->disk->queue; + unsigned int max_segments; size_t bufsize; void *buf; @@ -180,12 +181,15 @@ static void *sd_zbc_alloc_report_buffer(struct scsi_disk *sdkp, * Furthermore, since the report zone command cannot be split, make * sure that the allocated buffer can always be mapped by limiting the * number of pages allocated to the HBA max segments limit. + * Since max segments can be larger than the max inline bio vectors, + * further limit the allocated buffer to BIO_MAX_INLINE_VECS. */ nr_zones = min(nr_zones, sdkp->zone_info.nr_zones); bufsize = roundup((nr_zones + 1) * 64, SECTOR_SIZE); bufsize = min_t(size_t, bufsize, queue_max_hw_sectors(q) << SECTOR_SHIFT); - bufsize = min_t(size_t, bufsize, queue_max_segments(q) << PAGE_SHIFT); + max_segments = min(BIO_MAX_INLINE_VECS, queue_max_segments(q)); + bufsize = min_t(size_t, bufsize, max_segments << PAGE_SHIFT); while (bufsize >= SECTOR_SIZE) { buf = kvzalloc(bufsize, GFP_KERNEL | __GFP_NORETRY); diff --git a/include/linux/bio.h b/include/linux/bio.h index cafc7c215de8..b786ec5bcc81 100644 --- a/include/linux/bio.h +++ b/include/linux/bio.h @@ -11,6 +11,7 @@ #include <linux/uio.h> #define BIO_MAX_VECS 256U +#define BIO_MAX_INLINE_VECS UIO_MAXIOV struct queue_limits; -- 2.43.5

7 months, 1 week

2
1
0 0

[PATCH v2] mm: userfaultfd: correct dirty flags set for both present and swap pte

by Barry Song

From: Barry Song <v-songbaohua(a)oppo.com> As David pointed out, what truly matters for mremap and userfaultfd move operations is the soft dirty bit. The current comment and implementation—which always sets the dirty bit for present PTEs and fails to set the soft dirty bit for swap PTEs—are incorrect. This could break features like Checkpoint-Restore in Userspace (CRIU). This patch updates the behavior to correctly set the soft dirty bit for both present and swap PTEs in accordance with mremap. Reported-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/linux-mm/02f14ee1-923f-47e3-a994-4950afb9afcc@redha… Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Fixes: adef440691bab ("userfaultfd: UFFDIO_MOVE uABI") Cc: stable(a)vger.kernel.org Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> --- mm/userfaultfd.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index e8ce92dc105f..bc473ad21202 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1064,8 +1064,13 @@ static int move_present_pte(struct mm_struct *mm, src_folio->index = linear_page_index(dst_vma, dst_addr); orig_dst_pte = folio_mk_pte(src_folio, dst_vma->vm_page_prot); - /* Follow mremap() behavior and treat the entry dirty after the move */ - orig_dst_pte = pte_mkwrite(pte_mkdirty(orig_dst_pte), dst_vma); + /* Set soft dirty bit so userspace can notice the pte was moved */ +#ifdef CONFIG_MEM_SOFT_DIRTY + orig_dst_pte = pte_mksoft_dirty(orig_dst_pte); +#endif + if (pte_dirty(orig_src_pte)) + orig_dst_pte = pte_mkdirty(orig_dst_pte); + orig_dst_pte = pte_mkwrite(orig_dst_pte, dst_vma); set_pte_at(mm, dst_addr, dst_pte, orig_dst_pte); out: @@ -1100,6 +1105,9 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); +#ifdef CONFIG_MEM_SOFT_DIRTY + orig_src_pte = pte_swp_mksoft_dirty(orig_src_pte); +#endif set_pte_at(mm, dst_addr, dst_pte, orig_src_pte); double_pt_unlock(dst_ptl, src_ptl); -- 2.39.3 (Apple Git-146)

7 months, 1 week

1
0
0 0

[PATCH v2] wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> The hdr_trans_tlv function call has been moved inside the conditional block to ensure it is executed when info->enable is true. Cc: stable(a)vger.kernel.org Fixes: cb1353ef3473 ("wifi: mt76: mt7925: integrate *mlo_sta_cmd and *sta_cmd") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Tested-by: Niklas Schnelle <niks(a)kernel.org> --- v2: add tested-by tag --- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index a42b584634ab..fd756f0d18f8 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -2183,14 +2183,14 @@ mt7925_mcu_sta_cmd(struct mt76_phy *phy, mt7925_mcu_sta_mld_tlv(skb, info->vif, info->link_sta->sta); mt7925_mcu_sta_eht_mld_tlv(skb, info->vif, info->link_sta->sta); } - - mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta); } if (!info->enable) { mt7925_mcu_sta_remove_tlv(skb); mt76_connac_mcu_add_tlv(skb, STA_REC_MLD_OFF, sizeof(struct tlv)); + } else { + mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta); } return mt76_mcu_skb_send_msg(dev, skb, info->cmd, true); -- 2.34.1

7 months, 1 week

2
1
0 0

[PATCH] clk: s2mps11: initialise clk_hw_onecell_data::num before accessing ::hws[] in probe()

by André Draszik

With UBSAN enabled, we're getting the following trace: UBSAN: array-index-out-of-bounds in .../drivers/clk/clk-s2mps11.c:186:3 index 0 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]') This is because commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of that struct with __counted_by, which informs the bounds sanitizer about the number of elements in hws, so that it can warn when hws is accessed out of bounds. As noted in that change, the __counted_by member must be initialised with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialisation because the number of elements is zero. This occurs in s2mps11_clk_probe() due to ::num being assigned after ::hws access. Move the assignment to satisfy the requirement of assign-before-access. Cc: stable(a)vger.kernel.org Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- drivers/clk/clk-s2mps11.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/clk/clk-s2mps11.c b/drivers/clk/clk-s2mps11.c index 014db6386624071e173b5b940466301d2596400a..8ddf3a9a53dfd5bb52a05a3e02788a357ea77ad3 100644 --- a/drivers/clk/clk-s2mps11.c +++ b/drivers/clk/clk-s2mps11.c @@ -137,6 +137,8 @@ static int s2mps11_clk_probe(struct platform_device *pdev) if (!clk_data) return -ENOMEM; + clk_data->num = S2MPS11_CLKS_NUM; + switch (hwid) { case S2MPS11X: s2mps11_reg = S2MPS11_REG_RTC_CTRL; @@ -186,7 +188,6 @@ static int s2mps11_clk_probe(struct platform_device *pdev) clk_data->hws[i] = &s2mps11_clks[i].hw; } - clk_data->num = S2MPS11_CLKS_NUM; of_clk_add_hw_provider(s2mps11_clks->clk_np, of_clk_hw_onecell_get, clk_data); --- base-commit: 9388ec571cb1adba59d1cded2300eeb11827679c change-id: 20250326-s2mps11-ubsan-c90978e7bc04 Best regards, -- André Draszik <andre.draszik(a)linaro.org>

7 months, 1 week

3
2
0 0

perf r5101c4 counter regression

by Salvatore Bonaccorso

Hi, Pasi Kallinen reported in Debian a regression with perf r5101c4 counter, initially it was found in https://github.com/rr-debugger/rr/issues/3949 but said to be a kernel problem. On Tue, May 06, 2025 at 07:18:39PM +0300, Pasi Kallinen wrote: > Package: src:linux > Version: 6.12.25-1 > Severity: normal > X-Debbugs-Cc: debian-amd64(a)lists.debian.org, paxed(a)alt.org > User: debian-amd64(a)lists.debian.org > Usertags: amd64 > > Dear Maintainer, > > perf stat -e r5101c4 true > > reports "not supported". > > The counters worked in kernel 6.11.10. > > I first noticed this not working when updating to 6.12.22. > Booting back to 6.11.10, the counters work correctly. Does this ring a bell? Would you be able to bisect the changes to identify where the behaviour changed? Regards, Salvatore

7 months, 1 week

2
1
0 0

[PATCH] xenbus: Use kref to track req lifetime

by Jason Andryuk

Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: <TASK> __wake_up_common_lock+0x82/0xd0 process_msg+0x18e/0x2f0 xenbus_thread+0x165/0x1c0 process_msg+0x18e is req->cb(req). req->cb is set to xs_wake_up(), a thin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems like it was xs_wake_up() in this case. It seems like req may have woken up the xs_wait_for_reply(), which kfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed data. Linux Device Drivers 2nd edition states: "Normally, a wake_up call can cause an immediate reschedule to happen, meaning that other processes might run before wake_up returns." ... which would match the behaviour observed. Change to keeping two krefs on each request. One for the caller, and one for xenbus_thread. Each will kref_put() when finished, and the last will free it. This use of kref matches the description in Documentation/core-api/kref.rst Link: https://lore.kernel.org/xen-devel/ZO0WrR5J0xuwDIxW@mail-itl/ Reported-by: "Marek Marczykowski-Górecki" <marmarek(a)invisiblethingslab.com> Fixes: fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- Kinda RFC-ish as I don't know if it fixes Marek's issue. This does seem like the correct approach if we are seeing req free()ed out from under xenbus_thread. drivers/xen/xenbus/xenbus.h | 2 ++ drivers/xen/xenbus/xenbus_comms.c | 9 ++++----- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- drivers/xen/xenbus/xenbus_xs.c | 18 ++++++++++++++++-- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/drivers/xen/xenbus/xenbus.h b/drivers/xen/xenbus/xenbus.h index 13821e7e825e..9ac0427724a3 100644 --- a/drivers/xen/xenbus/xenbus.h +++ b/drivers/xen/xenbus/xenbus.h @@ -77,6 +77,7 @@ enum xb_req_state { struct xb_req_data { struct list_head list; wait_queue_head_t wq; + struct kref kref; struct xsd_sockmsg msg; uint32_t caller_req_id; enum xsd_sockmsg_type type; @@ -103,6 +104,7 @@ int xb_init_comms(void); void xb_deinit_comms(void); int xs_watch_msg(struct xs_watch_event *event); void xs_request_exit(struct xb_req_data *req); +void xs_free_req(struct kref *kref); int xenbus_match(struct device *_dev, const struct device_driver *_drv); int xenbus_dev_probe(struct device *_dev); diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c index e5fda0256feb..82df2da1b880 100644 --- a/drivers/xen/xenbus/xenbus_comms.c +++ b/drivers/xen/xenbus/xenbus_comms.c @@ -309,8 +309,8 @@ static int process_msg(void) virt_wmb(); req->state = xb_req_state_got_reply; req->cb(req); - } else - kfree(req); + } + kref_put(&req->kref, xs_free_req); } mutex_unlock(&xs_response_mutex); @@ -386,14 +386,13 @@ static int process_writes(void) state.req->msg.type = XS_ERROR; state.req->err = err; list_del(&state.req->list); - if (state.req->state == xb_req_state_aborted) - kfree(state.req); - else { + if (state.req->state != xb_req_state_aborted) { /* write err, then update state */ virt_wmb(); state.req->state = xb_req_state_got_reply; wake_up(&state.req->wq); } + kref_put(&state.req->kref, xs_free_req); mutex_unlock(&xb_write_mutex); diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c index 46f8916597e5..f5c21ba64df5 100644 --- a/drivers/xen/xenbus/xenbus_dev_frontend.c +++ b/drivers/xen/xenbus/xenbus_dev_frontend.c @@ -406,7 +406,7 @@ void xenbus_dev_queue_reply(struct xb_req_data *req) mutex_unlock(&u->reply_mutex); kfree(req->body); - kfree(req); + kref_put(&req->kref, xs_free_req); kref_put(&u->kref, xenbus_file_free); diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c index d32c726f7a12..dcf9182c8451 100644 --- a/drivers/xen/xenbus/xenbus_xs.c +++ b/drivers/xen/xenbus/xenbus_xs.c @@ -112,6 +112,12 @@ static void xs_suspend_exit(void) wake_up_all(&xs_state_enter_wq); } +void xs_free_req(struct kref *kref) +{ + struct xb_req_data *req = container_of(kref, struct xb_req_data, kref); + kfree(req); +} + static uint32_t xs_request_enter(struct xb_req_data *req) { uint32_t rq_id; @@ -237,6 +243,12 @@ static void xs_send(struct xb_req_data *req, struct xsd_sockmsg *msg) req->caller_req_id = req->msg.req_id; req->msg.req_id = xs_request_enter(req); + /* + * Take 2nd ref. One for this thread, and the second for the + * xenbus_thread. + */ + kref_get(&req->kref); + mutex_lock(&xb_write_mutex); list_add_tail(&req->list, &xb_write_list); notify = list_is_singular(&xb_write_list); @@ -261,8 +273,8 @@ static void *xs_wait_for_reply(struct xb_req_data *req, struct xsd_sockmsg *msg) if (req->state == xb_req_state_queued || req->state == xb_req_state_wait_reply) req->state = xb_req_state_aborted; - else - kfree(req); + + kref_put(&req->kref, xs_free_req); mutex_unlock(&xb_write_mutex); return ret; @@ -291,6 +303,7 @@ int xenbus_dev_request_and_reply(struct xsd_sockmsg *msg, void *par) req->cb = xenbus_dev_queue_reply; req->par = par; req->user_req = true; + kref_init(&req->kref); xs_send(req, msg); @@ -319,6 +332,7 @@ static void *xs_talkv(struct xenbus_transaction t, req->num_vecs = num_vecs; req->cb = xs_wake_up; req->user_req = false; + kref_init(&req->kref); msg.req_id = 0; msg.tx_id = t.id; -- 2.34.1

7 months, 1 week

3
3
0 0

[PATCH 6.6 000/129] 6.6.90-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.90 release. There are 129 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 09 May 2025 18:37:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.90-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.90-rc1 Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix possible null pointer dereference at secondary interrupter removal Marc Zyngier <maz(a)kernel.org> usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/amd/display: Fix slab-use-after-free in hdcp Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Shyam Saini <shyamsaini(a)linux.microsoft.com> drivers: base: handle module_kobject creation Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: globalize lookup_or_create_module_kobject() Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: param: rename locate_module_kobject Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Shakeel Butt <shakeel.butt(a)linux.dev> memcg: drain obj stock on cpu hotplug teardown Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Limit time spent with xHC interrupts disabled during bus resume Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: support setting interrupt moderation IMOD for secondary interrupters Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: check if 'requested segments' exceeds ERST capacity Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add helper to set an interrupters interrupt moderation interval Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: add support to allocate several interrupters Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: split free interrupter into separate remove and free parts Lukas Wunner <lukas(a)wunner.de> xhci: Clean up stale comment on ERST_SIZE macro Jonathan Bell <jonathan(a)raspberrypi.com> xhci: Use more than one Event Ring segment Lukas Wunner <lukas(a)wunner.de> xhci: Set DESI bits in ERDP register correctly Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Samuel Holland <samuel.holland(a)sifive.com> riscv: Pass patch_text() the length in bytes Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Rob Herring (Arm) <robh(a)kernel.org> ASoC: Use of_property_read_bool() Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix RX error handling Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Add range check for CMD_RTS Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix LEN_MASK Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Sathesh B Edara <sedara(a)marvell.com> octeon_ep: Fix host hang issue during device reboot Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix broken taprio gate states after clock jump Chad Monroe <chad(a)monroe.io> net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM Jacob Keller <jacob.e.keller(a)intel.com> igc: fix lock order in igc_ptp_reset Da Xue <da(a)libre.computer> net: mdio: mux-meson-gxl: set reversed bit when using internal phy Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Keith Busch <kbusch(a)kernel.org> nvme-pci: fix queue unquiesce check on slot_reset Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix buffer overflow at UMP SysEx message conversion Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Shannon Nelson <shannon.nelson(a)amd.com> pds_core: remove write-after-free of client_id Shannon Nelson <shannon.nelson(a)amd.com> pds_core: specify auxiliary_device to be created Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make pdsc_auxbus_dev_del() void Shannon Nelson <shannon.nelson(a)amd.com> pds_core: delete VF dev on reset Shannon Nelson <shannon.nelson(a)amd.com> pds_core: check health in devcmd wait Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: copy RX timestamp to new fragments Abhishek Chauhan <quic_abchauha(a)quicinc.com> net: Rename mono_delivery_time to tstamp_type for scalabilty En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Ido Schimmel <idosch(a)nvidia.com> vxlan: vnifilter: Fix unlocked deletion of default FDB entry Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Fix dash warning Murad Masimov <m.masimov(a)mt-integration.ru> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Chen Linxuan <chenlinxuan(a)uniontech.com> drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Check for ld-option support Donet Tom <donettom(a)linux.ibm.com> book3s64/radix : Align section vmemmap start address to PAGE_SIZE Sheetal <sheetal(a)nvidia.com> ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Robin Murphy <robin.murphy(a)arm.com> iommu: Handle race with default domain setup Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Ryan Matthews <ryanmatthews(a)fastmail.com> Revert "PCI: imx6: Skip controller_id generation logic for i.MX7D" Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: extend changes_pkt_data with cases w/o subprograms Eduard Zingerman <eddyz87(a)gmail.com> bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: validate that tail call invalidates packet pointers Eduard Zingerman <eddyz87(a)gmail.com> bpf: consider that tail calls invalidate packet pointers Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: freplace tests for tracking of changes_packet_data Eduard Zingerman <eddyz87(a)gmail.com> bpf: check changes_pkt_data property for extension programs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: test for changing packet data from global functions Eduard Zingerman <eddyz87(a)gmail.com> bpf: track changes_pkt_data property for global functions Eduard Zingerman <eddyz87(a)gmail.com> bpf: refactor bpf_helper_changes_pkt_data to use helper number Eduard Zingerman <eddyz87(a)gmail.com> bpf: add find_containing_subprog() utility function Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix setting policy limits when frequency tables are used Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Jethro Donaldson <devel(a)jro.nz> smb: client: fix zero length for mkdir POSIX create context Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in kerberos authentication Shouye Liu <shouyeliu(a)tencent.com> platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line LongPing Wei <weilongping(a)oppo.com> dm-bufio: don't schedule in atomic context Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not take trace_event_sem in print_event_fields() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Don't fail set_cs_timing when delays are zero Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: repeat setting reserved region nid if array is doubled Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: pass size instead of end to memblock_set_node() Stephan Gerhold <stephan.gerhold(a)linaro.org> irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Sean Christopherson <seanjc(a)google.com> perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/fdinfo: Protect against driver unbind Dave Chen <davechen(a)synology.com> btrfs: fix COW handling in run_delalloc_nocow() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Geoffrey D. Bennett <g(a)b4.vu> ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() Christian Heusel <christian(a)heusel.eu> Revert "rndis_host: Flag RNDIS modems as WWAN devices" ------------- Diffstat: Makefile | 4 +- .../boot/dts/nxp/imx/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/boot/dts/st/stm32mp251.dtsi | 9 +- arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/powerpc/boot/wrapper | 6 +- arch/powerpc/mm/book3s64/radix_pgtable.c | 17 +- arch/riscv/include/asm/patch.h | 2 +- arch/riscv/kernel/patch.c | 14 +- arch/riscv/kernel/probes/kprobes.c | 18 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 7 +- arch/x86/events/intel/core.c | 2 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/base/module.c | 13 +- drivers/bluetooth/btusb.c | 101 ++++++++--- drivers/cpufreq/cpufreq.c | 42 ++++- drivers/cpufreq/cpufreq_ondemand.c | 3 +- drivers/cpufreq/freq_table.c | 6 +- drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_ffa/driver.c | 3 +- drivers/firmware/arm_scmi/bus.c | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 56 +++--- drivers/gpu/drm/drm_file.c | 6 + drivers/gpu/drm/i915/pxp/intel_pxp_gsccs.h | 8 +- drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 +++++---- drivers/iommu/intel/iommu.c | 4 +- drivers/iommu/iommu.c | 18 ++ drivers/irqchip/irq-qcom-mpm.c | 3 + drivers/md/dm-bufio.c | 9 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 5 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 49 +++--- drivers/net/ethernet/amd/pds_core/core.h | 7 +- drivers/net/ethernet/amd/pds_core/dev.c | 11 +- drivers/net/ethernet/amd/pds_core/devlink.c | 7 +- drivers/net/ethernet/amd/pds_core/main.c | 23 ++- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 ++- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 ++-- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 +++- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 +++++---- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 ++- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/igc/igc_ptp.c | 6 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 14 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/ethernet/mscc/ocelot.c | 194 +++++++++++++++++++-- drivers/net/ethernet/mscc/ocelot_vcap.c | 1 + drivers/net/ethernet/vertexcom/mse102x.c | 36 +++- drivers/net/mdio/mdio-mux-meson-gxl.c | 3 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/vxlan/vxlan_vnifilter.c | 8 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 1 - drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/tcp.c | 31 +++- drivers/pci/controller/dwc/pci-imx6.c | 3 +- drivers/platform/x86/amd/pmc/pmc.c | 7 +- .../x86/intel/uncore-frequency/uncore-frequency.c | 13 +- drivers/spi/spi-tegra114.c | 6 +- drivers/usb/host/xhci-debugfs.c | 2 +- drivers/usb/host/xhci-hub.c | 30 ++-- drivers/usb/host/xhci-mem.c | 175 +++++++++++++++---- drivers/usb/host/xhci-ring.c | 4 +- drivers/usb/host/xhci.c | 80 ++++++--- drivers/usb/host/xhci.h | 20 ++- fs/btrfs/inode.c | 9 +- fs/smb/client/smb2pdu.c | 1 + fs/smb/server/auth.c | 14 +- fs/smb/server/smb2pdu.c | 5 - include/linux/bpf.h | 1 + include/linux/bpf_verifier.h | 1 + include/linux/cpufreq.h | 83 ++++++--- include/linux/filter.h | 2 +- include/linux/module.h | 2 + include/linux/pds/pds_core_if.h | 1 + include/linux/skbuff.h | 52 ++++-- include/net/inet_frag.h | 4 +- include/soc/mscc/ocelot_vcap.h | 2 + include/sound/ump_convert.h | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/verifier.c | 81 +++++++-- kernel/params.c | 6 +- kernel/trace/trace.c | 5 +- kernel/trace/trace_output.c | 4 +- mm/memblock.c | 12 +- mm/memcontrol.c | 9 + net/bluetooth/l2cap_core.c | 3 + net/bridge/netfilter/nf_conntrack_bridge.c | 6 +- net/core/dev.c | 2 +- net/core/filter.c | 73 ++++---- net/ieee802154/6lowpan/reassembly.c | 2 +- net/ipv4/inet_fragment.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_output.c | 9 +- net/ipv4/tcp_output.c | 14 +- net/ipv4/udp_offload.c | 61 ++++++- net/ipv6/ip6_output.c | 6 +- net/ipv6/netfilter.c | 6 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/reassembly.c | 2 +- net/ipv6/tcp_ipv6.c | 2 +- net/sched/act_bpf.c | 4 +- net/sched/cls_bpf.c | 4 +- net/sched/sch_drr.c | 16 +- net/sched/sch_ets.c | 17 +- net/sched/sch_hfsc.c | 10 +- net/sched/sch_htb.c | 2 + net/sched/sch_qfq.c | 18 +- sound/soc/codecs/ak4613.c | 4 +- sound/soc/soc-core.c | 36 ++-- sound/soc/soc-pcm.c | 5 +- sound/usb/endpoint.c | 7 + sound/usb/format.c | 3 +- .../selftests/bpf/prog_tests/changes_pkt_data.c | 107 ++++++++++++ .../testing/selftests/bpf/progs/changes_pkt_data.c | 39 +++++ .../bpf/progs/changes_pkt_data_freplace.c | 18 ++ tools/testing/selftests/bpf/progs/verifier_sock.c | 56 ++++++ 144 files changed, 1772 insertions(+), 662 deletions(-)

7 months, 1 week

6
134
0 0

[to-be-updated] x86-kexec-fix-potential-cmem-ranges-out-of-bounds.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: x86/kexec: fix potential cmem->ranges out of bounds has been removed from the -mm tree. Its filename was x86-kexec-fix-potential-cmem-ranges-out-of-bounds.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: fuqiang wang <fuqiang.wang(a)easystack.cn> Subject: x86/kexec: fix potential cmem->ranges out of bounds Date: Mon, 8 Jan 2024 21:06:47 +0800 In memmap_exclude_ranges(), elfheader will be excluded from crashk_res. In the current x86 architecture code, the elfheader is always allocated at crashk_res.start. It seems that there won't be a new split range. But it depends on the allocation position of elfheader in crashk_res. To avoid potential out of bounds in future, add a extra slot. The similar issue also exists in fill_up_crash_elf_data(). The range to be excluded is [0, 1M], start (0) is special and will not appear in the middle of existing cmem->ranges[]. But in cast the low 1M could be changed in the future, add a extra slot too. Without this patch, kdump kernel will fail to be loaded by kexec_file_load, [ 139.736948] UBSAN: array-index-out-of-bounds in arch/x86/kernel/crash.c:350:25 [ 139.742360] index 0 is out of range for type 'range [*]' [ 139.745695] CPU: 0 UID: 0 PID: 5778 Comm: kexec Not tainted 6.15.0-0.rc3.20250425git02ddfb981de8.32.fc43.x86_64 #1 PREEMPT(lazy) [ 139.745698] Hardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017 [ 139.745699] Call Trace: [ 139.745700] <TASK> [ 139.745701] dump_stack_lvl+0x5d/0x80 [ 139.745706] ubsan_epilogue+0x5/0x2b [ 139.745709] __ubsan_handle_out_of_bounds.cold+0x54/0x59 [ 139.745711] crash_setup_memmap_entries+0x2d9/0x330 [ 139.745716] setup_boot_parameters+0xf8/0x6a0 [ 139.745720] bzImage64_load+0x41b/0x4e0 [ 139.745722] ? find_next_iomem_res+0x109/0x140 [ 139.745727] ? locate_mem_hole_callback+0x109/0x170 [ 139.745737] kimage_file_alloc_init+0x1ef/0x3e0 [ 139.745740] __do_sys_kexec_file_load+0x180/0x2f0 [ 139.745742] do_syscall_64+0x7b/0x160 [ 139.745745] ? do_user_addr_fault+0x21a/0x690 [ 139.745747] ? exc_page_fault+0x7e/0x1a0 [ 139.745749] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 139.745751] RIP: 0033:0x7f7712c84e4d Previously discussed link: [1] https://lore.kernel.org/kexec/ZXk2oBf%2FT1Ul6o0c@MiWiFi-R3L-srv/ [2] https://lore.kernel.org/kexec/273284e8-7680-4f5f-8065-c5d780987e59@easystac… [3] https://lore.kernel.org/kexec/ZYQ6O%2F57sHAPxTHm@MiWiFi-R3L-srv/ Link: https://lkml.kernel.org/r/20240108130720.228478-1-fuqiang.wang@easystack.cn Signed-off-by: fuqiang wang <fuqiang.wang(a)easystack.cn> Acked-by: Baoquan He <bhe(a)redhat.com> Reported-by: Coiby Xu <coxu(a)redhat.com> Closes: https://lkml.kernel.org/r/4de3c2onosr7negqnfhekm4cpbklzmsimgdfv33c52dktqpza… Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: <x86(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/kernel/crash.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) --- a/arch/x86/kernel/crash.c~x86-kexec-fix-potential-cmem-ranges-out-of-bounds +++ a/arch/x86/kernel/crash.c @@ -165,8 +165,18 @@ static struct crash_mem *fill_up_crash_e /* * Exclusion of crash region and/or crashk_low_res may cause * another range split. So add extra two slots here. + * + * Exclusion of low 1M may not cause another range split, because the + * range of exclude is [0, 1M] and the condition for splitting a new + * region is that the start, end parameters are both in a certain + * existing region in cmem and cannot be equal to existing region's + * start or end. Obviously, the start of [0, 1M] cannot meet this + * condition. + * + * But in order to lest the low 1M could be changed in the future, + * (e.g. [stare, 1M]), add a extra slot. */ - nr_ranges += 2; + nr_ranges += 3; cmem = vzalloc(struct_size(cmem, ranges, nr_ranges)); if (!cmem) return NULL; @@ -298,9 +308,16 @@ int crash_setup_memmap_entries(struct ki struct crash_memmap_data cmd; struct crash_mem *cmem; - cmem = vzalloc(struct_size(cmem, ranges, 1)); + /* + * In the current x86 architecture code, the elfheader is always + * allocated at crashk_res.start. But it depends on the allocation + * position of elfheader in crashk_res. To avoid potential out of + * bounds in future, add a extra slot. + */ + cmem = vzalloc(struct_size(cmem, ranges, 2)); if (!cmem) return -ENOMEM; + cmem->max_nr_ranges = 2; memset(&cmd, 0, sizeof(struct crash_memmap_data)); cmd.params = params; _ Patches currently in -mm which might be from fuqiang.wang(a)easystack.cn are

7 months, 1 week

1
0
0 0

[PATCH 1/2] iio: Fix scan mask subset check logic

by Fabio Estevam

From: Fabio Estevam <festevam(a)denx.de> Since commit 2718f15403fb ("iio: sanity check available_scan_masks array"), verbose and misleading warnings are printed for devices like the MAX11601: max1363 1-0064: available_scan_mask 8 subset of 0. Never used max1363 1-0064: available_scan_mask 9 subset of 0. Never used max1363 1-0064: available_scan_mask 10 subset of 0. Never used max1363 1-0064: available_scan_mask 11 subset of 0. Never used max1363 1-0064: available_scan_mask 12 subset of 0. Never used max1363 1-0064: available_scan_mask 13 subset of 0. Never used ... [warnings continue] Fix the available_scan_masks sanity check logic so that it only prints the warning when an element of available_scan_mask is in fact a subset of a previous one. These warnings incorrectly report that later scan masks are subsets of the first one, even when they are not. The issue lies in the logic that checks for subset relationships between scan masks. Fix the subset detection to correctly compare each mask only against previous masks, and only warn when a true subset is found. With this fix, the warning output becomes both correct and more informative: max1363 1-0064: Mask 7 (0xc) is a subset of mask 6 (0xf) and will be ignored Cc: stable(a)vger.kernel.org Fixes: 2718f15403fb ("iio: sanity check available_scan_masks array") Signed-off-by: Fabio Estevam <festevam(a)denx.de> --- drivers/iio/industrialio-core.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c index 6a6568d4a2cb..855d5fd3e6b2 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c @@ -1904,6 +1904,11 @@ static int iio_check_extended_name(const struct iio_dev *indio_dev) static const struct iio_buffer_setup_ops noop_ring_setup_ops; +static int is_subset(unsigned long a, unsigned long b) +{ + return (a & ~b) == 0; +} + static void iio_sanity_check_avail_scan_masks(struct iio_dev *indio_dev) { unsigned int num_masks, masklength, longs_per_mask; @@ -1947,21 +1952,13 @@ static void iio_sanity_check_avail_scan_masks(struct iio_dev *indio_dev) * available masks in the order of preference (presumably the least * costy to access masks first). */ - for (i = 0; i < num_masks - 1; i++) { - const unsigned long *mask1; - int j; - mask1 = av_masks + i * longs_per_mask; - for (j = i + 1; j < num_masks; j++) { - const unsigned long *mask2; - - mask2 = av_masks + j * longs_per_mask; - if (bitmap_subset(mask2, mask1, masklength)) + for (i = 1; i < num_masks; ++i) + for (int j = 0; j < i; ++j) + if (is_subset(av_masks[i], av_masks[j])) dev_warn(indio_dev->dev.parent, - "available_scan_mask %d subset of %d. Never used\n", - j, i); - } - } + "Mask %d (0x%lx) is a subset of mask %d (0x%lx) and will be ignored\n", + i, av_masks[i], j, av_masks[j]); } /** -- 2.34.1

7 months, 1 week

3
17
0 0

[PATCH v2] drm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS()

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> The deprecated UNIVERSAL_DEV_PM_OPS() macro uses the provided callbacks for both runtime PM and system sleep. This causes the DSI clocks to be disabled twice: once during runtime suspend and again during system suspend, resulting in a WARN message from the clock framework when attempting to disable already-disabled clocks. [ 84.384540] clk:231:5 already disabled [ 84.388314] WARNING: CPU: 2 PID: 531 at /drivers/clk/clk.c:1181 clk_core_disable+0xa4/0xac ... [ 84.579183] Call trace: [ 84.581624] clk_core_disable+0xa4/0xac [ 84.585457] clk_disable+0x30/0x4c [ 84.588857] cdns_dsi_suspend+0x20/0x58 [cdns_dsi] [ 84.593651] pm_generic_suspend+0x2c/0x44 [ 84.597661] ti_sci_pd_suspend+0xbc/0x15c [ 84.601670] dpm_run_callback+0x8c/0x14c [ 84.605588] __device_suspend+0x1a0/0x56c [ 84.609594] dpm_suspend+0x17c/0x21c [ 84.613165] dpm_suspend_start+0xa0/0xa8 [ 84.617083] suspend_devices_and_enter+0x12c/0x634 [ 84.621872] pm_suspend+0x1fc/0x368 To address this issue, replace UNIVERSAL_DEV_PM_OPS() with SET_RUNTIME_PM_OPS(), enabling suspend/resume handling through the _enable()/_disable() hooks managed by the DRM framework for both runtime and system-wide PM. Cc: <stable(a)vger.kernel.org> # 6.1.x Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- v1 -> v2 - Rely only on SET_RUNTIME_PM_OPS() for the PM. drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index b022dd6e6b6e..5a31783fe856 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -1258,7 +1258,7 @@ static const struct mipi_dsi_host_ops cdns_dsi_ops = { .transfer = cdns_dsi_transfer, }; -static int __maybe_unused cdns_dsi_resume(struct device *dev) +static int cdns_dsi_resume(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1269,7 +1269,7 @@ static int __maybe_unused cdns_dsi_resume(struct device *dev) return 0; } -static int __maybe_unused cdns_dsi_suspend(struct device *dev) +static int cdns_dsi_suspend(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1279,8 +1279,9 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) return 0; } -static UNIVERSAL_DEV_PM_OPS(cdns_dsi_pm_ops, cdns_dsi_suspend, cdns_dsi_resume, - NULL); +static const struct dev_pm_ops cdns_dsi_pm_ops = { + SET_RUNTIME_PM_OPS(cdns_dsi_suspend, cdns_dsi_resume, NULL) +}; static int cdns_dsi_drm_probe(struct platform_device *pdev) { -- 2.34.1

7 months, 1 week

2
1
0 0

Missing patch in 6.12.27 - breaks UM target builds

by Christian Lamparter

Hi, On 3/14/25 2:08 PM, Benjamin Berg wrote: > From: Benjamin Berg <benjamin.berg(a)intel.com> > um: work around sched_yield not yielding in time-travel mode > > sched_yield by a userspace may not actually cause scheduling in > time-travel mode as no time has passed. In the case seen it appears to > be a badly implemented userspace spinlock in ASAN. Unfortunately, with > time-travel it causes an extreme slowdown or even deadlock depending on > the kernel configuration (CONFIG_UML_MAX_USERSPACE_ITERATIONS). > > Work around it by accounting time to the process whenever it executes a > sched_yield syscall. > > Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com> From what I can tell the patch mentioned above was backported to 6.12.27 by: <https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/arc…> but without the upstream |Commit 0b8b2668f9981c1fefc2ef892bd915288ef01f33 |Author: Benjamin Berg <benjamin.berg(a)intel.com> |Date: Thu Oct 10 16:25:37 2024 +0200 | um: insert scheduler ticks when userspace does not yield | | In time-travel mode userspace can do a lot of work without any time | passing. Unfortunately, this can result in OOM situations as the RCU | core code will never be run. [...] the kernel build for 6.12.27 for the UM-Target will fail: | /usr/bin/ld: arch/um/kernel/skas/syscall.o: in function `handle_syscall': linux-6.12.27/arch/um/kernel/skas/syscall.c:43:(.text+0xa2): undefined reference to `tt_extra_sched_jiffies' | collect2: error: ld returned 1 exit status is it possible to backport 0b8b2668f9981c1fefc2ef892bd915288ef01f33 too? Or is it better to revert 887c5c12e80c8424bd471122d2e8b6b462e12874 again in the stable releases? Best Regards, Christian Lamparter > > --- > > I suspect it is this code in ASAN that uses sched_yield > https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/sanitizer_co… > though there are also some other places that use sched_yield. > > I doubt that code is reasonable. At the same time, not sure that > sched_yield is behaving as advertised either as it obviously is not > necessarily relinquishing the CPU. > --- > arch/um/include/linux/time-internal.h | 2 ++ > arch/um/kernel/skas/syscall.c | 11 +++++++++++ > 2 files changed, 13 insertions(+) > > diff --git a/arch/um/include/linux/time-internal.h b/arch/um/include/linux/time-internal.h > index b22226634ff6..138908b999d7 100644 > --- a/arch/um/include/linux/time-internal.h > +++ b/arch/um/include/linux/time-internal.h > @@ -83,6 +83,8 @@ extern void time_travel_not_configured(void); > #define time_travel_del_event(...) time_travel_not_configured() > #endif /* CONFIG_UML_TIME_TRAVEL_SUPPORT */ > > +extern unsigned long tt_extra_sched_jiffies; > + > /* > * Without CONFIG_UML_TIME_TRAVEL_SUPPORT this is a linker error if used, > * which is intentional since we really shouldn't link it in that case. > diff --git a/arch/um/kernel/skas/syscall.c b/arch/um/kernel/skas/syscall.c > index b09e85279d2b..a5beaea2967e 100644 > --- a/arch/um/kernel/skas/syscall.c > +++ b/arch/um/kernel/skas/syscall.c > @@ -31,6 +31,17 @@ void handle_syscall(struct uml_pt_regs *r) > goto out; > > syscall = UPT_SYSCALL_NR(r); > + > + /* > + * If no time passes, then sched_yield may not actually yield, causing > + * broken spinlock implementations in userspace (ASAN) to hang for long > + * periods of time. > + */ > + if ((time_travel_mode == TT_MODE_INFCPU || > + time_travel_mode == TT_MODE_EXTERNAL) && > + syscall == __NR_sched_yield) > + tt_extra_sched_jiffies += 1; > + > if (syscall >= 0 && syscall < __NR_syscalls) { > unsigned long ret = EXECUTE_SYSCALL(syscall, regs); >

7 months, 1 week

2
1
0 0

[PATCH] riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL

by Nam Cao

When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not available, the kernel crashes: Oops - illegal instruction [#1] [snip] epc : set_tagged_addr_ctrl+0x112/0x15a ra : set_tagged_addr_ctrl+0x74/0x15a epc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10 [snip] status: 0000000200000120 badaddr: 0000000010a79073 cause: 0000000000000002 set_tagged_addr_ctrl+0x112/0x15a __riscv_sys_prctl+0x352/0x73c do_trap_ecall_u+0x17c/0x20c andle_exception+0x150/0x15c Fix it by checking if Supm is available. Fixes: 09d6775f503b ("riscv: Add support for userspace pointer masking") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- arch/riscv/kernel/process.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 7c244de77180..3db2c0c07acd 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -275,6 +275,9 @@ long set_tagged_addr_ctrl(struct task_struct *task, unsigned long arg) unsigned long pmm; u8 pmlen; + if (!riscv_has_extension_unlikely(RISCV_ISA_EXT_SUPM)) + return -EINVAL; + if (is_compat_thread(ti)) return -EINVAL; -- 2.39.5

7 months, 1 week

4
7
0 0

[PATCH] f2fs: fix to return correct error number in f2fs_sync_node_pages()

by Chao Yu

If __write_node_folio() failed, it will return AOP_WRITEPAGE_ACTIVATE, the incorrect return value may be passed to userspace in below path, fix it. - sync_filesystem - sync_fs - f2fs_issue_checkpoint - block_operations - f2fs_sync_node_pages - __write_node_folio : return AOP_WRITEPAGE_ACTIVATE Cc: stable(a)vger.kernel.org Reported-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/node.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index ec74eb9982a5..69308523c34e 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -2092,10 +2092,14 @@ int f2fs_sync_node_pages(struct f2fs_sb_info *sbi, ret = __write_node_folio(folio, false, &submitted, wbc, do_balance, io_type, NULL); - if (ret) + if (ret) { folio_unlock(folio); - else if (submitted) + folio_batch_release(&fbatch); + ret = -EIO; + goto out; + } else if (submitted) { nwritten++; + } if (--wbc->nr_to_write == 0) break; -- 2.49.0

7 months, 1 week

2
1
0 0

[PATCH 1/6] f2fs: fix to return correct error number in f2fs_sync_node_pages()

by Christoph Hellwig

From: Chao Yu <chao(a)kernel.org> If __write_node_folio() failed, it will return AOP_WRITEPAGE_ACTIVATE, the incorrect return value may be passed to userspace in below path, fix it. - sync_filesystem - sync_fs - f2fs_issue_checkpoint - block_operations - f2fs_sync_node_pages - __write_node_folio : return AOP_WRITEPAGE_ACTIVATE Cc: stable(a)vger.kernel.org Reported-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/node.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index ec74eb9982a5..69308523c34e 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -2092,10 +2092,14 @@ int f2fs_sync_node_pages(struct f2fs_sb_info *sbi, ret = __write_node_folio(folio, false, &submitted, wbc, do_balance, io_type, NULL); - if (ret) + if (ret) { folio_unlock(folio); - else if (submitted) + folio_batch_release(&fbatch); + ret = -EIO; + goto out; + } else if (submitted) { nwritten++; + } if (--wbc->nr_to_write == 0) break; -- 2.47.2

7 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] mm: page_alloc: speed up fallbacks in rmqueue_bulk()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 90abee6d7895d5eef18c91d870d8168be4e76e9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042150-hardiness-hunting-0780@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 90abee6d7895d5eef18c91d870d8168be4e76e9d Mon Sep 17 00:00:00 2001 From: Johannes Weiner <hannes(a)cmpxchg.org> Date: Mon, 7 Apr 2025 14:01:53 -0400 Subject: [PATCH] mm: page_alloc: speed up fallbacks in rmqueue_bulk() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The test robot identified c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") as the root cause of a 56.4% regression in vm-scalability::lru-file-mmap-read. Carlos reports an earlier patch, c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion"), as the root cause for a regression in worst-case zone->lock+irqoff hold times. Both of these patches modify the page allocator's fallback path to be less greedy in an effort to stave off fragmentation. The flip side of this is that fallbacks are also less productive each time around, which means the fallback search can run much more frequently. Carlos' traces point to rmqueue_bulk() specifically, which tries to refill the percpu cache by allocating a large batch of pages in a loop. It highlights how once the native freelists are exhausted, the fallback code first scans orders top-down for whole blocks to claim, then falls back to a bottom-up search for the smallest buddy to steal. For the next batch page, it goes through the same thing again. This can be made more efficient. Since rmqueue_bulk() holds the zone->lock over the entire batch, the freelists are not subject to outside changes; when the search for a block to claim has already failed, there is no point in trying again for the next page. Modify __rmqueue() to remember the last successful fallback mode, and restart directly from there on the next rmqueue_bulk() iteration. Oliver confirms that this improves beyond the regression that the test robot reported against c2f6ea38fc1b: commit: f3b92176f4 ("tools/selftests: add guard region test for /proc/$pid/pagemap") c2f6ea38fc ("mm: page_alloc: don't steal single pages from biggest buddy") acc4d5ff0b ("Merge tag 'net-6.15-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") 2c847f27c3 ("mm: page_alloc: speed up fallbacks in rmqueue_bulk()") <--- your patch f3b92176f4f7100f c2f6ea38fc1b640aa7a2e155cc1 acc4d5ff0b61eb1715c498b6536 2c847f27c37da65a93d23c237c5 ---------------- --------------------------- --------------------------- --------------------------- %stddev %change %stddev %change %stddev %change %stddev \ | \ | \ | \ 25525364 ± 3% -56.4% 11135467 -57.8% 10779336 +31.6% 33581409 vm-scalability.throughput Carlos confirms that worst-case times are almost fully recovered compared to before the earlier culprit patch: 2dd482ba627d (before freelist hygiene): 1ms c0cd6f557b90 (after freelist hygiene): 90ms next-20250319 (steal smallest buddy): 280ms this patch : 8ms [jackmanb(a)google.com: comment updates] Link: https://lkml.kernel.org/r/D92AC0P9594X.3BML64MUKTF8Z@google.com [hannes(a)cmpxchg.org: reset rmqueue_mode in rmqueue_buddy() error loop, per Yunsheng Lin] Link: https://lkml.kernel.org/r/20250409140023.GA2313@cmpxchg.org Link: https://lkml.kernel.org/r/20250407180154.63348-1-hannes@cmpxchg.org Fixes: c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion") Fixes: c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Signed-off-by: Brendan Jackman <jackmanb(a)google.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Reported-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202503271547.fc08b188-lkp@intel.com Reviewed-by: Brendan Jackman <jackmanb(a)google.com> Tested-by: Shivank Garg <shivankg(a)amd.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 9a219fe8e130..1715e34b91af 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2183,23 +2183,15 @@ try_to_claim_block(struct zone *zone, struct page *page, } /* - * Try finding a free buddy page on the fallback list. - * - * This will attempt to claim a whole pageblock for the requested type - * to ensure grouping of such requests in the future. - * - * If a whole block cannot be claimed, steal an individual page, regressing to - * __rmqueue_smallest() logic to at least break up as little contiguity as - * possible. + * Try to allocate from some fallback migratetype by claiming the entire block, + * i.e. converting it to the allocation's start migratetype. * * The use of signed ints for order and current_order is a deliberate * deviation from the rest of this file, to make the for loop * condition simpler. - * - * Return the stolen page, or NULL if none can be found. */ static __always_inline struct page * -__rmqueue_fallback(struct zone *zone, int order, int start_migratetype, +__rmqueue_claim(struct zone *zone, int order, int start_migratetype, unsigned int alloc_flags) { struct free_area *area; @@ -2237,14 +2229,29 @@ __rmqueue_fallback(struct zone *zone, int order, int start_migratetype, page = try_to_claim_block(zone, page, current_order, order, start_migratetype, fallback_mt, alloc_flags); - if (page) - goto got_one; + if (page) { + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; + } } - if (alloc_flags & ALLOC_NOFRAGMENT) - return NULL; + return NULL; +} + +/* + * Try to steal a single page from some fallback migratetype. Leave the rest of + * the block as its current migratetype, potentially causing fragmentation. + */ +static __always_inline struct page * +__rmqueue_steal(struct zone *zone, int order, int start_migratetype) +{ + struct free_area *area; + int current_order; + struct page *page; + int fallback_mt; + bool claim_block; - /* No luck claiming pageblock. Find the smallest fallback page */ for (current_order = order; current_order < NR_PAGE_ORDERS; current_order++) { area = &(zone->free_area[current_order]); fallback_mt = find_suitable_fallback(area, current_order, @@ -2254,25 +2261,28 @@ __rmqueue_fallback(struct zone *zone, int order, int start_migratetype, page = get_page_from_free_area(area, fallback_mt); page_del_and_expand(zone, page, order, current_order, fallback_mt); - goto got_one; + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; } return NULL; - -got_one: - trace_mm_page_alloc_extfrag(page, order, current_order, - start_migratetype, fallback_mt); - - return page; } +enum rmqueue_mode { + RMQUEUE_NORMAL, + RMQUEUE_CMA, + RMQUEUE_CLAIM, + RMQUEUE_STEAL, +}; + /* * Do the hard work of removing an element from the buddy allocator. * Call me with the zone->lock already held. */ static __always_inline struct page * __rmqueue(struct zone *zone, unsigned int order, int migratetype, - unsigned int alloc_flags) + unsigned int alloc_flags, enum rmqueue_mode *mode) { struct page *page; @@ -2291,16 +2301,48 @@ __rmqueue(struct zone *zone, unsigned int order, int migratetype, } } - page = __rmqueue_smallest(zone, order, migratetype); - if (unlikely(!page)) { - if (alloc_flags & ALLOC_CMA) + /* + * First try the freelists of the requested migratetype, then try + * fallbacks modes with increasing levels of fragmentation risk. + * + * The fallback logic is expensive and rmqueue_bulk() calls in + * a loop with the zone->lock held, meaning the freelists are + * not subject to any outside changes. Remember in *mode where + * we found pay dirt, to save us the search on the next call. + */ + switch (*mode) { + case RMQUEUE_NORMAL: + page = __rmqueue_smallest(zone, order, migratetype); + if (page) + return page; + fallthrough; + case RMQUEUE_CMA: + if (alloc_flags & ALLOC_CMA) { page = __rmqueue_cma_fallback(zone, order); - - if (!page) - page = __rmqueue_fallback(zone, order, migratetype, - alloc_flags); + if (page) { + *mode = RMQUEUE_CMA; + return page; + } + } + fallthrough; + case RMQUEUE_CLAIM: + page = __rmqueue_claim(zone, order, migratetype, alloc_flags); + if (page) { + /* Replenished preferred freelist, back to normal mode. */ + *mode = RMQUEUE_NORMAL; + return page; + } + fallthrough; + case RMQUEUE_STEAL: + if (!(alloc_flags & ALLOC_NOFRAGMENT)) { + page = __rmqueue_steal(zone, order, migratetype); + if (page) { + *mode = RMQUEUE_STEAL; + return page; + } + } } - return page; + return NULL; } /* @@ -2312,6 +2354,7 @@ static int rmqueue_bulk(struct zone *zone, unsigned int order, unsigned long count, struct list_head *list, int migratetype, unsigned int alloc_flags) { + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; unsigned long flags; int i; @@ -2323,7 +2366,7 @@ static int rmqueue_bulk(struct zone *zone, unsigned int order, } for (i = 0; i < count; ++i) { struct page *page = __rmqueue(zone, order, migratetype, - alloc_flags); + alloc_flags, &rmqm); if (unlikely(page == NULL)) break; @@ -2948,7 +2991,9 @@ struct page *rmqueue_buddy(struct zone *preferred_zone, struct zone *zone, if (alloc_flags & ALLOC_HIGHATOMIC) page = __rmqueue_smallest(zone, order, MIGRATE_HIGHATOMIC); if (!page) { - page = __rmqueue(zone, order, migratetype, alloc_flags); + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; + + page = __rmqueue(zone, order, migratetype, alloc_flags, &rmqm); /* * If the allocation fails, allow OOM handling and

7 months, 1 week

2
2
0 0

[PATCH v2 0/7] accel/ivpu: Add context violation handling for 6.12

by Jacek Lawrynowicz

These patchset adds support for VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW message added in recent VPU firmware. Without it the driver will not be able to process any jobs after this message is received and would need to be reloaded. Most patches are as-is from upstream besides these two: - Fix locking order in ivpu_job_submit - Abort all jobs after command queue unregister Both these patches need to be rebased because of missing new CMDQ UAPI changes that should not be backported to stable. Changes since v1: - Documented deviations from the original upstream patches in commit messages Andrew Kreimer (1): accel/ivpu: Fix a typo Andrzej Kacprowski (1): accel/ivpu: Update VPU FW API headers Karol Wachowski (4): accel/ivpu: Use xa_alloc_cyclic() instead of custom function accel/ivpu: Abort all jobs after command queue unregister accel/ivpu: Fix locking order in ivpu_job_submit accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW Tomasz Rusinowicz (1): accel/ivpu: Make DB_ID and JOB_ID allocations incremental drivers/accel/ivpu/ivpu_drv.c | 38 ++-- drivers/accel/ivpu/ivpu_drv.h | 9 + drivers/accel/ivpu/ivpu_job.c | 125 +++++++++--- drivers/accel/ivpu/ivpu_job.h | 1 + drivers/accel/ivpu/ivpu_jsm_msg.c | 3 +- drivers/accel/ivpu/ivpu_mmu.c | 3 +- drivers/accel/ivpu/ivpu_sysfs.c | 5 +- drivers/accel/ivpu/vpu_boot_api.h | 45 +++-- drivers/accel/ivpu/vpu_jsm_api.h | 303 +++++++++++++++++++++++++----- 9 files changed, 412 insertions(+), 120 deletions(-) -- 2.45.1

7 months, 1 week

2
14
0 0

[PATCH 6.14.y v2 0/7] ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd

by Jared Holzman

This patchset backports a series of ublk fixes from upstream to 6.14-stable. Patch 7 fixes the race that can cause kernel panic when ublk server daemon is exiting. It depends on patches 1-6 which simplifies & improves IO canceling when ublk server daemon is exiting as described here: https://lore.kernel.org/linux-block/20250416035444.99569-1-ming.lei@redhat.… Ming Lei (5): ublk: add helper of ublk_need_map_io() ublk: move device reset into ublk_ch_release() ublk: remove __ublk_quiesce_dev() ublk: simplify aborting ublk request ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd Uday Shankar (2): ublk: properly serialize all FETCH_REQs ublk: improve detection and handling of ublk server exit drivers/block/ublk_drv.c | 550 +++++++++++++++++++++------------------ 1 file changed, 291 insertions(+), 259 deletions(-) -- 2.43.0

7 months, 1 week

3
15
0 0

[PATCH v6.1] md: move initialization and destruction of 'io_acct_set' to md.c

by Yu Kuai

From: Yu Kuai <yukuai3(a)huawei.com> commit c567c86b90d4715081adfe5eb812141a5b6b4883 upstream. 'io_acct_set' is only used for raid0 and raid456, prepare to use it for raid1 and raid10, so that io accounting from different levels can be consistent. By the way, follow up patches will also use this io clone mechanism to make sure 'active_io' represents in flight io, not io that is dispatching, so that mddev_suspend will wait for io to be done as designed. Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Xiao Ni <xni(a)redhat.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20230621165110.1498313-2-yukuai1@huaweicloud.com [Yu Kuai: This is the relied patch for commit 4a05f7ae3371 ("md/raid10: fix missing discard IO accounting"), kernel will panic while issuing discard to raid10 without this patch] Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> --- drivers/md/md.c | 27 ++++++++++----------------- drivers/md/md.h | 2 -- drivers/md/raid0.c | 16 ++-------------- drivers/md/raid5.c | 41 +++++++++++------------------------------ 4 files changed, 23 insertions(+), 63 deletions(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index d5fbccc72810..a9fcfcbc2d11 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -5965,6 +5965,13 @@ int md_run(struct mddev *mddev) goto exit_bio_set; } + if (!bioset_initialized(&mddev->io_acct_set)) { + err = bioset_init(&mddev->io_acct_set, BIO_POOL_SIZE, + offsetof(struct md_io_acct, bio_clone), 0); + if (err) + goto exit_sync_set; + } + spin_lock(&pers_lock); pers = find_pers(mddev->level, mddev->clevel); if (!pers || !try_module_get(pers->owner)) { @@ -6142,6 +6149,8 @@ int md_run(struct mddev *mddev) module_put(pers->owner); md_bitmap_destroy(mddev); abort: + bioset_exit(&mddev->io_acct_set); +exit_sync_set: bioset_exit(&mddev->sync_set); exit_bio_set: bioset_exit(&mddev->bio_set); @@ -6374,6 +6383,7 @@ static void __md_stop(struct mddev *mddev) percpu_ref_exit(&mddev->active_io); bioset_exit(&mddev->bio_set); bioset_exit(&mddev->sync_set); + bioset_exit(&mddev->io_acct_set); } void md_stop(struct mddev *mddev) @@ -8744,23 +8754,6 @@ void md_submit_discard_bio(struct mddev *mddev, struct md_rdev *rdev, } EXPORT_SYMBOL_GPL(md_submit_discard_bio); -int acct_bioset_init(struct mddev *mddev) -{ - int err = 0; - - if (!bioset_initialized(&mddev->io_acct_set)) - err = bioset_init(&mddev->io_acct_set, BIO_POOL_SIZE, - offsetof(struct md_io_acct, bio_clone), 0); - return err; -} -EXPORT_SYMBOL_GPL(acct_bioset_init); - -void acct_bioset_exit(struct mddev *mddev) -{ - bioset_exit(&mddev->io_acct_set); -} -EXPORT_SYMBOL_GPL(acct_bioset_exit); - static void md_end_io_acct(struct bio *bio) { struct md_io_acct *md_io_acct = bio->bi_private; diff --git a/drivers/md/md.h b/drivers/md/md.h index 4f0b48097455..1fda5e139beb 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -746,8 +746,6 @@ extern void md_error(struct mddev *mddev, struct md_rdev *rdev); extern void md_finish_reshape(struct mddev *mddev); void md_submit_discard_bio(struct mddev *mddev, struct md_rdev *rdev, struct bio *bio, sector_t start, sector_t size); -int acct_bioset_init(struct mddev *mddev); -void acct_bioset_exit(struct mddev *mddev); void md_account_bio(struct mddev *mddev, struct bio **bio); extern bool __must_check md_flush_request(struct mddev *mddev, struct bio *bio); diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c index 7c6a0b4437d8..c50a7abda744 100644 --- a/drivers/md/raid0.c +++ b/drivers/md/raid0.c @@ -377,7 +377,6 @@ static void raid0_free(struct mddev *mddev, void *priv) struct r0conf *conf = priv; free_conf(mddev, conf); - acct_bioset_exit(mddev); } static int raid0_run(struct mddev *mddev) @@ -392,16 +391,11 @@ static int raid0_run(struct mddev *mddev) if (md_check_no_bitmap(mddev)) return -EINVAL; - if (acct_bioset_init(mddev)) { - pr_err("md/raid0:%s: alloc acct bioset failed.\n", mdname(mddev)); - return -ENOMEM; - } - /* if private is not null, we are here after takeover */ if (mddev->private == NULL) { ret = create_strip_zones(mddev, &conf); if (ret < 0) - goto exit_acct_set; + return ret; mddev->private = conf; } conf = mddev->private; @@ -432,15 +426,9 @@ static int raid0_run(struct mddev *mddev) ret = md_integrity_register(mddev); if (ret) - goto free; + free_conf(mddev, conf); return ret; - -free: - free_conf(mddev, conf); -exit_acct_set: - acct_bioset_exit(mddev); - return ret; } /* diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index 4315dabd3202..6e80a439ec45 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -7770,19 +7770,12 @@ static int raid5_run(struct mddev *mddev) struct md_rdev *rdev; struct md_rdev *journal_dev = NULL; sector_t reshape_offset = 0; - int i, ret = 0; + int i; long long min_offset_diff = 0; int first = 1; - if (acct_bioset_init(mddev)) { - pr_err("md/raid456:%s: alloc acct bioset failed.\n", mdname(mddev)); + if (mddev_init_writes_pending(mddev) < 0) return -ENOMEM; - } - - if (mddev_init_writes_pending(mddev) < 0) { - ret = -ENOMEM; - goto exit_acct_set; - } if (mddev->recovery_cp != MaxSector) pr_notice("md/raid:%s: not clean -- starting background reconstruction\n", @@ -7813,8 +7806,7 @@ static int raid5_run(struct mddev *mddev) (mddev->bitmap_info.offset || mddev->bitmap_info.file)) { pr_notice("md/raid:%s: array cannot have both journal and bitmap\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } if (mddev->reshape_position != MaxSector) { @@ -7839,15 +7831,13 @@ static int raid5_run(struct mddev *mddev) if (journal_dev) { pr_warn("md/raid:%s: don't support reshape with journal - aborting.\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } if (mddev->new_level != mddev->level) { pr_warn("md/raid:%s: unsupported reshape required - aborting.\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } old_disks = mddev->raid_disks - mddev->delta_disks; /* reshape_position must be on a new-stripe boundary, and one @@ -7863,8 +7853,7 @@ static int raid5_run(struct mddev *mddev) if (sector_div(here_new, chunk_sectors * new_data_disks)) { pr_warn("md/raid:%s: reshape_position not on a stripe boundary\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } reshape_offset = here_new * chunk_sectors; /* here_new is the stripe we will write to */ @@ -7886,8 +7875,7 @@ static int raid5_run(struct mddev *mddev) else if (mddev->ro == 0) { pr_warn("md/raid:%s: in-place reshape must be started in read-only mode - aborting\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } } else if (mddev->reshape_backwards ? (here_new * chunk_sectors + min_offset_diff <= @@ -7897,8 +7885,7 @@ static int raid5_run(struct mddev *mddev) /* Reading from the same stripe as writing to - bad */ pr_warn("md/raid:%s: reshape_position too early for auto-recovery - aborting.\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } pr_debug("md/raid:%s: reshape will continue\n", mdname(mddev)); /* OK, we should be able to continue; */ @@ -7922,10 +7909,8 @@ static int raid5_run(struct mddev *mddev) else conf = mddev->private; - if (IS_ERR(conf)) { - ret = PTR_ERR(conf); - goto exit_acct_set; - } + if (IS_ERR(conf)) + return PTR_ERR(conf); if (test_bit(MD_HAS_JOURNAL, &mddev->flags)) { if (!journal_dev) { @@ -8125,10 +8110,7 @@ static int raid5_run(struct mddev *mddev) free_conf(conf); mddev->private = NULL; pr_warn("md/raid:%s: failed to run raid set.\n", mdname(mddev)); - ret = -EIO; -exit_acct_set: - acct_bioset_exit(mddev); - return ret; + return -EIO; } static void raid5_free(struct mddev *mddev, void *priv) @@ -8136,7 +8118,6 @@ static void raid5_free(struct mddev *mddev, void *priv) struct r5conf *conf = priv; free_conf(conf); - acct_bioset_exit(mddev); mddev->to_remove = &raid5_attrs_group; } -- 2.39.2

7 months, 1 week

4
3
0 0

FAILED: patch "[PATCH] drm/xe: Invalidate L3 read-only cachelines for geometry" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x e775278cd75f24a2758c28558c4e41b36c935740 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042247-mounting-playlist-f479@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e775278cd75f24a2758c28558c4e41b36c935740 Mon Sep 17 00:00:00 2001 From: Kenneth Graunke <kenneth(a)whitecape.org> Date: Sun, 30 Mar 2025 12:59:23 -0400 Subject: [PATCH] drm/xe: Invalidate L3 read-only cachelines for geometry streams too Historically, the Vertex Fetcher unit has not been an L3 client. That meant that, when a buffer containing vertex data was written to, it was necessary to issue a PIPE_CONTROL::VF Cache Invalidate to invalidate any VF L2 cachelines associated with that buffer, so the new value would be properly read from memory. Since Tigerlake and later, VERTEX_BUFFER_STATE and 3DSTATE_INDEX_BUFFER have included an "L3 Bypass Enable" bit which userspace drivers can set to request that the vertex fetcher unit snoop L3. However, unlike most true L3 clients, the "VF Cache Invalidate" bit continues to only invalidate the VF L2 cache - and not any associated L3 lines. To handle that, PIPE_CONTROL has a new "L3 Read Only Cache Invalidation Bit", which according to the docs, "controls the invalidation of the Geometry streams cached in L3 cache at the top of the pipe." In other words, the vertex and index buffer data that gets cached in L3 when "L3 Bypass Disable" is set. Mesa always sets L3 Bypass Disable so that the VF unit snoops L3, and whenever it issues a VF Cache Invalidate, it also issues a L3 Read Only Cache Invalidate so that both L2 and L3 vertex data is invalidated. xe is issuing VF cache invalidates too (which handles cases like CPU writes to a buffer between GPU batches). Because userspace may enable L3 snooping, it needs to issue an L3 Read Only Cache Invalidate as well. Fixes significant flickering in Firefox on Meteorlake, which was writing to vertex buffers via the CPU between batches; the missing L3 Read Only invalidates were causing the vertex fetcher to read stale data from L3. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/4460 Fixes: 6ef3bb60557d ("drm/xe: enable lite restore") Cc: stable(a)vger.kernel.org # v6.13+ Signed-off-by: Kenneth Graunke <kenneth(a)whitecape.org> Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://lore.kernel.org/r/20250330165923.56410-1-rodrigo.vivi@intel.com Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> (cherry picked from commit 61672806b579dd5a150a042ec9383be2bbc2ae7e) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/instructions/xe_gpu_commands.h b/drivers/gpu/drm/xe/instructions/xe_gpu_commands.h index a255946b6f77..8cfcd3360896 100644 --- a/drivers/gpu/drm/xe/instructions/xe_gpu_commands.h +++ b/drivers/gpu/drm/xe/instructions/xe_gpu_commands.h @@ -41,6 +41,7 @@ #define GFX_OP_PIPE_CONTROL(len) ((0x3<<29)|(0x3<<27)|(0x2<<24)|((len)-2)) +#define PIPE_CONTROL0_L3_READ_ONLY_CACHE_INVALIDATE BIT(10) /* gen12 */ #define PIPE_CONTROL0_HDC_PIPELINE_FLUSH BIT(9) /* gen12 */ #define PIPE_CONTROL_COMMAND_CACHE_INVALIDATE (1<<29) diff --git a/drivers/gpu/drm/xe/xe_ring_ops.c b/drivers/gpu/drm/xe/xe_ring_ops.c index 917fc16de866..a7582b097ae6 100644 --- a/drivers/gpu/drm/xe/xe_ring_ops.c +++ b/drivers/gpu/drm/xe/xe_ring_ops.c @@ -137,7 +137,8 @@ emit_pipe_control(u32 *dw, int i, u32 bit_group_0, u32 bit_group_1, u32 offset, static int emit_pipe_invalidate(u32 mask_flags, bool invalidate_tlb, u32 *dw, int i) { - u32 flags = PIPE_CONTROL_CS_STALL | + u32 flags0 = 0; + u32 flags1 = PIPE_CONTROL_CS_STALL | PIPE_CONTROL_COMMAND_CACHE_INVALIDATE | PIPE_CONTROL_INSTRUCTION_CACHE_INVALIDATE | PIPE_CONTROL_TEXTURE_CACHE_INVALIDATE | @@ -148,11 +149,15 @@ static int emit_pipe_invalidate(u32 mask_flags, bool invalidate_tlb, u32 *dw, PIPE_CONTROL_STORE_DATA_INDEX; if (invalidate_tlb) - flags |= PIPE_CONTROL_TLB_INVALIDATE; + flags1 |= PIPE_CONTROL_TLB_INVALIDATE; - flags &= ~mask_flags; + flags1 &= ~mask_flags; - return emit_pipe_control(dw, i, 0, flags, LRC_PPHWSP_FLUSH_INVAL_SCRATCH_ADDR, 0); + if (flags1 & PIPE_CONTROL_VF_CACHE_INVALIDATE) + flags0 |= PIPE_CONTROL0_L3_READ_ONLY_CACHE_INVALIDATE; + + return emit_pipe_control(dw, i, flags0, flags1, + LRC_PPHWSP_FLUSH_INVAL_SCRATCH_ADDR, 0); } static int emit_store_imm_ppgtt_posted(u64 addr, u64 value,

7 months, 1 week

3
2
0 0

[PATCH] dm: fix copying after src array boundaries

by Tudor Ambarus

The blammed commit copied to argv the size of the reallocated argv, instead of the size of the old_argv, thus reading and copying from past the old_argv allocated memory. Following BUG_ON was hit: [ 3.038929][ T1] kernel BUG at lib/string_helpers.c:1040! [ 3.039147][ T1] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP ... [ 3.056489][ T1] Call trace: [ 3.056591][ T1] __fortify_panic+0x10/0x18 (P) [ 3.056773][ T1] dm_split_args+0x20c/0x210 [ 3.056942][ T1] dm_table_add_target+0x13c/0x360 [ 3.057132][ T1] table_load+0x110/0x3ac [ 3.057292][ T1] dm_ctl_ioctl+0x424/0x56c [ 3.057457][ T1] __arm64_sys_ioctl+0xa8/0xec [ 3.057634][ T1] invoke_syscall+0x58/0x10c [ 3.057804][ T1] el0_svc_common+0xa8/0xdc [ 3.057970][ T1] do_el0_svc+0x1c/0x28 [ 3.058123][ T1] el0_svc+0x50/0xac [ 3.058266][ T1] el0t_64_sync_handler+0x60/0xc4 [ 3.058452][ T1] el0t_64_sync+0x1b0/0x1b4 [ 3.058620][ T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000) [ 3.058897][ T1] ---[ end trace 0000000000000000 ]--- [ 3.059083][ T1] Kernel panic - not syncing: Oops - BUG: Fatal exception Fix it by copying the size of src, and not the size of dst, as it was. Fixes: 5a2a6c428190 ("dm: always update the array size in realloc_argv on success") Cc: stable(a)vger.kernel.org Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> --- drivers/md/dm-table.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 9e175c5e0634b49b990436898f63c2b1e696febb..6dae73ee49dbb36d89341ff09556876d0973c4ff 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -524,9 +524,9 @@ static char **realloc_argv(unsigned int *size, char **old_argv) } argv = kmalloc_array(new_size, sizeof(*argv), gfp); if (argv) { - *size = new_size; if (old_argv) memcpy(argv, old_argv, *size * sizeof(*argv)); + *size = new_size; } kfree(old_argv); --- base-commit: 92a09c47464d040866cf2b4cd052bc60555185fb change-id: 20250506-dm-past-array-boundaries-1fe2f5a1030f Best regards, -- Tudor Ambarus <tudor.ambarus(a)linaro.org>

7 months, 1 week

3
2
0 0

[PATCH 6.6 0/2] PCI: imx6: Fix i.MX7D controller_id backport regression

by Ryan Matthews

Hello, This fixes an i.Mx 7D SoC PCIe regression caused by a backport mistake. The regression is broken PCIe initialization and for me a boot hang. I don't know how to organize this. I think a revert and redo best captures what's happening. To complicate things, it looks like the redo patch could also be applied to 5.4, 5.10, 5.15, and 6.1. But those versions don't have the original backport commit. Version 6.12 matches master and needs no change. One conflict resolution is needed to apply the redo patch back to versions 6.1 -> 5.15 -> 5.10. One more resolution to apply back to -> 5.4. Patches against those other versions aren't included here. -- Ryan Richard Zhu (1): PCI: imx6: Skip controller_id generation logic for i.MX7D Ryan Matthews (1): Revert "PCI: imx6: Skip controller_id generation logic for i.MX7D" drivers/pci/controller/dwc/pci-imx6.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) base-commit: 814637ca257f4faf57a73fd4e38888cce88b5911 -- 2.47.2

7 months, 1 week

3
10
0 0

FAILED: patch "[PATCH] btrfs: fix the inode leak in btrfs_iget()" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 48c1d1bb525b1c44b8bdc8e7ec5629cb6c2b9fc4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050558-charger-crumpled-6ca4@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 48c1d1bb525b1c44b8bdc8e7ec5629cb6c2b9fc4 Mon Sep 17 00:00:00 2001 From: Penglei Jiang <superman.xpt(a)gmail.com> Date: Mon, 21 Apr 2025 08:40:29 -0700 Subject: [PATCH] btrfs: fix the inode leak in btrfs_iget() [BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: BTRFS info (device loop1): last unmount of filesystem 1680000e-3c1e-4c46-84b6-56bd3909af50 VFS: Busy inodes after unmount of loop1 (btrfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:650! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 48168 Comm: syz-executor Not tainted 6.15.0-rc2-00471-g119009db2674 #2 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:generic_shutdown_super+0x2e9/0x390 fs/super.c:650 Call Trace: <TASK> kill_anon_super+0x3a/0x60 fs/super.c:1237 btrfs_kill_super+0x3b/0x50 fs/btrfs/super.c:2099 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473 deactivate_super fs/super.c:506 [inline] deactivate_super+0xe2/0x100 fs/super.c:502 cleanup_mnt+0x21f/0x440 fs/namespace.c:1435 task_work_run+0x14d/0x240 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x269/0x290 kernel/entry/common.c:218 do_syscall_64+0xd4/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> [CAUSE] When btrfs_alloc_path() failed, btrfs_iget() directly returned without releasing the inode already allocated by btrfs_iget_locked(). This results the above busy inode and trigger the kernel BUG. [FIX] Fix it by calling iget_failed() if btrfs_alloc_path() failed. If we hit error inside btrfs_read_locked_inode(), it will properly call iget_failed(), so nothing to worry about. Although the iget_failed() cleanup inside btrfs_read_locked_inode() is a break of the normal error handling scheme, let's fix the obvious bug and backport first, then rework the error handling later. Reported-by: Penglei Jiang <superman.xpt(a)gmail.com> Link: https://lore.kernel.org/linux-btrfs/20250421102425.44431-1-superman.xpt@gma… Fixes: 7c855e16ab72 ("btrfs: remove conditional path allocation in btrfs_read_locked_inode()") CC: stable(a)vger.kernel.org # 6.13+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Penglei Jiang <superman.xpt(a)gmail.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 312fa996a987..d295a37fa049 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5682,8 +5682,10 @@ struct btrfs_inode *btrfs_iget(u64 ino, struct btrfs_root *root) return inode; path = btrfs_alloc_path(); - if (!path) + if (!path) { + iget_failed(&inode->vfs_inode); return ERR_PTR(-ENOMEM); + } ret = btrfs_read_locked_inode(inode, path); btrfs_free_path(path);

7 months, 1 week

4
3
0 0

FAILED: patch "[PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 246f9bb62016c423972ea7f2335a8e0ed3521cde # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050557-trousers-boogeyman-3f93@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 246f9bb62016c423972ea7f2335a8e0ed3521cde Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Sat, 19 Apr 2025 12:45:29 -0300 Subject: [PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend thermal control support to Alienware m15 R7. Cc: stable(a)vger.kernel.org Tested-by: Romain THERY <romain.thery(a)ik.me> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250419-m15-r7-v1-1-18c6eaa27e25@gmail.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index 3f9e1e986ecf..08b82c151e07 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -69,6 +69,14 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { }, .driver_data = &generic_quirks, }, + { + .ident = "Alienware m15 R7", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), + DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m15 R7"), + }, + .driver_data = &generic_quirks, + }, { .ident = "Alienware m16 R1", .matches = {

7 months, 1 week

3
2
0 0

[PATCH stable v6.6] riscv: Pass patch_text() the length in bytes

by Nam Cao

From: Samuel Holland <samuel.holland(a)sifive.com> [ Upstream commit 51781ce8f4486c3738a6c85175b599ad1be71f89 ] patch_text_nosync() already handles an arbitrary length of code, so this removes a superfluous loop and reduces the number of icache flushes. Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> Reviewed-by: Conor Dooley <conor.dooley(a)microchip.com> Link: https://lore.kernel.org/r/20240327160520.791322-6-samuel.holland@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> [apply to v6.6] Signed-off-by: Nam Cao <namcao(a)linutronix.de> --- this patch fixes a bug introduced by commit b1756750a397 ("riscv: kprobes: Use patch_text_nosync() for insn slots"), which replaced patch_text() with patch_text_nosync(). That is broken, because patch_text() and patch_text_nosync() takes different parameters (number of instruction vs patched length in bytes). This bug was reported in: https://lore.kernel.org/stable/c7e463c0-8cad-4f4e-addd-195c06b7b6de@iscas.a… --- arch/riscv/include/asm/patch.h | 2 +- arch/riscv/kernel/patch.c | 14 +++++--------- arch/riscv/kernel/probes/kprobes.c | 18 ++++++++++-------- arch/riscv/net/bpf_jit_comp64.c | 7 ++++--- 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/arch/riscv/include/asm/patch.h b/arch/riscv/include/asm/patch.h index 9f5d6e14c405..7228e266b9a1 100644 --- a/arch/riscv/include/asm/patch.h +++ b/arch/riscv/include/asm/patch.h @@ -9,7 +9,7 @@ int patch_insn_write(void *addr, const void *insn, size_t len); int patch_text_nosync(void *addr, const void *insns, size_t len); int patch_text_set_nosync(void *addr, u8 c, size_t len); -int patch_text(void *addr, u32 *insns, int ninsns); +int patch_text(void *addr, u32 *insns, size_t len); extern int riscv_patch_in_stop_machine; diff --git a/arch/riscv/kernel/patch.c b/arch/riscv/kernel/patch.c index 78387d843aa5..aeda87240dbc 100644 --- a/arch/riscv/kernel/patch.c +++ b/arch/riscv/kernel/patch.c @@ -19,7 +19,7 @@ struct patch_insn { void *addr; u32 *insns; - int ninsns; + size_t len; atomic_t cpu_count; }; @@ -234,14 +234,10 @@ NOKPROBE_SYMBOL(patch_text_nosync); static int patch_text_cb(void *data) { struct patch_insn *patch = data; - unsigned long len; - int i, ret = 0; + int ret = 0; if (atomic_inc_return(&patch->cpu_count) == num_online_cpus()) { - for (i = 0; ret == 0 && i < patch->ninsns; i++) { - len = GET_INSN_LENGTH(patch->insns[i]); - ret = patch_insn_write(patch->addr + i * len, &patch->insns[i], len); - } + ret = patch_insn_write(patch->addr, patch->insns, patch->len); /* * Make sure the patching store is effective *before* we * increment the counter which releases all waiting CPUs @@ -262,13 +258,13 @@ static int patch_text_cb(void *data) } NOKPROBE_SYMBOL(patch_text_cb); -int patch_text(void *addr, u32 *insns, int ninsns) +int patch_text(void *addr, u32 *insns, size_t len) { int ret; struct patch_insn patch = { .addr = addr, .insns = insns, - .ninsns = ninsns, + .len = len, .cpu_count = ATOMIC_INIT(0), }; diff --git a/arch/riscv/kernel/probes/kprobes.c b/arch/riscv/kernel/probes/kprobes.c index 4fbc70e823f0..297427ffc4e0 100644 --- a/arch/riscv/kernel/probes/kprobes.c +++ b/arch/riscv/kernel/probes/kprobes.c @@ -23,13 +23,13 @@ post_kprobe_handler(struct kprobe *, struct kprobe_ctlblk *, struct pt_regs *); static void __kprobes arch_prepare_ss_slot(struct kprobe *p) { + size_t len = GET_INSN_LENGTH(p->opcode); u32 insn = __BUG_INSN_32; - unsigned long offset = GET_INSN_LENGTH(p->opcode); - p->ainsn.api.restore = (unsigned long)p->addr + offset; + p->ainsn.api.restore = (unsigned long)p->addr + len; - patch_text_nosync(p->ainsn.api.insn, &p->opcode, 1); - patch_text_nosync((void *)p->ainsn.api.insn + offset, &insn, 1); + patch_text_nosync(p->ainsn.api.insn, &p->opcode, len); + patch_text_nosync((void *)p->ainsn.api.insn + len, &insn, GET_INSN_LENGTH(insn)); } static void __kprobes arch_prepare_simulate(struct kprobe *p) @@ -116,16 +116,18 @@ void *alloc_insn_page(void) /* install breakpoint in text */ void __kprobes arch_arm_kprobe(struct kprobe *p) { - u32 insn = (p->opcode & __INSN_LENGTH_MASK) == __INSN_LENGTH_32 ? - __BUG_INSN_32 : __BUG_INSN_16; + size_t len = GET_INSN_LENGTH(p->opcode); + u32 insn = len == 4 ? __BUG_INSN_32 : __BUG_INSN_16; - patch_text(p->addr, &insn, 1); + patch_text(p->addr, &insn, len); } /* remove breakpoint from text */ void __kprobes arch_disarm_kprobe(struct kprobe *p) { - patch_text(p->addr, &p->opcode, 1); + size_t len = GET_INSN_LENGTH(p->opcode); + + patch_text(p->addr, &p->opcode, len); } void __kprobes arch_remove_kprobe(struct kprobe *p) diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c index 26eeb3973631..16eb4cd11cbd 100644 --- a/arch/riscv/net/bpf_jit_comp64.c +++ b/arch/riscv/net/bpf_jit_comp64.c @@ -14,6 +14,7 @@ #include "bpf_jit.h" #define RV_FENTRY_NINSNS 2 +#define RV_FENTRY_NBYTES (RV_FENTRY_NINSNS * 4) #define RV_REG_TCC RV_REG_A6 #define RV_REG_TCC_SAVED RV_REG_S6 /* Store A6 in S6 if program do calls */ @@ -681,7 +682,7 @@ int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type poke_type, if (ret) return ret; - if (memcmp(ip, old_insns, RV_FENTRY_NINSNS * 4)) + if (memcmp(ip, old_insns, RV_FENTRY_NBYTES)) return -EFAULT; ret = gen_jump_or_nops(new_addr, ip, new_insns, is_call); @@ -690,8 +691,8 @@ int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type poke_type, cpus_read_lock(); mutex_lock(&text_mutex); - if (memcmp(ip, new_insns, RV_FENTRY_NINSNS * 4)) - ret = patch_text(ip, new_insns, RV_FENTRY_NINSNS); + if (memcmp(ip, new_insns, RV_FENTRY_NBYTES)) + ret = patch_text(ip, new_insns, RV_FENTRY_NBYTES); mutex_unlock(&text_mutex); cpus_read_unlock(); -- 2.39.5

7 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] mm: page_alloc: speed up fallbacks in rmqueue_bulk()" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 90abee6d7895d5eef18c91d870d8168be4e76e9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042149-busily-amaretto-e684@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 90abee6d7895d5eef18c91d870d8168be4e76e9d Mon Sep 17 00:00:00 2001 From: Johannes Weiner <hannes(a)cmpxchg.org> Date: Mon, 7 Apr 2025 14:01:53 -0400 Subject: [PATCH] mm: page_alloc: speed up fallbacks in rmqueue_bulk() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The test robot identified c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") as the root cause of a 56.4% regression in vm-scalability::lru-file-mmap-read. Carlos reports an earlier patch, c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion"), as the root cause for a regression in worst-case zone->lock+irqoff hold times. Both of these patches modify the page allocator's fallback path to be less greedy in an effort to stave off fragmentation. The flip side of this is that fallbacks are also less productive each time around, which means the fallback search can run much more frequently. Carlos' traces point to rmqueue_bulk() specifically, which tries to refill the percpu cache by allocating a large batch of pages in a loop. It highlights how once the native freelists are exhausted, the fallback code first scans orders top-down for whole blocks to claim, then falls back to a bottom-up search for the smallest buddy to steal. For the next batch page, it goes through the same thing again. This can be made more efficient. Since rmqueue_bulk() holds the zone->lock over the entire batch, the freelists are not subject to outside changes; when the search for a block to claim has already failed, there is no point in trying again for the next page. Modify __rmqueue() to remember the last successful fallback mode, and restart directly from there on the next rmqueue_bulk() iteration. Oliver confirms that this improves beyond the regression that the test robot reported against c2f6ea38fc1b: commit: f3b92176f4 ("tools/selftests: add guard region test for /proc/$pid/pagemap") c2f6ea38fc ("mm: page_alloc: don't steal single pages from biggest buddy") acc4d5ff0b ("Merge tag 'net-6.15-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") 2c847f27c3 ("mm: page_alloc: speed up fallbacks in rmqueue_bulk()") <--- your patch f3b92176f4f7100f c2f6ea38fc1b640aa7a2e155cc1 acc4d5ff0b61eb1715c498b6536 2c847f27c37da65a93d23c237c5 ---------------- --------------------------- --------------------------- --------------------------- %stddev %change %stddev %change %stddev %change %stddev \ | \ | \ | \ 25525364 ± 3% -56.4% 11135467 -57.8% 10779336 +31.6% 33581409 vm-scalability.throughput Carlos confirms that worst-case times are almost fully recovered compared to before the earlier culprit patch: 2dd482ba627d (before freelist hygiene): 1ms c0cd6f557b90 (after freelist hygiene): 90ms next-20250319 (steal smallest buddy): 280ms this patch : 8ms [jackmanb(a)google.com: comment updates] Link: https://lkml.kernel.org/r/D92AC0P9594X.3BML64MUKTF8Z@google.com [hannes(a)cmpxchg.org: reset rmqueue_mode in rmqueue_buddy() error loop, per Yunsheng Lin] Link: https://lkml.kernel.org/r/20250409140023.GA2313@cmpxchg.org Link: https://lkml.kernel.org/r/20250407180154.63348-1-hannes@cmpxchg.org Fixes: c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion") Fixes: c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Signed-off-by: Brendan Jackman <jackmanb(a)google.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Reported-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202503271547.fc08b188-lkp@intel.com Reviewed-by: Brendan Jackman <jackmanb(a)google.com> Tested-by: Shivank Garg <shivankg(a)amd.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 9a219fe8e130..1715e34b91af 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2183,23 +2183,15 @@ try_to_claim_block(struct zone *zone, struct page *page, } /* - * Try finding a free buddy page on the fallback list. - * - * This will attempt to claim a whole pageblock for the requested type - * to ensure grouping of such requests in the future. - * - * If a whole block cannot be claimed, steal an individual page, regressing to - * __rmqueue_smallest() logic to at least break up as little contiguity as - * possible. + * Try to allocate from some fallback migratetype by claiming the entire block, + * i.e. converting it to the allocation's start migratetype. * * The use of signed ints for order and current_order is a deliberate * deviation from the rest of this file, to make the for loop * condition simpler. - * - * Return the stolen page, or NULL if none can be found. */ static __always_inline struct page * -__rmqueue_fallback(struct zone *zone, int order, int start_migratetype, +__rmqueue_claim(struct zone *zone, int order, int start_migratetype, unsigned int alloc_flags) { struct free_area *area; @@ -2237,14 +2229,29 @@ __rmqueue_fallback(struct zone *zone, int order, int start_migratetype, page = try_to_claim_block(zone, page, current_order, order, start_migratetype, fallback_mt, alloc_flags); - if (page) - goto got_one; + if (page) { + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; + } } - if (alloc_flags & ALLOC_NOFRAGMENT) - return NULL; + return NULL; +} + +/* + * Try to steal a single page from some fallback migratetype. Leave the rest of + * the block as its current migratetype, potentially causing fragmentation. + */ +static __always_inline struct page * +__rmqueue_steal(struct zone *zone, int order, int start_migratetype) +{ + struct free_area *area; + int current_order; + struct page *page; + int fallback_mt; + bool claim_block; - /* No luck claiming pageblock. Find the smallest fallback page */ for (current_order = order; current_order < NR_PAGE_ORDERS; current_order++) { area = &(zone->free_area[current_order]); fallback_mt = find_suitable_fallback(area, current_order, @@ -2254,25 +2261,28 @@ __rmqueue_fallback(struct zone *zone, int order, int start_migratetype, page = get_page_from_free_area(area, fallback_mt); page_del_and_expand(zone, page, order, current_order, fallback_mt); - goto got_one; + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; } return NULL; - -got_one: - trace_mm_page_alloc_extfrag(page, order, current_order, - start_migratetype, fallback_mt); - - return page; } +enum rmqueue_mode { + RMQUEUE_NORMAL, + RMQUEUE_CMA, + RMQUEUE_CLAIM, + RMQUEUE_STEAL, +}; + /* * Do the hard work of removing an element from the buddy allocator. * Call me with the zone->lock already held. */ static __always_inline struct page * __rmqueue(struct zone *zone, unsigned int order, int migratetype, - unsigned int alloc_flags) + unsigned int alloc_flags, enum rmqueue_mode *mode) { struct page *page; @@ -2291,16 +2301,48 @@ __rmqueue(struct zone *zone, unsigned int order, int migratetype, } } - page = __rmqueue_smallest(zone, order, migratetype); - if (unlikely(!page)) { - if (alloc_flags & ALLOC_CMA) + /* + * First try the freelists of the requested migratetype, then try + * fallbacks modes with increasing levels of fragmentation risk. + * + * The fallback logic is expensive and rmqueue_bulk() calls in + * a loop with the zone->lock held, meaning the freelists are + * not subject to any outside changes. Remember in *mode where + * we found pay dirt, to save us the search on the next call. + */ + switch (*mode) { + case RMQUEUE_NORMAL: + page = __rmqueue_smallest(zone, order, migratetype); + if (page) + return page; + fallthrough; + case RMQUEUE_CMA: + if (alloc_flags & ALLOC_CMA) { page = __rmqueue_cma_fallback(zone, order); - - if (!page) - page = __rmqueue_fallback(zone, order, migratetype, - alloc_flags); + if (page) { + *mode = RMQUEUE_CMA; + return page; + } + } + fallthrough; + case RMQUEUE_CLAIM: + page = __rmqueue_claim(zone, order, migratetype, alloc_flags); + if (page) { + /* Replenished preferred freelist, back to normal mode. */ + *mode = RMQUEUE_NORMAL; + return page; + } + fallthrough; + case RMQUEUE_STEAL: + if (!(alloc_flags & ALLOC_NOFRAGMENT)) { + page = __rmqueue_steal(zone, order, migratetype); + if (page) { + *mode = RMQUEUE_STEAL; + return page; + } + } } - return page; + return NULL; } /* @@ -2312,6 +2354,7 @@ static int rmqueue_bulk(struct zone *zone, unsigned int order, unsigned long count, struct list_head *list, int migratetype, unsigned int alloc_flags) { + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; unsigned long flags; int i; @@ -2323,7 +2366,7 @@ static int rmqueue_bulk(struct zone *zone, unsigned int order, } for (i = 0; i < count; ++i) { struct page *page = __rmqueue(zone, order, migratetype, - alloc_flags); + alloc_flags, &rmqm); if (unlikely(page == NULL)) break; @@ -2948,7 +2991,9 @@ struct page *rmqueue_buddy(struct zone *preferred_zone, struct zone *zone, if (alloc_flags & ALLOC_HIGHATOMIC) page = __rmqueue_smallest(zone, order, MIGRATE_HIGHATOMIC); if (!page) { - page = __rmqueue(zone, order, migratetype, alloc_flags); + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; + + page = __rmqueue(zone, order, migratetype, alloc_flags, &rmqm); /* * If the allocation fails, allow OOM handling and

7 months, 1 week

2
2
0 0

RE: Enhance Your Campaigns

by brielle.hayes＠softwareuserzone.info

Hi there, I wanted to follow up on my earlier message. Whenever you have a moment, I'd love to hear your feedback. Best regards, Brielle _____ From: Brielle Hayes Sent: Friday, May 2, 2025 9:04 AM To: linux-stable-mirror(a)lists.linaro.org <mailto:linux-stable-mirror@lists.linaro.org> Subject: Enhance Your Campaigns Hi there, I hope you're doing well. Would you be interested in acquiring our opt-in data list for mobile analytics platform users and customers worldwide? We also provide current Users and Clients data lists for: * Branch * Adjust * Mixpanel * AppsFlyer * CleverTap * Amplitude Analytics * Braze * Singular * Tenjin & many more...! If this sounds relevant, I'd be happy to share more details along with a sample for your review. Best regards, Brielle Hayes | Marketing Executive Reply with "Remove" if you no longer wish to receive emails.

7 months, 1 week

1
0
0 0

[PATCH 5.15 00/55] 5.15.182-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.182 release. There are 55 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 09 May 2025 18:37:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.182-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.182-rc1 Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Thomas Gleixner <tglx(a)linutronix.de> irqchip/gic-v2m: Mark a few functions __init Xiang wangx <wangxiang(a)cdjrlc.com> irqchip/gic-v2m: Add const to of_device_id Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix deadlock issue when externel_lb and reset are executed together Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: add support for external loopback test Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Brett Creeley <brett.creeley(a)intel.com> ice: Refactor promiscuous functions Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Biao Huang <biao.huang(a)mediatek.com> net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_scmi/bus.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 ++--- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-gic-v2m.c | 8 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 ++- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 119 ++++++-- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 3 + drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 61 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 26 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_fltr.c | 58 ++++ drivers/net/ethernet/intel/ice/ice_fltr.h | 12 + drivers/net/ethernet/intel/ice/ice_main.c | 49 +-- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 139 ++++----- drivers/net/ethernet/mediatek/mtk_star_emac.c | 339 ++++++++++++--------- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/phy/microchip.c | 46 +-- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/nvme/host/tcp.c | 31 +- drivers/of/device.c | 7 +- drivers/pci/controller/dwc/pci-imx6.c | 5 +- drivers/tty/serial/msm_serial.c | 6 + kernel/trace/trace.c | 5 +- net/ipv4/udp_offload.c | 61 +++- net/sched/act_mirred.c | 22 +- net/sched/sch_drr.c | 9 +- net/sched/sch_ets.c | 9 +- net/sched/sch_hfsc.c | 2 +- net/sched/sch_qfq.c | 11 +- sound/usb/format.c | 3 +- 66 files changed, 932 insertions(+), 505 deletions(-)

7 months, 1 week

5
61
0 0

[PATCH 6.1 00/97] 6.1.138-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.138 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 09 May 2025 18:37:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.138-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.138-rc1 Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Rob Herring (Arm) <robh(a)kernel.org> ASoC: Use of_property_read_bool() Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/amd/display: Fix slab-use-after-free in hdcp Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Bhawanpreet Lakha <bhawanpreet.lakha(a)amd.com> drm/amd/display: Change HDCP update sequence for DM Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c hersen wu <hersenxs.wu(a)amd.com> drm/amd/display: phase2 enable mst hdcp multiple displays Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Shakeel Butt <shakeel.butt(a)linux.dev> memcg: drain obj stock on cpu hotplug teardown Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Thomas Gleixner <tglx(a)linutronix.de> irqchip/gic-v2m: Mark a few functions __init Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/kexec: Allocate PGD for x86_64 transition page tables separately" Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Yu Kuai <yukuai3(a)huawei.com> md: move initialization and destruction of 'io_acct_set' to md.c Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix RX error handling Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Add range check for CMD_RTS Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix LEN_MASK Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix broken taprio gate states after clock jump Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Ido Schimmel <idosch(a)nvidia.com> vxlan: vnifilter: Fix unlocked deletion of default FDB entry Murad Masimov <m.masimov(a)mt-integration.ru> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Sheetal <sheetal(a)nvidia.com> ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence LongPing Wei <weilongping(a)oppo.com> dm-bufio: don't schedule in atomic context Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Darrick J. Wong <djwong(a)kernel.org> xfs: restrict when we try to align cow fork delalloc to cowextsz hints Darrick J. Wong <djwong(a)kernel.org> xfs: allow unlinked symlinks and dirs with zero size Christoph Hellwig <hch(a)lst.de> xfs: fix freeing speculative preallocations for preallocated files Wengang Wang <wen.gang.wang(a)oracle.com> xfs: make sure sb_fdblocks is non-negative Darrick J. Wong <djwong(a)kernel.org> xfs: allow symlinks with short remote targets Zhang Yi <yi.zhang(a)huawei.com> xfs: convert delayed extents to unwritten when zeroing post eof blocks Zhang Yi <yi.zhang(a)huawei.com> xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset Zhang Yi <yi.zhang(a)huawei.com> xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional Zhang Yi <yi.zhang(a)huawei.com> xfs: match lock mode in xfs_buffered_write_iomap_begin() Darrick J. Wong <djwong(a)kernel.org> xfs: revert commit 44af6c7e59b12 Darrick J. Wong <djwong(a)kernel.org> xfs: validate recovered name buffers when recovering xattr items Darrick J. Wong <djwong(a)kernel.org> xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 Darrick J. Wong <djwong(a)kernel.org> xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery Christoph Hellwig <hch(a)lst.de> xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent Christoph Hellwig <hch(a)lst.de> xfs: fix xfs_bmap_add_extent_delay_real for partial conversions Christoph Hellwig <hch(a)lst.de> xfs: fix error returns from xfs_bmapi_write Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix setting policy limits when frequency tables are used Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in kerberos authentication Shouye Liu <shouyeliu(a)tencent.com> platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Stephan Gerhold <stephan.gerhold(a)linaro.org> irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Sean Christopherson <seanjc(a)google.com> perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Christian Heusel <christian(a)heusel.eu> Revert "rndis_host: Flag RNDIS modems as WWAN devices" ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/x86/events/intel/core.c | 2 +- arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/machine_kexec_64.c | 45 ++- arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/cpufreq/cpufreq.c | 42 ++- drivers/cpufreq/cpufreq_ondemand.c | 3 +- drivers/cpufreq/freq_table.c | 6 +- drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_ffa/driver.c | 3 +- drivers/firmware/arm_scmi/bus.c | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 417 ++++++++++++--------- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.h | 5 +- drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 ++-- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-gic-v2m.c | 8 +- drivers/irqchip/irq-qcom-mpm.c | 3 + drivers/md/dm-bufio.c | 3 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/md/md.c | 27 +- drivers/md/md.h | 2 - drivers/md/raid0.c | 16 +- drivers/md/raid5.c | 41 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 5 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 +- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 ++-- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/ethernet/mscc/ocelot.c | 194 +++++++++- drivers/net/ethernet/mscc/ocelot_vcap.c | 1 + drivers/net/ethernet/vertexcom/mse102x.c | 36 +- drivers/net/phy/microchip.c | 46 +-- drivers/net/usb/rndis_host.c | 16 +- drivers/net/vxlan/vxlan_vnifilter.c | 8 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 1 - drivers/nvme/host/tcp.c | 31 +- drivers/pci/controller/dwc/pci-imx6.c | 5 +- .../x86/intel/uncore-frequency/uncore-frequency.c | 13 +- fs/smb/server/auth.c | 14 +- fs/smb/server/smb2pdu.c | 5 - fs/xfs/libxfs/xfs_attr_remote.c | 1 - fs/xfs/libxfs/xfs_bmap.c | 130 +++++-- fs/xfs/libxfs/xfs_da_btree.c | 20 +- fs/xfs/libxfs/xfs_inode_buf.c | 49 ++- fs/xfs/libxfs/xfs_sb.c | 7 +- fs/xfs/scrub/attr.c | 5 + fs/xfs/xfs_aops.c | 54 +-- fs/xfs/xfs_attr_item.c | 88 ++++- fs/xfs/xfs_bmap_util.c | 65 ++-- fs/xfs/xfs_bmap_util.h | 2 +- fs/xfs/xfs_dquot.c | 1 - fs/xfs/xfs_icache.c | 2 +- fs/xfs/xfs_inode.c | 14 +- fs/xfs/xfs_iomap.c | 81 ++-- fs/xfs/xfs_reflink.c | 20 - fs/xfs/xfs_rtalloc.c | 2 - include/linux/cpufreq.h | 83 ++-- include/soc/mscc/ocelot_vcap.h | 2 + kernel/trace/trace.c | 5 +- mm/memcontrol.c | 9 + net/ipv4/udp_offload.c | 61 ++- net/sched/sch_drr.c | 16 +- net/sched/sch_ets.c | 17 +- net/sched/sch_hfsc.c | 10 +- net/sched/sch_htb.c | 2 + net/sched/sch_qfq.c | 18 +- sound/soc/codecs/ak4613.c | 4 +- sound/soc/soc-core.c | 36 +- sound/soc/soc-pcm.c | 5 +- sound/usb/format.c | 3 +- 103 files changed, 1480 insertions(+), 847 deletions(-)

7 months, 1 week

6
106
0 0

[PATCH v3 1/3] media: videobuf2: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgt->nents. Fixes: d4db5eb57cab ("media: videobuf2: add begin/end cpu_access callbacks to dma-sg") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c index c6ddf2357c58..b3bf2173c14e 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c @@ -469,7 +469,7 @@ vb2_dma_sg_dmabuf_ops_begin_cpu_access(struct dma_buf *dbuf, struct vb2_dma_sg_buf *buf = dbuf->priv; struct sg_table *sgt = buf->dma_sgt; - dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir); + dma_sync_sgtable_for_cpu(buf->dev, sgt, buf->dma_dir); return 0; } @@ -480,7 +480,7 @@ vb2_dma_sg_dmabuf_ops_end_cpu_access(struct dma_buf *dbuf, struct vb2_dma_sg_buf *buf = dbuf->priv; struct sg_table *sgt = buf->dma_sgt; - dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir); + dma_sync_sgtable_for_device(buf->dev, sgt, buf->dma_dir); return 0; } -- 2.34.1

7 months, 1 week

3
2
0 0

[PATCH] spi: tegra114: Use value to check for invalid delays

by Aaron Kling via B4 Relay

From: Aaron Kling <webgeek1234(a)gmail.com> A delay unit of 0 is a valid entry, thus it is not valid to check for unused delays. Instead, check the value field; if that is zero, the given delay is unset. Fixes: 4426e6b4ecf6 ("spi: tegra114: Don't fail set_cs_timing when delays are zero") Cc: stable(a)vger.kernel.org Signed-off-by: Aaron Kling <webgeek1234(a)gmail.com> --- drivers/spi/spi-tegra114.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/spi/spi-tegra114.c b/drivers/spi/spi-tegra114.c index 2a8bb798e95b954fe573f1c50445ed2e7fcbfd78..795a8482c2c700c3768bd50bf59971256893a486 100644 --- a/drivers/spi/spi-tegra114.c +++ b/drivers/spi/spi-tegra114.c @@ -728,9 +728,9 @@ static int tegra_spi_set_hw_cs_timing(struct spi_device *spi) u32 inactive_cycles; u8 cs_state; - if ((setup->unit && setup->unit != SPI_DELAY_UNIT_SCK) || - (hold->unit && hold->unit != SPI_DELAY_UNIT_SCK) || - (inactive->unit && inactive->unit != SPI_DELAY_UNIT_SCK)) { + if ((setup->value && setup->unit != SPI_DELAY_UNIT_SCK) || + (hold->value && hold->unit != SPI_DELAY_UNIT_SCK) || + (inactive->value && inactive->unit != SPI_DELAY_UNIT_SCK)) { dev_err(&spi->dev, "Invalid delay unit %d, should be SPI_DELAY_UNIT_SCK\n", SPI_DELAY_UNIT_SCK); --- base-commit: 0d8d44db295ccad20052d6301ef49ff01fb8ae2d change-id: 20250506-spi-tegra114-fixup-dbf6730db087 Best regards, -- Aaron Kling <webgeek1234(a)gmail.com>

7 months, 1 week

4
3
0 0

[PATCH v5 0/1] kasan: Avoid sleepable page allocation from atomic context

by Alexander Gordeev

Hi All, Chages since v4: - unused pages leak is avoided Chages since v3: - pfn_to_virt() changed to page_to_virt() due to compile error Chages since v2: - page allocation moved out of the atomic context Chages since v1: - Fixes: and -stable tags added to the patch description Thanks! Alexander Gordeev (1): kasan: Avoid sleepable page allocation from atomic context mm/kasan/shadow.c | 77 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 63 insertions(+), 14 deletions(-) -- 2.45.2

7 months, 1 week

2
3
0 0

[PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy

by Zhu Wei

There is a race condition between pqi_sdev_destroy and pqi_tmf_worker. After pqi_free_device is released, pqi_tmf_worker will still use device. kasan report: [ 1933.765810] ================================================================== [ 1933.771862] scsi 15:0:20:0: Direct-Access ATA WDC WUH722222AL WTS2 PQ: 0 ANSI: 6 [ 1933.779190] BUG: KASAN: use-after-free in pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] [ 1933.779194] Read of size 4 at addr ffff88954c490480 by task kworker/2:2/518186 [ 1933.779201] CPU: 2 PID: 518186 Comm: kworker/2:2 Kdump: loaded Tainted: G U OE 4.19.90-89.16.v2401.osc.sfc.6.11.1.0108.ky10.x86_64+debug #1 [ 1933.779203] Source Version: v6.11.1.0108+0~65323201.20250328 [ 1933.779205] Hardware name: SANGFOR S2122-S12L/ASERVER-P-2000, BIOS TYR.2.00.0100 05/18/2019 [ 1933.779213] Workqueue: events pqi_tmf_worker [smartpqi] [ 1933.779216] Call Trace: [ 1933.779225] dump_stack+0x8b/0xb9 [ 1933.779239] print_address_description+0x65/0x2b0 [ 1933.779249] kasan_report+0x14b/0x290 [ 1933.779255] pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] [ 1933.779264] pqi_device_reset_handler+0x174f/0x1f30 [smartpqi] [ 1933.779284] process_one_work+0x65f/0x12d0 [ 1933.806306] worker_thread+0x87/0xb50 [ 1933.806315] kthread+0x2e9/0x3a0 [ 1933.806323] ret_from_fork+0x1f/0x40 [ 1933.843994] Allocated by task 579094: [ 1933.875361] save_stack+0x19/0x80 [ 1933.892366] kasan_kmalloc+0xa0/0xd0 [ 1933.892373] kmem_cache_alloc+0xbb/0x1c0 [ 1933.892378] getname_flags+0xba/0x500 [ 1933.892384] user_path_at_empty+0x1d/0x40 [ 1933.892389] vfs_statx+0xb9/0x140 [ 1933.892397] __do_sys_newstat+0x77/0xd0 [ 1933.913179] do_syscall_64+0xa4/0x430 [ 1933.913187] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 1933.933381] Freed by task 579094: [ 1933.933389] save_stack+0x19/0x80 [ 1933.933392] __kasan_slab_free+0x130/0x180 [ 1933.933396] kmem_cache_free+0x78/0x1e0 [ 1933.933401] filename_lookup+0x216/0x400 [ 1933.933405] vfs_statx+0xb9/0x140 [ 1933.933407] __do_sys_newstat+0x77/0xd0 [ 1933.933417] do_syscall_64+0xa4/0x430 [ 1933.933432] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 1933.956837] [ 1933.956842] The buggy address belongs to the object at ffff88954c490000 which belongs to the cache names_cache of size 4096 [ 1933.956845] The buggy address is located 1152 bytes inside of 4096-byte region [ffff88954c490000, ffff88954c491000) [ 1933.956851] The buggy address belongs to the page: [ 1934.297352] page:ffffea0055312400 count:1 mapcount:0 mapping:ffff888100580f00 index:0x0 compound_mapcount: 0 [ 1934.309566] flags: 0x57ffffc0008100(slab|head) [ 1934.316370] raw: 0057ffffc0008100 0000000000000000 dead000000000200 ffff888100580f00 [ 1934.326518] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 1934.338191] page dumped because: kasan: bad access detected [ 1934.346177] [ 1934.350031] Memory state around the buggy address: [ 1934.357220] ffff88954c490380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.366854] ffff88954c490400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.376474] >ffff88954c490480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.386094] ^ [ 1934.391684] ffff88954c490500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.402601] ffff88954c490580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.412228] ================================================================== Before pqi_sdev_destroy executes pqi_free_device, cancel the pqi_tmf_worker of the corresponding device. Fixes: 2d80f4054f7f ("scsi: smartpqi: Update deleting a LUN via sysfs") Signed-off-by: Zhu Wei <zhuwei(a)sangfor.com.cn> --- drivers/scsi/smartpqi/smartpqi_init.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c index 8a26eca4fdc9..102ed7501f08 100644 --- a/drivers/scsi/smartpqi/smartpqi_init.c +++ b/drivers/scsi/smartpqi/smartpqi_init.c @@ -6581,6 +6581,8 @@ static void pqi_sdev_destroy(struct scsi_device *sdev) struct pqi_scsi_dev *device; int mutex_acquired; unsigned long flags; + unsigned int lun; + struct pqi_tmf_work *tmf_work; ctrl_info = shost_to_hba(sdev->host); @@ -6607,6 +6609,8 @@ static void pqi_sdev_destroy(struct scsi_device *sdev) mutex_unlock(&ctrl_info->scan_mutex); pqi_dev_info(ctrl_info, "removed", device); + for (lun = 0, tmf_work = device->tmf_work; lun < PQI_MAX_LUNS_PER_DEVICE; lun++, tmf_work++) + cancel_work_sync(&tmf_work->work_struct); pqi_free_device(device); } -- 2.43.0

7 months, 1 week

2
1
0 0

[PATCH] drm/dp: Fix Write_Status_Update_Request AUX request format

by Wayne Lin

[Why] Notice AUX request format of I2C-over-AUX with Write_Status_Update_Request flag set is incorrect. It should be address only request without length and data like: "SYNC->COM3:0 (= 0110)|0000-> 0000|0000-> 0|7-bit I2C address (the same as the last)-> STOP->". [How] Refer to DP v2.1 Table 2-178, correct the Write_Status_Update_Request to be address only request. Note that we might receive 0 returned by aux->transfer() when receive reply I2C_ACK|AUX_ACK of Write_Status_Update_Request transaction. Which indicating all data bytes get written. We should avoid to return 0 bytes get transferred under this case. Fixes: 68ec2a2a2481 ("drm/dp: Use I2C_WRITE_STATUS_UPDATE to drain partial I2C_WRITE requests") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/display/drm_dp_helper.c | 45 +++++++++++++++++++++---- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c index 57828f2b7b5a..0c8cba7ed875 100644 --- a/drivers/gpu/drm/display/drm_dp_helper.c +++ b/drivers/gpu/drm/display/drm_dp_helper.c @@ -1857,6 +1857,12 @@ static u32 drm_dp_i2c_functionality(struct i2c_adapter *adapter) I2C_FUNC_10BIT_ADDR; } +static inline bool +drm_dp_i2c_msg_is_write_status_update(struct drm_dp_aux_msg *msg) +{ + return ((msg->request & ~DP_AUX_I2C_MOT) == DP_AUX_I2C_WRITE_STATUS_UPDATE); +} + static void drm_dp_i2c_msg_write_status_update(struct drm_dp_aux_msg *msg) { /* @@ -1965,6 +1971,7 @@ MODULE_PARM_DESC(dp_aux_i2c_speed_khz, static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) { unsigned int retry, defer_i2c; + struct drm_dp_aux_msg orig_msg = *msg; int ret; /* * DP1.2 sections 2.7.7.1.5.6.1 and 2.7.7.1.6.6.1: A DP Source device @@ -1976,6 +1983,12 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) int max_retries = max(7, drm_dp_i2c_retry_count(msg, dp_aux_i2c_speed_khz)); for (retry = 0, defer_i2c = 0; retry < (max_retries + defer_i2c); retry++) { + if (drm_dp_i2c_msg_is_write_status_update(msg)) { + /* Address only transaction */ + msg->buffer = NULL; + msg->size = 0; + } + ret = aux->transfer(aux, msg); if (ret < 0) { if (ret == -EBUSY) @@ -1993,7 +2006,7 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) else drm_dbg_kms(aux->drm_dev, "%s: transaction failed: %d\n", aux->name, ret); - return ret; + goto out; } @@ -2008,7 +2021,8 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) case DP_AUX_NATIVE_REPLY_NACK: drm_dbg_kms(aux->drm_dev, "%s: native nack (result=%d, size=%zu)\n", aux->name, ret, msg->size); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; case DP_AUX_NATIVE_REPLY_DEFER: drm_dbg_kms(aux->drm_dev, "%s: native defer\n", aux->name); @@ -2027,24 +2041,35 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) default: drm_err(aux->drm_dev, "%s: invalid native reply %#04x\n", aux->name, msg->reply); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; } switch (msg->reply & DP_AUX_I2C_REPLY_MASK) { case DP_AUX_I2C_REPLY_ACK: + /* + * When I2C write firstly get defer and get ack after + * retries by wirte_status_update, we have to return + * all data bytes get transferred instead of 0. + */ + if (drm_dp_i2c_msg_is_write_status_update(msg) && ret == 0) + ret = orig_msg.size; + /* * Both native ACK and I2C ACK replies received. We * can assume the transfer was successful. */ if (ret != msg->size) drm_dp_i2c_msg_write_status_update(msg); - return ret; + + goto out; case DP_AUX_I2C_REPLY_NACK: drm_dbg_kms(aux->drm_dev, "%s: I2C nack (result=%d, size=%zu)\n", aux->name, ret, msg->size); aux->i2c_nack_count++; - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; case DP_AUX_I2C_REPLY_DEFER: drm_dbg_kms(aux->drm_dev, "%s: I2C defer\n", aux->name); @@ -2063,12 +2088,18 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) default: drm_err(aux->drm_dev, "%s: invalid I2C reply %#04x\n", aux->name, msg->reply); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; } } drm_dbg_kms(aux->drm_dev, "%s: Too many retries, giving up\n", aux->name); - return -EREMOTEIO; + ret = -EREMOTEIO; +out: + /* In case we change original msg by Write_Status_Update*/ + msg->buffer = orig_msg.buffer; + msg->size = orig_msg.size; + return ret; } static void drm_dp_i2c_msg_set_request(struct drm_dp_aux_msg *msg, -- 2.43.0

7 months, 1 week

4
6
0 0

[PATCH v4 00/25] Add support for HEVC and VP9 codecs in decoder

by Dikshita Agarwal

Hi All, This patch series adds initial support for the HEVC(H.265) and VP9 codecs in iris decoder. The objective of this work is to extend the decoder's capabilities to handle HEVC and VP9 codec streams, including necessary format handling and buffer management. In addition, the series also includes a set of fixes to address issues identified during testing of these additional codecs. These patches also address the comments and feedback received from the RFC patches previously sent. I have made the necessary improvements based on the community's suggestions. Changes in v4: - Splitted patch patch 06/23 in two patches (Bryan) - Simplified the conditional logic in patch 13/23 (Bryan) - Improved commit description for patch patch 13/23 (Nicolas) - Fix the value of H265_NUM_TILE_ROW macro (Neil) - Link to v3: https://lore.kernel.org/r/20250502-qcom-iris-hevc-vp9-v3-0-552158a10a7d@qui… Changes in v3: - Introduced two wrappers with explicit names to handle destroy internal buffers (Nicolas) - Used sub state check instead of introducing new boolean (Vikash) - Addressed other comments (Vikash) - Reorderd patches to have all fixes patches first (Dmitry) - Link to v2: https://lore.kernel.org/r/20250428-qcom-iris-hevc-vp9-v2-0-3a6013ecb8a5@qui… Changes in v2: - Added Changes to make sure all buffers are released in session close (bryna) - Added tracking for flush responses to fix a timing issue. - Added a handling to fix timing issue in reconfig - Splitted patch 06/20 in two patches (Bryan) - Added missing fixes tag (bryan) - Updated fluster report (Nicolas) - Link to v1: https://lore.kernel.org/r/20250408-iris-dec-hevc-vp9-v1-0-acd258778bd6@quic… Changes sinces RFC: - Added additional fixes to address issues identified during further testing. - Moved typo fix to a seperate patch [Neil] - Reordered the patches for better logical flow and clarity [Neil, Dmitry] - Added fixes tag wherever applicable [Neil, Dmitry] - Removed the default case in the switch statement for codecs [Bryan] - Replaced if-else statements with switch-case [Bryan] - Added comments for mbpf [Bryan] - RFC: https://lore.kernel.org/linux-media/20250305104335.3629945-1-quic_dikshita@… This patch series depends on [1] & [2] [1] https://lore.kernel.org/linux-media/20250417-topic-sm8x50-iris-v10-v7-0-f02… [2] https://lore.kernel.org/linux-media/20250424-qcs8300_iris-v5-0-f118f505c300… These patches are tested on SM8250 and SM8550 with v4l2-ctl and Gstreamer for HEVC and VP9 decoders, at the same time ensured that the existing H264 decoder functionality remains uneffected. Note: 1 of the fluster compliance test is fixed with firmware [3] [3]: https://lore.kernel.org/linux-firmware/1a511921-446d-cdc4-0203-084c88a5dc1e… The result of fluster test on SM8550: 131/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 - 2 testcase failed due to CRC mismatch - RAP_A_docomo_6 - RAP_B_Bossen_2 - BUG reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4392 Analysis - First few frames in this discarded by firmware and are sent to driver with 0 filled length. Driver send such buffers to client with timestamp 0 and payload set to 0 and make buf state to VB2_BUF_STATE_ERROR. Such buffers should be dropped by GST. But instead, the first frame displayed as green frame and when a valid buffer is sent to client later with same 0 timestamp, its dropped, leading to CRC mismatch for first frame. 235/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 2 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - 1 testcase failed due to unsupported stream - vp90-2-16-intra-only.webm The result of fluster test on SM8250: 133/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 232/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug raised: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 5 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - vp90-2-21-resize_inter_320x240_5_1-2.webm - vp90-2-21-resize_inter_320x240_7_1-2.webm - vp90-2-18-resize.ivf - 1 testcase failed with CRC mismatch - vp90-2-16-intra-only.webm Analysis: First few frames are marked by firmware as NO_SHOW frame. Driver make buf state to VB2_BUF_STATE_ERROR for such frames. Such buffers should be dropped by GST. But instead, the first frame is being displayed and when a valid buffer is sent to client later with same timestamp, its dropped, leading to CRC mismatch for first frame. To: Vikash Garodia <quic_vgarodia(a)quicinc.com> To: Abhinav Kumar <quic_abhinavk(a)quicinc.com> To: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> To: Mauro Carvalho Chehab <mchehab(a)kernel.org> To: Hans Verkuil <hverkuil(a)xs4all.nl> To: Stefan Schmidt <stefan.schmidt(a)linaro.org> Cc: linux-media(a)vger.kernel.org Cc: linux-arm-msm(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Cc: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Cc: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Dikshita Agarwal (25): media: iris: Skip destroying internal buffer if not dequeued media: iris: Update CAPTURE format info based on OUTPUT format media: iris: Avoid updating frame size to firmware during reconfig media: iris: Drop port check for session property response media: iris: Prevent HFI queue writes when core is in deinit state media: iris: Remove error check for non-zero v4l2 controls media: iris: Remove deprecated property setting to firmware media: iris: Fix missing function pointer initialization media: iris: Fix NULL pointer dereference media: iris: Fix typo in depth variable media: iris: Track flush responses to prevent premature completion media: iris: Fix buffer preparation failure during resolution change media: iris: Send V4L2_BUF_FLAG_ERROR for capture buffers with 0 filled length media: iris: Skip flush on first sequence change media: iris: Remove unnecessary re-initialization of flush completion media: iris: Add handling for corrupt and drop frames media: iris: Add handling for no show frames media: iris: Improve last flag handling media: iris: Remove redundant buffer count check in stream off media: iris: Add a comment to explain usage of MBPS media: iris: Add HEVC and VP9 formats for decoder media: iris: Add platform capabilities for HEVC and VP9 decoders media: iris: Set mandatory properties for HEVC and VP9 decoders. media: iris: Add internal buffer calculation for HEVC and VP9 decoders media: iris: Add codec specific check for VP9 decoder drain handling drivers/media/platform/qcom/iris/iris_buffer.c | 35 +- drivers/media/platform/qcom/iris/iris_buffer.h | 3 +- drivers/media/platform/qcom/iris/iris_ctrls.c | 35 +- drivers/media/platform/qcom/iris/iris_hfi_common.h | 1 + .../platform/qcom/iris/iris_hfi_gen1_command.c | 48 ++- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 5 +- .../platform/qcom/iris/iris_hfi_gen1_response.c | 37 +- .../platform/qcom/iris/iris_hfi_gen2_command.c | 143 +++++++- .../platform/qcom/iris/iris_hfi_gen2_defines.h | 5 + .../platform/qcom/iris/iris_hfi_gen2_response.c | 56 ++- drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +- drivers/media/platform/qcom/iris/iris_instance.h | 6 + .../platform/qcom/iris/iris_platform_common.h | 28 +- .../media/platform/qcom/iris/iris_platform_gen2.c | 198 ++++++++-- .../platform/qcom/iris/iris_platform_qcs8300.h | 126 +++++-- .../platform/qcom/iris/iris_platform_sm8250.c | 15 +- drivers/media/platform/qcom/iris/iris_state.c | 2 +- drivers/media/platform/qcom/iris/iris_state.h | 1 + drivers/media/platform/qcom/iris/iris_vb2.c | 18 +- drivers/media/platform/qcom/iris/iris_vdec.c | 116 +++--- drivers/media/platform/qcom/iris/iris_vdec.h | 11 + drivers/media/platform/qcom/iris/iris_vidc.c | 36 +- drivers/media/platform/qcom/iris/iris_vpu_buffer.c | 397 ++++++++++++++++++++- drivers/media/platform/qcom/iris/iris_vpu_buffer.h | 46 ++- 24 files changed, 1159 insertions(+), 211 deletions(-) --- base-commit: 398a1b33f1479af35ca915c5efc9b00d6204f8fa change-id: 20250507-video-iris-hevc-vp9-59096b189050 prerequisite-message-id: <20250417-topic-sm8x50-iris-v10-v7-0-f020cb1d0e98(a)linaro.org> prerequisite-patch-id: afffe7096c8e110a8da08c987983bc4441d39578 prerequisite-patch-id: b93c37dc7e09d1631b75387dc1ca90e3066dce17 prerequisite-patch-id: b7b50aa1657be59fd51c3e53d73382a1ee75a08e prerequisite-patch-id: 30960743105a36f20b3ec4a9ff19e7bca04d6add prerequisite-patch-id: 2bba98151ca103aa62a513a0fbd0df7ae64d9868 prerequisite-patch-id: 0e43a6d758b5fa5ab921c6aa3c19859e312b47d0 prerequisite-patch-id: 35f8dae1416977e88c2db7c767800c01822e266e prerequisite-message-id: <20250501-qcs8300_iris-v7-0-b229d5347990(a)quicinc.com> prerequisite-patch-id: e35b05c527217206ae871aef0d7b0261af0319ea prerequisite-patch-id: 07ba0745c7d72796567e0a57f5c8e5355a8d2046 prerequisite-patch-id: 3398937a7fabb45934bb98a530eef73252231132 prerequisite-patch-id: 500bc3b8391940d3ebca222d2098b737414b2af4 prerequisite-patch-id: 2e72fe4d11d264db3d42fa450427d30171303c6f Best regards, -- Dikshita Agarwal <quic_dikshita(a)quicinc.com>

7 months, 1 week

3
19
0 0

[PATCH v1] ufs: core: fix hwq_id type and value

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> Because the member id of struct ufs_hw_queue is u32 (hwq->id) and the trace entry hwq_id is also u32, the type should be changed to u32. If mcq is not supported, SDB mode only supports one hardware queue, for which setting the hwq_id to 0 is more suitable. Fixes: 4a52338bf288 ("scsi: ufs: core: Add trace event for MCQ") Cc: <stable(a)vger.kernel.org> Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 7735421e3991..14e4cfbcb9eb 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -432,7 +432,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, u8 opcode = 0, group_id = 0; u32 doorbell = 0; u32 intr; - int hwq_id = -1; + u32 hwq_id = 0; struct ufshcd_lrb *lrbp = &hba->lrb[tag]; struct scsi_cmnd *cmd = lrbp->cmd; struct request *rq = scsi_cmd_to_rq(cmd); -- 2.45.2

7 months, 1 week

3
4
0 0

[PATCH 6.14 000/449] 6.14.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.3 release. There are 449 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 19 Apr 2025 17:49:48 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.3-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.3-rc1 Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Yi Liu <yi.l.liu(a)intel.com> iommufd: Fail replace if device has not been attached Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Make attach_handle generic than fault specific Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Wen Gong <quic_wgong(a)quicinc.com> wifi: ath11k: update channel list in worker when wait flag is set Nícolas F. R. A. Prado <nfraprado(a)collabora.com> thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold Nícolas F. R. A. Prado <nfraprado(a)collabora.com> thermal/drivers/mediatek/lvts: Disable monitor mode during suspend Kevin Hao <haokexin(a)gmail.com> spi: fsl-qspi: Fix double cleanup in probe error path Han Xu <han.xu(a)nxp.com> spi: fsl-qspi: use devm function instead of driver remove Cong Liu <liucong2(a)kylinos.cn> selftests: mptcp: fix incorrect fd checks in main_loop Geliang Tang <geliang(a)kernel.org> selftests: mptcp: close fd_in before returning in main_loop Jake Hillion <jake(a)hillion.co.uk> sched_ext: create_dsq: Return -EEXIST on duplicate request Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390: Fix linker error when -no-pie option is unavailable David Hildenbrand <david(a)redhat.com> s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio() Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: add support for eint_fltcon_offset Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Stefan Eichenberger <stefan.eichenberger(a)toradex.com> phy: freescale: imx8m-pcie: assert phy reset and perst in power off Philipp Stanner <phasta(a)kernel.org> PCI: Fix wrong length of devres array Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Avoid unnecessary device replacement check Ioana Ciornei <ioana.ciornei(a)nxp.com> PCI: layerscape: Fix arg_count to syscon_regmap_lookup_by_phandle_args() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4 Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_raw() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_one() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Switch to page pool for jumbo frames Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Add a new test for setuid() Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Split signal_scoping_threads tests Mickaël Salaün <mic(a)digikod.net> landlock: Prepare to add second errata Mickaël Salaün <mic(a)digikod.net> landlock: Always allow signals between threads of the same process Mickaël Salaün <mic(a)digikod.net> landlock: Add erratum for TCP fix Mickaël Salaün <mic(a)digikod.net> landlock: Add the errata interface Mickaël Salaün <mic(a)digikod.net> landlock: Move code to ease future backports Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly zero-initialize on-stack CPUID unions Amit Machhiwal <amachhiw(a)linux.ibm.com> KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests Sean Christopherson <seanjc(a)google.com> KVM: Allow building irqbypass.ko as as module when kvm.ko is a module Joshua Washington <joshwash(a)google.com> gve: handle overflow when reporting TX consumed descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind Guixin Liu <kanie(a)linux.alibaba.com> gpio: tegra186: fix resource handling in ACPI probe path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: mpc8xxx: Fix wakeup source leaks on device unbind Bernd Schubert <bschubert(a)ddn.com> fuse: {io-uring} Fix a possible req cancellation race Andy Chiu <andybnac(a)gmail.com> ftrace: Properly merge notrace hashes zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> firmware: cs_dsp: test_control_parse: null-terminate test strings Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg' Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix prefetch-vs-suspend race Jo Van Bulck <jo.vanbulck(a)kuleuven.be> dm-integrity: fix non-constant-time tag verification Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-ebs: fix prefetch-vs-suspend race Alexander Aring <aahringo(a)redhat.com> dlm: fix error if active rsb is not hashed Alexander Aring <aahringo(a)redhat.com> dlm: fix error if inactive rsb is not hashed Dionna Glaze <dionnaglaze(a)google.com> crypto: ccp - Fix uAPI definitions of PSP errors Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gdsc: Set retain_ff before moving to HW CTRL Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Release pm subdomains in reverse add order Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Pali Rohár <pali(a)kernel.org> cifs: Ensure that all non-client-specific reparse points are processed by the server Roman Smirnov <r.smirnov(a)omp.ru> cifs: fix integer overflow in match_server() Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Aman <aman1(a)microsoft.com> CIFS: Propagate min offload along with other parameters from primary to secondary channels. Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not add length to print format in synthetic events Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe events: Fix possible UAF on modules Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe: Fix to lock module while registering fprobe Andrii Nakryiko <andrii(a)kernel.org> uprobes: Avoid false-positive lockdep splat on CONFIG_PREEMPT_RT=y in the ri_timer() uprobe timer callback, use raw_write_seqcount_*() Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: fix balloon target initialization for PVH dom0 Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Jinjiang Tu <tujinjiang(a)huawei.com> mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper Marc Herbert <Marc.Herbert(a)linux.intel.com> mm/hugetlb: move hugetlb_sysctl_init() to the __init section Shuai Xue <xueshuai(a)linux.alibaba.com> mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Peter Xu <peterx(a)redhat.com> mm/userfaultfd: fix release hang over concurrent GUP Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/mremap: correctly handle partial mremap() of VMA starting at 0 Ryan Roberts <ryan.roberts(a)arm.com> mm: fix lazy mmu docs and usage Jane Chu <jane.chu(a)oracle.com> mm: make page_mapped_in_vma() hugetlb walk aware David Hildenbrand <david(a)redhat.com> mm/rmap: reject hugetlb folios in folio_make_device_exclusive() SeongJae Park <sj(a)kernel.org> mm/damon: avoid applying DAMOS action to same entity multiple times Usama Arif <usamaarif642(a)gmail.com> mm/damon/ops: have damon_get_folio return folio even for tail pages Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Wire up irq_ack() to irq_move_irq() for posted MSIs Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix possible circular locking dependency Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Put IRTE back into posted MSI mode if vCPU posting is disabled Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix uninitialized rc in iommufd_access_rw() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone finishing with missing devices Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone activation with missing devices Filipe Manana <fdmanana(a)suse.com> btrfs: tests: fix chunk map leak after failure to add it to the tree Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: disable pinctrl_gsacore node Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8188: Assign apll1 clock as parent to avoid hang Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks Keerthy <j-keerthy(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size Zhenhua Huang <quic_zhenhuah(a)quicinc.com> arm64: mm: Correct the update of max_pfn Ninad Malwade <nmalwade(a)nvidia.com> arm64: tegra: Remove the Orin NX/Nano suspend key Keir Fraser <keirf(a)google.com> arm64: mops: Do not dereference src reg for a set operation Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: Fix build with gcc < 7.5 Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Kartik Rajput <kkartik(a)nvidia.com> mailbox: tegra-hsp: Define dimensioning masks in SoC data Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Kris Van Hees <kris.van.hees(a)oracle.com> kbuild: exclude .rodata.(cst|str)* when building ranges Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use readsb helper for reading MDB Joe Damato <jdamato(a)fastly.com> igc: Fix XSK queue NAPI ID mapping Mimi Zohar <zohar(a)linux.ibm.com> ima: limit the number of ToMToU integrity violations Mimi Zohar <zohar(a)linux.ibm.com> ima: limit the number of open-writers integrity violations Steve French <stfrench(a)microsoft.com> smb311 client: fix missing tcon check when mounting with linux/posix extensions Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Olga Kornievskaia <okorniev(a)redhat.com> svcrdma: do not unregister device for listeners Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> tpm: do not start chip while suspended Jan Kara <jack(a)suse.cz> udf: Fix inode_getblk() return value Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: fix to avoid atomicity corruption of atomic file Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix the missing write pointer correction Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Jeff Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Fix race between unprepare and queue_buf Eric Biggers <ebiggers(a)google.com> arm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() Eric Biggers <ebiggers(a)google.com> arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix deadlock in ivpu_ms_cleanup() Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal() Sharan Kumar M <sharweshraajan(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-dai: make use of q6apm_get_hw_pointer Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm: add q6apm_get_hw_pointer helper Haoxiang Li <haoxiang_li2024(a)163.com> ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: reject zero sized provided buffers Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix io_req_post_cqe abuse by send bundle Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix accept multishot handling Qingfang Deng <dqfext(a)gmail.com> net: stmmac: Fix accessing freed irq affinity_hint Ewan D. Milne <emilne(a)redhat.com> scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: update the power-saving flow Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: integrate *mlo_sta_cmd and *sta_cmd Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong simultaneous cap for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong link_idx when a p2p_device is present Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix country count limitation for CLC Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: ensure wow pattern command align fw format Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt792x: re-register CHANCTX_STA_CSA only for the mt7921 series Haoxiang Li <haoxiang_li2024(a)163.com> wifi: mt76: Add check for devm_kstrdup() Sean Wang <sean.wang(a)mediatek.com> Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix internal PHYs for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Add check for devm_kcalloc() Ming Lei <ming.lei(a)redhat.com> block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting freebind & transparent Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Harshitha Ramamurthy <hramamurthy(a)google.com> gve: unlink old napi only if page pool exists Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Fix wrong variable usage in rzv2h_tint_set_type() Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix timeout while testing 10bit hevc fluster Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix a hang after seeking Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Avoid race condition in the interrupt handler Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix gray color on screen Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx214: Rectify probe error handling related to runtime PM Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx219: Rectify runtime PM handling in probe and remove Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx319: Rectify runtime PM handling probe and remove Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Ricardo Ribalda <ribalda(a)chromium.org> media: nuvoton: Fix reference handling of ece_pdev Ricardo Ribalda <ribalda(a)chromium.org> media: nuvoton: Fix reference handling of ece_node Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in remove Sakari Ailus <sakari.ailus(a)linux.intel.com> Revert "media: imx214: Fix the error handling in imx214_probe()" Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: imx219: Adjust PLL settings based on the number of MIPI lanes Dan Carpenter <dan.carpenter(a)linaro.org> media: xilinx-tpg: fix double put in xtpg_parse_of() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: platform: stm32: Add check for clk_enable() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: visl: Fix ERANGE error when setting enum controls Hans de Goede <hdegoede(a)redhat.com> media: hi556: Fix memory leak (on error) in hi556_check_hwcfg() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Properly turn sensor on/off when runtime-suspended Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix PM related deadlocks in MS IOCTLs Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Fix timeout handling when waiting for TPM status Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Set HCR_EL2.TID1 unconditionally Will Deacon <will(a)kernel.org> KVM: arm64: Tear down vGIC on failed vCPU creation Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Douglas Anderson <dianders(a)chromium.org> arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Akihiko Odaki <akihiko.odaki(a)daynix.com> KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR} Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication John Keeping <jkeeping(a)inmusicbrands.com> media: rockchip: rga: fix rga offset lookup Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Bingbu Cao <bingbu.cao(a)intel.com> media: intel/ipu6: set the dev_parent of video device to pdev Martin Tůma <martin.tuma(a)digiteqautomotive.com> media: mgb4: Fix switched CMT frequency range "magic values" sets Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Martin Tůma <martin.tuma(a)digiteqautomotive.com> media: mgb4: Fix CMT registers update logic Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: uapi: rkisp1-config: Fix typo in extensible params example Arnd Bergmann <arnd(a)arndb.de> media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization Alain Volmat <alain.volmat(a)foss.st.com> dt-bindings: media: st,stmipid02: correct lane-polarities maxItems Haoxiang Li <haoxiang_li2024(a)163.com> auxdisplay: hd44780: Fix an API misuse in hd44780.c Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Fix set_device_control() Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Fix 90 degrees direction name North -> East Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Clamp effect playback LOOP_COUNT value Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Rename two functions to align them with naming convention Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Remove redundant call to pidff_find_special_keys Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Support device error response from PID_BLOCK_LOAD Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Comment and code style update Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: hid-universal-pidff: Add Asetek wheelbases support Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Factor out pool report fetch and remove excess declaration Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Use macros instead of hardcoded min/max values for shorts Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Simplify pidff_rescale_signed Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Move all hid-pidff definitions to a dedicated header Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Factor out code for setting gain Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Rescale time values to match field units Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Define values used in pidff_find_special_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Simplify pidff_upload_effect function Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Completely rework and fix pidff_reset function Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Stop all effects before enabling actuators Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Clamp PERIODIC effect period to device's logical range Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix s390_mmio_read/write syscall page fault handling Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Sheng Yong <shengyong1(a)xiaomi.com> erofs: set error to bio if file-backed IO fails Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Search an appropriate duty_cycle if period cannot be modified Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Jonathan McDowell <noodles(a)meta.com> tpm: End any active auth session before shutdown Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Workaround failed command reception on Infineon devices Ayush Jain <Ayush.jain3(a)amd.com> ktest: Fix Test Failures Due to Missing LOG_FILE Directories Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Add comments about entry data storing code Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Log error for exceeding the number of arguments Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Support mmap() of PCI resources except for ISM devices Christian König <christian.koenig(a)amd.com> drm/amdgpu: grab an additional reference on the gang fence v2 Ryo Takakura <ryotkkr98(a)gmail.com> PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type Philipp Stanner <phasta(a)kernel.org> PCI: Check BAR index for validity Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Fix the race condition for draining retry fault Bjorn Helgaas <bhelgaas(a)google.com> PCI: Enable Configuration RRS SV early Ryan Seto <ryanseto(a)amd.com> drm/amd/display: Prevent VStartup Overflow Wentao Liang <vulab(a)iscas.ac.cn> drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Shawn Lin <shawn.lin(a)rock-chips.com> PCI: Add Rockchip Vendor ID Jani Nikula <jani.nikula(a)intel.com> drm/rockchip: stop passing non struct drm_device to drm_err() and friends AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: debugfs hang_hws skip GPU with MES Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix mode1 reset crash issue David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Lucas De Marchi <lucas.demarchi(a)intel.com> drivers: base: devres: Allow to release group on device release Mike Katsnelson <mike.katsnelson(a)amd.com> drm/amd/display: stop DML2 from removing pipes based on planes Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Update FIXED_VS Link Rate Toggle Workaround Usage Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/debugfs: fix printk format for bridge index Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for AYA NEO Slide Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Unlocked unmap only clear page table leaves Brendan Tam <Brendan.Tam(a)amd.com> drm/amd/display: add workaround flag to link to force FFE preset Sung Lee <Sung.Lee(a)amd.com> drm/amd/display: Guard Possible Null Pointer Dereference Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Update Cursor request mode to the beginning prefetch always Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/vf: Don't try to trigger a full GT reset if VF Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Don't send BEGIN_ID if VF has no context/doorbells Matt Atwood <matthew.s.atwood(a)intel.com> drm/xe/ptl: Update the PTL pci id table Shekhar Chauhan <shekhar.chauhan(a)intel.com> drm/xe/bmg: Add new PCI IDs Derek Foreman <derek.foreman(a)collabora.com> drm/rockchip: Don't change hdmi reference clock rate Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Set missing bo->attached flag Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Bluetooth: qca: add WCN3950 support Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Bluetooth: qca: simplify WCN399x NVM loading Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: use the power sequencer for wcn6750 Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btusb: Add 2 HWIDs for MT7922 Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Add device id of Whale Peak Dorian Cruveiller <doriancruveiller(a)gmail.com> Bluetooth: btusb: Add new VID/PID for WCN785x Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Boris Burkov <boris(a)bur.io> btrfs: harden block_group::bg_list against list_del() races Huacai Chen <chenhuacai(a)kernel.org> ahci: Marvell 88SE9215 controllers prefer DMA for ATAPI Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Philipp Hahn <phahn-oss(a)avm.de> cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix userspace_selectors corruption Chao Yu <chao(a)kernel.org> Revert "f2fs: rebuild nat_bits during umount" Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Martin Schiller <ms(a)dev.tdt.de> net: sfp: add quirk for FS SFP-10GM-T copper SFP+ module Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Manish Dharanenthiran <quic_mdharane(a)quicinc.com> wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi Birger Koblitz <mail(a)birger-koblitz.de> net: sfp: add quirk for 2.5G OEM BX SFP Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add support for Mercusys MA30N and D-Link DWA-T185 rev. A1 Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Zhongqiu Han <quic_zhonhan(a)quicinc.com> jfs: Fix uninit-value access of imap allocated in the diMount() function Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> can: flexcan: add NXP S32G2/S32G3 SoC support Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> can: flexcan: Add quirk to handle separate interrupt lines for mailboxes Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Max Schulze <max.schulze(a)online.de> net: usb: asix_devices: add FiberGecko DeviceID Chaohai Chen <wdhh66(a)163.com> scsi: target: spc: Fix RSOC parameter data header size Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: ensure sdata->work is canceled before initialized. Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: add strict mode disabling workarounds Chao Yu <chao(a)kernel.org> f2fs: don't retry IO for corrupted data scenario Pavel Begunkov <asml.silence(a)gmail.com> net: page_pool: don't cast mp param to devmem Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Avoid reply queue full condition Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Add 'external' to the libata.force kernel parameter P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Avoid memory leak while enabling statistics P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Miaoqing Pan <quic_miaoqing(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_pci_remove() Miaoqing Pan <quic_miaoqing(a)quicinc.com> wifi: ath11k: fix memory leak in ath11k_xxx_remove() P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: use unsigned long for activity check timestamp Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Add select POWER_SUPPLY to Kconfig Syed Saba kareem <syed.sabakareem(a)amd.com> ASoC: amd: yc: update quirk data for new Lenovo model Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247 Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 keenplify <keenplify(a)gmail.com> ASoC: amd: Add DMI quirk for ACP6X mic support Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves Aakarsh Jain <aakarsh.jain(a)samsung.com> media: s5p-mfc: Corrected NV12M/NV21M plane-sizes Vishnu Sankar <vishnuocv(a)gmail.com> HID: lenovo: Fix to ensure the data as __le32 instead of u32 Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for Actions UVC05 Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_audmix: register card device depends on 'dais' property Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: amd_sdw: Add quirks for Dell SKU's Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: ps: use macro for ACP6.3 pci revision id Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERIODIC_SINE_ONLY quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: Add hid-universal-pidff driver and supported device ids Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add FIX_WHEEL_DIRECTION quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERMISSIVE_CONTROL quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_PBO quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_DELAY quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Zhang Heng <zhangheng(a)kylinos.cn> ASoC: SOF: topology: Use krealloc_array() to replace krealloc() Daniel Schaefer <dhs(a)frame.work> platform/chrome: cros_ec_lpc: Match on Framework ACPI device Josh Poimboeuf <jpoimboe(a)kernel.org> tracing: Disable branch profiling in noinstr code Ingo Molnar <mingo(a)kernel.org> zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: Invalidate cppc_req_cached during suspend Paul E. McKenney <paulmck(a)kernel.org> Flush console log from kernel_power_off() Lizhi Xu <lizhi.xu(a)windriver.com> PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() Yunhui Cui <cuiyunhui(a)bytedance.com> perf/dwc_pcie: fix duplicate pci_dev devices Yunhui Cui <cuiyunhui(a)bytedance.com> perf/dwc_pcie: fix some unreleased resources Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Xin Li (Intel) <xin(a)zytor.com> x86/ia32: Leave NULL selector values 0~3 unchanged Uros Bizjak <ubizjak(a)gmail.com> x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 Matthew Wilcox (Oracle) <willy(a)infradead.org> x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW Dmitry Osipenko <dmitry.osipenko(a)collabora.com> irqchip/gic-v3: Add Rockchip 3568002 erratum workaround Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Paul E. McKenney <paulmck(a)kernel.org> srcu: Force synchronization for srcu_get_delay() Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Mateusz Guzik <mjguzik(a)gmail.com> fs: consistently deref the files table with rcu_dereference_raw() Frederic Weisbecker <frederic(a)kernel.org> perf: Fix hang while freeing sigtrap event Peter Zijlstra <peterz(a)infradead.org> perf/core: Simplify the perf_event_alloc() error path Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: Fix the wrong Rx descriptor field Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Marek Szyprowski <m.szyprowski(a)samsung.com> iommu/exynos: Fix suspend/resume with IDENTITY domain Ido Schimmel <idosch(a)nvidia.com> ethtool: cmis_cdb: Fix incorrect read / write length extension Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Ido Schimmel <idosch(a)nvidia.com> ipv6: Align behavior across nexthops during path selection Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in decryption with multichannel Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpu: Avoid running off the end of an AMD erratum table Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Thomas Richter <tmricht(a)linux.ibm.com> s390/cpumf: Fix double free on error in cpumf_pmu_event_init() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/huc: Fix fence not released on early probe errors Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Pali Rohár <pali(a)kernel.org> cifs: Fix support for WSL-style symlinks Chenyuan Yang <chenyuan0y(a)gmail.com> net: libwx: handle page_pool_dev_alloc_pages error Maxime Ripard <mripard(a)kernel.org> drm/tests: probe-helper: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: modes: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: cmdline: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: helpers: Create kunit helper to destroy a drm_display_mode Maxime Ripard <mripard(a)kernel.org> drm/tests: modeset: Fix drm_display_mode memory leak Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: Don't call .cleanup_data when prepare_data fails Toke Høiland-Jørgensen <toke(a)redhat.com> tc: Ensure we have enough buffer space when sending filter netlink notifications Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: qos: fix VF root node parent queue index Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Restore EIO errno return when GuC PC start fails Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/hw_engine: define sysfs_ops on all directories Taehee Yoo <ap420073(a)gmail.com> net: ethtool: fix ethtool_ringparam_get_cfg() returns a hds_thresh value always as 0. Petr Vaněk <arkamar(a)atlas.cz> x86/acpi: Don't limit CPUs to 1 for Xen PV guests due to disabled ACPI Badal Nilawar <badal.nilawar(a)intel.com> drm/i915: Disable RPG during live selftest Vivek Kasireddy <vivek.kasireddy(a)intel.com> drm/virtio: Fix flickering issue seen with imported dmabufs Ming Lei <ming.lei(a)redhat.com> ublk: fix handling recovery & reissue in ublk_abort_queue() Edward Liaw <edliaw(a)google.com> selftests/futex: futex_waitv wouldblock test should fail Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: of: Fix the choice for Ingenic NAND quirk Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe: Cleanup fprobe hash when module unloading Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix race between newly created partition and dying one Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix error handling in remote_partition_disable() Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: adl: add 2xrt1316 audio configuration ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 2 + Documentation/arch/arm64/silicon-errata.rst | 2 + .../bindings/arm/qcom,coresight-tpda.yaml | 3 +- .../bindings/arm/qcom,coresight-tpdm.yaml | 3 +- .../bindings/media/i2c/st,st-mipid02.yaml | 2 +- Makefile | 7 +- arch/arm/lib/crc-t10dif-glue.c | 4 +- arch/arm64/Kconfig | 9 + arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +- .../boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi | 7 - .../boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/kvm_arm.h | 4 +- arch/arm64/include/asm/spectre.h | 1 - arch/arm64/include/asm/traps.h | 4 +- arch/arm64/kernel/proton-pack.c | 208 ++++---- arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/sys_regs.c | 204 ++++---- arch/arm64/lib/crc-t10dif-glue.c | 4 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/kvm/powerpc.c | 5 +- arch/s390/Kconfig | 4 +- arch/s390/Makefile | 2 +- arch/s390/include/asm/pci.h | 3 + arch/s390/kernel/perf_cpum_cf.c | 9 +- arch/s390/kernel/perf_cpum_sf.c | 3 - arch/s390/pci/Makefile | 2 +- arch/s390/pci/pci_bus.c | 3 + arch/s390/pci/pci_fixup.c | 23 + arch/s390/pci/pci_mmio.c | 18 +- arch/sparc/include/asm/pgtable_64.h | 2 - arch/sparc/mm/tlb.c | 5 +- arch/x86/Kbuild | 4 + arch/x86/Kconfig | 20 +- arch/x86/coco/sev/core.c | 2 - arch/x86/kernel/acpi/boot.c | 11 + arch/x86/kernel/cpu/amd.c | 3 +- arch/x86/kernel/e820.c | 17 +- arch/x86/kernel/head64.c | 2 - arch/x86/kernel/signal_32.c | 62 ++- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/x86.c | 4 + arch/x86/mm/kasan_init_64.c | 1 - arch/x86/mm/mem_encrypt_amd.c | 2 - arch/x86/mm/mem_encrypt_identity.c | 2 - arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/xen/enlighten.c | 10 + arch/x86/xen/setup.c | 3 - block/blk-mq.c | 1 + drivers/accel/ivpu/ivpu_debugfs.c | 4 +- drivers/accel/ivpu/ivpu_ipc.c | 3 +- drivers/accel/ivpu/ivpu_ms.c | 24 + drivers/acpi/Makefile | 4 + drivers/ata/ahci.c | 11 + drivers/ata/ahci.h | 1 + drivers/ata/libahci.c | 4 + drivers/ata/libata-core.c | 38 ++ drivers/ata/libata-eh.c | 11 +- drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 13 +- drivers/auxdisplay/hd44780.c | 4 +- drivers/base/devres.c | 7 + drivers/block/ublk_drv.c | 30 +- drivers/bluetooth/btintel_pcie.c | 1 + drivers/bluetooth/btqca.c | 27 +- drivers/bluetooth/btqca.h | 4 + drivers/bluetooth/btusb.c | 32 ++ drivers/bluetooth/hci_ldisc.c | 19 +- drivers/bluetooth/hci_qca.c | 27 +- drivers/bluetooth/hci_uart.h | 1 + drivers/bus/mhi/host/main.c | 16 +- drivers/char/tpm/tpm-chip.c | 6 + drivers/char/tpm/tpm-interface.c | 7 - drivers/char/tpm/tpm_tis_core.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/clk/qcom/clk-branch.c | 4 +- drivers/clk/qcom/gdsc.c | 61 ++- drivers/clk/renesas/r9a07g043-cpg.c | 7 + drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/cpufreq/amd-pstate.c | 5 +- drivers/cpuidle/Makefile | 3 + drivers/crypto/ccp/sp-pci.c | 15 +- .../cirrus/test/cs_dsp_test_control_parse.c | 51 +- drivers/gpio/gpio-mpc8xxx.c | 4 +- drivers/gpio/gpio-tegra186.c | 25 +- drivers/gpio/gpio-zynq.c | 1 + drivers/gpio/gpiolib-of.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 43 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 + .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 31 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 8 +- drivers/gpu/drm/amd/display/dc/dc.h | 2 + drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 8 + .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 2 + .../amd/display/dc/dml2/dml2_dc_resource_mgmt.c | 26 - .../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 2 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 22 +- .../display/dc/link/protocols/link_dp_capability.c | 12 +- .../display/dc/link/protocols/link_dp_training.c | 2 + .../link_dp_training_fixed_vs_pe_retimer.c | 3 +- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 + drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_debugfs.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 19 +- drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11 +- drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1 + drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1 + drivers/gpu/drm/i915/selftests/i915_selftest.c | 18 + drivers/gpu/drm/mediatek/mtk_dpi.c | 23 +- drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 16 +- drivers/gpu/drm/rockchip/dw_hdmi_qp-rockchip.c | 29 +- drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 + drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10 +- drivers/gpu/drm/tests/drm_kunit_helpers.c | 22 + drivers/gpu/drm/tests/drm_modes_test.c | 22 + drivers/gpu/drm/tests/drm_probe_helper_test.c | 8 +- drivers/gpu/drm/virtio/virtgpu_prime.c | 2 +- drivers/gpu/drm/virtio/virtgpu_vq.c | 3 + drivers/gpu/drm/xe/xe_gt.c | 4 + drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 4 +- drivers/gpu/drm/xe/xe_gt_sriov_vf.c | 16 + drivers/gpu/drm/xe/xe_gt_sriov_vf.h | 1 + drivers/gpu/drm/xe/xe_guc_pc.c | 1 + drivers/gpu/drm/xe/xe_hw_engine_class_sysfs.c | 108 ++-- drivers/gpu/drm/xe/xe_tuning.c | 8 - drivers/gpu/drm/xe/xe_wa.c | 7 + drivers/hid/Kconfig | 14 + drivers/hid/Makefile | 1 + drivers/hid/hid-ids.h | 37 ++ drivers/hid/hid-lenovo.c | 2 +- drivers/hid/hid-universal-pidff.c | 202 ++++++++ drivers/hid/usbhid/hid-core.c | 1 + drivers/hid/usbhid/hid-pidff.c | 571 ++++++++++++++------- drivers/hid/usbhid/hid-pidff.h | 33 ++ drivers/i3c/master.c | 3 + drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/idle/Makefile | 5 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 32 +- drivers/iommu/exynos-iommu.c | 4 +- drivers/iommu/intel/iommu.c | 2 + drivers/iommu/intel/irq_remapping.c | 71 +-- drivers/iommu/iommufd/device.c | 123 ++++- drivers/iommu/iommufd/fault.c | 8 +- drivers/iommu/iommufd/iommufd_private.h | 33 +- drivers/iommu/mtk_iommu.c | 26 +- drivers/irqchip/irq-gic-v3-its.c | 23 +- drivers/irqchip/irq-renesas-rzv2h.c | 2 +- drivers/leds/rgb/leds-qcom-lpg.c | 8 +- drivers/mailbox/tegra-hsp.c | 72 ++- drivers/md/dm-ebs-target.c | 7 + drivers/md/dm-integrity.c | 48 +- drivers/md/dm-verity-target.c | 8 + drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/hi556.c | 5 +- drivers/media/i2c/imx214.c | 25 +- drivers/media/i2c/imx219.c | 106 ++-- drivers/media/i2c/imx319.c | 9 +- drivers/media/i2c/ov08x40.c | 8 +- drivers/media/i2c/ov7251.c | 4 +- drivers/media/pci/intel/ipu6/ipu6-isys-video.c | 1 + drivers/media/pci/mgb4/mgb4_cmt.c | 8 +- .../media/platform/chips-media/wave5/wave5-hw.c | 2 +- .../platform/chips-media/wave5/wave5-vpu-dec.c | 31 +- .../media/platform/chips-media/wave5/wave5-vpu.c | 4 +- .../platform/chips-media/wave5/wave5-vpuapi.c | 10 + .../mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +- .../mediatek/vcodec/encoder/venc/venc_h264_if.c | 6 +- drivers/media/platform/nuvoton/npcm-video.c | 6 +- drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++- drivers/media/platform/qcom/venus/hfi_venus.c | 18 +- drivers/media/platform/rockchip/rga/rga-hw.c | 2 +- .../platform/samsung/s5p-mfc/s5p_mfc_opr_v6.c | 5 +- drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 +- drivers/media/platform/xilinx/xilinx-tpg.c | 2 - drivers/media/rc/streamzap.c | 68 +-- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/test-drivers/visl/visl-core.c | 12 + drivers/media/usb/uvc/uvc_driver.c | 9 + drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/pci_endpoint_test.c | 7 +- drivers/mmc/host/dw_mmc.c | 94 +++- drivers/mmc/host/dw_mmc.h | 27 + drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 12 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/can/flexcan/flexcan-core.c | 35 +- drivers/net/can/flexcan/flexcan.h | 5 + drivers/net/dsa/mv88e6xxx/chip.c | 23 +- drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 3 +- drivers/net/ethernet/intel/igc/igc.h | 2 - drivers/net/ethernet/intel/igc/igc_main.c | 4 +- drivers/net/ethernet/intel/igc/igc_xdp.c | 2 - drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5 + drivers/net/ethernet/microsoft/mana/mana_en.c | 46 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 11 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 6 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 3 +- drivers/net/phy/phy_device.c | 57 +- drivers/net/phy/sfp.c | 13 +- drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/usb/asix_devices.c | 17 + drivers/net/usb/cdc_ether.c | 7 + drivers/net/usb/r8152.c | 6 + drivers/net/usb/r8153_ecm.c | 6 + drivers/net/wireless/ath/ath11k/ahb.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 4 +- drivers/net/wireless/ath/ath11k/core.h | 5 +- drivers/net/wireless/ath/ath11k/dp.c | 35 +- drivers/net/wireless/ath/ath11k/fw.c | 3 +- drivers/net/wireless/ath/ath11k/mac.c | 14 + drivers/net/wireless/ath/ath11k/pci.c | 3 +- drivers/net/wireless/ath/ath11k/reg.c | 85 ++- drivers/net/wireless/ath/ath11k/reg.h | 3 +- drivers/net/wireless/ath/ath11k/wmi.h | 1 + drivers/net/wireless/ath/ath12k/dp_mon.c | 66 +-- drivers/net/wireless/ath/ath12k/dp_rx.c | 42 +- drivers/net/wireless/ath/ath12k/hal_rx.h | 3 + drivers/net/wireless/ath/ath12k/pci.c | 2 +- drivers/net/wireless/ath/ath9k/ath9k.h | 2 +- drivers/net/wireless/mediatek/mt76/eeprom.c | 4 + drivers/net/wireless/mediatek/mt76/mt76.h | 1 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/main.c | 160 ++++-- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 170 +++--- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 6 +- drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 3 +- drivers/net/wireless/mediatek/mt76/mt792x.h | 9 + drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +- drivers/net/wireless/realtek/rtw88/rtw8822bu.c | 4 + drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 78 +-- drivers/pci/controller/cadence/pci-j721e.c | 5 +- drivers/pci/controller/dwc/pci-layerscape.c | 2 +- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/controller/pcie-rockchip-host.c | 2 +- drivers/pci/controller/pcie-rockchip.h | 1 - drivers/pci/controller/vmd.c | 12 +- drivers/pci/devres.c | 18 +- drivers/pci/hotplug/pciehp_core.c | 5 +- drivers/pci/iomap.c | 29 +- drivers/pci/pci.c | 6 + drivers/pci/pci.h | 16 + drivers/pci/probe.c | 22 +- drivers/perf/arm_pmu.c | 8 +- drivers/perf/dwc_pcie_pmu.c | 51 +- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 98 ++-- drivers/pinctrl/samsung/pinctrl-exynos.h | 22 + drivers/pinctrl/samsung/pinctrl-samsung.c | 1 + drivers/pinctrl/samsung/pinctrl-samsung.h | 4 + drivers/platform/chrome/cros_ec_lpc.c | 22 +- drivers/platform/x86/x86-android-tablets/Kconfig | 1 + drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 8 +- drivers/pwm/pwm-rcar.c | 24 +- drivers/pwm/pwm-stm32.c | 12 +- drivers/s390/net/ism_drv.c | 1 - drivers/s390/virtio/virtio_ccw.c | 16 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mpi3mr/mpi3mr.h | 14 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 24 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 99 +++- drivers/scsi/st.c | 2 +- drivers/soc/samsung/exynos-chipid.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/spi/spi-fsl-qspi.c | 36 +- drivers/target/target_core_spc.c | 2 +- drivers/thermal/mediatek/lvts_thermal.c | 52 +- drivers/thermal/rockchip_thermal.c | 1 + drivers/ufs/host/ufs-qcom.c | 2 +- drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/video/backlight/led_bl.c | 5 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/balloon.c | 34 +- drivers/xen/xenfs/xensyms.c | 4 +- fs/btrfs/disk-io.c | 12 + fs/btrfs/extent-tree.c | 8 + fs/btrfs/tests/extent-map-tests.c | 1 + fs/btrfs/transaction.c | 12 + fs/btrfs/zoned.c | 6 + fs/dlm/lock.c | 2 + fs/erofs/fileio.c | 2 + fs/ext4/inode.c | 68 ++- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 17 + fs/ext4/xattr.c | 11 +- fs/f2fs/checkpoint.c | 21 +- fs/f2fs/f2fs.h | 32 +- fs/f2fs/inode.c | 8 +- fs/f2fs/node.c | 110 ++-- fs/f2fs/super.c | 8 +- fs/file.c | 26 +- fs/fuse/dev.c | 34 +- fs/fuse/dev_uring.c | 15 +- fs/fuse/dev_uring_i.h | 6 + fs/fuse/fuse_dev_i.h | 1 + fs/fuse/fuse_i.h | 3 + fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 10 +- fs/jfs/jfs_imap.c | 4 +- fs/namespace.c | 3 +- fs/smb/client/cifsencrypt.c | 16 +- fs/smb/client/connect.c | 3 + fs/smb/client/fs_context.c | 5 + fs/smb/client/inode.c | 10 + fs/smb/client/reparse.c | 29 +- fs/smb/client/sess.c | 7 + fs/smb/client/smb2misc.c | 9 +- fs/smb/client/smb2ops.c | 6 +- fs/smb/client/smb2pdu.c | 11 +- fs/smb/common/smb2pdu.h | 6 +- fs/udf/inode.c | 1 + fs/userfaultfd.c | 51 +- include/drm/drm_kunit_helpers.h | 3 + include/drm/intel/pciids.h | 11 +- include/linux/cgroup-defs.h | 1 + include/linux/cgroup.h | 2 +- include/linux/damon.h | 11 + include/linux/hid.h | 6 - include/linux/io_uring_types.h | 3 + include/linux/kvm_host.h | 2 +- include/linux/mtd/spinand.h | 2 +- include/linux/page-flags.h | 6 + include/linux/pci_ids.h | 3 + include/linux/perf_event.h | 17 +- include/linux/pgtable.h | 14 +- include/linux/printk.h | 6 + include/linux/tpm.h | 1 + include/net/mac80211.h | 6 + include/net/sctp/structs.h | 3 +- include/net/sock.h | 40 +- include/uapi/linux/kfd_ioctl.h | 2 + include/uapi/linux/landlock.h | 2 + include/uapi/linux/psp-sev.h | 21 +- include/uapi/linux/rkisp1-config.h | 2 +- include/xen/interface/xen-mca.h | 2 +- io_uring/io_uring.c | 4 +- io_uring/kbuf.c | 2 + io_uring/net.c | 3 + kernel/Makefile | 5 + kernel/cgroup/cgroup.c | 6 + kernel/cgroup/cpuset.c | 55 +- kernel/entry/Makefile | 3 + kernel/events/core.c | 184 +++---- kernel/events/uprobes.c | 15 +- kernel/locking/lockdep.c | 3 + kernel/power/hibernate.c | 6 +- kernel/printk/printk.c | 4 +- kernel/rcu/srcutree.c | 11 +- kernel/reboot.c | 1 + kernel/sched/Makefile | 5 + kernel/sched/ext.c | 4 +- kernel/time/Makefile | 6 + kernel/trace/fprobe.c | 170 +++++- kernel/trace/ftrace.c | 9 +- kernel/trace/ring_buffer.c | 5 +- kernel/trace/trace_eprobe.c | 2 + kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_synth.c | 1 - kernel/trace/trace_fprobe.c | 31 +- kernel/trace/trace_kprobe.c | 5 +- kernel/trace/trace_probe.c | 28 + kernel/trace/trace_probe.h | 1 + kernel/trace/trace_uprobe.c | 9 +- lib/Makefile | 5 + lib/sg_split.c | 2 - lib/zstd/common/portability_macros.h | 2 +- mm/damon/core.c | 1 + mm/damon/ops-common.c | 2 +- mm/damon/paddr.c | 57 +- mm/hugetlb.c | 2 +- mm/memory-failure.c | 11 +- mm/memory_hotplug.c | 3 +- mm/mremap.c | 10 +- mm/page_vma_mapped.c | 13 +- mm/rmap.c | 2 +- mm/shmem.c | 3 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +- net/core/filter.c | 80 +-- net/core/page_pool.c | 8 +- net/core/page_pool_user.c | 2 +- net/core/sock.c | 5 + net/ethtool/cmis.h | 1 - net/ethtool/cmis_cdb.c | 18 +- net/ethtool/common.c | 1 + net/ethtool/netlink.c | 8 +- net/ipv6/route.c | 8 +- net/mac80211/debugfs.c | 44 +- net/mac80211/iface.c | 5 +- net/mac80211/mesh_hwmp.c | 14 +- net/mac80211/mlme.c | 59 ++- net/mptcp/sockopt.c | 28 + net/mptcp/subflow.c | 19 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/sched/cls_api.c | 66 ++- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_sfq.c | 66 ++- net/sctp/socket.c | 22 +- net/sctp/transport.c | 2 + net/sunrpc/xprtrdma/svc_rdma_transport.c | 3 +- net/tipc/link.c | 1 + net/tls/tls_main.c | 6 + scripts/generate_builtin_ranges.awk | 5 + security/integrity/ima/ima.h | 3 +- security/integrity/ima/ima_main.c | 18 +- security/landlock/errata.h | 99 ++++ security/landlock/errata/abi-4.h | 15 + security/landlock/errata/abi-6.h | 19 + security/landlock/fs.c | 39 +- security/landlock/setup.c | 38 +- security/landlock/setup.h | 3 + security/landlock/syscalls.c | 22 +- security/landlock/task.c | 12 + sound/pci/hda/hda_intel.c | 44 +- sound/pci/hda/patch_realtek.c | 41 ++ sound/soc/amd/acp/acp-sdw-legacy-mach.c | 34 ++ sound/soc/amd/acp/soc_amd_sdw_common.h | 1 + sound/soc/amd/ps/acp63.h | 1 + sound/soc/amd/ps/pci-ps.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/wcd937x.c | 2 + sound/soc/fsl/fsl_audmix.c | 16 +- sound/soc/intel/common/soc-acpi-intel-adl-match.c | 29 ++ sound/soc/qcom/qdsp6/q6apm-dai.c | 60 ++- sound/soc/qcom/qdsp6/q6apm.c | 18 +- sound/soc/qcom/qdsp6/q6apm.h | 3 + sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +- sound/soc/sof/topology.c | 4 +- sound/usb/midi.c | 80 ++- tools/objtool/check.c | 5 + tools/power/cpupower/bench/parse.c | 4 + tools/testing/ktest/ktest.pl | 8 + .../futex/functional/futex_wait_wouldblock.c | 2 +- tools/testing/selftests/landlock/base_test.c | 46 +- tools/testing/selftests/landlock/common.h | 1 + .../selftests/landlock/scoped_signal_test.c | 108 +++- tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 +- virt/kvm/Kconfig | 2 +- virt/kvm/eventfd.c | 10 +- 460 files changed, 5785 insertions(+), 2515 deletions(-)

7 months, 1 week

11
468
0 0

[merged mm-hotfixes-stable] mm-fix-folio_pte_batch-on-xen-pv.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix folio_pte_batch() on XEN PV has been removed from the -mm tree. Its filename was mm-fix-folio_pte_batch-on-xen-pv.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Petr Van��k <arkamar(a)atlas.cz> Subject: mm: fix folio_pte_batch() on XEN PV Date: Fri, 2 May 2025 23:50:19 +0200 On XEN PV, folio_pte_batch() can incorrectly batch beyond the end of a folio due to a corner case in pte_advance_pfn(). Specifically, when the PFN following the folio maps to an invalidated MFN, expected_pte = pte_advance_pfn(expected_pte, nr); produces a pte_none(). If the actual next PTE in memory is also pte_none(), the pte_same() succeeds, if (!pte_same(pte, expected_pte)) break; the loop is not broken, and batching continues into unrelated memory. For example, with a 4-page folio, the PTE layout might look like this: [ 53.465673] [ T2552] folio_pte_batch: printing PTE values at addr=0x7f1ac9dc5000 [ 53.465674] [ T2552] PTE[453] = 000000010085c125 [ 53.465679] [ T2552] PTE[454] = 000000010085d125 [ 53.465682] [ T2552] PTE[455] = 000000010085e125 [ 53.465684] [ T2552] PTE[456] = 000000010085f125 [ 53.465686] [ T2552] PTE[457] = 0000000000000000 <-- not present [ 53.465689] [ T2552] PTE[458] = 0000000101da7125 pte_advance_pfn(PTE[456]) returns a pte_none() due to invalid PFN->MFN mapping. The next actual PTE (PTE[457]) is also pte_none(), so the loop continues and includes PTE[457] in the batch, resulting in 5 batched entries for a 4-page folio. This triggers the following warning: [ 53.465751] [ T2552] page: refcount:85 mapcount:20 mapping:ffff88813ff4f6a8 index:0x110 pfn:0x10085c [ 53.465754] [ T2552] head: order:2 mapcount:80 entire_mapcount:0 nr_pages_mapped:4 pincount:0 [ 53.465756] [ T2552] memcg:ffff888003573000 [ 53.465758] [ T2552] aops:0xffffffff8226fd20 ino:82467c dentry name(?):"libc.so.6" [ 53.465761] [ T2552] flags: 0x2000000000416c(referenced|uptodate|lru|active|private|head|node=0|zone=2) [ 53.465764] [ T2552] raw: 002000000000416c ffffea0004021f08 ffffea0004021908 ffff88813ff4f6a8 [ 53.465767] [ T2552] raw: 0000000000000110 ffff888133d8bd40 0000005500000013 ffff888003573000 [ 53.465768] [ T2552] head: 002000000000416c ffffea0004021f08 ffffea0004021908 ffff88813ff4f6a8 [ 53.465770] [ T2552] head: 0000000000000110 ffff888133d8bd40 0000005500000013 ffff888003573000 [ 53.465772] [ T2552] head: 0020000000000202 ffffea0004021701 000000040000004f 00000000ffffffff [ 53.465774] [ T2552] head: 0000000300000003 8000000300000002 0000000000000013 0000000000000004 [ 53.465775] [ T2552] page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) Original code works as expected everywhere, except on XEN PV, where pte_advance_pfn() can yield a pte_none() after balloon inflation due to MFNs invalidation. In XEN, pte_advance_pfn() ends up calling __pte()->xen_make_pte()->pte_pfn_to_mfn(), which returns pte_none() when mfn == INVALID_P2M_ENTRY. The pte_pfn_to_mfn() documents that nastiness: If there's no mfn for the pfn, then just create an empty non-present pte. Unfortunately this loses information about the original pfn, so pte_mfn_to_pfn is asymmetric. While such hacks should certainly be removed, we can do better in folio_pte_batch() and simply check ahead of time how many PTEs we can possibly batch in our folio. This way, we can not only fix the issue but cleanup the code: removing the pte_pfn() check inside the loop body and avoiding end_ptr comparison + arithmetic. Link: https://lkml.kernel.org/r/20250502215019.822-2-arkamar@atlas.cz Fixes: f8d937761d65 ("mm/memory: optimize fork() with PTE-mapped THP") Co-developed-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Petr Van��k <arkamar(a)atlas.cz> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/internal.h | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) --- a/mm/internal.h~mm-fix-folio_pte_batch-on-xen-pv +++ a/mm/internal.h @@ -248,11 +248,9 @@ static inline int folio_pte_batch(struct pte_t *start_ptep, pte_t pte, int max_nr, fpb_t flags, bool *any_writable, bool *any_young, bool *any_dirty) { - unsigned long folio_end_pfn = folio_pfn(folio) + folio_nr_pages(folio); - const pte_t *end_ptep = start_ptep + max_nr; pte_t expected_pte, *ptep; bool writable, young, dirty; - int nr; + int nr, cur_nr; if (any_writable) *any_writable = false; @@ -265,11 +263,15 @@ static inline int folio_pte_batch(struct VM_WARN_ON_FOLIO(!folio_test_large(folio) || max_nr < 1, folio); VM_WARN_ON_FOLIO(page_folio(pfn_to_page(pte_pfn(pte))) != folio, folio); + /* Limit max_nr to the actual remaining PFNs in the folio we could batch. */ + max_nr = min_t(unsigned long, max_nr, + folio_pfn(folio) + folio_nr_pages(folio) - pte_pfn(pte)); + nr = pte_batch_hint(start_ptep, pte); expected_pte = __pte_batch_clear_ignored(pte_advance_pfn(pte, nr), flags); ptep = start_ptep + nr; - while (ptep < end_ptep) { + while (nr < max_nr) { pte = ptep_get(ptep); if (any_writable) writable = !!pte_write(pte); @@ -282,14 +284,6 @@ static inline int folio_pte_batch(struct if (!pte_same(pte, expected_pte)) break; - /* - * Stop immediately once we reached the end of the folio. In - * corner cases the next PFN might fall into a different - * folio. - */ - if (pte_pfn(pte) >= folio_end_pfn) - break; - if (any_writable) *any_writable |= writable; if (any_young) @@ -297,12 +291,13 @@ static inline int folio_pte_batch(struct if (any_dirty) *any_dirty |= dirty; - nr = pte_batch_hint(ptep, pte); - expected_pte = pte_advance_pfn(expected_pte, nr); - ptep += nr; + cur_nr = pte_batch_hint(ptep, pte); + expected_pte = pte_advance_pfn(expected_pte, cur_nr); + ptep += cur_nr; + nr += cur_nr; } - return min(ptep - start_ptep, max_nr); + return min(nr, max_nr); } /** _ Patches currently in -mm which might be from arkamar(a)atlas.cz are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-a-build-failure-on-powerpc.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix a build failure on powerpc has been removed from the -mm tree. Its filename was selftests-mm-fix-a-build-failure-on-powerpc.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Nysal Jan K.A." <nysal(a)linux.ibm.com> Subject: selftests/mm: fix a build failure on powerpc Date: Mon, 28 Apr 2025 18:49:35 +0530 The compiler is unaware of the size of code generated by the ".rept" assembler directive. This results in the compiler emitting branch instructions where the offset to branch to exceeds the maximum allowed value, resulting in build failures like the following: CC protection_keys /tmp/ccypKWAE.s: Assembler messages: /tmp/ccypKWAE.s:2073: Error: operand out of range (0x0000000000020158 is not between 0xffffffffffff8000 and 0x0000000000007ffc) /tmp/ccypKWAE.s:2509: Error: operand out of range (0x0000000000020130 is not between 0xffffffffffff8000 and 0x0000000000007ffc) Fix the issue by manually adding nop instructions using the preprocessor. Link: https://lkml.kernel.org/r/20250428131937.641989-2-nysal@linux.ibm.com Fixes: 46036188ea1f ("selftests/mm: build with -O2") Reported-by: Madhavan Srinivasan <maddy(a)linux.ibm.com> Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> Tested-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Reviewed-by: Donet Tom <donettom(a)linux.ibm.com> Tested-by: Donet Tom <donettom(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/pkey-powerpc.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/pkey-powerpc.h~selftests-mm-fix-a-build-failure-on-powerpc +++ a/tools/testing/selftests/mm/pkey-powerpc.h @@ -104,8 +104,18 @@ static inline void expect_fault_on_read_ return; } +#define REPEAT_8(s) s s s s s s s s +#define REPEAT_64(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) \ + REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) +#define REPEAT_512(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) \ + REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) +#define REPEAT_4096(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) \ + REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) +#define REPEAT_16384(s) REPEAT_4096(s) REPEAT_4096(s) \ + REPEAT_4096(s) REPEAT_4096(s) + /* 4-byte instructions * 16384 = 64K page */ -#define __page_o_noops() asm(".rept 16384 ; nop; .endr") +#define __page_o_noops() asm(REPEAT_16384("nop\n")) static inline void *malloc_pkey_with_mprotect_subpage(long size, int prot, u16 pkey) { _ Patches currently in -mm which might be from nysal(a)linux.ibm.com are watchdog-fix-watchdog-may-detect-false-positive-of-softlockup-fix.patch

7 months, 1 week

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror