- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.2 release. There are 731 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Apr 2025 15:40:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.2-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.2-rc2 Juri Lelli <juri.lelli(a)redhat.com> include/{topology,cpuset}: Move dl_rebuild_rd_accounting to cpuset.h Ian Rogers <irogers(a)google.com> perf pmu: Rename name matching for no suffix or wildcard variants Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix management of listener transports Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a Kconfig setting to enable delegated timestamps Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Jeff Layton <jlayton(a)kernel.org> nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() Jeff Layton <jlayton(a)kernel.org> nfsd: don't ignore the return code of svc_proc_register() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> media: vimc: skip .s_stream() for stopped entities Oleg Nesterov <oleg(a)redhat.com> exec: fix the racy usage of fs_struct->in_exec Yosry Ahmed <yosry.ahmed(a)linux.dev> mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Lukas Wunner <lukas(a)wunner.de> PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix kernel panic due to null pointer dereference Angelos Oikonomopoulos <angelos(a)igalia.com> arm64: Don't call NULL in do_compat_alignment_fixup() David Hildenbrand <david(a)redhat.com> mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential wrong error return from get_block Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix random stack corruption after get_block Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix null pointer dereference in alloc_preauth_hash() Norbert Szetei <norbert(a)doyensec.com> ksmbd: validate zero num_subauth before sub_auth is accessed Norbert Szetei <norbert(a)doyensec.com> ksmbd: fix overflow in dacloffset bounds check Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix session use-after-free in multichannel connection Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_sessions_deregister() Norbert Szetei <norbert(a)doyensec.com> ksmbd: add bounds check for create lease context Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add bounds check for durable handle context Sean Christopherson <seanjc(a)google.com> KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Miaoqian Lin <linmq006(a)gmail.com> mmc: omap: Fix memory leak in mmc_omap_new_slot Candice Li <candice.li(a)amd.com> Remove unnecessary firmware version check for gc v9_4_2 Robin Murphy <robin.murphy(a)arm.com> media: omap3isp: Handle ARM dma_iommu_mapping Christian Eggers <ceggers(a)arri.de> ARM: 9444/1: add KEEP() keyword to ARM_VECTORS Nathan Chancellor <nathan(a)kernel.org> ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE Gergo Koteles <soyer(a)irl.hu> ACPI: video: Handle fetching EDID as ACPI_TYPE_PACKAGE Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: remove unused acpi function for clc Nathan Chancellor <nathan(a)kernel.org> ACPI: platform-profile: Fix CFI violation when accessing sysfs files Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Arnd Bergmann <arnd(a)arndb.de> x86/Kconfig: Add cmpxchg8b support back to Geode CPUs Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: bch2_ioctl_subvolume_destroy() fixes Jiri Olsa <jolsa(a)kernel.org> uprobes/x86: Harden uretprobe syscall trampoline check Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Apply static call for drain_pebs Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Eduard Christian Dumitrescu <eduard.c.dumitrescu(a)gmail.com> platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560 Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Vishal Annapurve <vannapurve(a)google.com> x86/tdx: Fix arch_safe_halt() execution for TDX VMs Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT Shuai Xue <xueshuai(a)linux.alibaba.com> x86/mce: use is_copy_from_user() to determine copy-from-user context Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected Tianyu Lan <tiala(a)microsoft.com> x86/hyperv: Fix check of return value from snp_set_vmsa() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Don't override subprog's return value Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Fix off-by-one error in build_prologue() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase MAX_IO_PICS up to 8 Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase ARCH_DMA_MINALIGN up to 16 WANG Rui <wangrui(a)loongson.cn> rust: Fix enabling Rust and building with GCC for LoongArch Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Sherry Sun <sherry.sun(a)nxp.com> tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use port struct directly to simply code Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: Use u32 and u8 for register variables Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix Oops after disconnect in agilent usb Dave Penkler <dpenkler(a)gmail.com> staging: gpib: agilent usb console messaging cleanup Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix Oops after disconnect in ni_usb Dave Penkler <dpenkler(a)gmail.com> staging: gpib: ni_usb console messaging cleanup Zhang Rui <rui.zhang(a)intel.com> tools/power turbostat: Restore GFX sysfs fflush() call Len Brown <len.brown(a)intel.com> tools/power turbostat: report CoreThr per measurement interval Yeoreum Yun <yeoreum.yun(a)arm.com> perf/core: Fix child_total_time_enabled accounting bug at task exit Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: fix num_mec Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: fix num_mec Yue Haibing <yuehaibing(a)huawei.com> drm/xe: Fix unmet direct dependencies warning Alexandru Gagniuc <alexandru.gagniuc(a)hp.com> kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally Zhang Rui <rui.zhang(a)intel.com> tools/power turbostat: Allow Zero return value for some RAPL registers Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt_route: pull the ifa- prefix out of the names Dave Marquardt <davemarq(a)linux.ibm.com> net: ibmveth: make veth_pool_store stop hanging Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Ido Schimmel <idosch(a)nvidia.com> ipv6: Do not consider link down nexthops in path selection Ido Schimmel <idosch(a)nvidia.com> ipv6: Start path selection from the first nexthop Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow David Oberhollenzer <david.oberhollenzer(a)sigma-star.at> net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Edward Cree <ecree.xilinx(a)gmail.com> sfc: fix NULL dereferences in ef100_process_design_param() Edward Cree <ecree.xilinx(a)gmail.com> sfc: rip out MDIO support Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Antoine Tenart <atenart(a)kernel.org> net: decrease cached dst counters in dst_release Wang Liang <wangliang74(a)huawei.com> xsk: Fix __xsk_generic_xmit() error code when cq is full Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix multiple wraparounds of sk->sk_rmem_alloc. Kuniyuki Iwashima <kuniyu(a)amazon.com> rtnetlink: Use register_pernet_subsys() in rtnl_net_debug_init(). Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix ETS priomap validation Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue() Eric Dumazet <edumazet(a)google.com> sctp: add mutual exclusion in proc_sctp_do_udp_port() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't unregister hook when table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix adapter NULL pointer dereference on reboot Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> ixgbe: fix media type detection for E610 device Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change k1 configuration on MTP and later platforms Zdenek Bouska <zdenek.bouska(a)siemens.com> igc: Fix TX drops in XDP ZC Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Add launch time support to XDP ZC Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Refactor empty frame insertion for launch time support Song Yoong Siang <yoong.siang.song(a)intel.com> xsk: Add launch time hardware offload support to XDP Tx metadata Florian Fainelli <florian.fainelli(a)broadcom.com> spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Florian Fainelli <florian.fainelli(a)broadcom.com> spi: bcm2835: Do not call gpiod_put() on invalid descriptor Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Maurizio Lombardi <mlombard(a)redhat.com> nvme-pci: skip nvme_write_sq_db on empty rqlist Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer Björn Töpel <bjorn(a)rivosinc.com> riscv/purgatory: 4B align purgatory_start Yao Zi <ziyao(a)disroot.org> riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Josh Poimboeuf <jpoimboe(a)kernel.org> spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Sven Schnelle <svens(a)linux.ibm.com> s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation Ming Lei <ming.lei(a)redhat.com> ublk: make sure ubq->canceling is set when queue is frozen Herton R. Krzesinski <herton(a)redhat.com> x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: errata: Use medany for relocatable builds Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix set up of vector cpu hotplug callback Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix set up of cpu hotplug callbacks Andrew Jones <ajones(a)ventanamicro.com> riscv: Change check_unaligned_access_speed_all_cpus to void Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix check_unaligned_access_all_cpus Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix riscv_online_cpu_vec Andrew Jones <ajones(a)ventanamicro.com> riscv: Annotate unaligned access init functions Pu Lehui <pulehui(a)huawei.com> riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Pu Lehui <pulehui(a)huawei.com> riscv: fgraph: Select HAVE_FUNCTION_GRAPH_TRACER depends on HAVE_DYNAMIC_FTRACE_WITH_ARGS Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix missing __free_pages() in check_vector_unaligned_access() Tingbo Liao <tingbo.liao(a)starfivetech.com> riscv: Fix the __riscv_copy_vec_words_unaligned implementation Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Christian Schoenebeck <linux_oss(a)crudebyte.com> fs/9p: fix NULL pointer dereference on mkdir Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix gang directory lifetimes Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> rtc: renesas-rtca3: Disable interrupts only if the RTC is enabled Dan Carpenter <dan.carpenter(a)linaro.org> nfs: Add missing release on error in nfs_lock_and_join_requests() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool/loongarch: Add unwind hints in prepare_frametrace() Josh Poimboeuf <jpoimboe(a)kernel.org> rcu-tasks: Always inline rcu_irq_work_resched() Josh Poimboeuf <jpoimboe(a)kernel.org> context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() David Laight <david.laight.linux(a)gmail.com> objtool: Fix verbose disassembly if CROSS_COMPILE isn't set Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Jim Liu <jim.t90615(a)gmail.com> net: phy: broadcom: Correct BCM5221 PHY model detection Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Rework the arch_kgdb_breakpoint() implementation Miaoqian Lin <linmq006(a)gmail.com> LoongArch: Fix device node refcount leak in fdt_cpu_clk_init() 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix segfault in ignore_unreachable_insn() Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Lama Kayal <lkayal(a)nvidia.com> net/mlx5e: SHAMPO, Make reserved size independent of page size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix r_count dec/increment mismatch Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Lubomir Rintel <lkundrak(a)v3.sk> rndis_host: Flag RNDIS modems as WWAN devices Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix missing shutdown check Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix netns refcount imbalance causing leaks and use-after-free Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Shut down the nfs_client only after all the superblocks Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() xueqin Luo <luoxueqin(a)kylinos.cn> thermal: core: Remove duplicate struct declaration Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix detection of consecutive jump tables on Clang 20 Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool: Handle PC relative relocation type Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool: Handle different entry size of rodata Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool: Handle various symbol types of rodata Namhyung Kim <namhyung(a)kernel.org> perf bpf-filter: Fix a parsing error with comma Marcus Meissner <meissner(a)suse.de> perf tools: annotate asm_pure_loop.S Likhitha Korrapati <likhitha(a)linux.ibm.com> perf tools: Fix is_compat_mode build break in ppc64 Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: n_tty: use uint for space returned by tty_write_room() Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Stop kthreads if vchiq cdev register fails Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Fix possible NPR of keep-alive thread Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Register debugfs after cdev 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES Thomas Richter <tmricht(a)linux.ibm.com> perf pmu: Handle memory failure in tool_pmu__new() James Clark <james.clark(a)linaro.org> perf: intel-tpebs: Fix incorrect usage of zfree() Stephen Brennan <stephen.s.brennan(a)oracle.com> perf dso: fix dso__is_kallsyms() check Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Benjamin Berg <benjamin.berg(a)intel.com> um: hostfs: avoid issues on inode number reuse by host Benjamin Berg <benjamin.berg(a)intel.com> um: remove copy_from_kernel_nofault_allowed David Gow <davidgow(a)google.com> um: Pass the correct Rust target and options with gcc Cyan Yang <cyan.yang(a)sifive.com> selftests/mm/cow: fix the incorrect error handling Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path NeilBrown <neilb(a)suse.de> NFS: fix open_owner_id_maxsz and related fields. Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for delayed delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for expired delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for returning delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Antonio Quartulli <antonio(a)mandelbit.com> scripts/gdb/linux/symbols.py: address changes to module_sect_attrs Tang Yizhou <yizhou.tang(a)shopee.com> writeback: fix calculations in trace_balance_dirty_pages() for cgwb Tang Yizhou <yizhou.tang(a)shopee.com> writeback: let trace_balance_dirty_pages() take struct dtc as parameter Anshuman Khandual <anshuman.khandual(a)arm.com> arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Danilo Krummrich <dakr(a)kernel.org> rust: platform: fix unrestricted &mut platform::Device Danilo Krummrich <dakr(a)kernel.org> rust: pci: fix unrestricted &mut pci::Device Danilo Krummrich <dakr(a)kernel.org> rust: pci: use to_result() in enable_device_mem() Ahmad Fatoum <a.fatoum(a)pengutronix.de> reboot: reboot, not shutdown, on hw_protection_reboot timeout Ahmad Fatoum <a.fatoum(a)pengutronix.de> reboot: replace __hw_protection_shutdown bool action parameter with an enum Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX David Hildenbrand <david(a)redhat.com> kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() Veronika Molnarova <vmolnaro(a)redhat.com> perf test stat_all_pmu.sh: Correctly check 'perf stat' result Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf x86/topdown: Fix topdown leader sampling test error on hybrid Ian Rogers <irogers(a)google.com> perf evsel: tp_format accessing improvements Ian Rogers <irogers(a)google.com> perf evlist: Add success path to evlist__create_syswide_maps Ian Rogers <irogers(a)google.com> perf debug: Avoid stack overflow in recursive error message Karan Sanghavi <karansanghvi98(a)gmail.com> iio: light: Add check for array bounds in veml6075_read_int_time_ms Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7173: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad4130: Fix comparison of channel setups Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad_sigma_delta: Disable channel after calibration Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> dmaengine: ptdma: Utilize the AE4DMA engine's multi-queue functionality Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> dmaengine: ae4dma: Use the MSI count and its corresponding IRQ number Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: free irq correctly in remove path Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister Bard Liao <yung-chuan.liao(a)linux.intel.com> soundwire: take in count the bandwidth of a prepared stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix callback decoder status codes Ian Rogers <irogers(a)google.com> perf tests: Fix data symbol test with LTO builds Namhyung Kim <namhyung(a)kernel.org> perf test: Add timeout to datasym workload Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Prevent integer overflow in hdr_first_de() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: correct debug message page size calculation Namhyung Kim <namhyung(a)kernel.org> perf machine: Fixup kernel maps ends after adding extra maps Thomas Richter <tmricht(a)linux.ibm.com> perf bench: Fix perf bench syscall loop count Leo Yan <leo.yan(a)arm.com> perf arm-spe: Fix load-store operation checking Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7192: Grab direct mode for calibration Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7173: Grab direct mode for calibration Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: core: Rework claim and release of direct mode to work with sparse. Nuno Sá <nuno.sa(a)analog.com> iio: backend: make sure to NULL terminate stack buffer Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Mario Limonciello <mario.limonciello(a)amd.com> ucsi_ccg: Don't show failed to get FW build information error Luca Ceresoli <luca.ceresoli(a)bootlin.com> perf build: Fix in-tree build due to symbolic link Ian Rogers <irogers(a)google.com> tools/x86: Fix linux/unaligned.h include path in lib/insn.c James Clark <james.clark(a)linaro.org> perf pmu: Don't double count common sysfs and json events James Clark <james.clark(a)linaro.org> perf pmu: Dynamically allocate tool PMU Ian Rogers <irogers(a)google.com> perf pmus: Restructure pmu_read_sysfs to scan fewer PMUs Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight-etm4x: add isb() before reading the TRCSTATR Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Wentao Liang <vulab(a)iscas.ac.cn> greybus: gb-beagleplay: Add error handling for gb_greybus_init Dmitry Vyukov <dvyukov(a)google.com> perf report: Fix input reload/switch with symbol sort key Dmitry Vyukov <dvyukov(a)google.com> perf report: Add parallelism sort key Namhyung Kim <namhyung(a)kernel.org> perf report: Switch data file correctly in TUI Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix cb7210 pcmcia Oops Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device James Clark <james.clark(a)linaro.org> perf tests: Fix Tool PMU test segfault Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Kan Liang <kan.liang(a)linux.intel.com> perf tools: Add skip check in tool_pmu__event_to_str() Heiko Stuebner <heiko.stuebner(a)cherry.de> phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Really disable all channels at probe time Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Micro-optimize channel disabling Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix scale to conform to ABI Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: gts-helper: export iio_gts_get_total_gain() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: extend regmap to support regfields Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_mapping->a_ops on compression state Ye Bin <yebin10(a)huawei.com> fs/ntfs3: Fix 'proc_info_root' leak when init ntfs failed Ye Bin <yebin10(a)huawei.com> fs/ntfs3: Factor out ntfs_{create/remove}_proc_root() Ye Bin <yebin10(a)huawei.com> fs/ntfs3: Factor out ntfs_{create/remove}_procdir() Ian Rogers <irogers(a)google.com> perf stat: Don't merge counters purely on name Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix Hwmon PMU test endianess issue Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: modify stream enable Benson Leung <bleung(a)chromium.org> usb: typec: thunderbolt: Remove IS_ERR check for plug Benson Leung <bleung(a)chromium.org> usb: typec: thunderbolt: Fix loops that iterate TYPEC_PLUG_SOP_P and TYPEC_PLUG_SOP_PP Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix pr_err format warning Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Add missing interface entry point Chenyuan Yang <chenyuan0y(a)gmail.com> w1: fix NULL pointer dereference in probe James Clark <james.clark(a)linaro.org> perf: Always feature test reallocarray Ian Rogers <irogers(a)google.com> perf stat: Fix find_stat for mixed legacy/non-legacy events Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Fix accessing BTF.ext core_relo header Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Wang Liang <wangliang74(a)huawei.com> RDMA/core: Fix use-after-free when rename device name Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Remi Pommarel <repk(a)triplefau.lt> leds: Fix LED_OFF brightness race Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> clk: qcom: ipq5424: fix software and hardware flow control error of UART Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzv2m: Fix missing of_node_put() call Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Jiayuan Chen <mrpre(a)163.com> bpf: Fix array bounds error with may_goto Neil Armstrong <neil.armstrong(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Dario Binacchi <dario.binacchi(a)amarulasolutions.com> clk: stm32f4: fix an uninitialized variable Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Call crypto_alg_put in crypto_unregister_alg Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: bcm2835: don't -EINVAL on alternate funcs from get_direction() Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Bairavi Alagappan <bairavix.alagappan(a)intel.com> crypto: qat - remove access to parity register for QAT GEN4 Jinghao Jia <jinghao7(a)illinois.edu> samples/bpf: Fix broken vmlinux path for VMLINUX_BTF Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment Charles Han <hanchunchao(a)inspur.com> clk: mmp: Fix NULL vs IS_ERR() check Ian Rogers <irogers(a)google.com> libbpf: Add namespace for errstr making it libbpf_errstr Nathan Chancellor <nathan(a)kernel.org> crypto: tegra - Fix format specifier in tegra_sha_prep_cmd() Alice Ryhl <aliceryhl(a)google.com> rust: fix signature of rust_fmt_argument Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Select NUMA_NO_NODE to create map Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix larval relookup type and mask Thomas Weißschuh <linux(a)weissschuh.net> leds: st1202: Check for error code from devm_mutex_init() call Sicelo A. Mhlongo <absicsz(a)gmail.com> power: supply: bq27xxx_battery: do not update cached flags prematurely Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Fix calculation of total invalidated pages Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Tengda Wu <wutengda(a)huaweicloud.com> selftests/bpf: Fix freplace_link segfault in tailcalls prog test Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix MR cache initialization error flow Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Reserve keyslots to allocate dynamically Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - finalize crypto req on error Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Set IV to NULL explicitly for AES ECB Kees Bakker <kees(a)ijzerbout.nl> RDMA/mana_ib: Ensure variable err is initialized Niklas Schnelle <schnelle(a)linux.ibm.com> s390: Remove ioremap_wt() and pgprot_writethrough() Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix runqslower cross-endian build Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix CMAC intermediate result handling Yue Haibing <yuehaibing(a)huawei.com> pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw() Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Luca Weiss <luca.weiss(a)fairphone.com> remoteproc: qcom: pas: add minidump_id to SC7280 WPSS Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r8a08g045: Check the source of the CPU PLL settings David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Fix string read in strncmp benchmark Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> drivers: clk: qcom: ipq5424: fix the freq table of sdcc1_apps clock Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Suppress binding attributes Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix page_size variable overflow Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for sec spec check Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Use HMAC fallback when keyslots are full Arnd Bergmann <arnd(a)arndb.de> crypto: bpf - Add MODULE_DESCRIPTION for skcipher Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix HASH intermediate result handling Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Transfer HASH init function to crypto engine Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - check return value for hash do_one_req Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Do not use fixed size buffers Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Use separate buffer for setkey Bairavi Alagappan <bairavix.alagappan(a)intel.com> crypto: qat - set parity error mask for qat_420xx Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Test the correct request flag Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Arnd Bergmann <arnd(a)arndb.de> dummycon: fix default rows/cols Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix retry handling off iowq Caleb Sander Mateos <csander(a)purestorage.com> io_uring: use lockless_cq flag in io_req_complete_post() Shay Drory <shayd(a)nvidia.com> PCI: Fix NULL dereference in SR-IOV VF creation error path Caleb Sander Mateos <csander(a)purestorage.com> io_uring/net: only import send_zc buffer once Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI/bwctrl: Fix pcie_bwctrl_select_speed() return type Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: enable compute pipes across all MEC Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: optimize compute loop handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix BAR resizing when VF BARs are assigned Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: histb: Fix an error handling path in histb_pcie_probe() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: ep: Return -ENOMEM for allocation failures Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> drm/amd/display: avoid NPD when ASIC does not support DMUB Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Douglas Anderson <dianders(a)chromium.org> drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Jason-JH Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix config_updating flag never false when no mbox channel Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/kexec: fix physical address calculation in clear_utlb_entry() Christophe Leroy <christophe.leroy(a)csgroup.eu> crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD Niklas Cassel <cassel(a)kernel.org> PCI: endpoint: pci-epf-test: Handle endianness properly Niklas Cassel <cassel(a)kernel.org> misc: pci_endpoint_test: Handle BAR sizes larger than INT_MAX Niklas Cassel <cassel(a)kernel.org> misc: pci_endpoint_test: Fix pci_endpoint_test_bars_read_bar() error handling Vaibhav Jain <vaibhav(a)linux.ibm.com> powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Rob Clark <robdclark(a)chromium.org> drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Steven Price <steven.price(a)arm.com> drm/panthor: Clean up FW version information display Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Avoid sleep locking in the internal BO size path Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Replace sleep locks with spinlocks in fdinfo path Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Expose size of driver internal BO's over fdinfo Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/file: Add fdinfo helper for printing regions with prefix Ashley Smith <ashley.smith(a)collabora.com> drm/panthor: Update CS_STATUS_ defines to correct values Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't set crtc_state->mode_changed from atomic_check() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: simplify dpu_encoder_get_topology() interface Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: move needs_cdm setting to dpu_encoder_get_topology() Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Yi Lai <yi1.lai(a)intel.com> selftests/pcie_bwctrl: Add 'set_pcie_speed.sh' to TEST_PROGS Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix potential premature regulator disabling Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix error path after a call to regulator_bulk_get() Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Set generation limit before PCIe link up Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Lorenzo Bianconi <lorenzo(a)kernel.org> PCI: mediatek-gen3: Configure PBUS_CSR registers for EN7581 SoC Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/gem: Fix error code msm_parse_deps() Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Remove arbitrary limit of 1 interface in DSC topology Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Fall back to a single DSC encoder (1:1:1) on small SoCs Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Use existing per-interface slice count in DSC timing Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Program clock inverters in correct register Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't use active in atomic_check() Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: fix an indent issue in DML21 Tushar Dave <tdave(a)nvidia.com> PCI/ACS: Fix 'pci=config_acs=' parameter John Keeping <jkeeping(a)inmusicbrands.com> drm/panel: ilitek-ili9882t: fix GPIO name in error message Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Allow relaxed bridge window tail sizing for optional resources Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Simplify size1 assignment logic Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Remove add_align overwrite unrelated to size0 Kai-Heng Feng <kaihengf(a)nvidia.com> PCI: Use downstream bridges for distributing resources Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/vcn5.0.1: use correct dpm helper Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/umsch: fix ucode check Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/umsch: declare umsch firmware Saleemkhan Jamadar <saleemkhan.jamadar(a)amd.com> drm/amdgpu/umsch: remove vpe test from umsch Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: refine smu send msg debug log format Vitalii Mordan <mordan(a)ispras.ru> gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Bart Van Assche <bvanassche(a)acm.org> drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() Charles Han <hanchunchao(a)inspur.com> drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Fix race condition when gathering fdinfo group samples Hermes Wu <Hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP V match check is not performed correctly Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: ensure ssd132x pitch is correct John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: fix ssd132x encoding Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix a race between the reset and suspend path Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Return error when setting clock failed for npu1 Javier Martinez Canillas <javierm(a)redhat.com> drm/ssd130x: Set SPI .id_table to prevent an SPI core warning Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Jann Horn <jannh(a)google.com> rwonce: fix crash by removing READ_ONCE() for unaligned read Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix Tx L4 checksum Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix Tx descriptor content for some tunnel packets Pranjal Shrivastava <praan(a)google.com> net: Fix the devmem sock opts and msgs for parisc Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_LE_DIRECT_ADV_REPORT Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix kernel panic during FW release Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: fix DCB apptrust configuration on KSZ88x3 Jann Horn <jannh(a)google.com> rwonce: handle KCSAN like KASAN in read_word_at_a_time() Wentao Guan <guanwentao(a)uniontech.com> Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Enable buffer flow control for SCO/eSCO Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: Add quirk for broken READ_VOICE_SETTING Akihiko Odaki <akihiko.odaki(a)daynix.com> virtio_net: Fix endian with virtio_net_ctrl_rss Wang Liang <wangliang74(a)huawei.com> net: fix NULL pointer dereference in l3mdev_l3_rcv Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Use kernel helpers for hex dumps Wang Liang <wangliang74(a)huawei.com> bonding: check xdp prog when set bond mode Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: unregister xdp rxq info in the reset path Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Start health poll after enable hca Mark Bloch <mbloch(a)nvidia.com> net/mlx5: LAG, reload representors on LAG creation failure Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: reject other RX filters than HWTSTAMP_FILTER_PTP_V2_L2_EVENT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix displaced ethtool statistics counters WangYuli <wangyuli(a)uniontech.com> mlxsw: spectrum_acl_bloom_filter: Workaround for some LLVM versions Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable STU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Linearize TX SKB if the fragments exceed the max Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Mask the bd_cnt field in the TX BD properly Maxim Mikityanskiy <maxtram95(a)gmail.com> net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Remove broken autobind WangYuli <wangyuli(a)uniontech.com> netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE Chenyuan Yang <chenyuan0y(a)gmail.com> netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Taehee Yoo <ap420073(a)gmail.com> eth: bnxt: fix out-of-range access of vnic_info array Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: avoid journaling sb update on error if journal is destroying Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: define ext4_journal_destroy wrapper Zhang Yi <yi.zhang(a)huawei.com> jbd2: add a missing data flush during file and fs synchronization Niklas Cassel <cassel(a)kernel.org> nvmet: pci-epf: Always configure BAR0 as 64-bit Jacob Keller <jacob.e.keller(a)intel.com> ptp: ocp: reject unsupported periodic output flags Jacob Keller <jacob.e.keller(a)intel.com> broadcom: fix supported flag check in periodic output function Jacob Keller <jacob.e.keller(a)intel.com> net: lan743x: reject unsupported external timestamp requests Jacob Keller <jacob.e.keller(a)intel.com> renesas: reject PTP_STRICT_FLAGS as unsupported Jacob Keller <jacob.e.keller(a)intel.com> igb: reject invalid external timestamp requests for 82580-based HW Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() Mark Harmstone <maharmstone(a)fb.com> btrfs: don't clobber ret in btrfs_validate_super() Boris Burkov <boris(a)bur.io> btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Filipe Manana <fdmanana(a)suse.com> btrfs: fix reclaimed bytes accounting after automatic block group reclaim Filipe Manana <fdmanana(a)suse.com> btrfs: get used bytes while holding lock at btrfs_reclaim_bgs_work() Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: check error for register_netdev() on init Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Lukasz Czapnik <lukasz.czapnik(a)intel.com> ice: fix input validation for virtchnl BW Jan Glaza <jan.glaza(a)intel.com> ice: validate queue quanta parameters to prevent OOB access Jan Glaza <jan.glaza(a)intel.com> ice: stop truncating queue ids when checking Jan Glaza <jan.glaza(a)intel.com> virtchnl: make proto and filter action count unsigned Jesse Brandeburg <jbrandeburg(a)cloudflare.com> ice: fix reservation of resources for RDMA when disabled Karol Kolacinski <karol.kolacinski(a)intel.com> ice: ensure periodic output start time is in the future Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: health.c: fix compilation on gcc 7.5 Jeff Chen <jeff.chen_1(a)nxp.com> wifi: mwifiex: Fix RF calibration data download from file Jeff Chen <jeff.chen_1(a)nxp.com> wifi: mwifiex: Fix premature release of RF calibration data. Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: init wiphy_work before allocating rfkill fails Mikhail Lobanov <m.lobanov(a)rosa.ru> wifi: mac80211: check basic rates validity in sta_link_apply_parameters Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: nl80211: store chandef on the correct link when starting CAC Niklas Cassel <cassel(a)kernel.org> ata: libata: Fix NCQ Non-Data log not supported print Zhang Yi <yi.zhang(a)huawei.com> jbd2: fix off-by-one while erasing journal Baokun Li <libaokun1(a)huawei.com> ext4: goto right label 'out_mmap_sem' in ext4_setattr() Ye Bin <yebin10(a)huawei.com> ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() Ye Bin <yebin10(a)huawei.com> ext4: introduce ITAIL helper Guixin Liu <kanie(a)linux.alibaba.com> scsi: target: tcm_loop: Fix wrong abort tag Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fixed failure to issue vendor specific commands Chunhai Guo <guochunhai(a)vivo.com> f2fs: fix missing discard for active segments Jan Kara <jack(a)suse.cz> ext4: verify fast symlink length Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: add missing brelse() for bh2 in ext4_dx_add_entry() Gao Xiang <xiang(a)kernel.org> erofs: allow 16-byte volume name again Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> arm64: dts: rockchip: remove ethm0_clk0_25m_out from Sige5 gmac0 Yao Zi <ziyao(a)disroot.org> arm64: dts: rockchip: Fix PWM pinctrl names Jianfeng Liu <liujianfeng1994(a)gmail.com> arm64: dts: rockchip: Fix pcie reset gpio on Orange Pi 5 Max Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls Chen-Yu Tsai <wens(a)csie.org> arm64: dts: rockchip: Remove bluetooth node from rock-3a Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: Move rk356x scmi SHMEM to reserved memory Baokun Li <libaokun1(a)huawei.com> ext4: show 'emergency_ro' when EXT4_FLAGS_EMERGENCY_RO is set Baokun Li <libaokun1(a)huawei.com> ext4: correct behavior under errors=remount-ro mode Baokun Li <libaokun1(a)huawei.com> ext4: add EXT4_FLAGS_EMERGENCY_RO bit Baokun Li <libaokun1(a)huawei.com> ext4: convert EXT4_FLAGS_* defines to enum Charles Han <hanchunchao(a)inspur.com> ext4: fix potential null dereference in ext4 kunit test Ming Lei <ming.lei(a)redhat.com> block: fix adding folio to bio Chao Yu <chao(a)kernel.org> f2fs: fix to avoid running out of free segments Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove SSID from ML reconf Robin Murphy <robin.murphy(a)arm.com> iommu: Handle race with default domain setup Chao Yu <chao(a)kernel.org> f2fs: fix to avoid accessing uninitialized curseg Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> arm64: dts: imx8mp: change AUDIO_AXI_CLK_ROOT freq. to 800MHz Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> arm64: dts: imx8mp: add AUDIO_AXI_CLK_ROOT to AUDIOMIX block Max Merchel <Max.Merchel(a)ew.tq-group.com> ARM: dts: imx6ul-tqma6ul1: Change include order to disable fec2 node Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: skip if we cannot defer delete Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: minor evict fix Xueqi Zhang <xueqi.zhang(a)mediatek.com> memory: mtk-smi: Add ostd setting for mt8192 Yunhui Cui <cuiyunhui(a)bytedance.com> iommu/vt-d: Fix system hang on reboot -f Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Fix header file Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix lan4 support in airoha_qdma_get_gdm_port() Arnd Bergmann <arnd(a)arndb.de> firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() Zheng Qixing <zhengqixing(a)huawei.com> badblocks: use sector_t instead of int to avoid truncation of badblocks length Zheng Qixing <zhengqixing(a)huawei.com> badblocks: return boolean from badblocks_set() and badblocks_clear() Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: do partial IO for bad blocks Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: replace null_process_cmd() call in null_zone_write() Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: introduce badblocks_once parameter Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: generate null_blk configfs features string Zheng Qixing <zhengqixing(a)huawei.com> badblocks: fix missing bad blocks on retry in _badblocks_check() Li Nan <linan122(a)huawei.com> badblocks: fix merge issue when new badblocks align with pre+1 Li Nan <linan122(a)huawei.com> badblocks: fix the using of MAX_BADBLOCKS Li Nan <linan122(a)huawei.com> badblocks: return error if any badblock set fails Li Nan <linan122(a)huawei.com> badblocks: return error directly when setting badblocks exceeds 512 Li Nan <linan122(a)huawei.com> badblocks: attempt to merge adjacent badblocks during ack_all_badblocks Li Nan <linan122(a)huawei.com> badblocks: factor out a helper try_adjacent_combine Li Nan <linan122(a)huawei.com> badblocks: Fix error shitf ops Anuj Gupta <anuj20.g(a)samsung.com> block: Correctly initialize BLK_INTEGRITY_NOGENERATE and BLK_INTEGRITY_NOVERIFY Anuj Gupta <anuj20.g(a)samsung.com> block: ensure correct integrity capability propagation in stacked devices Xiao Ni <xni(a)redhat.com> md/raid10: wait barrier before returning discard request with REQ_NOWAIT AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mt8365-mmsys: Fix routing table masks and values AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mt8167-mmsys: Fix missing regval in all entries AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-mmsys: Fix MT8188 VDO1 DPI1 output selection Yu Kuai <yukuai3(a)huawei.com> blk-throttle: fix lower bps rate by throtl_trim_slice() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: correct ISR RDU bit for 8922AE Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() Michael Walle <mwalle(a)kernel.org> arm64: dts: ti: k3-j722s: fix pinctrl settings Michael Walle <mwalle(a)kernel.org> arm64: dts: ti: k3-am62p: fix pinctrl settings Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: ti: k3-am62p: Enable AUDIO_REFCLKx Tomas Glozar <tglozar(a)redhat.com> tools/rv: Keep user LDFLAGS in build Gabriele Monaco <gmonaco(a)redhat.com> tracing: Fix DECLARE_TRACE_CONDITION Su Yue <glass.su(a)suse.com> md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb Yu Kuai <yukuai3(a)huawei.com> md/raid1,raid10: don't ignore IO flags Yu Kuai <yukuai3(a)huawei.com> md: fix mddev uaf while iterating all_mddevs list Chao Yu <chao(a)kernel.org> f2fs: fix to call f2fs_recover_quota_end() correctly Chao Yu <chao(a)kernel.org> f2fs: fix potential deadloop in prepare_compress_overwrite() Stefan Eichenberger <stefan.eichenberger(a)toradex.com> arm64: dts: ti: k3-am62-verdin-dahlia: add Microphone Jack to sound card Leo Stone <leocstone(a)gmail.com> f2fs: add check for deleted inode Chao Yu <chao(a)kernel.org> f2fs: fix to set .discard_granularity correctly Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> arm64: dts: mediatek: mt8390-genio-common: Fix duplicated regulator name Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> arm64: dts: mediatek: mt8390-genio-700-evk: Move common parts to dtsi Ahmad Fatoum <a.fatoum(a)pengutronix.de> arm64: dts: imx8mp-skov: operate CPU at 850 mV by default Ahmad Fatoum <a.fatoum(a)pengutronix.de> arm64: dts: imx8mp-skov: correct PMIC board limits Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: use link specific bss_conf as well in ath12k_mac_vif_cache_flush() Hrushikesh Salunke <h-salunke(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip the first/partition ID when parsing vCPU list Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a77990: Re-add voltages to OPP table Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a774c0: Re-add voltages to OPP table Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Explicitly cast return value from NOTIFICATION_INFO_GET Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison Asahi Lina <lina(a)asahilina.net> iommu/io-pgtable-dart: Only set subpage protection disable for DART 1 Leon Romanovsky <leon(a)kernel.org> xfrm: delay initialization of offload path till its actually requested Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw89: rtw8852b{t}: fix TSSI debug timestamps Nicolas Escande <nico.escande(a)gmail.com> wifi: ath12k: Add missing htt_metadata flag in ath12k_dp_tx() Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: add check read-only before truncation in jfs_truncate_nolock() Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: add check read-only before txBeginAnon() call Dmitry Antipov <dmantipov(a)yandex.ru> jfs: reject on-disk inodes of an unsupported type Robin van der Gracht <robin(a)protonic.nl> can: rockchip_canfd: rkcanfd_chip_fifo_setup(): remove duplicated setup of RX FIFO Bart Van Assche <bvanassche(a)acm.org> scsi: mpt3sas: Fix a locking bug in an error path Bart Van Assche <bvanassche(a)acm.org> scsi: mpi3mr: Fix locking in an error path Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt6359: fix dtbs_check error for audio-codec Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Unregister the FF-A devices when cleaning up the partitions Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Refactor addition of partition information into XArray Jens Axboe <axboe(a)kernel.dk> io_uring/net: improve recv bundles Pavel Begunkov <asml.silence(a)gmail.com> io_uring: check for iowq alloc_workqueue failure Max Kellermann <max.kellermann(a)ionos.com> io_uring/io-wq: do not use bogus hash value Max Kellermann <max.kellermann(a)ionos.com> io_uring/io-wq: cache work->flags in variable Max Kellermann <max.kellermann(a)ionos.com> io_uring/io-wq: eliminate redundant io_work_get_acct() calls Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> coredump: Fixes core_pipe_limit sysctl proc_handler Zheng Qixing <zhengqixing(a)huawei.com> md/raid1: fix memory leak in raid1_run() if no active rdev Li Nan <linan122(a)huawei.com> md: ensure resync is prioritized over recovery Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO Chao Yu <chao(a)kernel.org> f2fs: fix to avoid panic once fallocation fails for pinfile Bart Van Assche <bvanassche(a)acm.org> wifi: ath12k: Fix locking in "QMI firmware ready" error paths Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath11k: fix RCU stall while reaping monitor destination ring Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> dlm: prevent NPD when writing a positive value to event_done Chao Yu <chao(a)kernel.org> f2fs: quota: fix to avoid warning in dquot_writeback_dquots() Tom Rini <trini(a)konsulko.com> ARM: dts: omap4-panda-a4: Add missing model and compatible properties Wen Gong <quic_wgong(a)quicinc.com> wifi: ath11k: update channel list in reg notifier instead reg worker Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix some node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop pmic's #address-cells and #size-cells Yu Zhang(Yuriy) <quic_yuzha(a)quicinc.com> wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: do not submit zero bytes to the entropy pool Rameshkumar Sundaram <quic_ramess(a)quicinc.com> wifi: ath12k: Fix pdev lookup in WBM error processing Sathishkumar Muruganandam <quic_murugana(a)quicinc.com> wifi: ath12k: encode max Tx power in scan channel list command Nicolas Escande <nico.escande(a)gmail.com> wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path Liang Jie <liangjie(a)lixiang.com> wifi: rtw89: Correct immediate cfg_len calculation for scan_offload_be Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Don't take register_mutex with copy_from/to_user() Olivia Mackintosh <livvy(a)base.nu> ALSA: usb-audio: separate DJM-A9 cap lvl options Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Ritu Chaudhary <rituc(a)nvidia.com> ASoC: tegra: Use non-atomic timeout for ADX status register Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Maud Spierings <maudspierings(a)gocontroll.com> dt-bindings: vendor-prefixes: add GOcontroll Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() Jiri Kosina <jikos(a)kernel.org> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> ASoC: cs35l41: check the return value from spi_setup() Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-ddv: Fix temperature calculation Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> auxdisplay: panel: Fix an API misuse in panel.c Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: HEVC: Initialize start_bit field Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: MAX6959 should select BITREVERSE Frieder Schrempf <frieder.schrempf(a)kontron.de> regulator: pca9450: Fix enable register for LDO5 Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Teardown riscv specific bits after kvm_exit Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/entry: Add __init to ia32_emulation_override_cmdline() Chao Gao <chao.gao(a)intel.com> x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Josh Poimboeuf <jpoimboe(a)kernel.org> x86/traps: Make exc_double_fault() consistently noreturn Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Rebuild root domain accounting after every update Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Generalize unique visiting of root domains Juri Lelli <juri.lelli(a)redhat.com> sched/topology: Wrappers for sched_domains_mutex Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Ignore special tasks when rebuilding domains Kan Liang <kan.liang(a)linux.intel.com> perf/x86/lbr: Fix shorter LBRs call stacks for the system-wide mode Kan Liang <kan.liang(a)linux.intel.com> perf: Supply task information to sched_task() Kan Liang <kan.liang(a)linux.intel.com> perf: Save PMU specific data in task_struct Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Jacky Bai <ping.bai(a)nxp.com> cpufreq: Init cpufreq only for present CPUs Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Jacky Bai <ping.bai(a)nxp.com> cpuidle: Init cpuidle only for present CPUs James Morse <james.morse(a)arm.com> x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: realm: Use aliased addresses for device DMA to shared buffers Suzuki K Poulose <suzuki.poulose(a)arm.com> dma: Introduce generic dma_addr_*crypted helpers Suzuki K Poulose <suzuki.poulose(a)arm.com> dma: Fix encryption bit clearing for dma_to_phys Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Maksim Davydov <davydov-max(a)yandex-team.ru> x86/split_lock: Fix the delayed detection logic Li Huafei <lihuafei1(a)huawei.com> watchdog/hardlockup/perf: Fix perf_event memory leak Kees Cook <kees(a)kernel.org> kunit/stackinit: Use fill byte different from Clang i386 pattern Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Disable the kernel perf counter during configure Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra194: Allow building for Tegra234 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Peter Zijlstra <peterz(a)infradead.org> lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Michael Jeanson <mjeanson(a)efficios.com> rseq: Update kernel fields in lockstep with CONFIG_DEBUG_RSEQ=y Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Convert all perf values to u8 Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Pass min/max_limit_perf as min/max_perf to amd_pstate_update Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Modify the min_perf calculation in adjust_perf callback Stanislav Spassov <stanspas(a)amazon.de> x86/fpu: Fix guest FPU state buffer allocation size Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> x86/vdso: Fix latent bug in vclock_pages calculation Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix the flood of invalid error reports Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks zihan zhou <15645113830zzh(a)gmail.com> sched: Cancel the slice protection of the idle entity Konstantin Andreev <andreev(a)swemel.ru> smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label Konstantin Andreev <andreev(a)swemel.ru> smack: dont compile ipv6 code unless ipv6 is configured Oleg Nesterov <oleg(a)redhat.com> seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: sun3: Fix DEBUG_MMU_EMU build Thorsten Blum <thorsten.blum(a)linux.dev> m68k: sun3: Use str_read_write() helper in mmu_emu_handle_fault() Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch Christian Brauner <brauner(a)kernel.org> fs: support O_PATH fds with FSCONFIG_SET_FD ------------- Diffstat: .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/netlink/specs/netdev.yaml | 4 + Documentation/netlink/specs/rt_route.yaml | 180 ++-- Documentation/networking/xsk-tx-metadata.rst | 62 ++ Makefile | 4 +- arch/arm/Kconfig | 2 +- .../boot/dts/nxp/imx/imx6ul-tqma6ul1-mba6ulx.dts | 3 +- arch/arm/boot/dts/nxp/imx/imx6ul-tqma6ul1.dtsi | 2 - arch/arm/boot/dts/ti/omap/omap4-panda-a4.dts | 5 + arch/arm/include/asm/vmlinux.lds.h | 12 +- .../arm64/boot/dts/freescale/imx8mp-skov-reva.dtsi | 39 +- arch/arm64/boot/dts/freescale/imx8mp.dtsi | 7 +- arch/arm64/boot/dts/mediatek/mt6359.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- .../boot/dts/mediatek/mt8390-genio-700-evk.dts | 1033 +------------------ .../boot/dts/mediatek/mt8390-genio-common.dtsi | 1046 ++++++++++++++++++++ arch/arm64/boot/dts/renesas/r8a774c0.dtsi | 4 + arch/arm64/boot/dts/renesas/r8a77990.dtsi | 4 + arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3318-a95x-z2.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3399-nanopi4.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 14 - arch/arm64/boot/dts/rockchip/rk356x-base.dtsi | 25 +- .../boot/dts/rockchip/rk3576-armsom-sige5.dts | 3 +- .../dts/rockchip/rk3588-orangepi-5-compact.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 2 +- arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi | 6 +- .../boot/dts/ti/k3-am62p-j722s-common-mcu.dtsi | 8 - arch/arm64/boot/dts/ti/k3-am62p-main.dtsi | 26 +- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +- arch/arm64/boot/dts/ti/k3-j722s-main.dtsi | 15 - arch/arm64/include/asm/mem_encrypt.h | 11 + arch/arm64/kernel/compat_alignment.c | 2 + arch/loongarch/Kconfig | 4 +- arch/loongarch/include/asm/cache.h | 2 + arch/loongarch/include/asm/irq.h | 2 +- arch/loongarch/include/asm/stacktrace.h | 3 + arch/loongarch/include/asm/unwind_hints.h | 10 +- arch/loongarch/kernel/env.c | 2 + arch/loongarch/kernel/kgdb.c | 5 +- arch/loongarch/net/bpf_jit.c | 12 +- arch/loongarch/net/bpf_jit.h | 5 + arch/m68k/include/asm/processor.h | 14 + arch/m68k/sun3/mmu_emu.c | 7 +- arch/parisc/include/uapi/asm/socket.h | 12 +- arch/powerpc/configs/mpc885_ads_defconfig | 2 +- arch/powerpc/crypto/Makefile | 1 + arch/powerpc/kexec/relocate_32.S | 7 +- arch/powerpc/perf/core-book3s.c | 8 +- arch/powerpc/perf/vpa-pmu.c | 1 + arch/powerpc/platforms/cell/spufs/gang.c | 1 + arch/powerpc/platforms/cell/spufs/inode.c | 63 +- arch/powerpc/platforms/cell/spufs/spufs.h | 2 + arch/riscv/Kconfig | 2 +- arch/riscv/errata/Makefile | 6 +- arch/riscv/include/asm/cpufeature.h | 4 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/riscv/kernel/elf_kexec.c | 3 + arch/riscv/kernel/mcount.S | 24 +- arch/riscv/kernel/traps_misaligned.c | 14 +- arch/riscv/kernel/unaligned_access_speed.c | 91 +- arch/riscv/kernel/vec-copy-unaligned.S | 2 +- arch/riscv/kvm/main.c | 4 +- arch/riscv/kvm/vcpu_pmu.c | 1 + arch/riscv/mm/hugetlbpage.c | 74 +- arch/riscv/purgatory/entry.S | 1 + arch/s390/include/asm/io.h | 2 - arch/s390/include/asm/pgtable.h | 3 - arch/s390/kernel/entry.S | 2 +- arch/s390/kernel/perf_pai_crypto.c | 3 +- arch/s390/kernel/perf_pai_ext.c | 3 +- arch/s390/mm/pgtable.c | 10 - arch/um/include/shared/os.h | 1 - arch/um/kernel/Makefile | 2 +- arch/um/kernel/maccess.c | 19 - arch/um/os-Linux/process.c | 51 - arch/x86/Kconfig | 3 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/Makefile.um | 7 +- arch/x86/coco/tdx/tdx.c | 26 +- arch/x86/entry/calling.h | 2 + arch/x86/entry/common.c | 2 +- arch/x86/entry/vdso/vdso-layout.lds.S | 2 +- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/events/amd/brs.c | 3 +- arch/x86/events/amd/lbr.c | 3 +- arch/x86/events/core.c | 5 +- arch/x86/events/intel/core.c | 51 +- arch/x86/events/intel/ds.c | 13 +- arch/x86/events/intel/lbr.c | 50 +- arch/x86/events/perf_event.h | 18 +- arch/x86/hyperv/ivm.c | 2 +- arch/x86/include/asm/irqflags.h | 40 +- arch/x86/include/asm/paravirt.h | 20 +- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/include/asm/tdx.h | 4 +- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/include/asm/vdso/vsyscall.h | 1 + arch/x86/kernel/cpu/bus_lock.c | 20 +- arch/x86/kernel/cpu/mce/severity.c | 11 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/fpu/core.c | 6 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/process.c | 9 +- arch/x86/kernel/traps.c | 18 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/kernel/uprobes.c | 14 +- arch/x86/kvm/svm/sev.c | 13 +- arch/x86/kvm/x86.c | 15 +- arch/x86/lib/copy_user_64.S | 18 + arch/x86/mm/mem_encrypt_identity.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- arch/x86/mm/pat/memtype.c | 52 +- block/badblocks.c | 286 ++---- block/bio.c | 11 +- block/blk-settings.c | 51 +- block/blk-throttle.c | 13 +- crypto/algapi.c | 3 +- crypto/api.c | 17 +- crypto/bpf_crypto_skcipher.c | 1 + drivers/accel/amdxdna/aie2_smu.c | 2 + drivers/acpi/acpi_video.c | 9 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/platform_profile.c | 26 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 7 + drivers/acpi/x86/utils.c | 3 +- drivers/ata/libata-core.c | 2 +- drivers/auxdisplay/Kconfig | 1 + drivers/auxdisplay/panel.c | 4 +- drivers/base/power/main.c | 21 +- drivers/base/power/runtime.c | 2 +- drivers/block/null_blk/main.c | 165 +-- drivers/block/null_blk/null_blk.h | 6 + drivers/block/null_blk/zoned.c | 20 +- drivers/block/ublk_drv.c | 41 +- drivers/bluetooth/btnxpuart.c | 6 +- drivers/bluetooth/btusb.c | 2 + drivers/bus/qcom-ssc-block-bus.c | 34 +- drivers/clk/clk-stm32f4.c | 4 +- drivers/clk/imx/clk-imx8mp-audiomix.c | 6 +- drivers/clk/meson/g12a.c | 38 +- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/mmp/clk-pxa1908-apmu.c | 4 +- drivers/clk/qcom/gcc-ipq5424.c | 24 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/gcc-sm8650.c | 4 +- drivers/clk/qcom/gcc-x1e80100.c | 30 - drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/renesas/r9a08g045-cpg.c | 5 +- drivers/clk/renesas/rzg2l-cpg.c | 13 +- drivers/clk/renesas/rzg2l-cpg.h | 10 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/cpufreq/Kconfig.arm | 2 +- drivers/cpufreq/amd-pstate-trace.h | 46 +- drivers/cpufreq/amd-pstate.c | 80 +- drivers/cpufreq/amd-pstate.h | 18 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/cpufreq/cpufreq_governor.c | 45 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/cpufreq/mediatek-cpufreq.c | 2 +- drivers/cpufreq/mvebu-cpufreq.c | 2 +- drivers/cpufreq/qcom-cpufreq-hw.c | 2 +- drivers/cpufreq/qcom-cpufreq-nvmem.c | 8 +- drivers/cpufreq/scmi-cpufreq.c | 2 +- drivers/cpufreq/scpi-cpufreq.c | 7 +- drivers/cpufreq/sun50i-cpufreq-nvmem.c | 6 +- drivers/cpufreq/virtual-cpufreq.c | 2 +- drivers/cpuidle/cpuidle-arm.c | 8 +- drivers/cpuidle/cpuidle-big_little.c | 2 +- drivers/cpuidle/cpuidle-psci.c | 4 +- drivers/cpuidle/cpuidle-qcom-spm.c | 2 +- drivers/cpuidle/cpuidle-riscv-sbi.c | 4 +- drivers/crypto/hisilicon/sec2/sec.h | 1 - drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 +-- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1 + drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 +- drivers/crypto/nx/nx-common-pseries.c | 37 +- drivers/crypto/tegra/tegra-se-aes.c | 401 +++++--- drivers/crypto/tegra/tegra-se-hash.c | 287 ++++-- drivers/crypto/tegra/tegra-se-key.c | 29 +- drivers/crypto/tegra/tegra-se-main.c | 16 +- drivers/crypto/tegra/tegra-se.h | 39 +- drivers/dma/amd/ae4dma/ae4dma-pci.c | 4 +- drivers/dma/amd/ae4dma/ae4dma.h | 2 + drivers/dma/amd/ptdma/ptdma-dmaengine.c | 90 +- drivers/dma/fsl-edma-main.c | 14 +- drivers/edac/i10nm_base.c | 2 + drivers/edac/ie31200_edac.c | 19 +- drivers/edac/igen6_edac.c | 21 +- drivers/edac/skx_common.c | 33 + drivers/edac/skx_common.h | 11 + drivers/firmware/arm_ffa/bus.c | 3 +- drivers/firmware/arm_ffa/driver.c | 60 +- drivers/firmware/arm_scmi/driver.c | 10 - drivers/firmware/cirrus/cs_dsp.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 461 +-------- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 12 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 - .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 + .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 + .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- .../dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12 +- drivers/gpu/drm/bridge/ite-it6505.c | 7 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/drm_file.c | 26 +- drivers/gpu/drm/mediatek/mtk_crtc.c | 7 +- drivers/gpu/drm/mediatek/mtk_dp.c | 6 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 - drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 132 ++- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.h | 4 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 24 + drivers/gpu/drm/msm/dsi/dsi_host.c | 8 +- drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2 +- drivers/gpu/drm/msm/msm_atomic.c | 13 +- drivers/gpu/drm/msm/msm_dsc_helper.h | 11 - drivers/gpu/drm/msm/msm_gem_submit.c | 2 +- drivers/gpu/drm/msm/msm_kms.h | 7 + drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2 +- drivers/gpu/drm/panthor/panthor_device.c | 22 +- drivers/gpu/drm/panthor/panthor_drv.c | 14 + drivers/gpu/drm/panthor/panthor_fw.c | 9 +- drivers/gpu/drm/panthor/panthor_fw.h | 6 +- drivers/gpu/drm/panthor/panthor_heap.c | 54 +- drivers/gpu/drm/panthor/panthor_heap.h | 2 + drivers/gpu/drm/panthor/panthor_mmu.c | 27 + drivers/gpu/drm/panthor/panthor_mmu.h | 3 + drivers/gpu/drm/panthor/panthor_sched.c | 84 +- drivers/gpu/drm/panthor/panthor_sched.h | 3 + drivers/gpu/drm/solomon/ssd130x-spi.c | 7 +- drivers/gpu/drm/solomon/ssd130x.c | 6 +- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xe/Kconfig | 2 +- drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- drivers/gpu/drm/xlnx/zynqmp_dp_audio.c | 4 + drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/greybus/gb-beagleplay.c | 4 +- drivers/hid/Makefile | 1 - drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 20 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 +- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/accel/msa311.c | 28 +- drivers/iio/adc/ad4130.c | 41 +- drivers/iio/adc/ad7124.c | 60 +- drivers/iio/adc/ad7173.c | 30 +- drivers/iio/adc/ad7192.c | 5 + drivers/iio/adc/ad7768-1.c | 15 + drivers/iio/adc/ad_sigma_delta.c | 1 + drivers/iio/dac/adi-axi-dac.c | 8 + drivers/iio/industrialio-backend.c | 4 +- drivers/iio/industrialio-gts-helper.c | 11 +- drivers/iio/light/Kconfig | 1 + drivers/iio/light/veml6030.c | 587 +++++------ drivers/iio/light/veml6075.c | 8 +- drivers/infiniband/core/device.c | 18 +- drivers/infiniband/core/mad.c | 38 +- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/erdma/erdma_cm.c | 1 - drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/infiniband/hw/mlx5/mr.c | 41 +- drivers/infiniband/hw/mlx5/odp.c | 10 +- drivers/iommu/amd/amd_iommu.h | 7 +- drivers/iommu/intel/iommu.c | 17 +- drivers/iommu/io-pgtable-dart.c | 2 +- drivers/iommu/iommu.c | 5 + drivers/leds/led-core.c | 22 +- drivers/leds/leds-st1202.c | 4 +- drivers/md/md-bitmap.c | 6 +- drivers/md/md.c | 71 +- drivers/md/md.h | 6 +- drivers/md/raid1-10.c | 2 +- drivers/md/raid1.c | 17 +- drivers/md/raid10.c | 19 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + drivers/media/platform/ti/omap3isp/isp.c | 7 + .../platform/verisilicon/hantro_g2_hevc_dec.c | 1 + drivers/media/rc/streamzap.c | 2 +- drivers/media/test-drivers/vimc/vimc-streamer.c | 6 + drivers/memory/mtk-smi.c | 33 + drivers/mfd/sm501.c | 6 +- drivers/misc/pci_endpoint_test.c | 22 +- drivers/mmc/host/omap.c | 19 +- drivers/mmc/host/sdhci-omap.c | 4 +- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/bonding/bond_main.c | 8 +- drivers/net/bonding/bond_options.c | 3 + drivers/net/can/rockchip/rockchip_canfd-core.c | 5 - drivers/net/dsa/microchip/ksz8.c | 11 +- drivers/net/dsa/microchip/ksz_dcb.c | 231 +---- drivers/net/dsa/mv88e6xxx/chip.c | 32 +- drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/dsa/sja1105/sja1105_ethtool.c | 9 +- drivers/net/dsa/sja1105/sja1105_ptp.c | 20 +- drivers/net/dsa/sja1105/sja1105_static_config.c | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 3 +- drivers/net/ethernet/ibm/ibmveth.c | 39 +- drivers/net/ethernet/ibm/ibmvnic.c | 30 +- drivers/net/ethernet/intel/e1000e/defines.h | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 + drivers/net/ethernet/intel/ice/devlink/health.c | 6 +- drivers/net/ethernet/intel/ice/ice_common.c | 3 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 6 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 39 +- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 24 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 31 +- drivers/net/ethernet/intel/idpf/idpf_main.c | 6 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 6 + drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 143 ++- drivers/net/ethernet/intel/ixgbe/ixgbe_e610.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++-- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- drivers/net/ethernet/mediatek/airoha_eth.c | 20 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +- .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 15 +- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 27 +- drivers/net/ethernet/microchip/lan743x_ptp.c | 6 + drivers/net/ethernet/renesas/ravb_ptp.c | 3 +- drivers/net/ethernet/sfc/ef100_netdev.c | 7 +- drivers/net/ethernet/sfc/ef100_nic.c | 47 +- drivers/net/ethernet/sfc/efx.c | 24 - drivers/net/ethernet/sfc/mcdi_port.c | 59 +- drivers/net/ethernet/sfc/mcdi_port_common.c | 11 - drivers/net/ethernet/sfc/net_driver.h | 6 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 65 +- drivers/net/ipvlan/ipvlan_l3s.c | 1 - drivers/net/phy/bcm-phy-ptp.c | 3 +- drivers/net/phy/broadcom.c | 6 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/usb/usbnet.c | 6 +- drivers/net/virtio_net.c | 30 +- drivers/net/vmxnet3/vmxnet3_drv.c | 10 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 14 +- drivers/net/wireless/ath/ath11k/mac.c | 5 - drivers/net/wireless/ath/ath11k/pci.c | 2 + drivers/net/wireless/ath/ath11k/reg.c | 22 +- drivers/net/wireless/ath/ath12k/core.c | 4 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath12k/dp_tx.c | 2 + drivers/net/wireless/ath/ath12k/mac.c | 9 +- drivers/net/wireless/ath/ath12k/pci.c | 2 + drivers/net/wireless/ath/ath12k/wmi.c | 2 + drivers/net/wireless/ath/ath9k/common-spectral.c | 4 +- drivers/net/wireless/marvell/mwifiex/fw.h | 14 + drivers/net/wireless/marvell/mwifiex/main.c | 4 - drivers/net/wireless/marvell/mwifiex/sta_cmd.c | 18 +- .../net/wireless/mediatek/mt76/mt7915/debugfs.c | 45 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 - drivers/net/wireless/realtek/rtw89/core.h | 2 +- drivers/net/wireless/realtek/rtw89/fw.c | 12 +- drivers/net/wireless/realtek/rtw89/pci.h | 56 +- drivers/net/wireless/realtek/rtw89/pci_be.c | 2 +- drivers/net/wireless/realtek/rtw89/rtw8852b_rfk.c | 13 +- drivers/net/wireless/realtek/rtw89/rtw8852bt_rfk.c | 13 +- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvdimm/badrange.c | 2 +- drivers/nvdimm/nd.h | 2 +- drivers/nvdimm/pfn_devs.c | 7 +- drivers/nvdimm/pmem.c | 2 +- drivers/nvme/host/ioctl.c | 2 +- drivers/nvme/host/pci.c | 3 + drivers/nvme/target/debugfs.c | 2 +- drivers/nvme/target/pci-epf.c | 11 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/dwc/pcie-histb.c | 12 +- drivers/pci/controller/pcie-brcmstb.c | 16 +- drivers/pci/controller/pcie-mediatek-gen3.c | 28 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/endpoint/functions/pci-epf-test.c | 126 ++- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/iov.c | 48 +- drivers/pci/pci-sysfs.c | 4 +- drivers/pci/pci.c | 22 +- drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/bwctrl.c | 6 +- drivers/pci/pcie/portdrv.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pci/setup-bus.c | 39 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 +- drivers/pinctrl/bcm/pinctrl-bcm2835.c | 14 +- drivers/pinctrl/intel/pinctrl-intel.c | 1 - drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3 + drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + drivers/platform/x86/dell/dell-uart-backlight.c | 2 +- drivers/platform/x86/dell/dell-wmi-ddv.c | 6 +- .../x86/intel/speed_select_if/isst_if_common.c | 2 +- .../x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 11 + drivers/power/supply/bq27xxx_battery.c | 1 - drivers/power/supply/max77693_charger.c | 2 +- drivers/ptp/ptp_ocp.c | 4 + drivers/regulator/pca9450-regulator.c | 6 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 +- drivers/remoteproc/qcom_q6v5_pas.c | 13 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/rtc/rtc-renesas-rtca3.c | 15 +- drivers/scsi/hisi_sas/hisi_sas.h | 3 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 28 +- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 4 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 4 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 1 + drivers/scsi/mpt3sas/mpt3sas_base.c | 12 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/soc/mediatek/mt8167-mmsys.h | 13 +- drivers/soc/mediatek/mt8188-mmsys.h | 2 +- drivers/soc/mediatek/mt8365-mmsys.h | 48 +- drivers/soundwire/generic_bandwidth_allocation.c | 5 +- drivers/soundwire/slave.c | 1 + drivers/spi/spi-amd.c | 2 +- drivers/spi/spi-bcm2835.c | 18 +- drivers/spi/spi-cadence-xspi.c | 2 +- .../staging/gpib/agilent_82350b/agilent_82350b.c | 2 + .../staging/gpib/agilent_82357a/agilent_82357a.c | 424 ++++---- drivers/staging/gpib/cb7210/cb7210.c | 2 +- drivers/staging/gpib/hp_82341/hp_82341.c | 2 +- drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 518 +++++----- drivers/staging/rtl8723bs/Kconfig | 1 + .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 28 +- drivers/target/loopback/tcm_loop.c | 5 +- .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/n_tty.c | 13 +- drivers/tty/serial/fsl_lpuart.c | 312 +++--- drivers/usb/host/xhci-mem.c | 6 +- drivers/usb/typec/altmodes/thunderbolt.c | 10 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +- drivers/vhost/scsi.c | 25 +- drivers/video/console/Kconfig | 6 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/sm501fb.c | 7 + drivers/w1/masters/w1-uart.c | 4 +- fs/9p/vfs_inode_dotl.c | 2 +- fs/autofs/autofs_i.h | 2 + fs/bcachefs/fs-ioctl.c | 6 +- fs/btrfs/block-group.c | 40 +- fs/btrfs/disk-io.c | 3 + fs/coredump.c | 4 +- fs/dlm/lockspace.c | 2 +- fs/erofs/internal.h | 2 - fs/erofs/super.c | 8 - fs/exec.c | 15 +- fs/exfat/fatent.c | 2 +- fs/exfat/file.c | 29 +- fs/exfat/inode.c | 41 +- fs/ext4/dir.c | 3 + fs/ext4/ext4.h | 17 +- fs/ext4/ext4_jbd2.h | 29 + fs/ext4/inode.c | 19 +- fs/ext4/mballoc-test.c | 2 + fs/ext4/namei.c | 16 +- fs/ext4/super.c | 81 +- fs/ext4/xattr.c | 32 +- fs/ext4/xattr.h | 10 + fs/f2fs/checkpoint.c | 15 +- fs/f2fs/compress.c | 1 + fs/f2fs/data.c | 10 +- fs/f2fs/f2fs.h | 3 +- fs/f2fs/file.c | 20 +- fs/f2fs/inode.c | 7 + fs/f2fs/namei.c | 8 + fs/f2fs/segment.c | 29 +- fs/f2fs/segment.h | 9 +- fs/f2fs/super.c | 67 +- fs/fsopen.c | 2 +- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 2 +- fs/fuse/file.c | 4 +- fs/gfs2/super.c | 21 +- fs/hostfs/hostfs.h | 2 +- fs/hostfs/hostfs_kern.c | 7 +- fs/hostfs/hostfs_user.c | 59 +- fs/isofs/dir.c | 3 +- fs/jbd2/journal.c | 27 +- fs/jfs/inode.c | 2 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/jfs_extent.c | 10 + fs/jfs/jfs_imap.c | 13 +- fs/jfs/xattr.c | 13 +- fs/nfs/delegation.c | 63 +- fs/nfs/nfs4xdr.c | 18 +- fs/nfs/sysfs.c | 22 +- fs/nfs/write.c | 4 +- fs/nfsd/Kconfig | 12 +- fs/nfsd/nfs4callback.c | 14 +- fs/nfsd/nfs4state.c | 53 +- fs/nfsd/nfsctl.c | 53 +- fs/nfsd/stats.c | 4 +- fs/nfsd/stats.h | 2 +- fs/nfsd/vfs.c | 28 +- fs/ntfs3/attrib.c | 3 +- fs/ntfs3/file.c | 22 +- fs/ntfs3/frecord.c | 6 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/ntfs.h | 2 +- fs/ntfs3/super.c | 89 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/smb/client/connect.c | 16 +- fs/smb/server/auth.c | 6 +- fs/smb/server/connection.h | 11 + fs/smb/server/mgmt/user_session.c | 37 +- fs/smb/server/mgmt/user_session.h | 2 + fs/smb/server/oplock.c | 12 +- fs/smb/server/smb2pdu.c | 54 +- fs/smb/server/smbacl.c | 21 +- include/asm-generic/rwonce.h | 10 +- include/drm/display/drm_dp_mst_helper.h | 7 + include/drm/drm_file.h | 5 + include/linux/arm_ffa.h | 3 + include/linux/avf/virtchnl.h | 4 +- include/linux/badblocks.h | 10 +- include/linux/context_tracking_irq.h | 8 +- include/linux/coresight.h | 4 + include/linux/cpuset.h | 11 + include/linux/dma-direct.h | 13 +- include/linux/fwnode.h | 2 +- include/linux/if_bridge.h | 6 +- include/linux/iio/iio-gts-helper.h | 1 + include/linux/iio/iio.h | 26 + include/linux/interrupt.h | 8 +- include/linux/mem_encrypt.h | 23 + include/linux/nfs_fs_sb.h | 4 + include/linux/nmi.h | 4 - include/linux/perf_event.h | 37 +- include/linux/pgtable.h | 28 +- include/linux/pm_runtime.h | 2 + include/linux/rcupdate.h | 2 +- include/linux/reboot.h | 18 +- include/linux/sched.h | 7 + include/linux/sched/deadline.h | 4 + include/linux/sched/smt.h | 2 +- include/linux/seccomp.h | 8 +- include/linux/thermal.h | 2 - include/linux/uprobes.h | 2 + include/linux/writeback.h | 24 + include/net/ax25.h | 1 - include/net/bluetooth/hci.h | 34 + include/net/bluetooth/hci_core.h | 5 + include/net/bonding.h | 1 + include/net/xdp_sock.h | 10 + include/net/xdp_sock_drv.h | 1 + include/net/xfrm.h | 11 +- include/rdma/ib_verbs.h | 1 + include/trace/define_trace.h | 7 + include/trace/events/writeback.h | 21 +- include/uapi/linux/if_xdp.h | 10 + include/uapi/linux/netdev.h | 3 + init/Kconfig | 5 + io_uring/io-wq.c | 40 +- io_uring/io-wq.h | 7 +- io_uring/io_uring.c | 3 +- io_uring/net.c | 23 +- kernel/bpf/core.c | 19 +- kernel/bpf/verifier.c | 7 + kernel/cgroup/cpuset.c | 27 +- kernel/cpu.c | 5 - kernel/events/core.c | 39 +- kernel/events/ring_buffer.c | 2 +- kernel/events/uprobes.c | 15 +- kernel/fork.c | 4 + kernel/kexec_elf.c | 2 +- kernel/reboot.c | 84 +- kernel/rseq.c | 82 +- kernel/sched/core.c | 8 +- kernel/sched/deadline.c | 37 +- kernel/sched/debug.c | 8 +- kernel/sched/fair.c | 50 +- kernel/sched/rt.c | 2 + kernel/sched/sched.h | 2 +- kernel/sched/topology.c | 15 +- kernel/seccomp.c | 14 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events.c | 7 + kernel/trace/trace_events_synth.c | 32 +- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + kernel/watchdog.c | 25 - kernel/watchdog_perf.c | 28 +- lib/842/842_compress.c | 2 + lib/stackinit_kunit.c | 30 +- lib/vsprintf.c | 2 +- mm/gup.c | 3 + mm/memory.c | 13 +- mm/page-writeback.c | 37 +- mm/zswap.c | 30 +- net/ax25/af_ax25.c | 30 +- net/ax25/ax25_route.c | 74 -- net/bluetooth/hci_core.c | 62 +- net/bluetooth/hci_event.c | 25 +- net/bluetooth/hci_sync.c | 30 +- net/bridge/br_ioctl.c | 36 +- net/bridge/br_private.h | 3 +- net/core/dev_ioctl.c | 19 - net/core/dst.c | 8 + net/core/netdev-genl.c | 2 + net/core/rtnetlink.c | 3 + net/core/rtnl_net_debug.c | 2 +- net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/udp.c | 42 +- net/ipv6/addrconf.c | 37 +- net/ipv6/calipso.c | 21 +- net/ipv6/route.c | 42 +- net/mac80211/cfg.c | 12 +- net/mac80211/mlme.c | 9 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nf_tables_core.c | 11 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_skbprio.c | 3 - net/sctp/sysctl.c | 4 + net/socket.c | 19 +- net/vmw_vsock/af_vsock.c | 6 +- net/wireless/core.c | 6 +- net/wireless/nl80211.c | 2 +- net/xdp/xsk.c | 8 +- net/xfrm/xfrm_device.c | 13 +- net/xfrm/xfrm_state.c | 32 +- net/xfrm/xfrm_user.c | 2 +- rust/Makefile | 4 +- rust/kernel/pci.rs | 141 ++- rust/kernel/platform.rs | 95 +- rust/kernel/print.rs | 7 +- samples/bpf/Makefile | 2 +- samples/rust/rust_driver_pci.rs | 8 +- samples/rust/rust_driver_platform.rs | 11 +- samples/trace_events/trace-events-sample.h | 8 +- scripts/gdb/linux/symbols.py | 13 +- scripts/package/debian/rules | 6 +- scripts/selinux/install_policy.sh | 15 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 34 +- sound/core/timer.c | 147 +-- sound/pci/hda/patch_realtek.c | 9 +- sound/soc/amd/acp/acp-legacy-common.c | 10 +- sound/soc/codecs/cs35l41-spi.c | 5 +- sound/soc/codecs/rt5665.c | 24 +- sound/soc/fsl/imx-card.c | 4 + sound/soc/generic/simple-card-utils.c | 7 +- sound/soc/tegra/tegra210_adx.c | 6 +- sound/soc/ti/j721e-evm.c | 2 + sound/usb/mixer_quirks.c | 7 +- tools/arch/x86/lib/insn.c | 2 +- tools/bpf/runqslower/Makefile | 3 +- tools/include/uapi/linux/if_xdp.h | 10 + tools/include/uapi/linux/netdev.h | 3 + tools/lib/bpf/btf.c | 4 +- tools/lib/bpf/linker.c | 2 +- tools/lib/bpf/str_error.c | 2 +- tools/lib/bpf/str_error.h | 7 +- tools/objtool/arch/loongarch/decode.c | 28 +- tools/objtool/arch/loongarch/include/arch/elf.h | 7 + tools/objtool/arch/powerpc/decode.c | 14 + tools/objtool/arch/x86/decode.c | 13 + tools/objtool/check.c | 84 +- tools/objtool/elf.c | 6 +- tools/objtool/include/objtool/arch.h | 3 + tools/objtool/include/objtool/elf.h | 27 +- tools/perf/Makefile.config | 10 +- tools/perf/Makefile.perf | 2 +- tools/perf/arch/powerpc/util/header.c | 4 +- tools/perf/arch/x86/util/topdown.c | 2 +- tools/perf/bench/syscall.c | 22 +- tools/perf/builtin-report.c | 39 +- .../arch/arm64/ampere/ampereonex/metrics.json | 10 +- tools/perf/pmu-events/empty-pmu-events.c | 8 +- tools/perf/pmu-events/jevents.py | 8 +- tools/perf/tests/hwmon_pmu.c | 16 +- tools/perf/tests/pmu.c | 85 +- .../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 + tools/perf/tests/shell/record_bpf_filter.sh | 4 +- tools/perf/tests/shell/stat_all_pmu.sh | 48 +- tools/perf/tests/shell/test_data_symbol.sh | 17 +- tools/perf/tests/tool_pmu.c | 4 +- tools/perf/tests/workloads/datasym.c | 34 +- tools/perf/util/arm-spe.c | 8 +- tools/perf/util/bpf-filter.l | 2 +- tools/perf/util/comm.c | 2 + tools/perf/util/debug.c | 2 +- tools/perf/util/dso.h | 4 +- tools/perf/util/evlist.c | 13 +- tools/perf/util/evsel.c | 16 +- tools/perf/util/expr.c | 2 + tools/perf/util/hist.c | 2 + tools/perf/util/hist.h | 3 + tools/perf/util/hwmon_pmu.c | 14 - tools/perf/util/hwmon_pmu.h | 16 + tools/perf/util/intel-tpebs.c | 2 +- tools/perf/util/machine.c | 4 +- tools/perf/util/parse-events.c | 2 +- tools/perf/util/pmu.c | 265 +++-- tools/perf/util/pmu.h | 12 +- tools/perf/util/pmus.c | 173 ++-- tools/perf/util/python.c | 17 +- tools/perf/util/session.c | 12 + tools/perf/util/session.h | 1 + tools/perf/util/sort.c | 23 + tools/perf/util/sort.h | 1 + tools/perf/util/stat-shadow.c | 3 +- tools/perf/util/stat.c | 13 +- tools/perf/util/tool_pmu.c | 32 +- tools/perf/util/tool_pmu.h | 2 +- tools/perf/util/units.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 + tools/power/x86/turbostat/turbostat.c | 30 +- tools/testing/selftests/bpf/Makefile | 1 + .../selftests/bpf/prog_tests/bloom_filter_map.c | 5 + tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1 + tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +- tools/testing/selftests/mm/cow.c | 2 +- tools/testing/selftests/pcie_bwctrl/Makefile | 2 +- tools/verification/rv/Makefile.rv | 2 +- 759 files changed, 9662 insertions(+), 7201 deletions(-)

7 months

4
3
0 0

[PATCH 6.13 000/500] 6.13.11-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.11 release. There are 500 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Apr 2025 15:40:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.11-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.11-rc2 Nathan Chancellor <nathan(a)kernel.org> ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc() Arnd Bergmann <arnd(a)arndb.de> ASoC: cs42l43: convert to SYSTEM_SLEEP_PM_OPS Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix management of listener transports Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Jeff Layton <jlayton(a)kernel.org> nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> media: vimc: skip .s_stream() for stopped entities Oleg Nesterov <oleg(a)redhat.com> exec: fix the racy usage of fs_struct->in_exec Yosry Ahmed <yosry.ahmed(a)linux.dev> mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Lukas Wunner <lukas(a)wunner.de> PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix kernel panic due to null pointer dereference Angelos Oikonomopoulos <angelos(a)igalia.com> arm64: Don't call NULL in do_compat_alignment_fixup() David Hildenbrand <david(a)redhat.com> mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential wrong error return from get_block Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix random stack corruption after get_block Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix null pointer dereference in alloc_preauth_hash() Norbert Szetei <norbert(a)doyensec.com> ksmbd: validate zero num_subauth before sub_auth is accessed Norbert Szetei <norbert(a)doyensec.com> ksmbd: fix overflow in dacloffset bounds check Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix session use-after-free in multichannel connection Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_sessions_deregister() Norbert Szetei <norbert(a)doyensec.com> ksmbd: add bounds check for create lease context Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add bounds check for durable handle context Sean Christopherson <seanjc(a)google.com> KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Miaoqian Lin <linmq006(a)gmail.com> mmc: omap: Fix memory leak in mmc_omap_new_slot Candice Li <candice.li(a)amd.com> Remove unnecessary firmware version check for gc v9_4_2 Robin Murphy <robin.murphy(a)arm.com> media: omap3isp: Handle ARM dma_iommu_mapping Christian Eggers <ceggers(a)arri.de> ARM: 9444/1: add KEEP() keyword to ARM_VECTORS Gergo Koteles <soyer(a)irl.hu> ACPI: video: Handle fetching EDID as ACPI_TYPE_PACKAGE Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: remove unused acpi function for clc Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Arnd Bergmann <arnd(a)arndb.de> x86/Kconfig: Add cmpxchg8b support back to Geode CPUs Jiri Olsa <jolsa(a)kernel.org> uprobes/x86: Harden uretprobe syscall trampoline check Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Apply static call for drain_pebs Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Eduard Christian Dumitrescu <eduard.c.dumitrescu(a)gmail.com> platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560 Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Vishal Annapurve <vannapurve(a)google.com> x86/tdx: Fix arch_safe_halt() execution for TDX VMs Shuai Xue <xueshuai(a)linux.alibaba.com> x86/mce: use is_copy_from_user() to determine copy-from-user context Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected Tianyu Lan <tiala(a)microsoft.com> x86/hyperv: Fix check of return value from snp_set_vmsa() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Don't override subprog's return value Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Fix off-by-one error in build_prologue() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase MAX_IO_PICS up to 8 Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase ARCH_DMA_MINALIGN up to 16 WANG Rui <wangrui(a)loongson.cn> rust: Fix enabling Rust and building with GCC for LoongArch Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: mac80211: Fix sparse warning for monitor_sdata Sherry Sun <sherry.sun(a)nxp.com> tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use port struct directly to simply code Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: Use u32 and u8 for register variables Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix Oops after disconnect in agilent usb Dave Penkler <dpenkler(a)gmail.com> staging: gpib: agilent usb console messaging cleanup Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Agilent usb code cleanup Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix NULL pointer dereference in detach Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Add missing mutex unlock in agilent usb driver Nihar Chaithanya <niharchaithanya(a)gmail.com> staging: gpib: agilent_82357a: Handle gpib_register_driver() errors Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix Oops after disconnect in ni_usb Dave Penkler <dpenkler(a)gmail.com> staging: gpib: ni_usb console messaging cleanup Nihar Chaithanya <niharchaithanya(a)gmail.com> staging: gpib: ni_usb: Handle gpib_register_driver() errors Nihar Chaithanya <niharchaithanya(a)gmail.com> staging: gpib: Modify gpib_register_driver() to return error if it fails Santosh Mahto <eisantosh95(a)gmail.com> staging: gpib: Replace semaphore with completion for one-time signaling Tengda Wu <wutengda(a)huaweicloud.com> tracing: Correct the refcount if the hist/hist_debug file fails to open Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/hist: Support POLLPRI event for poll on histogram Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/hist: Add poll(POLLIN) support on hist file Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace_events_hist.c code over to use guard() Zhang Rui <rui.zhang(a)intel.com> tools/power turbostat: Restore GFX sysfs fflush() call Len Brown <len.brown(a)intel.com> tools/power turbostat: report CoreThr per measurement interval Yeoreum Yun <yeoreum.yun(a)arm.com> perf/core: Fix child_total_time_enabled accounting bug at task exit Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: fix num_mec Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: fix num_mec Yue Haibing <yuehaibing(a)huawei.com> drm/xe: Fix unmet direct dependencies warning Alexandru Gagniuc <alexandru.gagniuc(a)hp.com> kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally Dave Marquardt <davemarq(a)linux.ibm.com> net: ibmveth: make veth_pool_store stop hanging Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Ido Schimmel <idosch(a)nvidia.com> ipv6: Do not consider link down nexthops in path selection Ido Schimmel <idosch(a)nvidia.com> ipv6: Start path selection from the first nexthop Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow David Oberhollenzer <david.oberhollenzer(a)sigma-star.at> net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Antoine Tenart <atenart(a)kernel.org> net: decrease cached dst counters in dst_release Wang Liang <wangliang74(a)huawei.com> xsk: Fix __xsk_generic_xmit() error code when cq is full Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix multiple wraparounds of sk->sk_rmem_alloc. Kuniyuki Iwashima <kuniyu(a)amazon.com> rtnetlink: Use register_pernet_subsys() in rtnl_net_debug_init(). Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Eric Dumazet <edumazet(a)google.com> sctp: add mutual exclusion in proc_sctp_do_udp_port() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't unregister hook when table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix adapter NULL pointer dereference on reboot Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change k1 configuration on MTP and later platforms Florian Fainelli <florian.fainelli(a)broadcom.com> spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Florian Fainelli <florian.fainelli(a)broadcom.com> spi: bcm2835: Do not call gpiod_put() on invalid descriptor Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Maurizio Lombardi <mlombard(a)redhat.com> nvme-pci: skip nvme_write_sq_db on empty rqlist Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer Björn Töpel <bjorn(a)rivosinc.com> riscv/purgatory: 4B align purgatory_start Yao Zi <ziyao(a)disroot.org> riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Josh Poimboeuf <jpoimboe(a)kernel.org> spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Sven Schnelle <svens(a)linux.ibm.com> s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation Ming Lei <ming.lei(a)redhat.com> ublk: make sure ubq->canceling is set when queue is frozen Herton R. Krzesinski <herton(a)redhat.com> x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: errata: Use medany for relocatable builds Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix check_unaligned_access_all_cpus Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix riscv_online_cpu_vec Andrew Jones <ajones(a)ventanamicro.com> riscv: Annotate unaligned access init functions Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix missing __free_pages() in check_vector_unaligned_access() Tingbo Liao <tingbo.liao(a)starfivetech.com> riscv: Fix the __riscv_copy_vec_words_unaligned implementation Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Christian Schoenebeck <linux_oss(a)crudebyte.com> fs/9p: fix NULL pointer dereference on mkdir Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix gang directory lifetimes Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> rtc: renesas-rtca3: Disable interrupts only if the RTC is enabled David Howells <dhowells(a)redhat.com> netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix incorrect fw_state address in dmub_srv Paulo Alcantara <pc(a)manguebit.com> smb: client: don't retry IO on failed negprotos with soft mounts Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Roger Quadros <rogerq(a)kernel.org> memory: omap-gpmc: drop no compatible check Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Florian Westphal <fw(a)strlen.de> selftests: netfilter: skip br_netfilter queue tests if kernel is tainted Lukas Hetzenecker <lukas(a)hetzenecker.me> platform/surface: aggregator_registry: Add Support for Surface Pro 11 Taehee Yoo <ap420073(a)gmail.com> net: devmem: do not WARN conditionally after netdev_rx_queue_restart() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Keep display off while going into S4 Keith Busch <kbusch(a)kernel.org> nvme-pci: fix stuck reset on concurrent DPC and HP Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe/guc_pc: Retry and wait longer for GuC PC start Vladis Dronov <vdronov(a)redhat.com> x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Fix output argument to hypercall that changes page visibility Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix SA Query processing in MLO Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: rt1320: set wake_capable = 0 explicitly Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs42l43: Add jack delay debounce after suspend Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius Naman Jain <namjain(a)linux.microsoft.com> x86/hyperv/vtl: Stop kernel from probing VTL0 low memory Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add a check for invalid data size Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Propagate PMF-TA return codes Wentao Guan <guanwentao(a)uniontech.com> HID: i2c-hid: improve i2c_hid_get_report error message Jakub Kicinski <kuba(a)kernel.org> net: dsa: rtl8366rb: don't prompt users for LED control David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/vsec: Add Diamond Rapids support Dmitry Panchenko <dmitry(a)d-systems.ee> platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Namjae Jeon <linkinjeon(a)kernel.org> cifs: fix incorrect validation for num_aces field of smb_acl Namjae Jeon <linkinjeon(a)kernel.org> smb: common: change the data type of num_aces to le16 Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix perf_pmu_register() vs. perf_init_event() Daniel Bárta <daniel.barta(a)trustlab.cz> ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Fix Asus Z13 2025 audio Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Matthias Proske <email(a)matthias-proske.de> wifi: brcmfmac: keep power during suspend if board requires it Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Mike Lothian <mike(a)fireburn.co.uk> ntsync: Set the permissions to be 0666 Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: use the right version of the rate API Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: mac80211: remove debugfs dir for virtual monitor Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: mac80211: Cleanup sta TXQs on flush Dan Carpenter <dan.carpenter(a)linaro.org> nfs: Add missing release on error in nfs_lock_and_join_requests() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool/loongarch: Add unwind hints in prepare_frametrace() Josh Poimboeuf <jpoimboe(a)kernel.org> rcu-tasks: Always inline rcu_irq_work_resched() Josh Poimboeuf <jpoimboe(a)kernel.org> context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() David Laight <david.laight.linux(a)gmail.com> objtool: Fix verbose disassembly if CROSS_COMPILE isn't set Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Jim Liu <jim.t90615(a)gmail.com> net: phy: broadcom: Correct BCM5221 PHY model detection Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Rework the arch_kgdb_breakpoint() implementation Miaoqian Lin <linmq006(a)gmail.com> LoongArch: Fix device node refcount leak in fdt_cpu_clk_init() 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix segfault in ignore_unreachable_insn() Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Lama Kayal <lkayal(a)nvidia.com> net/mlx5e: SHAMPO, Make reserved size independent of page size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix r_count dec/increment mismatch Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Lubomir Rintel <lkundrak(a)v3.sk> rndis_host: Flag RNDIS modems as WWAN devices Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix missing shutdown check Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix netns refcount imbalance causing leaks and use-after-free Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Shut down the nfs_client only after all the superblocks Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() xueqin Luo <luoxueqin(a)kylinos.cn> thermal: core: Remove duplicate struct declaration Namhyung Kim <namhyung(a)kernel.org> perf bpf-filter: Fix a parsing error with comma Marcus Meissner <meissner(a)suse.de> perf tools: annotate asm_pure_loop.S Likhitha Korrapati <likhitha(a)linux.ibm.com> perf tools: Fix is_compat_mode build break in ppc64 Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: n_tty: use uint for space returned by tty_write_room() Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Stop kthreads if vchiq cdev register fails Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Fix possible NPR of keep-alive thread Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Register debugfs after cdev 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES James Clark <james.clark(a)linaro.org> perf: intel-tpebs: Fix incorrect usage of zfree() Stephen Brennan <stephen.s.brennan(a)oracle.com> perf dso: fix dso__is_kallsyms() check Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Benjamin Berg <benjamin.berg(a)intel.com> um: hostfs: avoid issues on inode number reuse by host Benjamin Berg <benjamin.berg(a)intel.com> um: remove copy_from_kernel_nofault_allowed David Gow <davidgow(a)google.com> um: Pass the correct Rust target and options with gcc Cyan Yang <cyan.yang(a)sifive.com> selftests/mm/cow: fix the incorrect error handling Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path NeilBrown <neilb(a)suse.de> NFS: fix open_owner_id_maxsz and related fields. Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for delayed delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for expired delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for returning delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Anshuman Khandual <anshuman.khandual(a)arm.com> arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX David Hildenbrand <david(a)redhat.com> kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() Veronika Molnarova <vmolnaro(a)redhat.com> perf test stat_all_pmu.sh: Correctly check 'perf stat' result Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf x86/topdown: Fix topdown leader sampling test error on hybrid Ian Rogers <irogers(a)google.com> perf evlist: Add success path to evlist__create_syswide_maps Ian Rogers <irogers(a)google.com> perf debug: Avoid stack overflow in recursive error message Karan Sanghavi <karansanghvi98(a)gmail.com> iio: light: Add check for array bounds in veml6075_read_int_time_ms Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7173: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad4130: Fix comparison of channel setups Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: free irq correctly in remove path Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Prevent integer overflow in hdr_first_de() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: correct debug message page size calculation Thomas Richter <tmricht(a)linux.ibm.com> perf bench: Fix perf bench syscall loop count Leo Yan <leo.yan(a)arm.com> perf arm-spe: Fix load-store operation checking Nuno Sá <nuno.sa(a)analog.com> iio: backend: make sure to NULL terminate stack buffer Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Mario Limonciello <mario.limonciello(a)amd.com> ucsi_ccg: Don't show failed to get FW build information error Luca Ceresoli <luca.ceresoli(a)bootlin.com> perf build: Fix in-tree build due to symbolic link Ian Rogers <irogers(a)google.com> tools/x86: Fix linux/unaligned.h include path in lib/insn.c James Clark <james.clark(a)linaro.org> perf pmu: Don't double count common sysfs and json events Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight-etm4x: add isb() before reading the TRCSTATR Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Wentao Liang <vulab(a)iscas.ac.cn> greybus: gb-beagleplay: Add error handling for gb_greybus_init Namhyung Kim <namhyung(a)kernel.org> perf report: Switch data file correctly in TUI Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix cb7210 pcmcia Oops Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device James Clark <james.clark(a)linaro.org> perf tests: Fix Tool PMU test segfault Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Kan Liang <kan.liang(a)linux.intel.com> perf tools: Add skip check in tool_pmu__event_to_str() Heiko Stuebner <heiko.stuebner(a)cherry.de> phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_mapping->a_ops on compression state Ian Rogers <irogers(a)google.com> perf pmu: Rename name matching for no suffix or wildcard variants Ian Rogers <irogers(a)google.com> perf stat: Don't merge counters purely on name Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix Hwmon PMU test endianess issue Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: modify stream enable Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix pr_err format warning Chenyuan Yang <chenyuan0y(a)gmail.com> w1: fix NULL pointer dereference in probe James Clark <james.clark(a)linaro.org> perf: Always feature test reallocarray Ian Rogers <irogers(a)google.com> perf stat: Fix find_stat for mixed legacy/non-legacy events Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Fix accessing BTF.ext core_relo header Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Wang Liang <wangliang74(a)huawei.com> RDMA/core: Fix use-after-free when rename device name Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Remi Pommarel <repk(a)triplefau.lt> leds: Fix LED_OFF brightness race Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> clk: qcom: ipq5424: fix software and hardware flow control error of UART Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzv2m: Fix missing of_node_put() call Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Jiayuan Chen <mrpre(a)163.com> bpf: Fix array bounds error with may_goto Neil Armstrong <neil.armstrong(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Bairavi Alagappan <bairavix.alagappan(a)intel.com> crypto: qat - remove access to parity register for QAT GEN4 Jinghao Jia <jinghao7(a)illinois.edu> samples/bpf: Fix broken vmlinux path for VMLINUX_BTF Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment Charles Han <hanchunchao(a)inspur.com> clk: mmp: Fix NULL vs IS_ERR() check Ian Rogers <irogers(a)google.com> libbpf: Add namespace for errstr making it libbpf_errstr Nathan Chancellor <nathan(a)kernel.org> crypto: tegra - Fix format specifier in tegra_sha_prep_cmd() Alice Ryhl <aliceryhl(a)google.com> rust: fix signature of rust_fmt_argument Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Select NUMA_NO_NODE to create map Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix larval relookup type and mask Sicelo A. Mhlongo <absicsz(a)gmail.com> power: supply: bq27xxx_battery: do not update cached flags prematurely Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Fix calculation of total invalidated pages Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Tengda Wu <wutengda(a)huaweicloud.com> selftests/bpf: Fix freplace_link segfault in tailcalls prog test Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix MR cache initialization error flow Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Reserve keyslots to allocate dynamically Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - finalize crypto req on error Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Set IV to NULL explicitly for AES ECB Kees Bakker <kees(a)ijzerbout.nl> RDMA/mana_ib: Ensure variable err is initialized Niklas Schnelle <schnelle(a)linux.ibm.com> s390: Remove ioremap_wt() and pgprot_writethrough() Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix runqslower cross-endian build Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix CMAC intermediate result handling Yue Haibing <yuehaibing(a)huawei.com> pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw() Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Luca Weiss <luca.weiss(a)fairphone.com> remoteproc: qcom: pas: add minidump_id to SC7280 WPSS Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r8a08g045: Check the source of the CPU PLL settings David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Fix string read in strncmp benchmark Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> drivers: clk: qcom: ipq5424: fix the freq table of sdcc1_apps clock Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Suppress binding attributes Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix page_size variable overflow Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for sec spec check Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Use HMAC fallback when keyslots are full Arnd Bergmann <arnd(a)arndb.de> crypto: bpf - Add MODULE_DESCRIPTION for skcipher Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix HASH intermediate result handling Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Transfer HASH init function to crypto engine Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - check return value for hash do_one_req Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Do not use fixed size buffers Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Use separate buffer for setkey Bairavi Alagappan <bairavix.alagappan(a)intel.com> crypto: qat - set parity error mask for qat_420xx Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Test the correct request flag Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Arnd Bergmann <arnd(a)arndb.de> dummycon: fix default rows/cols Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Shay Drory <shayd(a)nvidia.com> PCI: Fix NULL dereference in SR-IOV VF creation error path Caleb Sander Mateos <csander(a)purestorage.com> io_uring/net: only import send_zc buffer once Jens Axboe <axboe(a)kernel.dk> io_uring/net: improve recv bundles Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI/bwctrl: Fix pcie_bwctrl_select_speed() return type Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix BAR resizing when VF BARs are assigned Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: histb: Fix an error handling path in histb_pcie_probe() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: ep: Return -ENOMEM for allocation failures Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> drm/amd/display: avoid NPD when ASIC does not support DMUB Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Douglas Anderson <dianders(a)chromium.org> drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Jason-JH Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix config_updating flag never false when no mbox channel Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/kexec: fix physical address calculation in clear_utlb_entry() Christophe Leroy <christophe.leroy(a)csgroup.eu> crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD Vaibhav Jain <vaibhav(a)linux.ibm.com> powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Rob Clark <robdclark(a)chromium.org> drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Steven Price <steven.price(a)arm.com> drm/panthor: Clean up FW version information display Ashley Smith <ashley.smith(a)collabora.com> drm/panthor: Update CS_STATUS_ defines to correct values Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Yi Lai <yi1.lai(a)intel.com> selftests/pcie_bwctrl: Add 'set_pcie_speed.sh' to TEST_PROGS Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix potential premature regulator disabling Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix error path after a call to regulator_bulk_get() Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Set generation limit before PCIe link up Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Use existing per-interface slice count in DSC timing Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Program clock inverters in correct register Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't use active in atomic_check() Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: fix an indent issue in DML21 Tushar Dave <tdave(a)nvidia.com> PCI/ACS: Fix 'pci=config_acs=' parameter John Keeping <jkeeping(a)inmusicbrands.com> drm/panel: ilitek-ili9882t: fix GPIO name in error message Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Remove add_align overwrite unrelated to size0 Kai-Heng Feng <kaihengf(a)nvidia.com> PCI: Use downstream bridges for distributing resources Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/umsch: fix ucode check Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: refine smu send msg debug log format Vitalii Mordan <mordan(a)ispras.ru> gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Bart Van Assche <bvanassche(a)acm.org> drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Fix race condition when gathering fdinfo group samples Hermes Wu <Hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP V match check is not performed correctly Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: ensure ssd132x pitch is correct John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: fix ssd132x encoding Javier Martinez Canillas <javierm(a)redhat.com> drm/ssd130x: Set SPI .id_table to prevent an SPI core warning Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Don't take register_mutex with copy_from/to_user() Olivia Mackintosh <livvy(a)base.nu> ALSA: usb-audio: separate DJM-A9 cap lvl options Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Ritu Chaudhary <rituc(a)nvidia.com> ASoC: tegra: Use non-atomic timeout for ADX status register Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Maud Spierings <maudspierings(a)gocontroll.com> dt-bindings: vendor-prefixes: add GOcontroll Jiri Kosina <jikos(a)kernel.org> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> ASoC: cs35l41: check the return value from spi_setup() Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-ddv: Fix temperature calculation Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> auxdisplay: panel: Fix an API misuse in panel.c Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: HEVC: Initialize start_bit field Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: MAX6959 should select BITREVERSE Frieder Schrempf <frieder.schrempf(a)kontron.de> regulator: pca9450: Fix enable register for LDO5 Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Teardown riscv specific bits after kvm_exit Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/entry: Add __init to ia32_emulation_override_cmdline() Chao Gao <chao.gao(a)intel.com> x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Josh Poimboeuf <jpoimboe(a)kernel.org> x86/traps: Make exc_double_fault() consistently noreturn Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Jacky Bai <ping.bai(a)nxp.com> cpufreq: Init cpufreq only for present CPUs Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Jacky Bai <ping.bai(a)nxp.com> cpuidle: Init cpuidle only for present CPUs James Morse <james.morse(a)arm.com> x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: realm: Use aliased addresses for device DMA to shared buffers Suzuki K Poulose <suzuki.poulose(a)arm.com> dma: Introduce generic dma_addr_*crypted helpers Suzuki K Poulose <suzuki.poulose(a)arm.com> dma: Fix encryption bit clearing for dma_to_phys Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Maksim Davydov <davydov-max(a)yandex-team.ru> x86/split_lock: Fix the delayed detection logic Li Huafei <lihuafei1(a)huawei.com> watchdog/hardlockup/perf: Fix perf_event memory leak Kees Cook <kees(a)kernel.org> kunit/stackinit: Use fill byte different from Clang i386 pattern Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Disable the kernel perf counter during configure Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra194: Allow building for Tegra234 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Peter Zijlstra <peterz(a)infradead.org> lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Stanislav Spassov <stanspas(a)amazon.de> x86/fpu: Fix guest FPU state buffer allocation size Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> x86/vdso: Fix latent bug in vclock_pages calculation Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix the flood of invalid error reports Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks zihan zhou <15645113830zzh(a)gmail.com> sched: Cancel the slice protection of the idle entity Konstantin Andreev <andreev(a)swemel.ru> smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label Konstantin Andreev <andreev(a)swemel.ru> smack: dont compile ipv6 code unless ipv6 is configured Oleg Nesterov <oleg(a)redhat.com> seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch Christian Brauner <brauner(a)kernel.org> fs: support O_PATH fds with FSCONFIG_SET_FD ------------- Diffstat: .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm/Kconfig | 2 +- arch/arm/include/asm/vmlinux.lds.h | 12 +- arch/arm64/include/asm/mem_encrypt.h | 11 + arch/arm64/kernel/compat_alignment.c | 2 + arch/loongarch/Kconfig | 4 +- arch/loongarch/include/asm/cache.h | 2 + arch/loongarch/include/asm/irq.h | 2 +- arch/loongarch/include/asm/stacktrace.h | 3 + arch/loongarch/include/asm/unwind_hints.h | 10 +- arch/loongarch/kernel/env.c | 2 + arch/loongarch/kernel/kgdb.c | 5 +- arch/loongarch/net/bpf_jit.c | 12 +- arch/loongarch/net/bpf_jit.h | 5 + arch/powerpc/configs/mpc885_ads_defconfig | 2 +- arch/powerpc/crypto/Makefile | 1 + arch/powerpc/kexec/relocate_32.S | 7 +- arch/powerpc/perf/vpa-pmu.c | 1 + arch/powerpc/platforms/cell/spufs/gang.c | 1 + arch/powerpc/platforms/cell/spufs/inode.c | 63 ++- arch/powerpc/platforms/cell/spufs/spufs.h | 2 + arch/riscv/errata/Makefile | 6 +- arch/riscv/include/asm/cpufeature.h | 4 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/riscv/kernel/elf_kexec.c | 3 + arch/riscv/kernel/traps_misaligned.c | 14 +- arch/riscv/kernel/unaligned_access_speed.c | 36 +- arch/riscv/kernel/vec-copy-unaligned.S | 2 +- arch/riscv/kvm/main.c | 4 +- arch/riscv/kvm/vcpu_pmu.c | 1 + arch/riscv/mm/hugetlbpage.c | 74 +-- arch/riscv/purgatory/entry.S | 1 + arch/s390/include/asm/io.h | 2 - arch/s390/include/asm/pgtable.h | 3 - arch/s390/kernel/entry.S | 2 +- arch/s390/mm/pgtable.c | 10 - arch/um/include/shared/os.h | 1 - arch/um/kernel/Makefile | 2 +- arch/um/kernel/maccess.c | 19 - arch/um/os-Linux/process.c | 51 -- arch/x86/Kconfig | 3 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/Makefile.um | 7 +- arch/x86/coco/tdx/tdx.c | 26 +- arch/x86/entry/calling.h | 2 + arch/x86/entry/common.c | 2 +- arch/x86/entry/vdso/vdso-layout.lds.S | 2 +- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/events/intel/core.c | 47 +- arch/x86/events/intel/ds.c | 13 +- arch/x86/events/perf_event.h | 3 +- arch/x86/hyperv/hv_vtl.c | 1 + arch/x86/hyperv/ivm.c | 5 +- arch/x86/include/asm/tdx.h | 4 +- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/include/asm/vdso/vsyscall.h | 1 + arch/x86/kernel/cpu/bus_lock.c | 20 +- arch/x86/kernel/cpu/mce/severity.c | 11 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 +- arch/x86/kernel/cpu/sgx/driver.c | 10 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/fpu/core.c | 6 +- arch/x86/kernel/process.c | 9 +- arch/x86/kernel/traps.c | 18 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/kernel/uprobes.c | 14 +- arch/x86/kvm/svm/sev.c | 13 +- arch/x86/kvm/x86.c | 15 +- arch/x86/lib/copy_user_64.S | 18 + arch/x86/mm/mem_encrypt_identity.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- arch/x86/mm/pat/memtype.c | 52 +- crypto/api.c | 17 +- crypto/bpf_crypto_skcipher.c | 1 + drivers/acpi/acpi_video.c | 9 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 7 + drivers/acpi/x86/utils.c | 3 +- drivers/auxdisplay/Kconfig | 1 + drivers/auxdisplay/panel.c | 4 +- drivers/base/power/main.c | 21 +- drivers/base/power/runtime.c | 2 +- drivers/block/ublk_drv.c | 41 +- drivers/clk/imx/clk-imx8mp-audiomix.c | 6 +- drivers/clk/meson/g12a.c | 38 +- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/mmp/clk-pxa1908-apmu.c | 4 +- drivers/clk/qcom/gcc-ipq5424.c | 24 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/gcc-sm8650.c | 4 +- drivers/clk/qcom/gcc-x1e80100.c | 30 -- drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/renesas/r9a08g045-cpg.c | 5 +- drivers/clk/renesas/rzg2l-cpg.c | 13 +- drivers/clk/renesas/rzg2l-cpg.h | 10 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/cpufreq/Kconfig.arm | 2 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/cpufreq/cpufreq_governor.c | 45 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/cpufreq/mediatek-cpufreq.c | 2 +- drivers/cpufreq/mvebu-cpufreq.c | 2 +- drivers/cpufreq/qcom-cpufreq-hw.c | 2 +- drivers/cpufreq/qcom-cpufreq-nvmem.c | 8 +- drivers/cpufreq/scmi-cpufreq.c | 2 +- drivers/cpufreq/scpi-cpufreq.c | 7 +- drivers/cpufreq/sun50i-cpufreq-nvmem.c | 6 +- drivers/cpufreq/virtual-cpufreq.c | 2 +- drivers/cpuidle/cpuidle-arm.c | 8 +- drivers/cpuidle/cpuidle-big_little.c | 2 +- drivers/cpuidle/cpuidle-psci.c | 4 +- drivers/cpuidle/cpuidle-qcom-spm.c | 2 +- drivers/cpuidle/cpuidle-riscv-sbi.c | 4 +- drivers/crypto/hisilicon/sec2/sec.h | 1 - drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 ++--- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1 + drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 +-- drivers/crypto/nx/nx-common-pseries.c | 37 +- drivers/crypto/tegra/tegra-se-aes.c | 401 ++++++++++----- drivers/crypto/tegra/tegra-se-hash.c | 287 +++++++---- drivers/crypto/tegra/tegra-se-key.c | 29 +- drivers/crypto/tegra/tegra-se-main.c | 16 +- drivers/crypto/tegra/tegra-se.h | 39 +- drivers/dma/fsl-edma-main.c | 14 +- drivers/edac/i10nm_base.c | 2 + drivers/edac/ie31200_edac.c | 19 +- drivers/edac/igen6_edac.c | 21 +- drivers/edac/skx_common.c | 33 ++ drivers/edac/skx_common.h | 11 + drivers/firmware/cirrus/cs_dsp.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 + .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 - .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 + .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 + .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- .../dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3 +- drivers/gpu/drm/amd/display/dmub/src/dmub_srv.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12 +- drivers/gpu/drm/bridge/ite-it6505.c | 7 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/mediatek/mtk_crtc.c | 7 +- drivers/gpu/drm/mediatek/mtk_dp.c | 6 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 - drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 8 +- drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2 +- drivers/gpu/drm/msm/msm_dsc_helper.h | 11 - drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2 +- drivers/gpu/drm/panthor/panthor_fw.c | 9 +- drivers/gpu/drm/panthor/panthor_fw.h | 6 +- drivers/gpu/drm/panthor/panthor_sched.c | 2 + drivers/gpu/drm/solomon/ssd130x-spi.c | 7 +- drivers/gpu/drm/solomon/ssd130x.c | 6 +- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xe/Kconfig | 2 +- drivers/gpu/drm/xe/xe_guc_pc.c | 53 +- drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/greybus/gb-beagleplay.c | 4 +- drivers/hid/Makefile | 1 - drivers/hid/i2c-hid/i2c-hid-core.c | 2 +- drivers/hwmon/nct6775-core.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 20 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 +- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/accel/msa311.c | 28 +- drivers/iio/adc/ad4130.c | 41 +- drivers/iio/adc/ad7124.c | 35 +- drivers/iio/adc/ad7173.c | 25 +- drivers/iio/adc/ad7768-1.c | 15 + drivers/iio/dac/adi-axi-dac.c | 8 + drivers/iio/industrialio-backend.c | 4 +- drivers/iio/light/veml6075.c | 8 +- drivers/infiniband/core/device.c | 18 +- drivers/infiniband/core/mad.c | 38 +- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/erdma/erdma_cm.c | 1 - drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/infiniband/hw/mlx5/mr.c | 41 +- drivers/infiniband/hw/mlx5/odp.c | 10 +- drivers/leds/led-core.c | 22 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + drivers/media/platform/ti/omap3isp/isp.c | 7 + .../platform/verisilicon/hantro_g2_hevc_dec.c | 1 + drivers/media/rc/streamzap.c | 2 +- drivers/media/test-drivers/vimc/vimc-streamer.c | 6 + drivers/memory/omap-gpmc.c | 20 - drivers/mfd/sm501.c | 6 +- drivers/misc/ntsync.c | 1 + drivers/mmc/host/omap.c | 19 +- drivers/mmc/host/sdhci-omap.c | 4 +- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/dsa/mv88e6xxx/chip.c | 11 +- drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/dsa/realtek/Kconfig | 2 +- drivers/net/ethernet/ibm/ibmveth.c | 39 +- drivers/net/ethernet/intel/e1000e/defines.h | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 ++- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 + drivers/net/ethernet/intel/idpf/idpf_main.c | 6 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 +++++--- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +- drivers/net/phy/broadcom.c | 6 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/usb/usbnet.c | 6 +- .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++-- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 - drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/ioctl.c | 2 +- drivers/nvme/host/pci.c | 37 +- drivers/nvme/host/tcp.c | 5 +- drivers/nvme/target/debugfs.c | 2 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/dwc/pcie-histb.c | 12 +- drivers/pci/controller/pcie-brcmstb.c | 16 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/iov.c | 48 +- drivers/pci/pci-sysfs.c | 4 +- drivers/pci/pci.c | 22 +- drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/bwctrl.c | 6 +- drivers/pci/pcie/portdrv.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pci/setup-bus.c | 4 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 +- drivers/pinctrl/intel/pinctrl-intel.c | 1 - drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3 + drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + .../platform/surface/surface_aggregator_registry.c | 5 +- drivers/platform/x86/amd/pmf/pmf.h | 5 +- drivers/platform/x86/amd/pmf/tee-if.c | 82 +++- drivers/platform/x86/dell/dell-uart-backlight.c | 2 +- drivers/platform/x86/dell/dell-wmi-ddv.c | 6 +- drivers/platform/x86/intel/hid.c | 7 + .../x86/intel/speed_select_if/isst_if_common.c | 2 +- drivers/platform/x86/intel/vsec.c | 7 + .../x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 11 + drivers/power/supply/bq27xxx_battery.c | 1 - drivers/power/supply/max77693_charger.c | 2 +- drivers/regulator/pca9450-regulator.c | 6 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 +- drivers/remoteproc/qcom_q6v5_pas.c | 13 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/rtc/rtc-renesas-rtca3.c | 15 +- drivers/soundwire/slave.c | 1 + drivers/spi/spi-bcm2835.c | 18 +- drivers/spi/spi-cadence-xspi.c | 2 +- .../staging/gpib/agilent_82357a/agilent_82357a.c | 513 +++++++++---------- drivers/staging/gpib/cb7210/cb7210.c | 2 +- drivers/staging/gpib/common/gpib_os.c | 7 +- drivers/staging/gpib/hp_82341/hp_82341.c | 2 +- drivers/staging/gpib/include/gpibP.h | 2 +- drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 545 +++++++++++---------- drivers/staging/gpib/ni_usb/ni_usb_gpib.h | 2 +- drivers/staging/rtl8723bs/Kconfig | 1 + .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 28 +- .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/n_tty.c | 13 +- drivers/tty/serial/fsl_lpuart.c | 312 ++++++------ drivers/usb/host/xhci-mem.c | 6 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +- drivers/vhost/scsi.c | 25 +- drivers/video/console/Kconfig | 6 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/sm501fb.c | 7 + drivers/w1/masters/w1-uart.c | 4 +- fs/9p/vfs_inode_dotl.c | 2 +- fs/affs/file.c | 9 +- fs/autofs/autofs_i.h | 2 + fs/exec.c | 15 +- fs/exfat/fatent.c | 2 +- fs/exfat/file.c | 29 +- fs/exfat/inode.c | 41 +- fs/exfat/namei.c | 5 + fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 +- fs/fsopen.c | 2 +- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 2 +- fs/fuse/file.c | 4 +- fs/hostfs/hostfs.h | 2 +- fs/hostfs/hostfs_kern.c | 7 +- fs/hostfs/hostfs_user.c | 59 ++- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/netfs/direct_read.c | 6 +- fs/nfs/delegation.c | 63 ++- fs/nfs/nfs4xdr.c | 18 +- fs/nfs/sysfs.c | 22 +- fs/nfs/write.c | 4 +- fs/nfsd/nfs4state.c | 37 +- fs/nfsd/nfsctl.c | 44 +- fs/nfsd/vfs.c | 28 +- fs/ntfs3/attrib.c | 3 +- fs/ntfs3/file.c | 22 +- fs/ntfs3/frecord.c | 6 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/ntfs.h | 2 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/smb/client/cifsacl.c | 34 +- fs/smb/client/cifssmb.c | 46 +- fs/smb/client/connect.c | 16 +- fs/smb/client/smb2pdu.c | 96 ++-- fs/smb/common/smbacl.h | 3 +- fs/smb/server/auth.c | 6 +- fs/smb/server/connection.h | 11 + fs/smb/server/mgmt/user_session.c | 37 +- fs/smb/server/mgmt/user_session.h | 2 + fs/smb/server/oplock.c | 12 +- fs/smb/server/smb2pdu.c | 54 +- fs/smb/server/smbacl.c | 50 +- fs/smb/server/smbacl.h | 2 +- include/drm/display/drm_dp_mst_helper.h | 7 + include/linux/context_tracking_irq.h | 8 +- include/linux/coresight.h | 4 + include/linux/dma-direct.h | 13 +- include/linux/fwnode.h | 2 +- include/linux/interrupt.h | 8 +- include/linux/mem_encrypt.h | 23 + include/linux/nfs_fs_sb.h | 4 + include/linux/nmi.h | 4 - include/linux/pgtable.h | 28 +- include/linux/pm_runtime.h | 2 + include/linux/rcupdate.h | 2 +- include/linux/sched/smt.h | 2 +- include/linux/seccomp.h | 8 +- include/linux/thermal.h | 2 - include/linux/trace_events.h | 14 + include/linux/uprobes.h | 2 + include/rdma/ib_verbs.h | 1 + init/Kconfig | 5 + io_uring/net.c | 23 +- kernel/bpf/core.c | 19 +- kernel/bpf/verifier.c | 7 + kernel/cpu.c | 5 - kernel/events/core.c | 46 +- kernel/events/ring_buffer.c | 2 +- kernel/events/uprobes.c | 15 +- kernel/fork.c | 4 + kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/deadline.c | 2 +- kernel/sched/fair.c | 50 +- kernel/seccomp.c | 14 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events.c | 21 + kernel/trace/trace_events_hist.c | 133 ++++- kernel/trace/trace_events_synth.c | 32 +- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + kernel/watchdog.c | 25 - kernel/watchdog_perf.c | 28 +- lib/842/842_compress.c | 2 + lib/stackinit_kunit.c | 30 +- lib/vsprintf.c | 2 +- mm/gup.c | 3 + mm/memory.c | 13 +- mm/zswap.c | 30 +- net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +- net/core/devmem.c | 4 +- net/core/dst.c | 8 + net/core/rtnetlink.c | 3 + net/core/rtnl_net_debug.c | 2 +- net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/udp.c | 42 +- net/ipv6/addrconf.c | 37 +- net/ipv6/calipso.c | 21 +- net/ipv6/route.c | 42 +- net/mac80211/driver-ops.c | 10 +- net/mac80211/iface.c | 11 +- net/mac80211/rx.c | 10 +- net/mac80211/sta_info.c | 20 +- net/mac80211/util.c | 5 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_skbprio.c | 3 - net/sctp/sysctl.c | 4 + net/vmw_vsock/af_vsock.c | 6 +- net/xdp/xsk.c | 5 +- rust/Makefile | 4 +- rust/kernel/print.rs | 7 +- samples/bpf/Makefile | 2 +- samples/trace_events/trace-events-sample.h | 8 +- scripts/package/debian/rules | 6 +- scripts/selinux/install_policy.sh | 15 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 34 +- sound/core/timer.c | 147 +++--- sound/pci/hda/patch_realtek.c | 50 +- sound/soc/amd/acp/acp-legacy-common.c | 10 +- sound/soc/codecs/cs35l41-spi.c | 5 +- sound/soc/codecs/cs42l43-jack.c | 13 +- sound/soc/codecs/cs42l43.c | 15 +- sound/soc/codecs/cs42l43.h | 3 + sound/soc/codecs/rt1320-sdw.c | 3 + sound/soc/codecs/rt5665.c | 24 +- sound/soc/codecs/wsa884x.c | 4 +- sound/soc/fsl/imx-card.c | 4 + sound/soc/tegra/tegra210_adx.c | 6 +- sound/soc/ti/j721e-evm.c | 2 + sound/usb/mixer_quirks.c | 7 +- tools/arch/x86/lib/insn.c | 2 +- tools/bpf/runqslower/Makefile | 3 +- tools/lib/bpf/btf.c | 4 +- tools/lib/bpf/linker.c | 2 +- tools/lib/bpf/str_error.c | 2 +- tools/lib/bpf/str_error.h | 7 +- tools/objtool/check.c | 35 +- tools/perf/Makefile.config | 10 +- tools/perf/Makefile.perf | 2 +- tools/perf/arch/powerpc/util/header.c | 4 +- tools/perf/arch/x86/util/topdown.c | 2 +- tools/perf/bench/syscall.c | 22 +- tools/perf/builtin-report.c | 2 +- .../arch/arm64/ampere/ampereonex/metrics.json | 10 +- tools/perf/pmu-events/empty-pmu-events.c | 8 +- tools/perf/pmu-events/jevents.py | 8 +- tools/perf/tests/hwmon_pmu.c | 16 +- tools/perf/tests/pmu.c | 85 ++-- .../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 + tools/perf/tests/shell/record_bpf_filter.sh | 4 +- tools/perf/tests/shell/stat_all_pmu.sh | 48 +- tools/perf/tests/tool_pmu.c | 4 +- tools/perf/util/arm-spe.c | 8 +- tools/perf/util/bpf-filter.l | 2 +- tools/perf/util/comm.c | 2 + tools/perf/util/debug.c | 2 +- tools/perf/util/dso.h | 4 +- tools/perf/util/evlist.c | 13 +- tools/perf/util/expr.c | 2 + tools/perf/util/hwmon_pmu.c | 14 - tools/perf/util/hwmon_pmu.h | 16 + tools/perf/util/intel-tpebs.c | 2 +- tools/perf/util/parse-events.c | 2 +- tools/perf/util/pmu.c | 265 +++++++--- tools/perf/util/pmu.h | 10 +- tools/perf/util/pmus.c | 20 +- tools/perf/util/python.c | 17 +- tools/perf/util/stat-shadow.c | 3 +- tools/perf/util/stat.c | 13 +- tools/perf/util/tool_pmu.c | 3 +- tools/perf/util/units.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 + tools/power/x86/turbostat/turbostat.c | 3 +- tools/testing/selftests/bpf/Makefile | 1 + .../selftests/bpf/prog_tests/bloom_filter_map.c | 5 + tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1 + tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +- tools/testing/selftests/mm/cow.c | 2 +- .../selftests/net/netfilter/br_netfilter.sh | 7 + .../selftests/net/netfilter/br_netfilter_queue.sh | 7 + tools/testing/selftests/net/netfilter/nft_queue.sh | 1 + tools/testing/selftests/pcie_bwctrl/Makefile | 2 +- 506 files changed, 5295 insertions(+), 3187 deletions(-)

7 months

7
6
0 0

[PATCH v2] RDMA/cma: Fix workqueue crash in cma_netevent_work_handler

by Sharath Srinivasan

struct rdma_cm_id has member "struct work_struct net_work" that is reused for enqueuing cma_netevent_work_handler()s onto cma_wq. Below crash[1] can occur if more than one call to cma_netevent_callback() occurs in quick succession, which further enqueues cma_netevent_work_handler()s for the same rdma_cm_id, overwriting any previously queued work-item(s) that was just scheduled to run i.e. there is no guarantee the queued work item may run between two successive calls to cma_netevent_callback() and the 2nd INIT_WORK would overwrite the 1st work item (for the same rdma_cm_id), despite grabbing id_table_lock during enqueue. Also drgn analysis [2] indicates the work item was likely overwritten. Fix this by moving the INIT_WORK() to __rdma_create_id(), so that it doesn't race with any existing queue_work() or its worker thread. [1] Trimmed crash stack: ============================================= BUG: kernel NULL pointer dereference, address: 0000000000000008 kworker/u256:6 ... 6.12.0-0... Workqueue: cma_netevent_work_handler [rdma_cm] (rdma_cm) RIP: 0010:process_one_work+0xba/0x31a Call Trace: worker_thread+0x266/0x3a0 kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 ============================================= [2] drgn crash analysis: >>> trace = prog.crashed_thread().stack_trace() >>> trace (0) crash_setup_regs (./arch/x86/include/asm/kexec.h:111:15) (1) __crash_kexec (kernel/crash_core.c:122:4) (2) panic (kernel/panic.c:399:3) (3) oops_end (arch/x86/kernel/dumpstack.c:382:3) ... (8) process_one_work (kernel/workqueue.c:3168:2) (9) process_scheduled_works (kernel/workqueue.c:3310:3) (10) worker_thread (kernel/workqueue.c:3391:4) (11) kthread (kernel/kthread.c:389:9) Line workqueue.c:3168 for this kernel version is in process_one_work(): 3168 strscpy(worker->desc, pwq->wq->name, WORKER_DESC_LEN); >>> trace[8]["work"] *(struct work_struct *)0xffff92577d0a21d8 = { .data = (atomic_long_t){ .counter = (s64)536870912, <=== Note }, .entry = (struct list_head){ .next = (struct list_head *)0xffff924d075924c0, .prev = (struct list_head *)0xffff924d075924c0, }, .func = (work_func_t)cma_netevent_work_handler+0x0 = 0xffffffffc2cec280, } Suspicion is that pwq is NULL: >>> trace[8]["pwq"] (struct pool_workqueue *)<absent> In process_one_work(), pwq is assigned from: struct pool_workqueue *pwq = get_work_pwq(work); and get_work_pwq() is: static struct pool_workqueue *get_work_pwq(struct work_struct *work) { unsigned long data = atomic_long_read(&work->data); if (data & WORK_STRUCT_PWQ) return work_struct_pwq(data); else return NULL; } WORK_STRUCT_PWQ is 0x4: >>> print(repr(prog['WORK_STRUCT_PWQ'])) Object(prog, 'enum work_flags', value=4) But work->data is 536870912 which is 0x20000000. So, get_work_pwq() returns NULL and we crash in process_one_work(): 3168 strscpy(worker->desc, pwq->wq->name, WORKER_DESC_LEN); ============================================= Fixes: 925d046e7e52 ("RDMA/core: Add a netevent notifier to cma") Cc: stable(a)vger.kernel.org Co-developed-by: Håkon Bugge <haakon.bugge(a)oracle.com> Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com> Signed-off-by: Sharath Srinivasan <sharath.srinivasan(a)oracle.com> --- v1->v2 cc:stable@vger.kernel.org --- drivers/infiniband/core/cma.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index 91db10515d74..176d0b3e4488 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -72,6 +72,8 @@ static const char * const cma_events[] = { static void cma_iboe_set_mgid(struct sockaddr *addr, union ib_gid *mgid, enum ib_gid_type gid_type); +static void cma_netevent_work_handler(struct work_struct *_work); + const char *__attribute_const__ rdma_event_msg(enum rdma_cm_event_type event) { size_t index = event; @@ -1033,6 +1035,7 @@ __rdma_create_id(struct net *net, rdma_cm_event_handler event_handler, get_random_bytes(&id_priv->seq_num, sizeof id_priv->seq_num); id_priv->id.route.addr.dev_addr.net = get_net(net); id_priv->seq_num &= 0x00ffffff; + INIT_WORK(&id_priv->id.net_work, cma_netevent_work_handler); rdma_restrack_new(&id_priv->res, RDMA_RESTRACK_CM_ID); if (parent) @@ -5227,7 +5230,6 @@ static int cma_netevent_callback(struct notifier_block *self, if (!memcmp(current_id->id.route.addr.dev_addr.dst_dev_addr, neigh->ha, ETH_ALEN)) continue; - INIT_WORK(&current_id->id.net_work, cma_netevent_work_handler); cma_id_get(current_id); queue_work(cma_wq, &current_id->id.net_work); } -- 2.39.5 (Apple Git-154)

7 months

3
4
0 0

[PATCH] brcm80211: fmac: Add error check for brcmf_usb_dlneeded()

by Wentao Liang

The function brcmf_usb_dlneeded() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'id.chiprev' is uninitialized if the function brcmf_usb_dl_cmd() fails, and may propagate to 'devinfo->bus_pub.chiprev'. Add error handling for brcmf_usb_dl_cmd() to return the function if the 'id.chiprev' is uninitialized. Fixes: 71bb244ba2fd ("brcm80211: fmac: add USB support for bcm43235/6/8 chipsets") Cc: stable(a)vger.kernel.org # v3.4+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c index 2821c27f317e..50dddac8a2ab 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c @@ -790,6 +790,7 @@ brcmf_usb_dlneeded(struct brcmf_usbdev_info *devinfo) { struct bootrom_id_le id; u32 chipid, chiprev; + int err; brcmf_dbg(USB, "Enter\n"); @@ -798,7 +799,11 @@ brcmf_usb_dlneeded(struct brcmf_usbdev_info *devinfo) /* Check if firmware downloaded already by querying runtime ID */ id.chip = cpu_to_le32(0xDEAD); - brcmf_usb_dl_cmd(devinfo, DL_GETVER, &id, sizeof(id)); + err = brcmf_usb_dl_cmd(devinfo, DL_GETVER, &id, sizeof(id)); + if (err) { + brcmf_err("DL_GETID Failed\n"); + return false; + } chipid = le32_to_cpu(id.chip); chiprev = le32_to_cpu(id.chiprev); -- 2.42.0.windows.2

7 months

4
3
0 0

[PATCH] MIPS: ralink: Fix refcount leak in ill_acc_of_setup()

by Thorsten Blum

The of_find_device_by_node() function increments the reference count of the embedded device, which should be released with put_device() when it is no longer needed. In ill_acc_of_setup(), put_device() is only called on error paths, but not on the success path. Fix this by calling put_device() before returning successfully. Compile-tested only. Cc: stable(a)vger.kernel.org Fixes: 5433acd81e873 ("MIPS: ralink: add illegal access driver") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- arch/mips/ralink/ill_acc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/mips/ralink/ill_acc.c b/arch/mips/ralink/ill_acc.c index 25341b2319d0..6d1d829854b6 100644 --- a/arch/mips/ralink/ill_acc.c +++ b/arch/mips/ralink/ill_acc.c @@ -84,6 +84,7 @@ static int __init ill_acc_of_setup(void) rt_memc_w32(ILL_INT_STATUS, REG_ILL_ACC_TYPE); dev_info(&pdev->dev, "irq registered\n"); + put_device(&pdev->dev); return 0; } -- 2.49.0

7 months

2
2
0 0

[PATCH 0/5] Fix onboard USB hub instability on RK3399 Puma SoM

by Lukasz Czechowski

The RK3399 Puma SoM contains the internal Cypress CYUSB3304 USB hub, that shows instability due to improper reset pin configuration. Currently reset pin is modeled as a vcc5v0_host regulator, that might result in too short reset pulse duration. Starting with the v6.6, the Onboard USB hub driver (later renamed to Onboard USB dev) contains support for Cypress HX3 hub family. It can be now used to correctly model the RK3399 Puma SoM hardware. The first commits in this series fix the onboard USB dev driver to support all HX3 hub variants, including the CYUSB3304 found in the RK3399 Puma SoM. This allows to introduce fix for internal USB hub instability on RK3399 Puma, by replacing the vcc5v0_host regulator with cy3304_reset, used inside the hub node. Please be aware that the patch that fixes USB hub instability in arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi can me merged only after updating the Onboard USB dev driver, otherwise the hub will not work. Two last commits in the series disable unrouted USB controllers and PHYs on RK3399 Puma SOM and Haikou carrier board, with no intended functional changes. Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> --- Lukasz Czechowski (3): usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs dt-bindings: usb: cypress,hx3: Add support for all variants arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou .../devicetree/bindings/usb/cypress,hx3.yaml | 6 +++ .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 ---- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 43 ++++++++++------------ drivers/usb/misc/onboard_usb_dev.c | 10 ++++- drivers/usb/misc/onboard_usb_dev.h | 6 +++ 5 files changed, 39 insertions(+), 34 deletions(-) --- base-commit: 1e26c5e28ca5821a824e90dd359556f5e9e7b89f change-id: 20250326-onboard_usb_dev-a7c063a8a515 Best regards, -- Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com>

7 months

4
7
0 0

[PATCH v2] drm/i915/xe2hpd: Identify the memory type for SKUs with GDDR + ECC

by Lucas De Marchi

From: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Some SKUs of Xe2_HPD platforms (such as BMG) have GDDR memory type with ECC enabled. We need to identify this scenario and add a new case in xelpdp_get_dram_info() to handle it. In addition, the derating value needs to be adjusted accordingly to compensate for the limited bandwidth. Bspec: 64602 Cc: Matt Roper <matthew.d.roper(a)intel.com> Fixes: 3adcf970dc7e ("drm/xe/bmg: Drop force_probe requirement") Cc: stable(a)vger.kernel.org Signed-off-by: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> --- Changes in v2: - Add a separate sa_info for the ecc case (Lucas) - Link to v1: https://lore.kernel.org/r/20250214215944.187407-1-vivek.kasireddy@intel.com --- drivers/gpu/drm/i915/display/intel_bw.c | 12 ++++++++++++ drivers/gpu/drm/i915/i915_drv.h | 1 + drivers/gpu/drm/i915/soc/intel_dram.c | 4 ++++ drivers/gpu/drm/xe/xe_device_types.h | 1 + 4 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_bw.c b/drivers/gpu/drm/i915/display/intel_bw.c index dc7612658a9da..bb81efec08a01 100644 --- a/drivers/gpu/drm/i915/display/intel_bw.c +++ b/drivers/gpu/drm/i915/display/intel_bw.c @@ -250,6 +250,7 @@ static int icl_get_qgv_points(struct intel_display *display, qi->deinterleave = 4; break; case INTEL_DRAM_GDDR: + case INTEL_DRAM_GDDR_ECC: qi->channel_width = 32; break; default: @@ -404,6 +405,12 @@ static const struct intel_sa_info xe2_hpd_sa_info = { /* Other values not used by simplified algorithm */ }; +static const struct intel_sa_info xe2_hpd_ecc_sa_info = { + .derating = 45, + .deprogbwlimit = 53, + /* Other values not used by simplified algorithm */ +}; + static const struct intel_sa_info xe3lpd_sa_info = { .deburst = 32, .deprogbwlimit = 65, /* GB/s */ @@ -756,11 +763,16 @@ static unsigned int icl_qgv_bw(struct intel_display *display, void intel_bw_init_hw(struct intel_display *display) { + const struct dram_info *dram_info = &to_i915(display->drm)->dram_info; + if (!HAS_DISPLAY(display)) return; if (DISPLAY_VER(display) >= 30) tgl_get_bw_info(display, &xe3lpd_sa_info); + else if (DISPLAY_VERx100(display) >= 1401 && display->platform.dgfx && + dram_info->type == INTEL_DRAM_GDDR_ECC) + xe2_hpd_get_bw_info(display, &xe2_hpd_ecc_sa_info); else if (DISPLAY_VERx100(display) >= 1401 && display->platform.dgfx) xe2_hpd_get_bw_info(display, &xe2_hpd_sa_info); else if (DISPLAY_VER(display) >= 14) diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h index ffc346379cc2c..54538b6f85df5 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h @@ -305,6 +305,7 @@ struct drm_i915_private { INTEL_DRAM_DDR5, INTEL_DRAM_LPDDR5, INTEL_DRAM_GDDR, + INTEL_DRAM_GDDR_ECC, } type; u8 num_qgv_points; u8 num_psf_gv_points; diff --git a/drivers/gpu/drm/i915/soc/intel_dram.c b/drivers/gpu/drm/i915/soc/intel_dram.c index 9e310f4099f42..f60eedb0e92cf 100644 --- a/drivers/gpu/drm/i915/soc/intel_dram.c +++ b/drivers/gpu/drm/i915/soc/intel_dram.c @@ -687,6 +687,10 @@ static int xelpdp_get_dram_info(struct drm_i915_private *i915) drm_WARN_ON(&i915->drm, !IS_DGFX(i915)); dram_info->type = INTEL_DRAM_GDDR; break; + case 9: + drm_WARN_ON(&i915->drm, !IS_DGFX(i915)); + dram_info->type = INTEL_DRAM_GDDR_ECC; + break; default: MISSING_CASE(val); return -EINVAL; diff --git a/drivers/gpu/drm/xe/xe_device_types.h b/drivers/gpu/drm/xe/xe_device_types.h index 1334174388afe..20239d6a2e985 100644 --- a/drivers/gpu/drm/xe/xe_device_types.h +++ b/drivers/gpu/drm/xe/xe_device_types.h @@ -587,6 +587,7 @@ struct xe_device { INTEL_DRAM_DDR5, INTEL_DRAM_LPDDR5, INTEL_DRAM_GDDR, + INTEL_DRAM_GDDR_ECC, } type; u8 num_qgv_points; u8 num_psf_gv_points; --- base-commit: 74f632d1bd3b90ed79883361ca25f1225c0aee58 change-id: 20250321-tip-23d2af2e3291 Best regards, -- Lucas De Marchi <lucas.demarchi(a)intel.com>

7 months

3
5
0 0

Broken S3 on Asus Z97 Pro Gamer

by moriel5

Good day/night to everyone. I am sorry about the duplicate post, I had missed that I was also supposed to CC the regressions list. I have had S3 sleep broken for well over half a year at this point where the kernel simply crashes upon entering sleep, and the PC turns off (literally stops pulling power from the power supply), and turning it on, at first, causes to to run through 1 on/off cycle, with I believe is a diagnostic step on this board, as it happens whenever something causes the PC to unexpectedly turn off (unless the source is external, like a blackout, in which case once power is restored and I turn on the PC, it turns on normally). At first I thought that it might be an AMDGPU issue, however removing my dGPU, and also, the rest of my hardware, changed nothing. However I have had at one point had asus-wmi try to put the system into S0ix, despite the firmware lacking support for S0ix, and now FastFetch no longer prints out my motherboards model number on the Host line, instead just showing ASUS MB, so I have reason to suspect that asus-wmi may be the culprit for this regression. Unfortunately, I am unable to procure logs, since the kernel crashes before anything meaningful is logged. I know that this is not a hardware issue, since on Windows and older live-images (Solus is my distribution of choice) these issues do not exist. I am unsure as to which kernel update broke S3 for me, however I believe it was either late in the 6.10.x cycle or the 6.11.x cycle, since the Solus 4.6 live-image has no such issues on 6.10.13, which was also our last 6.10.x kernel update, and I only started experienced it when we updated to 6.11.5, our first update to 6.11.x, and updating to 6.12.x did not fix anything. The current Solus 4.7 live-image has 6.12.9, and my installed system is currently on 6.12.21. Hardware: Motherboard: Asus Z97 Pro Gamer CPU: i5-4570 dGPU: Sapphire Radeon 540 4GB RAM: 2x Crucial 8GB DDR3L@1600MT/s, 1x Crucial 4GB DDR3L@1600MT/s Storage: 500GB Western Digital WD5000AAKX SATA3 7200RPM HDD DVD Drive: Lite-On DH16ABSH Add-in cards: Intel 3168 PCIe+USB (by means of a simple adapter) VIA VT6315 Firewire 400 PCIe, MosChip MCS9865 Parallel PCI (over integrated ASMedia ASM1083/1085 PCIe to PCI bridge) PSU: Seasonix SS-860XP² 860W

7 months

1
0
0 0

Broken S3 on Asus Z97 Pro Gamer

by moriel5

Good day/night to everyone. I have had S3 sleep broken for well over half a year at this point where the kernel simply crashes upon entering sleep, and the PC turns off (literally stops pulling power from the power supply), and turning it on, at first, causes to to run through 1 on/off cycle, with I believe is a diagnostic step on this board, as it happens whenever something causes the PC to unexpectedly turn off (unless the source is external, like a blackout, in which case once power is restored and I turn on the PC, it turns on normally). At first I thought that it might be an AMDGPU issue, however removing my dGPU, and also, the rest of my hardware, changed nothing. However I have had at one point had asus-wmi try to put the system into S0ix, despite the firmware lacking support for S0ix, and now FastFetch no longer prints out my motherboards model number on the Host line, instead just showing ASUS MB, so I have reason to suspect that asus-wmi may be the culprit for this regression. Unfortunately, I am unable to procure logs, since the kernel crashes before anything meaningful is logged. I know that this is not a hardware issue, since on Windows and older live-images (Solus is my distribution of choice) these issues do not exist. I am unsure as to which kernel update broke S3 for me, however I believe it was either late in the 6.10.x cycle or the 6.11.x cycle, since the Solus 4.6 live-image has no such issues on 6.10.13, which was also our last 6.10.x kernel update, and I only started experienced it when we updated to 6.11.5, our first update to 6.11.x, and updating to 6.12.x did not fix anything. The current Solus 4.7 live-image has 6.12.9, and my installed system is currently on 6.12.21. Hardware: Motherboard: Asus Z97 Pro Gamer CPU: i5-4570 dGPU: Sapphire Radeon 540 4GB RAM: 2x Crucial 8GB DDR3L@1600MT/s, 1x Crucial 4GB DDR3L@1600MT/s Storage: 500GB Western Digital WD5000AAKX SATA3 7200RPM HDD DVD Drive: Lite-On DH16ABSH Add-in cards: Intel 3168 PCIe+USB (by means of a simple adapter) VIA VT6315 Firewire 400 PCIe, MosChip MCS9865 Parallel PCI (over integrated ASMedia ASM1083/1085 PCIe to PCI bridge) PSU: Seasonix SS-860XP² 860W

7 months

1
0
0 0

[PATCH 6.14 000/728] 6.14.2-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.2 release. There are 728 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Apr 2025 19:51:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.2-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.2-rc3 Juri Lelli <juri.lelli(a)redhat.com> include/{topology,cpuset}: Move dl_rebuild_rd_accounting to cpuset.h Ian Rogers <irogers(a)google.com> perf pmu: Rename name matching for no suffix or wildcard variants Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix management of listener transports Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a Kconfig setting to enable delegated timestamps Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Jeff Layton <jlayton(a)kernel.org> nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() Jeff Layton <jlayton(a)kernel.org> nfsd: don't ignore the return code of svc_proc_register() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> media: vimc: skip .s_stream() for stopped entities Oleg Nesterov <oleg(a)redhat.com> exec: fix the racy usage of fs_struct->in_exec Yosry Ahmed <yosry.ahmed(a)linux.dev> mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Lukas Wunner <lukas(a)wunner.de> PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix kernel panic due to null pointer dereference Angelos Oikonomopoulos <angelos(a)igalia.com> arm64: Don't call NULL in do_compat_alignment_fixup() David Hildenbrand <david(a)redhat.com> mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential wrong error return from get_block Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix random stack corruption after get_block Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix null pointer dereference in alloc_preauth_hash() Norbert Szetei <norbert(a)doyensec.com> ksmbd: validate zero num_subauth before sub_auth is accessed Norbert Szetei <norbert(a)doyensec.com> ksmbd: fix overflow in dacloffset bounds check Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix session use-after-free in multichannel connection Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_sessions_deregister() Norbert Szetei <norbert(a)doyensec.com> ksmbd: add bounds check for create lease context Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add bounds check for durable handle context Sean Christopherson <seanjc(a)google.com> KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Miaoqian Lin <linmq006(a)gmail.com> mmc: omap: Fix memory leak in mmc_omap_new_slot Candice Li <candice.li(a)amd.com> Remove unnecessary firmware version check for gc v9_4_2 Robin Murphy <robin.murphy(a)arm.com> media: omap3isp: Handle ARM dma_iommu_mapping Christian Eggers <ceggers(a)arri.de> ARM: 9444/1: add KEEP() keyword to ARM_VECTORS Nathan Chancellor <nathan(a)kernel.org> ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE Gergo Koteles <soyer(a)irl.hu> ACPI: video: Handle fetching EDID as ACPI_TYPE_PACKAGE Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: remove unused acpi function for clc Nathan Chancellor <nathan(a)kernel.org> ACPI: platform-profile: Fix CFI violation when accessing sysfs files Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Arnd Bergmann <arnd(a)arndb.de> x86/Kconfig: Add cmpxchg8b support back to Geode CPUs Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: bch2_ioctl_subvolume_destroy() fixes Jiri Olsa <jolsa(a)kernel.org> uprobes/x86: Harden uretprobe syscall trampoline check Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Apply static call for drain_pebs Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Eduard Christian Dumitrescu <eduard.c.dumitrescu(a)gmail.com> platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560 Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Vishal Annapurve <vannapurve(a)google.com> x86/tdx: Fix arch_safe_halt() execution for TDX VMs Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT Shuai Xue <xueshuai(a)linux.alibaba.com> x86/mce: use is_copy_from_user() to determine copy-from-user context Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected Tianyu Lan <tiala(a)microsoft.com> x86/hyperv: Fix check of return value from snp_set_vmsa() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Don't override subprog's return value Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Fix off-by-one error in build_prologue() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase MAX_IO_PICS up to 8 Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase ARCH_DMA_MINALIGN up to 16 WANG Rui <wangrui(a)loongson.cn> rust: Fix enabling Rust and building with GCC for LoongArch Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Sherry Sun <sherry.sun(a)nxp.com> tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use port struct directly to simply code Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: Use u32 and u8 for register variables Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix Oops after disconnect in agilent usb Dave Penkler <dpenkler(a)gmail.com> staging: gpib: agilent usb console messaging cleanup Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix Oops after disconnect in ni_usb Dave Penkler <dpenkler(a)gmail.com> staging: gpib: ni_usb console messaging cleanup Zhang Rui <rui.zhang(a)intel.com> tools/power turbostat: Restore GFX sysfs fflush() call Len Brown <len.brown(a)intel.com> tools/power turbostat: report CoreThr per measurement interval Yeoreum Yun <yeoreum.yun(a)arm.com> perf/core: Fix child_total_time_enabled accounting bug at task exit Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: fix num_mec Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: fix num_mec Yue Haibing <yuehaibing(a)huawei.com> drm/xe: Fix unmet direct dependencies warning Alexandru Gagniuc <alexandru.gagniuc(a)hp.com> kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally Zhang Rui <rui.zhang(a)intel.com> tools/power turbostat: Allow Zero return value for some RAPL registers Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt_route: pull the ifa- prefix out of the names Dave Marquardt <davemarq(a)linux.ibm.com> net: ibmveth: make veth_pool_store stop hanging Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Ido Schimmel <idosch(a)nvidia.com> ipv6: Do not consider link down nexthops in path selection Ido Schimmel <idosch(a)nvidia.com> ipv6: Start path selection from the first nexthop Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow David Oberhollenzer <david.oberhollenzer(a)sigma-star.at> net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Edward Cree <ecree.xilinx(a)gmail.com> sfc: fix NULL dereferences in ef100_process_design_param() Edward Cree <ecree.xilinx(a)gmail.com> sfc: rip out MDIO support Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Antoine Tenart <atenart(a)kernel.org> net: decrease cached dst counters in dst_release Wang Liang <wangliang74(a)huawei.com> xsk: Fix __xsk_generic_xmit() error code when cq is full Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix multiple wraparounds of sk->sk_rmem_alloc. Kuniyuki Iwashima <kuniyu(a)amazon.com> rtnetlink: Use register_pernet_subsys() in rtnl_net_debug_init(). Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix ETS priomap validation Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue() Eric Dumazet <edumazet(a)google.com> sctp: add mutual exclusion in proc_sctp_do_udp_port() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't unregister hook when table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix adapter NULL pointer dereference on reboot Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> ixgbe: fix media type detection for E610 device Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change k1 configuration on MTP and later platforms Zdenek Bouska <zdenek.bouska(a)siemens.com> igc: Fix TX drops in XDP ZC Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Add launch time support to XDP ZC Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Refactor empty frame insertion for launch time support Song Yoong Siang <yoong.siang.song(a)intel.com> xsk: Add launch time hardware offload support to XDP Tx metadata Florian Fainelli <florian.fainelli(a)broadcom.com> spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Florian Fainelli <florian.fainelli(a)broadcom.com> spi: bcm2835: Do not call gpiod_put() on invalid descriptor Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Maurizio Lombardi <mlombard(a)redhat.com> nvme-pci: skip nvme_write_sq_db on empty rqlist Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer Björn Töpel <bjorn(a)rivosinc.com> riscv/purgatory: 4B align purgatory_start Yao Zi <ziyao(a)disroot.org> riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Josh Poimboeuf <jpoimboe(a)kernel.org> spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Sven Schnelle <svens(a)linux.ibm.com> s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation Ming Lei <ming.lei(a)redhat.com> ublk: make sure ubq->canceling is set when queue is frozen Herton R. Krzesinski <herton(a)redhat.com> x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: errata: Use medany for relocatable builds Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix set up of vector cpu hotplug callback Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix set up of cpu hotplug callbacks Andrew Jones <ajones(a)ventanamicro.com> riscv: Change check_unaligned_access_speed_all_cpus to void Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix check_unaligned_access_all_cpus Andrew Jones <ajones(a)ventanamicro.com> riscv: Fix riscv_online_cpu_vec Andrew Jones <ajones(a)ventanamicro.com> riscv: Annotate unaligned access init functions Pu Lehui <pulehui(a)huawei.com> riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Pu Lehui <pulehui(a)huawei.com> riscv: fgraph: Select HAVE_FUNCTION_GRAPH_TRACER depends on HAVE_DYNAMIC_FTRACE_WITH_ARGS Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix missing __free_pages() in check_vector_unaligned_access() Tingbo Liao <tingbo.liao(a)starfivetech.com> riscv: Fix the __riscv_copy_vec_words_unaligned implementation Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Christian Schoenebeck <linux_oss(a)crudebyte.com> fs/9p: fix NULL pointer dereference on mkdir Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix gang directory lifetimes Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> rtc: renesas-rtca3: Disable interrupts only if the RTC is enabled Dan Carpenter <dan.carpenter(a)linaro.org> nfs: Add missing release on error in nfs_lock_and_join_requests() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool/loongarch: Add unwind hints in prepare_frametrace() Josh Poimboeuf <jpoimboe(a)kernel.org> rcu-tasks: Always inline rcu_irq_work_resched() Josh Poimboeuf <jpoimboe(a)kernel.org> context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() David Laight <david.laight.linux(a)gmail.com> objtool: Fix verbose disassembly if CROSS_COMPILE isn't set Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Jim Liu <jim.t90615(a)gmail.com> net: phy: broadcom: Correct BCM5221 PHY model detection Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Rework the arch_kgdb_breakpoint() implementation Miaoqian Lin <linmq006(a)gmail.com> LoongArch: Fix device node refcount leak in fdt_cpu_clk_init() 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix segfault in ignore_unreachable_insn() Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Lama Kayal <lkayal(a)nvidia.com> net/mlx5e: SHAMPO, Make reserved size independent of page size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix r_count dec/increment mismatch Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Lubomir Rintel <lkundrak(a)v3.sk> rndis_host: Flag RNDIS modems as WWAN devices Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix missing shutdown check Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix netns refcount imbalance causing leaks and use-after-free Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Shut down the nfs_client only after all the superblocks Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() xueqin Luo <luoxueqin(a)kylinos.cn> thermal: core: Remove duplicate struct declaration Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix detection of consecutive jump tables on Clang 20 Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool: Handle PC relative relocation type Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool: Handle different entry size of rodata Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool: Handle various symbol types of rodata Namhyung Kim <namhyung(a)kernel.org> perf bpf-filter: Fix a parsing error with comma Marcus Meissner <meissner(a)suse.de> perf tools: annotate asm_pure_loop.S Likhitha Korrapati <likhitha(a)linux.ibm.com> perf tools: Fix is_compat_mode build break in ppc64 Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: n_tty: use uint for space returned by tty_write_room() Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Stop kthreads if vchiq cdev register fails Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Fix possible NPR of keep-alive thread Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Register debugfs after cdev 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES Thomas Richter <tmricht(a)linux.ibm.com> perf pmu: Handle memory failure in tool_pmu__new() James Clark <james.clark(a)linaro.org> perf: intel-tpebs: Fix incorrect usage of zfree() Stephen Brennan <stephen.s.brennan(a)oracle.com> perf dso: fix dso__is_kallsyms() check Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Benjamin Berg <benjamin.berg(a)intel.com> um: hostfs: avoid issues on inode number reuse by host Benjamin Berg <benjamin.berg(a)intel.com> um: remove copy_from_kernel_nofault_allowed David Gow <davidgow(a)google.com> um: Pass the correct Rust target and options with gcc Cyan Yang <cyan.yang(a)sifive.com> selftests/mm/cow: fix the incorrect error handling Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path NeilBrown <neilb(a)suse.de> NFS: fix open_owner_id_maxsz and related fields. Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for delayed delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for expired delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for returning delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Antonio Quartulli <antonio(a)mandelbit.com> scripts/gdb/linux/symbols.py: address changes to module_sect_attrs Tang Yizhou <yizhou.tang(a)shopee.com> writeback: fix calculations in trace_balance_dirty_pages() for cgwb Tang Yizhou <yizhou.tang(a)shopee.com> writeback: let trace_balance_dirty_pages() take struct dtc as parameter Anshuman Khandual <anshuman.khandual(a)arm.com> arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Ahmad Fatoum <a.fatoum(a)pengutronix.de> reboot: reboot, not shutdown, on hw_protection_reboot timeout Ahmad Fatoum <a.fatoum(a)pengutronix.de> reboot: replace __hw_protection_shutdown bool action parameter with an enum Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX David Hildenbrand <david(a)redhat.com> kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() Veronika Molnarova <vmolnaro(a)redhat.com> perf test stat_all_pmu.sh: Correctly check 'perf stat' result Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf x86/topdown: Fix topdown leader sampling test error on hybrid Ian Rogers <irogers(a)google.com> perf evsel: tp_format accessing improvements Ian Rogers <irogers(a)google.com> perf evlist: Add success path to evlist__create_syswide_maps Ian Rogers <irogers(a)google.com> perf debug: Avoid stack overflow in recursive error message Karan Sanghavi <karansanghvi98(a)gmail.com> iio: light: Add check for array bounds in veml6075_read_int_time_ms Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7173: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad4130: Fix comparison of channel setups Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad_sigma_delta: Disable channel after calibration Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> dmaengine: ptdma: Utilize the AE4DMA engine's multi-queue functionality Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> dmaengine: ae4dma: Use the MSI count and its corresponding IRQ number Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: free irq correctly in remove path Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister Bard Liao <yung-chuan.liao(a)linux.intel.com> soundwire: take in count the bandwidth of a prepared stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix callback decoder status codes Ian Rogers <irogers(a)google.com> perf tests: Fix data symbol test with LTO builds Namhyung Kim <namhyung(a)kernel.org> perf test: Add timeout to datasym workload Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Prevent integer overflow in hdr_first_de() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: correct debug message page size calculation Namhyung Kim <namhyung(a)kernel.org> perf machine: Fixup kernel maps ends after adding extra maps Thomas Richter <tmricht(a)linux.ibm.com> perf bench: Fix perf bench syscall loop count Leo Yan <leo.yan(a)arm.com> perf arm-spe: Fix load-store operation checking Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7192: Grab direct mode for calibration Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7173: Grab direct mode for calibration Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: core: Rework claim and release of direct mode to work with sparse. Nuno Sá <nuno.sa(a)analog.com> iio: backend: make sure to NULL terminate stack buffer Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Mario Limonciello <mario.limonciello(a)amd.com> ucsi_ccg: Don't show failed to get FW build information error Luca Ceresoli <luca.ceresoli(a)bootlin.com> perf build: Fix in-tree build due to symbolic link Ian Rogers <irogers(a)google.com> tools/x86: Fix linux/unaligned.h include path in lib/insn.c James Clark <james.clark(a)linaro.org> perf pmu: Don't double count common sysfs and json events James Clark <james.clark(a)linaro.org> perf pmu: Dynamically allocate tool PMU Ian Rogers <irogers(a)google.com> perf pmus: Restructure pmu_read_sysfs to scan fewer PMUs Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight-etm4x: add isb() before reading the TRCSTATR Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Wentao Liang <vulab(a)iscas.ac.cn> greybus: gb-beagleplay: Add error handling for gb_greybus_init Dmitry Vyukov <dvyukov(a)google.com> perf report: Fix input reload/switch with symbol sort key Dmitry Vyukov <dvyukov(a)google.com> perf report: Add parallelism sort key Namhyung Kim <namhyung(a)kernel.org> perf report: Switch data file correctly in TUI Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix cb7210 pcmcia Oops Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device James Clark <james.clark(a)linaro.org> perf tests: Fix Tool PMU test segfault Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Kan Liang <kan.liang(a)linux.intel.com> perf tools: Add skip check in tool_pmu__event_to_str() Heiko Stuebner <heiko.stuebner(a)cherry.de> phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Really disable all channels at probe time Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Micro-optimize channel disabling Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix scale to conform to ABI Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: gts-helper: export iio_gts_get_total_gain() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: extend regmap to support regfields Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_mapping->a_ops on compression state Ye Bin <yebin10(a)huawei.com> fs/ntfs3: Fix 'proc_info_root' leak when init ntfs failed Ye Bin <yebin10(a)huawei.com> fs/ntfs3: Factor out ntfs_{create/remove}_proc_root() Ye Bin <yebin10(a)huawei.com> fs/ntfs3: Factor out ntfs_{create/remove}_procdir() Ian Rogers <irogers(a)google.com> perf stat: Don't merge counters purely on name Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix Hwmon PMU test endianess issue Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: modify stream enable Benson Leung <bleung(a)chromium.org> usb: typec: thunderbolt: Remove IS_ERR check for plug Benson Leung <bleung(a)chromium.org> usb: typec: thunderbolt: Fix loops that iterate TYPEC_PLUG_SOP_P and TYPEC_PLUG_SOP_PP Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix pr_err format warning Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Add missing interface entry point Chenyuan Yang <chenyuan0y(a)gmail.com> w1: fix NULL pointer dereference in probe James Clark <james.clark(a)linaro.org> perf: Always feature test reallocarray Ian Rogers <irogers(a)google.com> perf stat: Fix find_stat for mixed legacy/non-legacy events Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Fix accessing BTF.ext core_relo header Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Wang Liang <wangliang74(a)huawei.com> RDMA/core: Fix use-after-free when rename device name Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Remi Pommarel <repk(a)triplefau.lt> leds: Fix LED_OFF brightness race Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> clk: qcom: ipq5424: fix software and hardware flow control error of UART Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzv2m: Fix missing of_node_put() call Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Jiayuan Chen <mrpre(a)163.com> bpf: Fix array bounds error with may_goto Neil Armstrong <neil.armstrong(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Dario Binacchi <dario.binacchi(a)amarulasolutions.com> clk: stm32f4: fix an uninitialized variable Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Call crypto_alg_put in crypto_unregister_alg Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: bcm2835: don't -EINVAL on alternate funcs from get_direction() Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Bairavi Alagappan <bairavix.alagappan(a)intel.com> crypto: qat - remove access to parity register for QAT GEN4 Jinghao Jia <jinghao7(a)illinois.edu> samples/bpf: Fix broken vmlinux path for VMLINUX_BTF Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment Charles Han <hanchunchao(a)inspur.com> clk: mmp: Fix NULL vs IS_ERR() check Ian Rogers <irogers(a)google.com> libbpf: Add namespace for errstr making it libbpf_errstr Nathan Chancellor <nathan(a)kernel.org> crypto: tegra - Fix format specifier in tegra_sha_prep_cmd() Alice Ryhl <aliceryhl(a)google.com> rust: fix signature of rust_fmt_argument Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Select NUMA_NO_NODE to create map Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix larval relookup type and mask Thomas Weißschuh <linux(a)weissschuh.net> leds: st1202: Check for error code from devm_mutex_init() call Sicelo A. Mhlongo <absicsz(a)gmail.com> power: supply: bq27xxx_battery: do not update cached flags prematurely Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Fix calculation of total invalidated pages Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Tengda Wu <wutengda(a)huaweicloud.com> selftests/bpf: Fix freplace_link segfault in tailcalls prog test Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix MR cache initialization error flow Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Reserve keyslots to allocate dynamically Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - finalize crypto req on error Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Set IV to NULL explicitly for AES ECB Kees Bakker <kees(a)ijzerbout.nl> RDMA/mana_ib: Ensure variable err is initialized Niklas Schnelle <schnelle(a)linux.ibm.com> s390: Remove ioremap_wt() and pgprot_writethrough() Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix runqslower cross-endian build Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix CMAC intermediate result handling Yue Haibing <yuehaibing(a)huawei.com> pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw() Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Luca Weiss <luca.weiss(a)fairphone.com> remoteproc: qcom: pas: add minidump_id to SC7280 WPSS Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r8a08g045: Check the source of the CPU PLL settings David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Fix string read in strncmp benchmark Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> drivers: clk: qcom: ipq5424: fix the freq table of sdcc1_apps clock Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Suppress binding attributes Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix page_size variable overflow Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for sec spec check Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Use HMAC fallback when keyslots are full Arnd Bergmann <arnd(a)arndb.de> crypto: bpf - Add MODULE_DESCRIPTION for skcipher Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix HASH intermediate result handling Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Transfer HASH init function to crypto engine Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - check return value for hash do_one_req Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Do not use fixed size buffers Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Use separate buffer for setkey Bairavi Alagappan <bairavix.alagappan(a)intel.com> crypto: qat - set parity error mask for qat_420xx Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Test the correct request flag Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Arnd Bergmann <arnd(a)arndb.de> dummycon: fix default rows/cols Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix retry handling off iowq Caleb Sander Mateos <csander(a)purestorage.com> io_uring: use lockless_cq flag in io_req_complete_post() Shay Drory <shayd(a)nvidia.com> PCI: Fix NULL dereference in SR-IOV VF creation error path Caleb Sander Mateos <csander(a)purestorage.com> io_uring/net: only import send_zc buffer once Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI/bwctrl: Fix pcie_bwctrl_select_speed() return type Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: enable compute pipes across all MEC Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: optimize compute loop handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix BAR resizing when VF BARs are assigned Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: histb: Fix an error handling path in histb_pcie_probe() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: ep: Return -ENOMEM for allocation failures Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> drm/amd/display: avoid NPD when ASIC does not support DMUB Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Douglas Anderson <dianders(a)chromium.org> drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Jason-JH Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix config_updating flag never false when no mbox channel Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/kexec: fix physical address calculation in clear_utlb_entry() Christophe Leroy <christophe.leroy(a)csgroup.eu> crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD Niklas Cassel <cassel(a)kernel.org> PCI: endpoint: pci-epf-test: Handle endianness properly Niklas Cassel <cassel(a)kernel.org> misc: pci_endpoint_test: Handle BAR sizes larger than INT_MAX Niklas Cassel <cassel(a)kernel.org> misc: pci_endpoint_test: Fix pci_endpoint_test_bars_read_bar() error handling Vaibhav Jain <vaibhav(a)linux.ibm.com> powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Rob Clark <robdclark(a)chromium.org> drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Steven Price <steven.price(a)arm.com> drm/panthor: Clean up FW version information display Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Avoid sleep locking in the internal BO size path Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Replace sleep locks with spinlocks in fdinfo path Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Expose size of driver internal BO's over fdinfo Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/file: Add fdinfo helper for printing regions with prefix Ashley Smith <ashley.smith(a)collabora.com> drm/panthor: Update CS_STATUS_ defines to correct values Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't set crtc_state->mode_changed from atomic_check() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: simplify dpu_encoder_get_topology() interface Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: move needs_cdm setting to dpu_encoder_get_topology() Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Yi Lai <yi1.lai(a)intel.com> selftests/pcie_bwctrl: Add 'set_pcie_speed.sh' to TEST_PROGS Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix potential premature regulator disabling Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix error path after a call to regulator_bulk_get() Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Set generation limit before PCIe link up Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Lorenzo Bianconi <lorenzo(a)kernel.org> PCI: mediatek-gen3: Configure PBUS_CSR registers for EN7581 SoC Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/gem: Fix error code msm_parse_deps() Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Remove arbitrary limit of 1 interface in DSC topology Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Fall back to a single DSC encoder (1:1:1) on small SoCs Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Use existing per-interface slice count in DSC timing Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Program clock inverters in correct register Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't use active in atomic_check() Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: fix an indent issue in DML21 Tushar Dave <tdave(a)nvidia.com> PCI/ACS: Fix 'pci=config_acs=' parameter John Keeping <jkeeping(a)inmusicbrands.com> drm/panel: ilitek-ili9882t: fix GPIO name in error message Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Allow relaxed bridge window tail sizing for optional resources Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Simplify size1 assignment logic Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Remove add_align overwrite unrelated to size0 Kai-Heng Feng <kaihengf(a)nvidia.com> PCI: Use downstream bridges for distributing resources Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/vcn5.0.1: use correct dpm helper Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/umsch: fix ucode check Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/umsch: declare umsch firmware Saleemkhan Jamadar <saleemkhan.jamadar(a)amd.com> drm/amdgpu/umsch: remove vpe test from umsch Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: refine smu send msg debug log format Vitalii Mordan <mordan(a)ispras.ru> gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Bart Van Assche <bvanassche(a)acm.org> drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() Charles Han <hanchunchao(a)inspur.com> drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Fix race condition when gathering fdinfo group samples Hermes Wu <Hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP V match check is not performed correctly Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: ensure ssd132x pitch is correct John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: fix ssd132x encoding Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix a race between the reset and suspend path Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Return error when setting clock failed for npu1 Javier Martinez Canillas <javierm(a)redhat.com> drm/ssd130x: Set SPI .id_table to prevent an SPI core warning Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Jann Horn <jannh(a)google.com> rwonce: fix crash by removing READ_ONCE() for unaligned read Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix Tx L4 checksum Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix Tx descriptor content for some tunnel packets Pranjal Shrivastava <praan(a)google.com> net: Fix the devmem sock opts and msgs for parisc Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_LE_DIRECT_ADV_REPORT Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix kernel panic during FW release Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: fix DCB apptrust configuration on KSZ88x3 Jann Horn <jannh(a)google.com> rwonce: handle KCSAN like KASAN in read_word_at_a_time() Wentao Guan <guanwentao(a)uniontech.com> Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Enable buffer flow control for SCO/eSCO Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: Add quirk for broken READ_VOICE_SETTING Akihiko Odaki <akihiko.odaki(a)daynix.com> virtio_net: Fix endian with virtio_net_ctrl_rss Wang Liang <wangliang74(a)huawei.com> net: fix NULL pointer dereference in l3mdev_l3_rcv Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Use kernel helpers for hex dumps Wang Liang <wangliang74(a)huawei.com> bonding: check xdp prog when set bond mode Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: unregister xdp rxq info in the reset path Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Start health poll after enable hca Mark Bloch <mbloch(a)nvidia.com> net/mlx5: LAG, reload representors on LAG creation failure Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: reject other RX filters than HWTSTAMP_FILTER_PTP_V2_L2_EVENT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix displaced ethtool statistics counters WangYuli <wangyuli(a)uniontech.com> mlxsw: spectrum_acl_bloom_filter: Workaround for some LLVM versions Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable STU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Linearize TX SKB if the fragments exceed the max Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Mask the bd_cnt field in the TX BD properly Maxim Mikityanskiy <maxtram95(a)gmail.com> net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Remove broken autobind WangYuli <wangyuli(a)uniontech.com> netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE Chenyuan Yang <chenyuan0y(a)gmail.com> netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Taehee Yoo <ap420073(a)gmail.com> eth: bnxt: fix out-of-range access of vnic_info array Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: avoid journaling sb update on error if journal is destroying Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: define ext4_journal_destroy wrapper Zhang Yi <yi.zhang(a)huawei.com> jbd2: add a missing data flush during file and fs synchronization Niklas Cassel <cassel(a)kernel.org> nvmet: pci-epf: Always configure BAR0 as 64-bit Jacob Keller <jacob.e.keller(a)intel.com> ptp: ocp: reject unsupported periodic output flags Jacob Keller <jacob.e.keller(a)intel.com> broadcom: fix supported flag check in periodic output function Jacob Keller <jacob.e.keller(a)intel.com> net: lan743x: reject unsupported external timestamp requests Jacob Keller <jacob.e.keller(a)intel.com> renesas: reject PTP_STRICT_FLAGS as unsupported Jacob Keller <jacob.e.keller(a)intel.com> igb: reject invalid external timestamp requests for 82580-based HW Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() Mark Harmstone <maharmstone(a)fb.com> btrfs: don't clobber ret in btrfs_validate_super() Boris Burkov <boris(a)bur.io> btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Filipe Manana <fdmanana(a)suse.com> btrfs: fix reclaimed bytes accounting after automatic block group reclaim Filipe Manana <fdmanana(a)suse.com> btrfs: get used bytes while holding lock at btrfs_reclaim_bgs_work() Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: check error for register_netdev() on init Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Lukasz Czapnik <lukasz.czapnik(a)intel.com> ice: fix input validation for virtchnl BW Jan Glaza <jan.glaza(a)intel.com> ice: validate queue quanta parameters to prevent OOB access Jan Glaza <jan.glaza(a)intel.com> ice: stop truncating queue ids when checking Jan Glaza <jan.glaza(a)intel.com> virtchnl: make proto and filter action count unsigned Jesse Brandeburg <jbrandeburg(a)cloudflare.com> ice: fix reservation of resources for RDMA when disabled Karol Kolacinski <karol.kolacinski(a)intel.com> ice: ensure periodic output start time is in the future Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: health.c: fix compilation on gcc 7.5 Jeff Chen <jeff.chen_1(a)nxp.com> wifi: mwifiex: Fix RF calibration data download from file Jeff Chen <jeff.chen_1(a)nxp.com> wifi: mwifiex: Fix premature release of RF calibration data. Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: init wiphy_work before allocating rfkill fails Mikhail Lobanov <m.lobanov(a)rosa.ru> wifi: mac80211: check basic rates validity in sta_link_apply_parameters Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: nl80211: store chandef on the correct link when starting CAC Niklas Cassel <cassel(a)kernel.org> ata: libata: Fix NCQ Non-Data log not supported print Zhang Yi <yi.zhang(a)huawei.com> jbd2: fix off-by-one while erasing journal Baokun Li <libaokun1(a)huawei.com> ext4: goto right label 'out_mmap_sem' in ext4_setattr() Ye Bin <yebin10(a)huawei.com> ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() Ye Bin <yebin10(a)huawei.com> ext4: introduce ITAIL helper Guixin Liu <kanie(a)linux.alibaba.com> scsi: target: tcm_loop: Fix wrong abort tag Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fixed failure to issue vendor specific commands Chunhai Guo <guochunhai(a)vivo.com> f2fs: fix missing discard for active segments Jan Kara <jack(a)suse.cz> ext4: verify fast symlink length Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: add missing brelse() for bh2 in ext4_dx_add_entry() Gao Xiang <xiang(a)kernel.org> erofs: allow 16-byte volume name again Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> arm64: dts: rockchip: remove ethm0_clk0_25m_out from Sige5 gmac0 Yao Zi <ziyao(a)disroot.org> arm64: dts: rockchip: Fix PWM pinctrl names Jianfeng Liu <liujianfeng1994(a)gmail.com> arm64: dts: rockchip: Fix pcie reset gpio on Orange Pi 5 Max Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls Chen-Yu Tsai <wens(a)csie.org> arm64: dts: rockchip: Remove bluetooth node from rock-3a Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: Move rk356x scmi SHMEM to reserved memory Baokun Li <libaokun1(a)huawei.com> ext4: show 'emergency_ro' when EXT4_FLAGS_EMERGENCY_RO is set Baokun Li <libaokun1(a)huawei.com> ext4: correct behavior under errors=remount-ro mode Baokun Li <libaokun1(a)huawei.com> ext4: add EXT4_FLAGS_EMERGENCY_RO bit Baokun Li <libaokun1(a)huawei.com> ext4: convert EXT4_FLAGS_* defines to enum Charles Han <hanchunchao(a)inspur.com> ext4: fix potential null dereference in ext4 kunit test Ming Lei <ming.lei(a)redhat.com> block: fix adding folio to bio Chao Yu <chao(a)kernel.org> f2fs: fix to avoid running out of free segments Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove SSID from ML reconf Robin Murphy <robin.murphy(a)arm.com> iommu: Handle race with default domain setup Chao Yu <chao(a)kernel.org> f2fs: fix to avoid accessing uninitialized curseg Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> arm64: dts: imx8mp: change AUDIO_AXI_CLK_ROOT freq. to 800MHz Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> arm64: dts: imx8mp: add AUDIO_AXI_CLK_ROOT to AUDIOMIX block Max Merchel <Max.Merchel(a)ew.tq-group.com> ARM: dts: imx6ul-tqma6ul1: Change include order to disable fec2 node Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: skip if we cannot defer delete Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: minor evict fix Xueqi Zhang <xueqi.zhang(a)mediatek.com> memory: mtk-smi: Add ostd setting for mt8192 Yunhui Cui <cuiyunhui(a)bytedance.com> iommu/vt-d: Fix system hang on reboot -f Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Fix header file Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix lan4 support in airoha_qdma_get_gdm_port() Arnd Bergmann <arnd(a)arndb.de> firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() Zheng Qixing <zhengqixing(a)huawei.com> badblocks: use sector_t instead of int to avoid truncation of badblocks length Zheng Qixing <zhengqixing(a)huawei.com> badblocks: return boolean from badblocks_set() and badblocks_clear() Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: do partial IO for bad blocks Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: replace null_process_cmd() call in null_zone_write() Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: introduce badblocks_once parameter Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: generate null_blk configfs features string Zheng Qixing <zhengqixing(a)huawei.com> badblocks: fix missing bad blocks on retry in _badblocks_check() Li Nan <linan122(a)huawei.com> badblocks: fix merge issue when new badblocks align with pre+1 Li Nan <linan122(a)huawei.com> badblocks: fix the using of MAX_BADBLOCKS Li Nan <linan122(a)huawei.com> badblocks: return error if any badblock set fails Li Nan <linan122(a)huawei.com> badblocks: return error directly when setting badblocks exceeds 512 Li Nan <linan122(a)huawei.com> badblocks: attempt to merge adjacent badblocks during ack_all_badblocks Li Nan <linan122(a)huawei.com> badblocks: factor out a helper try_adjacent_combine Li Nan <linan122(a)huawei.com> badblocks: Fix error shitf ops Anuj Gupta <anuj20.g(a)samsung.com> block: Correctly initialize BLK_INTEGRITY_NOGENERATE and BLK_INTEGRITY_NOVERIFY Anuj Gupta <anuj20.g(a)samsung.com> block: ensure correct integrity capability propagation in stacked devices Xiao Ni <xni(a)redhat.com> md/raid10: wait barrier before returning discard request with REQ_NOWAIT AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mt8365-mmsys: Fix routing table masks and values AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mt8167-mmsys: Fix missing regval in all entries AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-mmsys: Fix MT8188 VDO1 DPI1 output selection Yu Kuai <yukuai3(a)huawei.com> blk-throttle: fix lower bps rate by throtl_trim_slice() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: correct ISR RDU bit for 8922AE Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() Michael Walle <mwalle(a)kernel.org> arm64: dts: ti: k3-j722s: fix pinctrl settings Michael Walle <mwalle(a)kernel.org> arm64: dts: ti: k3-am62p: fix pinctrl settings Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: ti: k3-am62p: Enable AUDIO_REFCLKx Tomas Glozar <tglozar(a)redhat.com> tools/rv: Keep user LDFLAGS in build Gabriele Monaco <gmonaco(a)redhat.com> tracing: Fix DECLARE_TRACE_CONDITION Su Yue <glass.su(a)suse.com> md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb Yu Kuai <yukuai3(a)huawei.com> md/raid1,raid10: don't ignore IO flags Yu Kuai <yukuai3(a)huawei.com> md: fix mddev uaf while iterating all_mddevs list Chao Yu <chao(a)kernel.org> f2fs: fix to call f2fs_recover_quota_end() correctly Chao Yu <chao(a)kernel.org> f2fs: fix potential deadloop in prepare_compress_overwrite() Stefan Eichenberger <stefan.eichenberger(a)toradex.com> arm64: dts: ti: k3-am62-verdin-dahlia: add Microphone Jack to sound card Leo Stone <leocstone(a)gmail.com> f2fs: add check for deleted inode Chao Yu <chao(a)kernel.org> f2fs: fix to set .discard_granularity correctly Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> arm64: dts: mediatek: mt8390-genio-common: Fix duplicated regulator name Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> arm64: dts: mediatek: mt8390-genio-700-evk: Move common parts to dtsi Ahmad Fatoum <a.fatoum(a)pengutronix.de> arm64: dts: imx8mp-skov: operate CPU at 850 mV by default Ahmad Fatoum <a.fatoum(a)pengutronix.de> arm64: dts: imx8mp-skov: correct PMIC board limits Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: use link specific bss_conf as well in ath12k_mac_vif_cache_flush() Hrushikesh Salunke <h-salunke(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip the first/partition ID when parsing vCPU list Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a77990: Re-add voltages to OPP table Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a774c0: Re-add voltages to OPP table Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Explicitly cast return value from NOTIFICATION_INFO_GET Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison Asahi Lina <lina(a)asahilina.net> iommu/io-pgtable-dart: Only set subpage protection disable for DART 1 Leon Romanovsky <leon(a)kernel.org> xfrm: delay initialization of offload path till its actually requested Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw89: rtw8852b{t}: fix TSSI debug timestamps Nicolas Escande <nico.escande(a)gmail.com> wifi: ath12k: Add missing htt_metadata flag in ath12k_dp_tx() Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: add check read-only before truncation in jfs_truncate_nolock() Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: add check read-only before txBeginAnon() call Dmitry Antipov <dmantipov(a)yandex.ru> jfs: reject on-disk inodes of an unsupported type Robin van der Gracht <robin(a)protonic.nl> can: rockchip_canfd: rkcanfd_chip_fifo_setup(): remove duplicated setup of RX FIFO Bart Van Assche <bvanassche(a)acm.org> scsi: mpt3sas: Fix a locking bug in an error path Bart Van Assche <bvanassche(a)acm.org> scsi: mpi3mr: Fix locking in an error path Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt6359: fix dtbs_check error for audio-codec Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Unregister the FF-A devices when cleaning up the partitions Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Refactor addition of partition information into XArray Jens Axboe <axboe(a)kernel.dk> io_uring/net: improve recv bundles Pavel Begunkov <asml.silence(a)gmail.com> io_uring: check for iowq alloc_workqueue failure Max Kellermann <max.kellermann(a)ionos.com> io_uring/io-wq: do not use bogus hash value Max Kellermann <max.kellermann(a)ionos.com> io_uring/io-wq: cache work->flags in variable Max Kellermann <max.kellermann(a)ionos.com> io_uring/io-wq: eliminate redundant io_work_get_acct() calls Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> coredump: Fixes core_pipe_limit sysctl proc_handler Zheng Qixing <zhengqixing(a)huawei.com> md/raid1: fix memory leak in raid1_run() if no active rdev Li Nan <linan122(a)huawei.com> md: ensure resync is prioritized over recovery Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO Chao Yu <chao(a)kernel.org> f2fs: fix to avoid panic once fallocation fails for pinfile Bart Van Assche <bvanassche(a)acm.org> wifi: ath12k: Fix locking in "QMI firmware ready" error paths Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath11k: fix RCU stall while reaping monitor destination ring Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> dlm: prevent NPD when writing a positive value to event_done Chao Yu <chao(a)kernel.org> f2fs: quota: fix to avoid warning in dquot_writeback_dquots() Tom Rini <trini(a)konsulko.com> ARM: dts: omap4-panda-a4: Add missing model and compatible properties Wen Gong <quic_wgong(a)quicinc.com> wifi: ath11k: update channel list in reg notifier instead reg worker Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix some node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop pmic's #address-cells and #size-cells Yu Zhang(Yuriy) <quic_yuzha(a)quicinc.com> wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: do not submit zero bytes to the entropy pool Rameshkumar Sundaram <quic_ramess(a)quicinc.com> wifi: ath12k: Fix pdev lookup in WBM error processing Sathishkumar Muruganandam <quic_murugana(a)quicinc.com> wifi: ath12k: encode max Tx power in scan channel list command Nicolas Escande <nico.escande(a)gmail.com> wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path Liang Jie <liangjie(a)lixiang.com> wifi: rtw89: Correct immediate cfg_len calculation for scan_offload_be Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Don't take register_mutex with copy_from/to_user() Olivia Mackintosh <livvy(a)base.nu> ALSA: usb-audio: separate DJM-A9 cap lvl options Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Ritu Chaudhary <rituc(a)nvidia.com> ASoC: tegra: Use non-atomic timeout for ADX status register Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Maud Spierings <maudspierings(a)gocontroll.com> dt-bindings: vendor-prefixes: add GOcontroll Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() Jiri Kosina <jikos(a)kernel.org> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> ASoC: cs35l41: check the return value from spi_setup() Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-ddv: Fix temperature calculation Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> auxdisplay: panel: Fix an API misuse in panel.c Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: HEVC: Initialize start_bit field Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: MAX6959 should select BITREVERSE Frieder Schrempf <frieder.schrempf(a)kontron.de> regulator: pca9450: Fix enable register for LDO5 Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Teardown riscv specific bits after kvm_exit Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/entry: Add __init to ia32_emulation_override_cmdline() Chao Gao <chao.gao(a)intel.com> x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Josh Poimboeuf <jpoimboe(a)kernel.org> x86/traps: Make exc_double_fault() consistently noreturn Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Rebuild root domain accounting after every update Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Generalize unique visiting of root domains Juri Lelli <juri.lelli(a)redhat.com> sched/topology: Wrappers for sched_domains_mutex Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Ignore special tasks when rebuilding domains Kan Liang <kan.liang(a)linux.intel.com> perf/x86/lbr: Fix shorter LBRs call stacks for the system-wide mode Kan Liang <kan.liang(a)linux.intel.com> perf: Supply task information to sched_task() Kan Liang <kan.liang(a)linux.intel.com> perf: Save PMU specific data in task_struct Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Jacky Bai <ping.bai(a)nxp.com> cpufreq: Init cpufreq only for present CPUs Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Jacky Bai <ping.bai(a)nxp.com> cpuidle: Init cpuidle only for present CPUs James Morse <james.morse(a)arm.com> x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: realm: Use aliased addresses for device DMA to shared buffers Suzuki K Poulose <suzuki.poulose(a)arm.com> dma: Introduce generic dma_addr_*crypted helpers Suzuki K Poulose <suzuki.poulose(a)arm.com> dma: Fix encryption bit clearing for dma_to_phys Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Maksim Davydov <davydov-max(a)yandex-team.ru> x86/split_lock: Fix the delayed detection logic Li Huafei <lihuafei1(a)huawei.com> watchdog/hardlockup/perf: Fix perf_event memory leak Kees Cook <kees(a)kernel.org> kunit/stackinit: Use fill byte different from Clang i386 pattern Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Disable the kernel perf counter during configure Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra194: Allow building for Tegra234 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Peter Zijlstra <peterz(a)infradead.org> lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Michael Jeanson <mjeanson(a)efficios.com> rseq: Update kernel fields in lockstep with CONFIG_DEBUG_RSEQ=y Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Convert all perf values to u8 Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Pass min/max_limit_perf as min/max_perf to amd_pstate_update Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Modify the min_perf calculation in adjust_perf callback Stanislav Spassov <stanspas(a)amazon.de> x86/fpu: Fix guest FPU state buffer allocation size Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> x86/vdso: Fix latent bug in vclock_pages calculation Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix the flood of invalid error reports Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks zihan zhou <15645113830zzh(a)gmail.com> sched: Cancel the slice protection of the idle entity Konstantin Andreev <andreev(a)swemel.ru> smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label Konstantin Andreev <andreev(a)swemel.ru> smack: dont compile ipv6 code unless ipv6 is configured Oleg Nesterov <oleg(a)redhat.com> seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: sun3: Fix DEBUG_MMU_EMU build Thorsten Blum <thorsten.blum(a)linux.dev> m68k: sun3: Use str_read_write() helper in mmu_emu_handle_fault() Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch Christian Brauner <brauner(a)kernel.org> fs: support O_PATH fds with FSCONFIG_SET_FD ------------- Diffstat: .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/netlink/specs/netdev.yaml | 4 + Documentation/netlink/specs/rt_route.yaml | 180 ++-- Documentation/networking/xsk-tx-metadata.rst | 62 ++ Makefile | 4 +- arch/arm/Kconfig | 2 +- .../boot/dts/nxp/imx/imx6ul-tqma6ul1-mba6ulx.dts | 3 +- arch/arm/boot/dts/nxp/imx/imx6ul-tqma6ul1.dtsi | 2 - arch/arm/boot/dts/ti/omap/omap4-panda-a4.dts | 5 + arch/arm/include/asm/vmlinux.lds.h | 12 +- .../arm64/boot/dts/freescale/imx8mp-skov-reva.dtsi | 39 +- arch/arm64/boot/dts/freescale/imx8mp.dtsi | 7 +- arch/arm64/boot/dts/mediatek/mt6359.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- .../boot/dts/mediatek/mt8390-genio-700-evk.dts | 1033 +------------------ .../boot/dts/mediatek/mt8390-genio-common.dtsi | 1046 ++++++++++++++++++++ arch/arm64/boot/dts/renesas/r8a774c0.dtsi | 4 + arch/arm64/boot/dts/renesas/r8a77990.dtsi | 4 + arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3318-a95x-z2.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3399-nanopi4.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 14 - arch/arm64/boot/dts/rockchip/rk356x-base.dtsi | 25 +- .../boot/dts/rockchip/rk3576-armsom-sige5.dts | 3 +- .../dts/rockchip/rk3588-orangepi-5-compact.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 2 +- arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi | 6 +- .../boot/dts/ti/k3-am62p-j722s-common-mcu.dtsi | 8 - arch/arm64/boot/dts/ti/k3-am62p-main.dtsi | 26 +- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +- arch/arm64/boot/dts/ti/k3-j722s-main.dtsi | 15 - arch/arm64/include/asm/mem_encrypt.h | 11 + arch/arm64/kernel/compat_alignment.c | 2 + arch/loongarch/Kconfig | 4 +- arch/loongarch/include/asm/cache.h | 2 + arch/loongarch/include/asm/irq.h | 2 +- arch/loongarch/include/asm/stacktrace.h | 3 + arch/loongarch/include/asm/unwind_hints.h | 10 +- arch/loongarch/kernel/env.c | 2 + arch/loongarch/kernel/kgdb.c | 5 +- arch/loongarch/net/bpf_jit.c | 12 +- arch/loongarch/net/bpf_jit.h | 5 + arch/m68k/include/asm/processor.h | 14 + arch/m68k/sun3/mmu_emu.c | 7 +- arch/parisc/include/uapi/asm/socket.h | 12 +- arch/powerpc/configs/mpc885_ads_defconfig | 2 +- arch/powerpc/crypto/Makefile | 1 + arch/powerpc/kexec/relocate_32.S | 7 +- arch/powerpc/perf/core-book3s.c | 8 +- arch/powerpc/perf/vpa-pmu.c | 1 + arch/powerpc/platforms/cell/spufs/gang.c | 1 + arch/powerpc/platforms/cell/spufs/inode.c | 63 +- arch/powerpc/platforms/cell/spufs/spufs.h | 2 + arch/riscv/Kconfig | 2 +- arch/riscv/errata/Makefile | 6 +- arch/riscv/include/asm/cpufeature.h | 4 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/riscv/kernel/elf_kexec.c | 3 + arch/riscv/kernel/mcount.S | 24 +- arch/riscv/kernel/traps_misaligned.c | 14 +- arch/riscv/kernel/unaligned_access_speed.c | 91 +- arch/riscv/kernel/vec-copy-unaligned.S | 2 +- arch/riscv/kvm/main.c | 4 +- arch/riscv/kvm/vcpu_pmu.c | 1 + arch/riscv/mm/hugetlbpage.c | 74 +- arch/riscv/purgatory/entry.S | 1 + arch/s390/include/asm/io.h | 2 - arch/s390/include/asm/pgtable.h | 3 - arch/s390/kernel/entry.S | 2 +- arch/s390/kernel/perf_pai_crypto.c | 3 +- arch/s390/kernel/perf_pai_ext.c | 3 +- arch/s390/mm/pgtable.c | 10 - arch/um/include/shared/os.h | 1 - arch/um/kernel/Makefile | 2 +- arch/um/kernel/maccess.c | 19 - arch/um/os-Linux/process.c | 51 - arch/x86/Kconfig | 3 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/Makefile.um | 7 +- arch/x86/coco/tdx/tdx.c | 26 +- arch/x86/entry/calling.h | 2 + arch/x86/entry/common.c | 2 +- arch/x86/entry/vdso/vdso-layout.lds.S | 2 +- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/events/amd/brs.c | 3 +- arch/x86/events/amd/lbr.c | 3 +- arch/x86/events/core.c | 5 +- arch/x86/events/intel/core.c | 51 +- arch/x86/events/intel/ds.c | 13 +- arch/x86/events/intel/lbr.c | 50 +- arch/x86/events/perf_event.h | 18 +- arch/x86/hyperv/ivm.c | 2 +- arch/x86/include/asm/irqflags.h | 40 +- arch/x86/include/asm/paravirt.h | 20 +- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/include/asm/tdx.h | 4 +- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/include/asm/vdso/vsyscall.h | 1 + arch/x86/kernel/cpu/bus_lock.c | 20 +- arch/x86/kernel/cpu/mce/severity.c | 11 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/fpu/core.c | 6 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/process.c | 9 +- arch/x86/kernel/traps.c | 18 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/kernel/uprobes.c | 14 +- arch/x86/kvm/svm/sev.c | 13 +- arch/x86/kvm/x86.c | 15 +- arch/x86/lib/copy_user_64.S | 18 + arch/x86/mm/mem_encrypt_identity.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- arch/x86/mm/pat/memtype.c | 52 +- block/badblocks.c | 286 ++---- block/bio.c | 11 +- block/blk-settings.c | 51 +- block/blk-throttle.c | 13 +- crypto/algapi.c | 3 +- crypto/api.c | 17 +- crypto/bpf_crypto_skcipher.c | 1 + drivers/accel/amdxdna/aie2_smu.c | 2 + drivers/acpi/acpi_video.c | 9 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/platform_profile.c | 26 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 7 + drivers/acpi/x86/utils.c | 3 +- drivers/ata/libata-core.c | 2 +- drivers/auxdisplay/Kconfig | 1 + drivers/auxdisplay/panel.c | 4 +- drivers/base/power/main.c | 21 +- drivers/base/power/runtime.c | 2 +- drivers/block/null_blk/main.c | 165 +-- drivers/block/null_blk/null_blk.h | 6 + drivers/block/null_blk/zoned.c | 20 +- drivers/block/ublk_drv.c | 41 +- drivers/bluetooth/btnxpuart.c | 6 +- drivers/bluetooth/btusb.c | 2 + drivers/bus/qcom-ssc-block-bus.c | 34 +- drivers/clk/clk-stm32f4.c | 4 +- drivers/clk/imx/clk-imx8mp-audiomix.c | 6 +- drivers/clk/meson/g12a.c | 38 +- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/mmp/clk-pxa1908-apmu.c | 4 +- drivers/clk/qcom/gcc-ipq5424.c | 24 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/gcc-sm8650.c | 4 +- drivers/clk/qcom/gcc-x1e80100.c | 30 - drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/renesas/r9a08g045-cpg.c | 5 +- drivers/clk/renesas/rzg2l-cpg.c | 13 +- drivers/clk/renesas/rzg2l-cpg.h | 10 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/cpufreq/Kconfig.arm | 2 +- drivers/cpufreq/amd-pstate-trace.h | 46 +- drivers/cpufreq/amd-pstate.c | 80 +- drivers/cpufreq/amd-pstate.h | 18 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/cpufreq/cpufreq_governor.c | 45 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/cpufreq/mediatek-cpufreq.c | 2 +- drivers/cpufreq/mvebu-cpufreq.c | 2 +- drivers/cpufreq/qcom-cpufreq-hw.c | 2 +- drivers/cpufreq/qcom-cpufreq-nvmem.c | 8 +- drivers/cpufreq/scmi-cpufreq.c | 2 +- drivers/cpufreq/scpi-cpufreq.c | 7 +- drivers/cpufreq/sun50i-cpufreq-nvmem.c | 6 +- drivers/cpufreq/virtual-cpufreq.c | 2 +- drivers/cpuidle/cpuidle-arm.c | 8 +- drivers/cpuidle/cpuidle-big_little.c | 2 +- drivers/cpuidle/cpuidle-psci.c | 4 +- drivers/cpuidle/cpuidle-qcom-spm.c | 2 +- drivers/cpuidle/cpuidle-riscv-sbi.c | 4 +- drivers/crypto/hisilicon/sec2/sec.h | 1 - drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 +-- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1 + drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 +- drivers/crypto/nx/nx-common-pseries.c | 37 +- drivers/crypto/tegra/tegra-se-aes.c | 401 +++++--- drivers/crypto/tegra/tegra-se-hash.c | 287 ++++-- drivers/crypto/tegra/tegra-se-key.c | 29 +- drivers/crypto/tegra/tegra-se-main.c | 16 +- drivers/crypto/tegra/tegra-se.h | 39 +- drivers/dma/amd/ae4dma/ae4dma-pci.c | 4 +- drivers/dma/amd/ae4dma/ae4dma.h | 2 + drivers/dma/amd/ptdma/ptdma-dmaengine.c | 90 +- drivers/dma/fsl-edma-main.c | 14 +- drivers/edac/i10nm_base.c | 2 + drivers/edac/ie31200_edac.c | 19 +- drivers/edac/igen6_edac.c | 21 +- drivers/edac/skx_common.c | 33 + drivers/edac/skx_common.h | 11 + drivers/firmware/arm_ffa/bus.c | 3 +- drivers/firmware/arm_ffa/driver.c | 60 +- drivers/firmware/arm_scmi/driver.c | 10 - drivers/firmware/cirrus/cs_dsp.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 461 +-------- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 12 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 - .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 + .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 + .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- .../dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12 +- drivers/gpu/drm/bridge/ite-it6505.c | 7 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/drm_file.c | 26 +- drivers/gpu/drm/mediatek/mtk_crtc.c | 7 +- drivers/gpu/drm/mediatek/mtk_dp.c | 6 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 - drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 132 ++- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.h | 4 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 24 + drivers/gpu/drm/msm/dsi/dsi_host.c | 8 +- drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2 +- drivers/gpu/drm/msm/msm_atomic.c | 13 +- drivers/gpu/drm/msm/msm_dsc_helper.h | 11 - drivers/gpu/drm/msm/msm_gem_submit.c | 2 +- drivers/gpu/drm/msm/msm_kms.h | 7 + drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2 +- drivers/gpu/drm/panthor/panthor_device.c | 22 +- drivers/gpu/drm/panthor/panthor_drv.c | 14 + drivers/gpu/drm/panthor/panthor_fw.c | 9 +- drivers/gpu/drm/panthor/panthor_fw.h | 6 +- drivers/gpu/drm/panthor/panthor_heap.c | 54 +- drivers/gpu/drm/panthor/panthor_heap.h | 2 + drivers/gpu/drm/panthor/panthor_mmu.c | 27 + drivers/gpu/drm/panthor/panthor_mmu.h | 3 + drivers/gpu/drm/panthor/panthor_sched.c | 84 +- drivers/gpu/drm/panthor/panthor_sched.h | 3 + drivers/gpu/drm/solomon/ssd130x-spi.c | 7 +- drivers/gpu/drm/solomon/ssd130x.c | 6 +- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xe/Kconfig | 2 +- drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- drivers/gpu/drm/xlnx/zynqmp_dp_audio.c | 4 + drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/greybus/gb-beagleplay.c | 4 +- drivers/hid/Makefile | 1 - drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 20 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 +- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/accel/msa311.c | 28 +- drivers/iio/adc/ad4130.c | 41 +- drivers/iio/adc/ad7124.c | 60 +- drivers/iio/adc/ad7173.c | 30 +- drivers/iio/adc/ad7192.c | 5 + drivers/iio/adc/ad7768-1.c | 15 + drivers/iio/adc/ad_sigma_delta.c | 1 + drivers/iio/dac/adi-axi-dac.c | 8 + drivers/iio/industrialio-backend.c | 4 +- drivers/iio/industrialio-gts-helper.c | 11 +- drivers/iio/light/Kconfig | 1 + drivers/iio/light/veml6030.c | 587 +++++------ drivers/iio/light/veml6075.c | 8 +- drivers/infiniband/core/device.c | 18 +- drivers/infiniband/core/mad.c | 38 +- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/erdma/erdma_cm.c | 1 - drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/infiniband/hw/mlx5/mr.c | 41 +- drivers/infiniband/hw/mlx5/odp.c | 10 +- drivers/iommu/amd/amd_iommu.h | 7 +- drivers/iommu/intel/iommu.c | 17 +- drivers/iommu/io-pgtable-dart.c | 2 +- drivers/iommu/iommu.c | 5 + drivers/leds/led-core.c | 22 +- drivers/leds/leds-st1202.c | 4 +- drivers/md/md-bitmap.c | 6 +- drivers/md/md.c | 71 +- drivers/md/md.h | 6 +- drivers/md/raid1-10.c | 2 +- drivers/md/raid1.c | 17 +- drivers/md/raid10.c | 19 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + drivers/media/platform/ti/omap3isp/isp.c | 7 + .../platform/verisilicon/hantro_g2_hevc_dec.c | 1 + drivers/media/rc/streamzap.c | 2 +- drivers/media/test-drivers/vimc/vimc-streamer.c | 6 + drivers/memory/mtk-smi.c | 33 + drivers/mfd/sm501.c | 6 +- drivers/misc/pci_endpoint_test.c | 22 +- drivers/mmc/host/omap.c | 19 +- drivers/mmc/host/sdhci-omap.c | 4 +- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/bonding/bond_main.c | 8 +- drivers/net/bonding/bond_options.c | 3 + drivers/net/can/rockchip/rockchip_canfd-core.c | 5 - drivers/net/dsa/microchip/ksz8.c | 11 +- drivers/net/dsa/microchip/ksz_dcb.c | 231 +---- drivers/net/dsa/mv88e6xxx/chip.c | 32 +- drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/dsa/sja1105/sja1105_ethtool.c | 9 +- drivers/net/dsa/sja1105/sja1105_ptp.c | 20 +- drivers/net/dsa/sja1105/sja1105_static_config.c | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 3 +- drivers/net/ethernet/ibm/ibmveth.c | 39 +- drivers/net/ethernet/ibm/ibmvnic.c | 30 +- drivers/net/ethernet/intel/e1000e/defines.h | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 + drivers/net/ethernet/intel/ice/devlink/health.c | 6 +- drivers/net/ethernet/intel/ice/ice_common.c | 3 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 6 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 39 +- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 24 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 31 +- drivers/net/ethernet/intel/idpf/idpf_main.c | 6 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 6 + drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 143 ++- drivers/net/ethernet/intel/ixgbe/ixgbe_e610.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++-- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- drivers/net/ethernet/mediatek/airoha_eth.c | 20 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +- .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 15 +- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 27 +- drivers/net/ethernet/microchip/lan743x_ptp.c | 6 + drivers/net/ethernet/renesas/ravb_ptp.c | 3 +- drivers/net/ethernet/sfc/ef100_netdev.c | 7 +- drivers/net/ethernet/sfc/ef100_nic.c | 47 +- drivers/net/ethernet/sfc/efx.c | 24 - drivers/net/ethernet/sfc/mcdi_port.c | 59 +- drivers/net/ethernet/sfc/mcdi_port_common.c | 11 - drivers/net/ethernet/sfc/net_driver.h | 6 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 65 +- drivers/net/ipvlan/ipvlan_l3s.c | 1 - drivers/net/phy/bcm-phy-ptp.c | 3 +- drivers/net/phy/broadcom.c | 6 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/usb/usbnet.c | 6 +- drivers/net/virtio_net.c | 30 +- drivers/net/vmxnet3/vmxnet3_drv.c | 10 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 14 +- drivers/net/wireless/ath/ath11k/mac.c | 5 - drivers/net/wireless/ath/ath11k/pci.c | 2 + drivers/net/wireless/ath/ath11k/reg.c | 22 +- drivers/net/wireless/ath/ath12k/core.c | 4 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath12k/dp_tx.c | 2 + drivers/net/wireless/ath/ath12k/mac.c | 9 +- drivers/net/wireless/ath/ath12k/pci.c | 2 + drivers/net/wireless/ath/ath12k/wmi.c | 2 + drivers/net/wireless/ath/ath9k/common-spectral.c | 4 +- drivers/net/wireless/marvell/mwifiex/fw.h | 14 + drivers/net/wireless/marvell/mwifiex/main.c | 4 - drivers/net/wireless/marvell/mwifiex/sta_cmd.c | 18 +- .../net/wireless/mediatek/mt76/mt7915/debugfs.c | 45 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 - drivers/net/wireless/realtek/rtw89/core.h | 2 +- drivers/net/wireless/realtek/rtw89/fw.c | 12 +- drivers/net/wireless/realtek/rtw89/pci.h | 56 +- drivers/net/wireless/realtek/rtw89/pci_be.c | 2 +- drivers/net/wireless/realtek/rtw89/rtw8852b_rfk.c | 13 +- drivers/net/wireless/realtek/rtw89/rtw8852bt_rfk.c | 13 +- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvdimm/badrange.c | 2 +- drivers/nvdimm/nd.h | 2 +- drivers/nvdimm/pfn_devs.c | 7 +- drivers/nvdimm/pmem.c | 2 +- drivers/nvme/host/ioctl.c | 2 +- drivers/nvme/host/pci.c | 3 + drivers/nvme/target/debugfs.c | 2 +- drivers/nvme/target/pci-epf.c | 11 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/dwc/pcie-histb.c | 12 +- drivers/pci/controller/pcie-brcmstb.c | 16 +- drivers/pci/controller/pcie-mediatek-gen3.c | 28 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/endpoint/functions/pci-epf-test.c | 126 ++- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/iov.c | 48 +- drivers/pci/pci-sysfs.c | 4 +- drivers/pci/pci.c | 22 +- drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/bwctrl.c | 6 +- drivers/pci/pcie/portdrv.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pci/setup-bus.c | 39 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 +- drivers/pinctrl/bcm/pinctrl-bcm2835.c | 14 +- drivers/pinctrl/intel/pinctrl-intel.c | 1 - drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3 + drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + drivers/platform/x86/dell/dell-uart-backlight.c | 2 +- drivers/platform/x86/dell/dell-wmi-ddv.c | 6 +- .../x86/intel/speed_select_if/isst_if_common.c | 2 +- .../x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 11 + drivers/power/supply/bq27xxx_battery.c | 1 - drivers/power/supply/max77693_charger.c | 2 +- drivers/ptp/ptp_ocp.c | 4 + drivers/regulator/pca9450-regulator.c | 6 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 +- drivers/remoteproc/qcom_q6v5_pas.c | 13 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/rtc/rtc-renesas-rtca3.c | 15 +- drivers/scsi/hisi_sas/hisi_sas.h | 3 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 28 +- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 4 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 4 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 1 + drivers/scsi/mpt3sas/mpt3sas_base.c | 12 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/soc/mediatek/mt8167-mmsys.h | 13 +- drivers/soc/mediatek/mt8188-mmsys.h | 2 +- drivers/soc/mediatek/mt8365-mmsys.h | 48 +- drivers/soundwire/generic_bandwidth_allocation.c | 5 +- drivers/soundwire/slave.c | 1 + drivers/spi/spi-amd.c | 2 +- drivers/spi/spi-bcm2835.c | 18 +- drivers/spi/spi-cadence-xspi.c | 2 +- .../staging/gpib/agilent_82350b/agilent_82350b.c | 2 + .../staging/gpib/agilent_82357a/agilent_82357a.c | 424 ++++---- drivers/staging/gpib/cb7210/cb7210.c | 2 +- drivers/staging/gpib/hp_82341/hp_82341.c | 2 +- drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 518 +++++----- drivers/staging/rtl8723bs/Kconfig | 1 + .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 28 +- drivers/target/loopback/tcm_loop.c | 5 +- .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/n_tty.c | 13 +- drivers/tty/serial/fsl_lpuart.c | 312 +++--- drivers/usb/host/xhci-mem.c | 6 +- drivers/usb/typec/altmodes/thunderbolt.c | 10 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +- drivers/vhost/scsi.c | 25 +- drivers/video/console/Kconfig | 6 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/sm501fb.c | 7 + drivers/w1/masters/w1-uart.c | 4 +- fs/9p/vfs_inode_dotl.c | 2 +- fs/autofs/autofs_i.h | 2 + fs/bcachefs/fs-ioctl.c | 6 +- fs/btrfs/block-group.c | 40 +- fs/btrfs/disk-io.c | 3 + fs/coredump.c | 4 +- fs/dlm/lockspace.c | 2 +- fs/erofs/internal.h | 2 - fs/erofs/super.c | 8 - fs/exec.c | 15 +- fs/exfat/fatent.c | 2 +- fs/exfat/file.c | 29 +- fs/exfat/inode.c | 41 +- fs/ext4/dir.c | 3 + fs/ext4/ext4.h | 17 +- fs/ext4/ext4_jbd2.h | 29 + fs/ext4/inode.c | 19 +- fs/ext4/mballoc-test.c | 2 + fs/ext4/namei.c | 16 +- fs/ext4/super.c | 81 +- fs/ext4/xattr.c | 32 +- fs/ext4/xattr.h | 10 + fs/f2fs/checkpoint.c | 15 +- fs/f2fs/compress.c | 1 + fs/f2fs/data.c | 10 +- fs/f2fs/f2fs.h | 3 +- fs/f2fs/file.c | 20 +- fs/f2fs/inode.c | 7 + fs/f2fs/namei.c | 8 + fs/f2fs/segment.c | 29 +- fs/f2fs/segment.h | 9 +- fs/f2fs/super.c | 67 +- fs/fsopen.c | 2 +- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 2 +- fs/fuse/file.c | 4 +- fs/gfs2/super.c | 21 +- fs/hostfs/hostfs.h | 2 +- fs/hostfs/hostfs_kern.c | 7 +- fs/hostfs/hostfs_user.c | 59 +- fs/isofs/dir.c | 3 +- fs/jbd2/journal.c | 27 +- fs/jfs/inode.c | 2 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/jfs_extent.c | 10 + fs/jfs/jfs_imap.c | 13 +- fs/jfs/xattr.c | 13 +- fs/nfs/delegation.c | 63 +- fs/nfs/nfs4xdr.c | 18 +- fs/nfs/sysfs.c | 22 +- fs/nfs/write.c | 4 +- fs/nfsd/Kconfig | 12 +- fs/nfsd/nfs4callback.c | 14 +- fs/nfsd/nfs4state.c | 53 +- fs/nfsd/nfsctl.c | 53 +- fs/nfsd/stats.c | 4 +- fs/nfsd/stats.h | 2 +- fs/nfsd/vfs.c | 28 +- fs/ntfs3/attrib.c | 3 +- fs/ntfs3/file.c | 22 +- fs/ntfs3/frecord.c | 6 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/ntfs.h | 2 +- fs/ntfs3/super.c | 89 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/smb/client/connect.c | 16 +- fs/smb/server/auth.c | 6 +- fs/smb/server/connection.h | 11 + fs/smb/server/mgmt/user_session.c | 37 +- fs/smb/server/mgmt/user_session.h | 2 + fs/smb/server/oplock.c | 12 +- fs/smb/server/smb2pdu.c | 54 +- fs/smb/server/smbacl.c | 21 +- include/asm-generic/rwonce.h | 10 +- include/drm/display/drm_dp_mst_helper.h | 7 + include/drm/drm_file.h | 5 + include/linux/arm_ffa.h | 3 + include/linux/avf/virtchnl.h | 4 +- include/linux/badblocks.h | 10 +- include/linux/context_tracking_irq.h | 8 +- include/linux/coresight.h | 4 + include/linux/cpuset.h | 11 + include/linux/dma-direct.h | 13 +- include/linux/fwnode.h | 2 +- include/linux/if_bridge.h | 6 +- include/linux/iio/iio-gts-helper.h | 1 + include/linux/iio/iio.h | 26 + include/linux/interrupt.h | 8 +- include/linux/mem_encrypt.h | 23 + include/linux/nfs_fs_sb.h | 4 + include/linux/nmi.h | 4 - include/linux/perf_event.h | 37 +- include/linux/pgtable.h | 28 +- include/linux/pm_runtime.h | 2 + include/linux/rcupdate.h | 2 +- include/linux/reboot.h | 18 +- include/linux/sched.h | 7 + include/linux/sched/deadline.h | 4 + include/linux/sched/smt.h | 2 +- include/linux/seccomp.h | 8 +- include/linux/thermal.h | 2 - include/linux/uprobes.h | 2 + include/linux/writeback.h | 24 + include/net/ax25.h | 1 - include/net/bluetooth/hci.h | 34 + include/net/bluetooth/hci_core.h | 5 + include/net/bonding.h | 1 + include/net/xdp_sock.h | 10 + include/net/xdp_sock_drv.h | 1 + include/net/xfrm.h | 11 +- include/rdma/ib_verbs.h | 1 + include/trace/define_trace.h | 7 + include/trace/events/writeback.h | 21 +- include/uapi/linux/if_xdp.h | 10 + include/uapi/linux/netdev.h | 3 + init/Kconfig | 5 + io_uring/io-wq.c | 40 +- io_uring/io-wq.h | 7 +- io_uring/io_uring.c | 3 +- io_uring/net.c | 23 +- kernel/bpf/core.c | 19 +- kernel/bpf/verifier.c | 7 + kernel/cgroup/cpuset.c | 27 +- kernel/cpu.c | 5 - kernel/events/core.c | 39 +- kernel/events/ring_buffer.c | 2 +- kernel/events/uprobes.c | 15 +- kernel/fork.c | 4 + kernel/kexec_elf.c | 2 +- kernel/reboot.c | 84 +- kernel/rseq.c | 82 +- kernel/sched/core.c | 8 +- kernel/sched/deadline.c | 37 +- kernel/sched/debug.c | 8 +- kernel/sched/fair.c | 50 +- kernel/sched/rt.c | 2 + kernel/sched/sched.h | 2 +- kernel/sched/topology.c | 15 +- kernel/seccomp.c | 14 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events.c | 7 + kernel/trace/trace_events_synth.c | 32 +- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + kernel/watchdog.c | 25 - kernel/watchdog_perf.c | 28 +- lib/842/842_compress.c | 2 + lib/stackinit_kunit.c | 30 +- lib/vsprintf.c | 2 +- mm/gup.c | 3 + mm/memory.c | 13 +- mm/page-writeback.c | 37 +- mm/zswap.c | 30 +- net/ax25/af_ax25.c | 30 +- net/ax25/ax25_route.c | 74 -- net/bluetooth/hci_core.c | 62 +- net/bluetooth/hci_event.c | 25 +- net/bluetooth/hci_sync.c | 30 +- net/bridge/br_ioctl.c | 36 +- net/bridge/br_private.h | 3 +- net/core/dev_ioctl.c | 19 - net/core/dst.c | 8 + net/core/netdev-genl.c | 2 + net/core/rtnetlink.c | 3 + net/core/rtnl_net_debug.c | 2 +- net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/udp.c | 42 +- net/ipv6/addrconf.c | 37 +- net/ipv6/calipso.c | 21 +- net/ipv6/route.c | 42 +- net/mac80211/cfg.c | 12 +- net/mac80211/mlme.c | 9 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nf_tables_core.c | 11 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_skbprio.c | 3 - net/sctp/sysctl.c | 4 + net/socket.c | 19 +- net/vmw_vsock/af_vsock.c | 6 +- net/wireless/core.c | 6 +- net/wireless/nl80211.c | 2 +- net/xdp/xsk.c | 8 +- net/xfrm/xfrm_device.c | 13 +- net/xfrm/xfrm_state.c | 32 +- net/xfrm/xfrm_user.c | 2 +- rust/Makefile | 4 +- rust/kernel/print.rs | 7 +- samples/bpf/Makefile | 2 +- samples/trace_events/trace-events-sample.h | 8 +- scripts/gdb/linux/symbols.py | 13 +- scripts/package/debian/rules | 6 +- scripts/selinux/install_policy.sh | 15 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 34 +- sound/core/timer.c | 147 +-- sound/pci/hda/patch_realtek.c | 9 +- sound/soc/amd/acp/acp-legacy-common.c | 10 +- sound/soc/codecs/cs35l41-spi.c | 5 +- sound/soc/codecs/rt5665.c | 24 +- sound/soc/fsl/imx-card.c | 4 + sound/soc/generic/simple-card-utils.c | 7 +- sound/soc/tegra/tegra210_adx.c | 6 +- sound/soc/ti/j721e-evm.c | 2 + sound/usb/mixer_quirks.c | 7 +- tools/arch/x86/lib/insn.c | 2 +- tools/bpf/runqslower/Makefile | 3 +- tools/include/uapi/linux/if_xdp.h | 10 + tools/include/uapi/linux/netdev.h | 3 + tools/lib/bpf/btf.c | 4 +- tools/lib/bpf/linker.c | 2 +- tools/lib/bpf/str_error.c | 2 +- tools/lib/bpf/str_error.h | 7 +- tools/objtool/arch/loongarch/decode.c | 28 +- tools/objtool/arch/loongarch/include/arch/elf.h | 7 + tools/objtool/arch/powerpc/decode.c | 14 + tools/objtool/arch/x86/decode.c | 13 + tools/objtool/check.c | 84 +- tools/objtool/elf.c | 6 +- tools/objtool/include/objtool/arch.h | 3 + tools/objtool/include/objtool/elf.h | 27 +- tools/perf/Makefile.config | 10 +- tools/perf/Makefile.perf | 2 +- tools/perf/arch/powerpc/util/header.c | 4 +- tools/perf/arch/x86/util/topdown.c | 2 +- tools/perf/bench/syscall.c | 22 +- tools/perf/builtin-report.c | 39 +- .../arch/arm64/ampere/ampereonex/metrics.json | 10 +- tools/perf/pmu-events/empty-pmu-events.c | 8 +- tools/perf/pmu-events/jevents.py | 8 +- tools/perf/tests/hwmon_pmu.c | 16 +- tools/perf/tests/pmu.c | 85 +- .../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 + tools/perf/tests/shell/record_bpf_filter.sh | 4 +- tools/perf/tests/shell/stat_all_pmu.sh | 48 +- tools/perf/tests/shell/test_data_symbol.sh | 17 +- tools/perf/tests/tool_pmu.c | 4 +- tools/perf/tests/workloads/datasym.c | 34 +- tools/perf/util/arm-spe.c | 8 +- tools/perf/util/bpf-filter.l | 2 +- tools/perf/util/comm.c | 2 + tools/perf/util/debug.c | 2 +- tools/perf/util/dso.h | 4 +- tools/perf/util/evlist.c | 13 +- tools/perf/util/evsel.c | 16 +- tools/perf/util/expr.c | 2 + tools/perf/util/hist.c | 2 + tools/perf/util/hist.h | 3 + tools/perf/util/hwmon_pmu.c | 14 - tools/perf/util/hwmon_pmu.h | 16 + tools/perf/util/intel-tpebs.c | 2 +- tools/perf/util/machine.c | 4 +- tools/perf/util/parse-events.c | 2 +- tools/perf/util/pmu.c | 265 +++-- tools/perf/util/pmu.h | 12 +- tools/perf/util/pmus.c | 173 ++-- tools/perf/util/python.c | 17 +- tools/perf/util/session.c | 12 + tools/perf/util/session.h | 1 + tools/perf/util/sort.c | 23 + tools/perf/util/sort.h | 1 + tools/perf/util/stat-shadow.c | 3 +- tools/perf/util/stat.c | 13 +- tools/perf/util/tool_pmu.c | 32 +- tools/perf/util/tool_pmu.h | 2 +- tools/perf/util/units.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 + tools/power/x86/turbostat/turbostat.c | 30 +- tools/testing/selftests/bpf/Makefile | 1 + .../selftests/bpf/prog_tests/bloom_filter_map.c | 5 + tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1 + tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +- tools/testing/selftests/mm/cow.c | 2 +- tools/testing/selftests/pcie_bwctrl/Makefile | 2 +- tools/verification/rv/Makefile.rv | 2 +- 755 files changed, 9499 insertions(+), 7109 deletions(-)

7 months

8
8
0 0

[PATCH 5.15 000/279] 5.15.180-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.180 release. There are 279 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Apr 2025 10:47:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.180-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.180-rc1 Vlastimil Babka <vbabka(a)suse.cz> mm, slab: remove duplicate kernel-doc comment for ksize() Kamal Dasu <kdasu.kdev(a)gmail.com> mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Josef Bacik <josef(a)toxicpanda.com> btrfs: handle errors from btrfs_dec_ref() properly Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops Kamal Dasu <kdasu.kdev(a)gmail.com> mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0 Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: disable transceiver during system PM Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: only change CAN state when link up in system PM Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Keep display off while going into S4 Vladis Dronov <vdronov(a)redhat.com> x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix incorrect validation for num_aces field of smb_acl Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Jiri Kosina <jkosina(a)suse.com> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: i2c: et8ek8: Don't strip remove function when driver is builtin John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250_dma: terminate correct DMA in tx_dma_flush() Luo Qiu <luoqiu(a)kylinsec.com.cn> memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Dominique Martinet <dominique.martinet(a)atmark-techno.com> net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FN990B composition Cameron Williams <cang1(a)live.co.uk> tty: serial: 8250: Add Brainboxes XC devices Cameron Williams <cang1(a)live.co.uk> tty: serial: 8250: Add some more device IDs William Breathitt Gray <wbg(a)kernel.org> counter: microchip-tcb-capture: Fix undefined counter channel state on probe Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> counter: stm32-lptimer-cnt: fix error handling when enabling Dhruv Deshpande <dhrv.d(a)proton.me> ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Maxim Mikityanskiy <maxtram95(a)gmail.com> netfilter: socket: Lookup orig tuple for IPv6 SNAT Yanjun Yang <yangyj.ee(a)gmail.com> ARM: Remove address checking for MMUless devices Kees Cook <keescook(a)chromium.org> ARM: 9351/1: fault: Add "cut here" line for prefetch aborts Kees Cook <keescook(a)chromium.org> ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() Minjoong Kim <pwn9uin(a)gmail.com> atm: Fix NULL pointer dereference Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: hid-plantronics: Add mic mute mapping and generalize quirks Terry Junge <linuxhid(a)cosmicgizmosystems.com> ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix race between element replace and close() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Justin Klaassen <justin(a)tidylabs.net> arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S Arthur Mongodin <amongodin(a)randorisec.fr> mptcp: Fix data stream corruption in the address announcement David Rosca <david.rosca(a)amd.com> drm/amdgpu: Fix JPEG video caps max size for navi1x and raven Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() Saranya R <quic_sarar(a)quicinc.com> soc: qcom: pdr: Fix the potential deadlock Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore own maximum aggregation size during RX Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: shmobile: smp: Enforce shmobile_smp_* alignment Ye Bin <yebin10(a)huawei.com> proc: fix UAF in proc_get_inode() Gu Bowen <gubowen5(a)huawei.com> mmc: atmel-mci: Add missing clk_disable_unprepare() Christian Eggers <ceggers(a)arri.de> regulator: check that dummy regulator has been probed before using it Maíra Canal <mcanal(a)igalia.com> drm/v3d: Don't run jobs that have errors flagged in its fence Andreas Kemnade <andreas(a)kemnade.info> i2c: omap: fix IRQ storms Guillaume Nault <gnault(a)redhat.com> Revert "gre: Fix IPv6 link-local address generation." Lin Ma <linma(a)zju.edu.cn> net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES Dan Carpenter <dan.carpenter(a)linaro.org> net: atm: fix use after free in lec_send() Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: Fix error code in chan_alloc_skb_cb() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong value of max_sge_rd Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix soft lockup during bt pages loop Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: Don't mark timer regs unconfigured Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: PL011 UARTs are actually r1p5 Cosmin Ratiu <cratiu(a)nvidia.com> xfrm_output: Force software GSO only in tunnel mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> firmware: imx-scu: fix OF node leak in .probe() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: Fix match_session bug preventing session reuse Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Check for invalid input params when building scaling params Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: sis630: Fix an error handling path in sis630_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali15x3: Fix an error handling path in ali15x3_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali1535: Fix an error handling path in ali1535_probe() Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing closetimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing actimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acdirmax mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acregmax mount option Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() Ivan Abramov <i.abramov(a)mt-integration.ru> drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: ops: Consistently treat platform_max as control value Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_abort() Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: Handle memfd_secret() files in build_id_parse() Haoxiang Li <haoxiang_li2024(a)163.com> qlcnic: fix memory leak issues in qlcnic_sriov_common.c Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix slab-use-after-free on hdcp_work Alex Hung <alex.hung(a)amd.com> drm/amd/display: Assign normalized_pix_clk when color depth = 14 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Restore correct backlight brightness after a GPU reset Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic: Filter out redundant DPMS calls Florent Revest <revest(a)chromium.org> x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Johan Hovold <johan(a)kernel.org> USB: serial: option: match on interface class for Telit FN990B Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FE990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE990B compositions Boon Khai Ng <boon.khai.ng(a)intel.com> USB: serial: ftdi_sio: add support for Altera USB Blaster 3 Ming Lei <ming.lei(a)redhat.com> block: fix 'kmem_cache of name 'bio-108' already exists' Thomas Zimmermann <tzimmermann(a)suse.de> drm/nouveau: Do not override forced connector status Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: safety check before fallback Arnd Bergmann <arnd(a)arndb.de> x86/irq: Define trace events conditionally Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't truncate cached, mutated symlink Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Set the SDOUT polarity correctly Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Fix power control mask Hector Martin <marcan(a)marcan.st> ASoC: tas2770: Fix volume scale Daniel Wagner <wagi(a)kernel.org> nvme: only allow entering LIVE from CONNECTING state Yu-Chun Lin <eleanor15x(a)gmail.com> sctp: Fix undefined behavior in left shift operation Ruozhu Li <david.li(a)jaguarmicro.com> nvmet-rdma: recheck queue state is LIVE in state lock in recv done Stephan Gerhold <stephan.gerhold(a)linaro.org> net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors Terry Cheong <htcheong(a)chromium.org> ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/cpufreq_cooling: Remove structure member documentation Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: Fix CHPID "configure" attribute caching Jann Horn <jannh(a)google.com> sched: Clarify wake_up_q()'s write to task->wake_q.next Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: ignore non-functional sensor in HP 5MP Camera Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell Brahmajit Das <brahmajit.xyz(a)gmail.com> vboxsf: fix building with GCC 15 Eric W. Biederman <ebiederm(a)xmission.com> alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support Gannon Kolding <gannon.kolding(a)gmail.com> ACPI: resource: IRQ override for Eluktronics MECH-17 Magnus Lindholm <linmag7(a)gmail.com> scsi: qla1280: Fix kernel oops when debug level > 2 Rik van Riel <riel(a)surriel.com> scsi: core: Use GFP_NOIO to avoid circular locking dependency Chengen Du <chengen.du(a)canonical.com> iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> powercap: call put_device() on an error path in powercap_register_control_type() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> hrtimers: Mark is_migration_base() with __always_inline Daniel Wagner <wagi(a)kernel.org> nvme-fc: go straight to connecting state when initializing Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: Bridge, fix the crash caused by LAG state check Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove misbehaving actions length check Kees Cook <keescook(a)chromium.org> openvswitch: Use kmalloc_size_roundup() to match ksize() usage Kees Cook <keescook(a)chromium.org> slab: Introduce kmalloc_size_roundup() Kees Cook <keescook(a)chromium.org> slab: clean up function prototypes Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 link-local address generation. Alexey Kashavkin <akashavkin(a)gmail.com> netfilter: nft_exthdr: fix offset with ipv4_find_option() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Prevent creation of classes with TC_H_ROOT Dan Carpenter <dan.carpenter(a)linaro.org> ipvs: prevent integer overflow in do_ip_vs_get_ctl() Kohei Enju <enjuk(a)amazon.com> netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5: handle errors in mlx5_chains_create_table() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() Breno Leitao <leitao(a)debian.org> netpoll: hold rcu read lock in __netpoll_send_skb() Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Verify after ATU Load ops Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix memory leak in aRFS after reset Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Fix incorrect regmap max_registers value Michael Kelley <mhklinux(a)outlook.com> fbdev: hyperv_fb: iounmap() the correct memory when removing a device Wang Yufen <wangyufen(a)huawei.com> ipv6: Fix signed integer overflow in __ip6_append_data Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Prevent boot crash when the boot CPU is nohz_full David Woodhouse <dwmw(a)amazon.co.uk> clockevents/drivers/i8253: Fix stop sequence for timer 0 Eric Dumazet <edumazet(a)google.com> vlan: fix memory leak in vlan_newlink() ------------- Diffstat: Documentation/timers/no_hz.rst | 7 +- Makefile | 4 +- arch/alpha/include/asm/elf.h | 6 +- arch/alpha/include/asm/pgtable.h | 2 +- arch/alpha/include/asm/processor.h | 8 +- arch/alpha/kernel/osf_sys.c | 11 +- arch/arm/boot/dts/bcm2711.dtsi | 11 +- arch/arm/mach-shmobile/headsmp.S | 1 + arch/arm/mm/fault.c | 8 + arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dts | 2 +- arch/powerpc/platforms/cell/spufs/inode.c | 9 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/x86/Kconfig | 2 +- arch/x86/entry/calling.h | 2 + arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/mshyperv.c | 11 -- arch/x86/kernel/cpu/sgx/driver.c | 10 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/irq.c | 2 + arch/x86/kernel/process.c | 7 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- block/bio.c | 2 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 13 ++ drivers/base/power/main.c | 21 +-- drivers/base/power/runtime.c | 2 +- drivers/clk/meson/g12a.c | 38 ++-- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/clocksource/i8253.c | 36 ++-- drivers/counter/microchip-tcb-capture.c | 19 ++ drivers/counter/stm32-lptimer-cnt.c | 24 ++- drivers/cpufreq/cpufreq_governor.c | 45 ++--- drivers/cpufreq/scpi-cpufreq.c | 5 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 ++- drivers/crypto/nx/nx-common-pseries.c | 37 ++-- drivers/edac/ie31200_edac.c | 19 +- drivers/firmware/imx/imx-scu.c | 1 + drivers/firmware/iscsi_ibft.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/nv.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 ++ .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 17 +- .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 24 +++ drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 ++- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/drm_atomic_uapi.c | 4 + drivers/gpu/drm/drm_connector.c | 4 + drivers/gpu/drm/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/gma500/mid_bios.c | 5 + drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +++- drivers/gpu/drm/nouveau/nouveau_connector.c | 1 - drivers/gpu/drm/radeon/radeon_vce.c | 2 +- drivers/gpu/drm/v3d/v3d_sched.c | 9 +- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/hid/Makefile | 1 - drivers/hid/hid-ids.h | 1 + drivers/hid/hid-plantronics.c | 144 +++++++-------- drivers/hid/hid-quirks.c | 1 + drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +- drivers/hv/vmbus_drv.c | 13 ++ drivers/hwmon/nct6775.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/i2c/busses/i2c-ali1535.c | 12 +- drivers/i2c/busses/i2c-ali15x3.c | 12 +- drivers/i2c/busses/i2c-omap.c | 26 +-- drivers/i2c/busses/i2c-sis630.c | 12 +- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/adc/ad7124.c | 35 +++- drivers/infiniband/core/device.c | 9 + drivers/infiniband/core/mad.c | 38 ++-- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 - drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 23 ++- drivers/infiniband/hw/hns/hns_roce_hem.h | 2 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 4 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 10 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mfd/sm501.c | 6 +- drivers/mmc/host/atmel-mci.c | 4 +- drivers/mmc/host/sdhci-brcmstb.c | 86 ++++++++- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/can/flexcan.c | 18 +- drivers/net/dsa/mv88e6xxx/chip.c | 59 ++++-- drivers/net/ethernet/intel/ice/ice_arfs.c | 2 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++++++++------- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- .../ethernet/mellanox/mlx5/core/en/rep/bridge.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +- .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 + .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/net/usb/usbnet.c | 27 ++- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++--- drivers/net/wwan/mhi_wwan_mbim.c | 2 +- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/core.c | 2 - drivers/nvme/host/fc.c | 3 +- drivers/nvme/host/pci.c | 21 ++- drivers/nvme/host/tcp.c | 5 +- drivers/nvme/target/rdma.c | 33 +++- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 4 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/portdrv_core.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + .../x86/intel/speed_select_if/isst_if_common.c | 2 +- drivers/power/supply/max77693_charger.c | 2 +- drivers/powercap/powercap_sys.c | 3 +- drivers/regulator/core.c | 12 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 ++- drivers/remoteproc/qcom_q6v5_pas.c | 10 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/s390/cio/chp.c | 3 +- drivers/scsi/qla1280.c | 2 +- drivers/scsi/scsi_scan.c | 2 +- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soundwire/slave.c | 1 + drivers/thermal/cpufreq_cooling.c | 2 - .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/serial/8250/8250_dma.c | 2 +- drivers/tty/serial/8250/8250_pci.c | 46 +++++ drivers/tty/serial/fsl_lpuart.c | 25 ++- drivers/usb/serial/ftdi_sio.c | 14 ++ drivers/usb/serial/ftdi_sio_ids.h | 13 ++ drivers/usb/serial/option.c | 48 +++-- drivers/video/console/Kconfig | 2 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/hyperv_fb.c | 2 +- drivers/video/fbdev/sm501fb.c | 7 + fs/affs/file.c | 9 +- fs/btrfs/extent-tree.c | 5 +- fs/cifs/cifs_debug.c | 2 + fs/cifs/cifsglob.h | 8 + fs/cifs/connect.c | 15 +- fs/cifs/fs_context.c | 14 +- fs/exfat/fatent.c | 2 +- fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 ++- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 4 +- fs/fuse/file.c | 4 +- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/ksmbd/auth.c | 2 +- fs/ksmbd/mgmt/user_session.c | 16 ++ fs/ksmbd/mgmt/user_session.h | 2 + fs/ksmbd/smb2pdu.c | 12 +- fs/ksmbd/smbacl.c | 5 +- fs/namei.c | 24 ++- fs/nfs/delegation.c | 33 ++-- fs/nfsd/nfs4state.c | 31 +++- fs/ntfs3/index.c | 4 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/proc/generic.c | 10 +- fs/proc/inode.c | 6 +- fs/proc/internal.h | 14 ++ fs/vboxsf/super.c | 3 +- include/drm/drm_dp_mst_helper.h | 7 + include/linux/fs.h | 2 + include/linux/fwnode.h | 2 +- include/linux/i8253.h | 1 - include/linux/interrupt.h | 8 +- include/linux/pm_runtime.h | 2 + include/linux/proc_fs.h | 7 +- include/linux/sched/smt.h | 2 +- include/linux/slab.h | 99 ++++++---- include/net/ipv6.h | 4 +- include/rdma/ib_verbs.h | 1 + include/sound/soc.h | 5 +- kernel/events/ring_buffer.c | 2 +- kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/core.c | 5 +- kernel/sched/deadline.c | 2 +- kernel/time/hrtimer.c | 22 ++- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events_synth.c | 33 +++- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + lib/842/842_compress.c | 2 + lib/buildid.c | 5 + mm/slab.c | 9 +- mm/slab_common.c | 34 ++-- mm/slob.c | 14 ++ net/8021q/vlan_netlink.c | 10 +- net/atm/lec.c | 3 +- net/atm/mpc.c | 2 + net/batman-adv/bat_iv_ogm.c | 3 +- net/batman-adv/bat_v_ogm.c | 3 +- net/bluetooth/6lowpan.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +++-- net/core/neighbour.c | 1 + net/core/netpoll.c | 9 +- net/core/rtnetlink.c | 3 + net/core/sock_map.c | 5 +- net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/tcp.c | 6 +- net/ipv6/addrconf.c | 37 ++-- net/ipv6/calipso.c | 21 ++- net/ipv6/ip6_output.c | 6 +- net/ipv6/netfilter/nf_socket_ipv6.c | 23 +++ net/ipv6/route.c | 5 +- net/mptcp/options.c | 6 +- net/mptcp/protocol.h | 2 + net/netfilter/ipvs/ip_vs_ctl.c | 8 +- net/netfilter/nf_conncount.c | 2 + net/netfilter/nft_ct.c | 6 +- net/netfilter/nft_exthdr.c | 10 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/openvswitch/flow_netlink.c | 17 +- net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_api.c | 6 + net/sched/sch_skbprio.c | 3 - net/sctp/stream.c | 2 +- net/vmw_vsock/af_vsock.c | 6 +- net/xfrm/xfrm_output.c | 2 +- scripts/selinux/install_policy.sh | 15 +- sound/pci/hda/patch_realtek.c | 28 ++- sound/soc/codecs/arizona.c | 14 +- sound/soc/codecs/madera.c | 10 +- sound/soc/codecs/tas2764.c | 10 +- sound/soc/codecs/tas2764.h | 8 +- sound/soc/codecs/tas2770.c | 2 +- sound/soc/codecs/wm0010.c | 13 +- sound/soc/codecs/wm5110.c | 8 +- sound/soc/fsl/imx-card.c | 4 + sound/soc/sh/rcar/core.c | 14 -- sound/soc/sh/rcar/rsnd.h | 1 - sound/soc/sh/rcar/src.c | 18 +- sound/soc/soc-ops.c | 15 +- sound/soc/sof/intel/hda-codec.c | 1 + sound/soc/ti/j721e-evm.c | 2 + sound/usb/mixer_quirks.c | 51 ++++++ tools/lib/bpf/linker.c | 2 +- tools/perf/util/python.c | 17 +- tools/perf/util/units.c | 2 +- 281 files changed, 2101 insertions(+), 1000 deletions(-)

7 months

9
288
0 0

[PATCH 2/3] can: kvaser_pciefd: Fix echo_skb race conditions

by Axel Forsman

The functions kvaser_pciefd_start_xmit() and kvaser_pciefd_handle_ack_packet() raced to stop/wake TX queues and get/put echo skbs, as kvaser_pciefd_can->echo_lock was only ever taken when transmitting. E.g., this caused the following error: can_put_echo_skb: BUG! echo_skb 5 is occupied! Instead, use the synchronization helpers in netdev_queues.h. As those piggyback on BQL barriers, start updating in-flight packets and bytes counts as well. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> --- drivers/net/can/kvaser_pciefd.c | 70 ++++++++++++++++++++++----------- 1 file changed, 48 insertions(+), 22 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index 0d1b895509c3..6251a1ddfa7e 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -16,6 +16,7 @@ #include <linux/netdevice.h> #include <linux/pci.h> #include <linux/timer.h> +#include <net/netdev_queues.h> MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("Kvaser AB <support(a)kvaser.com>"); @@ -412,8 +413,9 @@ struct kvaser_pciefd_can { u8 cmd_seq; int err_rep_cnt; int echo_idx; + unsigned int completed_tx_pkts; + unsigned int completed_tx_bytes; spinlock_t lock; /* Locks sensitive registers (e.g. MODE) */ - spinlock_t echo_lock; /* Locks the message echo buffer */ struct timer_list bec_poll_timer; struct completion start_comp, flush_comp; }; @@ -745,11 +747,24 @@ static int kvaser_pciefd_stop(struct net_device *netdev) del_timer(&can->bec_poll_timer); } can->can.state = CAN_STATE_STOPPED; + netdev_reset_queue(netdev); close_candev(netdev); return ret; } +static unsigned int kvaser_pciefd_tx_avail(struct kvaser_pciefd_can *can) +{ + u8 count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, + ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + + if (count < can->can.echo_skb_max) /* Free TX FIFO slot? */ + /* Avoid reusing unacked seqno */ + return !can->can.echo_skb[can->echo_idx]; + else + return 0; +} + static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, struct kvaser_pciefd_can *can, struct sk_buff *skb) @@ -797,23 +812,31 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, struct net_device *netdev) { struct kvaser_pciefd_can *can = netdev_priv(netdev); - unsigned long irq_flags; struct kvaser_pciefd_tx_packet packet; + unsigned int frame_len = 0; int nr_words; - u8 count; if (can_dev_dropped_skb(netdev, skb)) return NETDEV_TX_OK; + /* + * Without room for a new message, stop the queue until at least + * one successful transmit. + */ + if (!netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1)) + return NETDEV_TX_BUSY; + nr_words = kvaser_pciefd_prepare_tx_packet(&packet, can, skb); - spin_lock_irqsave(&can->echo_lock, irq_flags); /* Prepare and save echo skb in internal slot */ - can_put_echo_skb(skb, netdev, can->echo_idx, 0); + frame_len = can_skb_get_frame_len(skb); + can_put_echo_skb(skb, netdev, can->echo_idx, frame_len); /* Move echo index to the next slot */ can->echo_idx = (can->echo_idx + 1) % can->can.echo_skb_max; + netdev_sent_queue(netdev, frame_len); + /* Write header to fifo */ iowrite32(packet.header[0], can->reg_base + KVASER_PCIEFD_KCAN_FIFO_REG); @@ -836,15 +859,6 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, KVASER_PCIEFD_KCAN_FIFO_LAST_REG); } - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); - /* No room for a new message, stop the queue until at least one - * successful transmit - */ - if (count >= can->can.echo_skb_max || can->can.echo_skb[can->echo_idx]) - netif_stop_queue(netdev); - spin_unlock_irqrestore(&can->echo_lock, irq_flags); - return NETDEV_TX_OK; } @@ -970,6 +984,8 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) can->kv_pcie = pcie; can->cmd_seq = 0; can->err_rep_cnt = 0; + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; can->bec.txerr = 0; can->bec.rxerr = 0; @@ -987,7 +1003,6 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) can->can.clock.freq = pcie->freq; can->can.echo_skb_max = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); can->echo_idx = 0; - spin_lock_init(&can->echo_lock); spin_lock_init(&can->lock); can->can.bittiming_const = &kvaser_pciefd_bittiming_const; @@ -1510,19 +1525,16 @@ static int kvaser_pciefd_handle_ack_packet(struct kvaser_pciefd *pcie, netdev_dbg(can->can.dev, "Packet was flushed\n"); } else { int echo_idx = FIELD_GET(KVASER_PCIEFD_PACKET_SEQ_MASK, p->header[0]); - int len; - u8 count; + unsigned int len, frame_len = 0; struct sk_buff *skb; skb = can->can.echo_skb[echo_idx]; if (skb) kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - len = can_get_echo_skb(can->can.dev, echo_idx, NULL); - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + len = can_get_echo_skb(can->can.dev, echo_idx, &frame_len); - if (count < can->can.echo_skb_max && netif_queue_stopped(can->can.dev)) - netif_wake_queue(can->can.dev); + can->completed_tx_pkts++; + can->completed_tx_bytes += frame_len; if (!one_shot_fail) { can->can.dev->stats.tx_bytes += len; @@ -1638,11 +1650,25 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) { int pos = 0; int res = 0; + unsigned int i; do { res = kvaser_pciefd_read_packet(pcie, &pos, dma_buf); } while (!res && pos > 0 && pos < KVASER_PCIEFD_DMA_SIZE); + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; + + if (!can->completed_tx_pkts) + continue; + netif_subqueue_completed_wake(can->can.dev, 0, + can->completed_tx_pkts, + can->completed_tx_bytes, + kvaser_pciefd_tx_avail(can), 1); + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; + } + return res; } -- 2.47.2

7 months

2
2
0 0

[PATCH 5.10 000/227] 5.10.236-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.236 release. There are 227 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Apr 2025 10:47:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.236-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.236-rc1 Takashi Iwai <tiwai(a)suse.de> x86/kexec: Fix double-free of elf header buffer Florian Westphal <fw(a)strlen.de> netfilter: conntrack: fix crash due to confirmed bit load reordering Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Josef Bacik <josef(a)toxicpanda.com> btrfs: handle errors from btrfs_dec_ref() properly Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: only change CAN state when link up in system PM Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow David Oberhollenzer <david.oberhollenzer(a)sigma-star.at> net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Dmitry Panchenko <dmitry(a)d-systems.ee> platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: dev: check return value when calling dev_set_name() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: i2c: et8ek8: Don't strip remove function when driver is builtin John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250_dma: terminate correct DMA in tx_dma_flush() Luo Qiu <luoqiu(a)kylinsec.com.cn> memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Dominique Martinet <dominique.martinet(a)atmark-techno.com> net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FN990B composition Cameron Williams <cang1(a)live.co.uk> tty: serial: 8250: Add some more device IDs William Breathitt Gray <wbg(a)kernel.org> counter: microchip-tcb-capture: Fix undefined counter channel state on probe Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> counter: stm32-lptimer-cnt: fix error handling when enabling Dhruv Deshpande <dhrv.d(a)proton.me> ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Maxim Mikityanskiy <maxtram95(a)gmail.com> netfilter: socket: Lookup orig tuple for IPv6 SNAT Yanjun Yang <yangyj.ee(a)gmail.com> ARM: Remove address checking for MMUless devices Kees Cook <keescook(a)chromium.org> ARM: 9351/1: fault: Add "cut here" line for prefetch aborts Kees Cook <keescook(a)chromium.org> ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() Minjoong Kim <pwn9uin(a)gmail.com> atm: Fix NULL pointer dereference Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: hid-plantronics: Add mic mute mapping and generalize quirks Terry Junge <linuxhid(a)cosmicgizmosystems.com> ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() Saranya R <quic_sarar(a)quicinc.com> soc: qcom: pdr: Fix the potential deadlock Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore own maximum aggregation size during RX Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix race between element replace and close() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Patrik Jakobsson <patrik.r.jakobsson(a)gmail.com> drm/amdgpu: Fix even more out of bound writes from debugfs Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: shmobile: smp: Enforce shmobile_smp_* alignment Ye Bin <yebin10(a)huawei.com> proc: fix UAF in proc_get_inode() Gu Bowen <gubowen5(a)huawei.com> mmc: atmel-mci: Add missing clk_disable_unprepare() Christian Eggers <ceggers(a)arri.de> regulator: check that dummy regulator has been probed before using it Maíra Canal <mcanal(a)igalia.com> drm/v3d: Don't run jobs that have errors flagged in its fence Andreas Kemnade <andreas(a)kemnade.info> i2c: omap: fix IRQ storms Lin Ma <linma(a)zju.edu.cn> net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES Dan Carpenter <dan.carpenter(a)linaro.org> net: atm: fix use after free in lec_send() Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: Fix error code in chan_alloc_skb_cb() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong value of max_sge_rd Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix soft lockup during bt pages loop Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: Don't mark timer regs unconfigured Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: PL011 UARTs are actually r1p5 Cosmin Ratiu <cratiu(a)nvidia.com> xfrm_output: Force software GSO only in tunnel mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> firmware: imx-scu: fix OF node leak in .probe() Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Check for invalid input params when building scaling params Dmytro Laktyushkin <Dmytro.Laktyushkin(a)amd.com> drm/amd/display: fix odm scaling Nikola Cornij <nikola.cornij(a)amd.com> drm/amd/display: Reject too small viewport size when validating plane Lee Jones <lee.jones(a)linaro.org> drm/amd/display/dc/core/dc_resource: Staticify local functions Mario Kleiner <mario.kleiner.de(a)gmail.com> drm/amd/display: Check plane scaling against format specific hw plane caps. Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: sis630: Fix an error handling path in sis630_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali15x3: Fix an error handling path in ali15x3_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali1535: Fix an error handling path in ali1535_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() Ivan Abramov <i.abramov(a)mt-integration.ru> drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() Haoxiang Li <haoxiang_li2024(a)163.com> qlcnic: fix memory leak issues in qlcnic_sriov_common.c Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix slab-use-after-free on hdcp_work Alex Hung <alex.hung(a)amd.com> drm/amd/display: Assign normalized_pix_clk when color depth = 14 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic: Filter out redundant DPMS calls Florent Revest <revest(a)chromium.org> x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Johan Hovold <johan(a)kernel.org> USB: serial: option: match on interface class for Telit FN990B Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FE990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE990B compositions Boon Khai Ng <boon.khai.ng(a)intel.com> USB: serial: ftdi_sio: add support for Altera USB Blaster 3 Ming Lei <ming.lei(a)redhat.com> block: fix 'kmem_cache of name 'bio-108' already exists' Thomas Zimmermann <tzimmermann(a)suse.de> drm/nouveau: Do not override forced connector status Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: safety check before fallback Arnd Bergmann <arnd(a)arndb.de> x86/irq: Define trace events conditionally Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't truncate cached, mutated symlink Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Set the SDOUT polarity correctly Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Fix power control mask Hector Martin <marcan(a)marcan.st> ASoC: tas2770: Fix volume scale Daniel Wagner <wagi(a)kernel.org> nvme: only allow entering LIVE from CONNECTING state Yu-Chun Lin <eleanor15x(a)gmail.com> sctp: Fix undefined behavior in left shift operation Ruozhu Li <david.li(a)jaguarmicro.com> nvmet-rdma: recheck queue state is LIVE in state lock in recv done Terry Cheong <htcheong(a)chromium.org> ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/cpufreq_cooling: Remove structure member documentation Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: Fix CHPID "configure" attribute caching Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: ignore non-functional sensor in HP 5MP Camera Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell Brahmajit Das <brahmajit.xyz(a)gmail.com> vboxsf: fix building with GCC 15 Eric W. Biederman <ebiederm(a)xmission.com> alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support Gannon Kolding <gannon.kolding(a)gmail.com> ACPI: resource: IRQ override for Eluktronics MECH-17 Magnus Lindholm <linmag7(a)gmail.com> scsi: qla1280: Fix kernel oops when debug level > 2 Chengen Du <chengen.du(a)canonical.com> iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> powercap: call put_device() on an error path in powercap_register_control_type() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> hrtimers: Mark is_migration_base() with __always_inline Daniel Wagner <wagi(a)kernel.org> nvme-fc: go straight to connecting state when initializing Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices Alexey Kashavkin <akashavkin(a)gmail.com> netfilter: nft_exthdr: fix offset with ipv4_find_option() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Prevent creation of classes with TC_H_ROOT Dan Carpenter <dan.carpenter(a)linaro.org> ipvs: prevent integer overflow in do_ip_vs_get_ctl() Kohei Enju <enjuk(a)amazon.com> netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5: handle errors in mlx5_chains_create_table() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() Breno Leitao <leitao(a)debian.org> netpoll: hold rcu read lock in __netpoll_send_skb() Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix memory leak in aRFS after reset Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. Florian Westphal <fw(a)strlen.de> netfilter: nft_ct: fix use after free when attaching zone template Florian Westphal <fw(a)strlen.de> netfilter: conntrack: convert to refcount_t api Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Fix incorrect regmap max_registers value Michael Kelley <mhklinux(a)outlook.com> fbdev: hyperv_fb: iounmap() the correct memory when removing a device Baoquan He <bhe(a)redhat.com> x86/kexec: fix memory leak of elf header buffer Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Wang Yufen <wangyufen(a)huawei.com> ipv6: Fix signed integer overflow in __ip6_append_data Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Prevent boot crash when the boot CPU is nohz_full David Woodhouse <dwmw(a)amazon.co.uk> clockevents/drivers/i8253: Fix stop sequence for timer 0 Eric Dumazet <edumazet(a)google.com> vlan: fix memory leak in vlan_newlink() ------------- Diffstat: Documentation/timers/no_hz.rst | 7 +- Makefile | 4 +- arch/alpha/include/asm/elf.h | 6 +- arch/alpha/include/asm/pgtable.h | 2 +- arch/alpha/include/asm/processor.h | 8 +- arch/alpha/kernel/osf_sys.c | 11 +- arch/arm/boot/dts/bcm2711.dtsi | 11 +- arch/arm/mach-shmobile/headsmp.S | 1 + arch/arm/mm/fault.c | 8 + arch/powerpc/platforms/cell/spufs/inode.c | 9 +- arch/x86/Kconfig | 2 +- arch/x86/entry/calling.h | 2 + arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/mshyperv.c | 11 - arch/x86/kernel/crash.c | 4 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/irq.c | 2 + arch/x86/kernel/machine_kexec_64.c | 12 +- arch/x86/kernel/process.c | 7 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/kvm/hyperv.c | 6 +- arch/x86/mm/pat/cpa-test.c | 2 +- block/bio.c | 2 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 13 + drivers/base/power/main.c | 21 +- drivers/base/power/runtime.c | 2 +- drivers/clk/meson/g12a.c | 38 +- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/clocksource/i8253.c | 36 +- drivers/counter/microchip-tcb-capture.c | 19 + drivers/counter/stm32-lptimer-cnt.c | 24 +- drivers/cpufreq/cpufreq_governor.c | 45 +- drivers/cpufreq/scpi-cpufreq.c | 5 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 8 +- drivers/edac/ie31200_edac.c | 19 +- drivers/firmware/imx/imx-scu.c | 1 + drivers/firmware/iscsi_ibft.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 106 +++- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 14 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 589 ++++++++------------- drivers/gpu/drm/amd/display/dc/dc.h | 1 + drivers/gpu/drm/amd/display/dc/dc_types.h | 5 - .../gpu/drm/amd/display/dc/dcn10/dcn10_dpp_dscl.c | 12 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 14 +- .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- .../drm/amd/display/dc/dml/display_mode_structs.h | 2 + .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 40 +- drivers/gpu/drm/amd/display/dc/inc/hw/transform.h | 4 - drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 +- drivers/gpu/drm/drm_atomic_uapi.c | 4 + drivers/gpu/drm/drm_connector.c | 4 + drivers/gpu/drm/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/gma500/mid_bios.c | 5 + drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +- drivers/gpu/drm/nouveau/nouveau_connector.c | 1 - drivers/gpu/drm/radeon/radeon_vce.c | 2 +- drivers/gpu/drm/v3d/v3d_sched.c | 9 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/hid-plantronics.c | 144 +++-- drivers/hid/hid-quirks.c | 1 + drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +- drivers/hv/vmbus_drv.c | 13 + drivers/hwmon/nct6775.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/i2c/busses/i2c-ali1535.c | 12 +- drivers/i2c/busses/i2c-ali15x3.c | 12 +- drivers/i2c/busses/i2c-omap.c | 26 +- drivers/i2c/busses/i2c-sis630.c | 12 +- drivers/i2c/i2c-dev.c | 15 +- drivers/iio/accel/mma8452.c | 10 +- drivers/infiniband/core/mad.c | 38 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 - drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 23 +- drivers/infiniband/hw/hns/hns_roce_hem.h | 2 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 4 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 +- drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mfd/sm501.c | 6 +- drivers/mmc/host/atmel-mci.c | 4 +- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/can/flexcan.c | 6 +- drivers/net/dsa/mv88e6xxx/chip.c | 11 +- drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/ethernet/intel/ice/ice_arfs.c | 2 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +- .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 + .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/net/usb/usbnet.c | 21 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/core.c | 2 - drivers/nvme/host/fc.c | 3 +- drivers/nvme/host/pci.c | 21 +- drivers/nvme/host/tcp.c | 5 +- drivers/nvme/target/rdma.c | 33 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 4 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/portdrv_core.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + drivers/platform/x86/intel-hid.c | 7 + drivers/power/supply/max77693_charger.c | 2 +- drivers/powercap/powercap_sys.c | 3 +- drivers/regulator/core.c | 12 +- drivers/remoteproc/qcom_q6v5_pas.c | 10 +- drivers/s390/cio/chp.c | 3 +- drivers/scsi/qla1280.c | 2 +- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/thermal/cpufreq_cooling.c | 2 - .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/serial/8250/8250_dma.c | 2 +- drivers/tty/serial/8250/8250_pci.c | 16 + drivers/tty/serial/fsl_lpuart.c | 25 +- drivers/usb/serial/ftdi_sio.c | 14 + drivers/usb/serial/ftdi_sio_ids.h | 13 + drivers/usb/serial/option.c | 48 +- drivers/video/console/Kconfig | 2 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/hyperv_fb.c | 2 +- drivers/video/fbdev/sm501fb.c | 7 + fs/affs/file.c | 9 +- fs/btrfs/extent-tree.c | 5 +- fs/exfat/fatent.c | 2 +- fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 +- fs/fuse/dir.c | 2 +- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/namei.c | 24 +- fs/nfs/delegation.c | 33 +- fs/nfsd/nfs4state.c | 31 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/proc/generic.c | 10 +- fs/proc/inode.c | 6 +- fs/proc/internal.h | 14 + fs/vboxsf/super.c | 3 +- include/drm/drm_dp_mst_helper.h | 7 + include/linux/fs.h | 2 + include/linux/i8253.h | 1 - include/linux/interrupt.h | 8 +- include/linux/netfilter/nf_conntrack_common.h | 8 +- include/linux/pm_runtime.h | 2 + include/linux/proc_fs.h | 7 +- include/linux/sched/smt.h | 2 +- include/net/ipv6.h | 4 +- kernel/events/ring_buffer.c | 2 +- kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/deadline.c | 2 +- kernel/time/hrtimer.c | 22 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events_synth.c | 30 +- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + lib/842/842_compress.c | 2 + net/8021q/vlan_netlink.c | 10 +- net/atm/lec.c | 3 +- net/atm/mpc.c | 2 + net/batman-adv/bat_iv_ogm.c | 3 +- net/batman-adv/bat_v_ogm.c | 3 +- net/bluetooth/6lowpan.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +- net/core/neighbour.c | 1 + net/core/netpoll.c | 9 +- net/core/rtnetlink.c | 3 + net/core/sock_map.c | 5 +- net/ipv4/ip_tunnel_core.c | 4 +- net/ipv6/addrconf.c | 37 +- net/ipv6/calipso.c | 21 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/netfilter/nf_socket_ipv6.c | 23 + net/ipv6/route.c | 5 +- net/mptcp/protocol.h | 2 + net/netfilter/ipvs/ip_vs_ctl.c | 8 +- net/netfilter/nf_conncount.c | 2 + net/netfilter/nf_conntrack_core.c | 48 +- net/netfilter/nf_conntrack_expect.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 7 +- net/netfilter/nf_conntrack_standalone.c | 7 +- net/netfilter/nf_flow_table_core.c | 2 +- net/netfilter/nf_synproxy_core.c | 1 - net/netfilter/nft_ct.c | 11 +- net/netfilter/nft_exthdr.c | 10 +- net/netfilter/nft_tunnel.c | 6 +- net/netfilter/xt_CT.c | 3 +- net/openvswitch/actions.c | 6 - net/openvswitch/conntrack.c | 1 - net/sched/act_ct.c | 1 - net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_api.c | 6 + net/sched/sch_skbprio.c | 3 - net/sctp/stream.c | 2 +- net/vmw_vsock/af_vsock.c | 6 +- net/xfrm/xfrm_output.c | 2 +- scripts/selinux/install_policy.sh | 15 +- sound/pci/hda/patch_realtek.c | 28 +- sound/soc/codecs/arizona.c | 14 +- sound/soc/codecs/madera.c | 10 +- sound/soc/codecs/tas2764.c | 10 +- sound/soc/codecs/tas2764.h | 8 +- sound/soc/codecs/tas2770.c | 2 +- sound/soc/codecs/wm0010.c | 13 +- sound/soc/codecs/wm5110.c | 8 +- sound/soc/sh/rcar/core.c | 14 - sound/soc/sh/rcar/rsnd.h | 1 - sound/soc/sh/rcar/src.c | 18 +- sound/soc/sof/intel/hda-codec.c | 1 + sound/soc/ti/j721e-evm.c | 2 + sound/usb/mixer_quirks.c | 51 ++ tools/perf/util/python.c | 17 +- tools/perf/util/units.c | 2 +- 243 files changed, 1863 insertions(+), 1177 deletions(-)

7 months

5
231
0 0

[PATCH 6.1 000/204] 6.1.134-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.134 release. There are 204 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Apr 2025 10:47:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.134-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.134-rc1 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Angelos Oikonomopoulos <angelos(a)igalia.com> arm64: Don't call NULL in do_compat_alignment_fixup() Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Norbert Szetei <norbert(a)doyensec.com> ksmbd: validate zero num_subauth before sub_auth is accessed Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix session use-after-free in multichannel connection Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_sessions_deregister() Norbert Szetei <norbert(a)doyensec.com> ksmbd: add bounds check for create lease context Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Josef Bacik <josef(a)toxicpanda.com> btrfs: handle errors from btrfs_dec_ref() properly Ivan Orlov <ivan.orlov0322(a)gmail.com> kunit/overflow: Fix UB in overflow_allocation_test Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Apply static call for drain_pebs Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Fix off-by-one error in build_prologue() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase ARCH_DMA_MINALIGN up to 16 Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: fix num_mec Jens Axboe <axboe(a)kernel.dk> io_uring/filetable: ensure node switch is always done, if needed Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Ido Schimmel <idosch(a)nvidia.com> ipv6: Do not consider link down nexthops in path selection Ido Schimmel <idosch(a)nvidia.com> ipv6: Start path selection from the first nexthop Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow David Oberhollenzer <david.oberhollenzer(a)sigma-star.at> net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix gang directory lifetimes Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Roger Quadros <rogerq(a)kernel.org> memory: omap-gpmc: drop no compatible check Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Keep display off while going into S4 Vladis Dronov <vdronov(a)redhat.com> x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA Wentao Guan <guanwentao(a)uniontech.com> HID: i2c-hid: improve i2c_hid_get_report error message Dmitry Panchenko <dmitry(a)d-systems.ee> platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Daniel Bárta <daniel.barta(a)trustlab.cz> ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Fix Asus Z13 2025 audio Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Matthias Proske <email(a)matthias-proske.de> wifi: brcmfmac: keep power during suspend if board requires it Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: use the right version of the rate API Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Josh Poimboeuf <jpoimboe(a)kernel.org> rcu-tasks: Always inline rcu_irq_work_resched() Josh Poimboeuf <jpoimboe(a)kernel.org> context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Lama Kayal <lkayal(a)nvidia.com> net/mlx5e: SHAMPO, Make reserved size independent of page size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Lubomir Rintel <lkundrak(a)v3.sk> rndis_host: Flag RNDIS modems as WWAN devices Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Marcus Meissner <meissner(a)suse.de> perf tools: annotate asm_pure_loop.S Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Benjamin Berg <benjamin.berg(a)intel.com> um: remove copy_from_kernel_nofault_allowed Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Anshuman Khandual <anshuman.khandual(a)arm.com> arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Ian Rogers <irogers(a)google.com> perf evlist: Add success path to evlist__create_syswide_maps Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: correct debug message page size calculation Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight-etm4x: add isb() before reading the TRCSTATR Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzv2m: Fix missing of_node_put() call Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Alice Ryhl <aliceryhl(a)google.com> rust: fix signature of rust_fmt_argument Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Select NUMA_NO_NODE to create map Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Fix calculation of total invalidated pages Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Fix string read in strncmp benchmark Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> drm/amd/display: avoid NPD when ASIC does not support DMUB Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix potential premature regulator disabling Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix error path after a call to regulator_bulk_get() Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Kai-Heng Feng <kaihengf(a)nvidia.com> PCI: Use downstream bridges for distributing resources José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Hermes Wu <Hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP V match check is not performed correctly Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Jiri Kosina <jkosina(a)suse.com> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> ASoC: cs35l41: check the return value from spi_setup() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: HEVC: Initialize start_bit field Chao Gao <chao.gao(a)intel.com> x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Peter Zijlstra <peterz(a)infradead.org> lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Stanislav Spassov <stanspas(a)amazon.de> x86/fpu: Fix guest FPU state buffer allocation size Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Konstantin Andreev <andreev(a)swemel.ru> smack: dont compile ipv6 code unless ipv6 is configured zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/compat_alignment.c | 2 + arch/loongarch/Kconfig | 4 +- arch/loongarch/include/asm/cache.h | 2 + arch/loongarch/net/bpf_jit.c | 7 +- arch/loongarch/net/bpf_jit.h | 5 + arch/powerpc/configs/mpc885_ads_defconfig | 2 +- arch/powerpc/platforms/cell/spufs/gang.c | 1 + arch/powerpc/platforms/cell/spufs/inode.c | 63 ++++++- arch/powerpc/platforms/cell/spufs/spufs.h | 2 + arch/riscv/include/asm/ftrace.h | 4 +- arch/um/include/shared/os.h | 1 - arch/um/kernel/Makefile | 2 +- arch/um/kernel/maccess.c | 19 -- arch/um/os-Linux/process.c | 51 ------ arch/x86/Kconfig | 2 +- arch/x86/entry/calling.h | 2 + arch/x86/events/intel/core.c | 47 ++--- arch/x86/events/intel/ds.c | 13 +- arch/x86/events/perf_event.h | 3 +- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/cpu/sgx/driver.c | 10 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/fpu/core.c | 6 +- arch/x86/kernel/process.c | 7 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/mm/mem_encrypt_identity.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 7 + drivers/base/power/main.c | 21 +-- drivers/base/power/runtime.c | 2 +- drivers/clk/meson/g12a.c | 38 ++-- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/cpufreq/cpufreq_governor.c | 45 ++--- drivers/cpufreq/scpi-cpufreq.c | 5 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 ++- drivers/crypto/nx/nx-common-pseries.c | 37 ++-- drivers/edac/ie31200_edac.c | 19 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 + .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 + .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- drivers/gpu/drm/bridge/ite-it6505.c | 7 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +++- drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 ++-- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/hid/Makefile | 1 - drivers/hid/i2c-hid/i2c-hid-core.c | 2 +- drivers/hwmon/nct6775-core.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 20 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 ++++- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/accel/msa311.c | 28 +-- drivers/iio/adc/ad7124.c | 35 +++- drivers/infiniband/core/device.c | 9 + drivers/infiniband/core/mad.c | 38 ++-- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/erdma/erdma_cm.c | 1 - drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/infiniband/hw/mlx5/odp.c | 10 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + .../platform/verisilicon/hantro_g2_hevc_dec.c | 1 + drivers/media/rc/streamzap.c | 2 +- drivers/memory/omap-gpmc.c | 20 -- drivers/mfd/sm501.c | 6 +- drivers/mmc/host/sdhci-omap.c | 4 +- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/dsa/mv88e6xxx/chip.c | 11 +- drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++++++++------- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/usb/usbnet.c | 6 +- .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++--- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 +- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/pci.c | 21 ++- drivers/nvme/host/tcp.c | 5 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 9 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/portdrv_core.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pci/setup-bus.c | 3 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 + drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + drivers/platform/x86/intel/hid.c | 7 + .../x86/intel/speed_select_if/isst_if_common.c | 2 +- drivers/power/supply/max77693_charger.c | 2 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 ++- drivers/remoteproc/qcom_q6v5_pas.c | 10 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/soundwire/slave.c | 1 + drivers/staging/rtl8723bs/Kconfig | 1 + .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/serial/fsl_lpuart.c | 25 ++- drivers/usb/host/xhci-mem.c | 6 +- drivers/video/console/Kconfig | 2 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/sm501fb.c | 7 + fs/affs/file.c | 9 +- fs/btrfs/extent-tree.c | 5 +- fs/exfat/fatent.c | 2 +- fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 ++- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 2 +- fs/fuse/file.c | 4 +- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/nfs/delegation.c | 33 ++-- fs/nfsd/nfs4state.c | 31 +++- fs/ntfs3/index.c | 4 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/smb/server/auth.c | 6 +- fs/smb/server/mgmt/user_session.c | 33 +++- fs/smb/server/mgmt/user_session.h | 2 + fs/smb/server/oplock.c | 8 + fs/smb/server/smb2pdu.c | 19 +- fs/smb/server/smbacl.c | 5 + include/drm/display/drm_dp_mst_helper.h | 7 + include/linux/context_tracking_irq.h | 8 +- include/linux/coresight.h | 4 + include/linux/fwnode.h | 2 +- include/linux/interrupt.h | 8 +- include/linux/pm_runtime.h | 2 + include/linux/rcupdate.h | 2 +- include/linux/sched/smt.h | 2 +- include/rdma/ib_verbs.h | 1 + io_uring/filetable.c | 2 +- kernel/events/ring_buffer.c | 2 +- kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/deadline.c | 2 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events_synth.c | 32 +++- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + lib/842/842_compress.c | 2 + lib/overflow_kunit.c | 3 +- lib/vsprintf.c | 2 +- mm/memory.c | 2 - net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +++-- net/core/rtnetlink.c | 3 + net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/udp.c | 16 +- net/ipv6/addrconf.c | 37 ++-- net/ipv6/calipso.c | 21 ++- net/ipv6/route.c | 42 ++++- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_skbprio.c | 3 - net/vmw_vsock/af_vsock.c | 6 +- rust/kernel/print.rs | 7 +- scripts/selinux/install_policy.sh | 15 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 10 +- sound/pci/hda/patch_realtek.c | 32 +++- sound/soc/codecs/cs35l41-spi.c | 4 +- sound/soc/fsl/imx-card.c | 4 + sound/soc/ti/j721e-evm.c | 2 + tools/lib/bpf/linker.c | 2 +- .../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 + tools/perf/util/evlist.c | 13 +- tools/perf/util/python.c | 17 +- tools/perf/util/units.c | 2 +- .../selftests/bpf/prog_tests/bloom_filter_map.c | 5 + tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +- 207 files changed, 1397 insertions(+), 779 deletions(-)

7 months

9
212
0 0

[PATCH 6.6 000/268] 6.6.87-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.87 release. There are 268 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Apr 2025 10:47:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.87-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.87-rc1 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Oleg Nesterov <oleg(a)redhat.com> exec: fix the racy usage of fs_struct->in_exec Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Angelos Oikonomopoulos <angelos(a)igalia.com> arm64: Don't call NULL in do_compat_alignment_fixup() Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Norbert Szetei <norbert(a)doyensec.com> ksmbd: validate zero num_subauth before sub_auth is accessed Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix session use-after-free in multichannel connection Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_sessions_deregister() Norbert Szetei <norbert(a)doyensec.com> ksmbd: add bounds check for create lease context Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add bounds check for durable handle context Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Miaoqian Lin <linmq006(a)gmail.com> mmc: omap: Fix memory leak in mmc_omap_new_slot Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Josef Bacik <josef(a)toxicpanda.com> btrfs: handle errors from btrfs_dec_ref() properly Ivan Orlov <ivan.orlov0322(a)gmail.com> kunit/overflow: Fix UB in overflow_allocation_test Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Apply static call for drain_pebs Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Tianyu Lan <tiala(a)microsoft.com> x86/hyperv: Fix check of return value from snp_set_vmsa() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Don't override subprog's return value Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Fix off-by-one error in build_prologue() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase ARCH_DMA_MINALIGN up to 16 Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check link_index before accessing dc->links[] Tengda Wu <wutengda(a)huaweicloud.com> tracing: Correct the refcount if the hist/hist_debug file fails to open Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/hist: Support POLLPRI event for poll on histogram Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/hist: Add poll(POLLIN) support on hist file Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace_events_hist.c code over to use guard() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Allow creating instances with specified system events Yeoreum Yun <yeoreum.yun(a)arm.com> perf/core: Fix child_total_time_enabled accounting bug at task exit Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: fix num_mec Dave Marquardt <davemarq(a)linux.ibm.com> net: ibmveth: make veth_pool_store stop hanging Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Ido Schimmel <idosch(a)nvidia.com> ipv6: Do not consider link down nexthops in path selection Ido Schimmel <idosch(a)nvidia.com> ipv6: Start path selection from the first nexthop Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow David Oberhollenzer <david.oberhollenzer(a)sigma-star.at> net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Antoine Tenart <atenart(a)kernel.org> net: decrease cached dst counters in dst_release Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't unregister hook when table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change k1 configuration on MTP and later platforms Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Herton R. Krzesinski <herton(a)redhat.com> x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: errata: Use medany for relocatable builds Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix gang directory lifetimes Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Roger Quadros <rogerq(a)kernel.org> memory: omap-gpmc: drop no compatible check Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Keep display off while going into S4 Keith Busch <kbusch(a)kernel.org> nvme-pci: fix stuck reset on concurrent DPC and HP Vladis Dronov <vdronov(a)redhat.com> x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Fix output argument to hypercall that changes page visibility Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state Naman Jain <namjain(a)linux.microsoft.com> x86/hyperv/vtl: Stop kernel from probing VTL0 low memory Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA Wentao Guan <guanwentao(a)uniontech.com> HID: i2c-hid: improve i2c_hid_get_report error message David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/vsec: Add Diamond Rapids support Dmitry Panchenko <dmitry(a)d-systems.ee> platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Namjae Jeon <linkinjeon(a)kernel.org> cifs: fix incorrect validation for num_aces field of smb_acl Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix perf_pmu_register() vs. perf_init_event() Daniel Bárta <daniel.barta(a)trustlab.cz> ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Fix Asus Z13 2025 audio Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Matthias Proske <email(a)matthias-proske.de> wifi: brcmfmac: keep power during suspend if board requires it Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: use the right version of the rate API Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Josh Poimboeuf <jpoimboe(a)kernel.org> rcu-tasks: Always inline rcu_irq_work_resched() Josh Poimboeuf <jpoimboe(a)kernel.org> context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() David Laight <david.laight.linux(a)gmail.com> objtool: Fix verbose disassembly if CROSS_COMPILE isn't set Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Rework the arch_kgdb_breakpoint() implementation 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix segfault in ignore_unreachable_insn() Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Lama Kayal <lkayal(a)nvidia.com> net/mlx5e: SHAMPO, Make reserved size independent of page size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix r_count dec/increment mismatch Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Lubomir Rintel <lkundrak(a)v3.sk> rndis_host: Flag RNDIS modems as WWAN devices Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix netns refcount imbalance causing leaks and use-after-free Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Shut down the nfs_client only after all the superblocks Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Marcus Meissner <meissner(a)suse.de> perf tools: annotate asm_pure_loop.S Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: n_tty: use uint for space returned by tty_write_room() 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Benjamin Berg <benjamin.berg(a)intel.com> um: hostfs: avoid issues on inode number reuse by host Benjamin Berg <benjamin.berg(a)intel.com> um: remove copy_from_kernel_nofault_allowed Cyan Yang <cyan.yang(a)sifive.com> selftests/mm/cow: fix the incorrect error handling Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Anshuman Khandual <anshuman.khandual(a)arm.com> arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX David Hildenbrand <david(a)redhat.com> kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Ian Rogers <irogers(a)google.com> perf evlist: Add success path to evlist__create_syswide_maps Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad4130: Fix comparison of channel setups Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Prevent integer overflow in hdr_first_de() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: correct debug message page size calculation Thomas Richter <tmricht(a)linux.ibm.com> perf bench: Fix perf bench syscall loop count Leo Yan <leo.yan(a)arm.com> perf arm-spe: Fix load-store operation checking Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Mario Limonciello <mario.limonciello(a)amd.com> ucsi_ccg: Don't show failed to get FW build information error James Clark <james.clark(a)linaro.org> perf pmu: Don't double count common sysfs and json events Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight-etm4x: add isb() before reading the TRCSTATR Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Ian Rogers <irogers(a)google.com> perf stat: Fix find_stat for mixed legacy/non-legacy events Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Remi Pommarel <repk(a)triplefau.lt> leds: Fix LED_OFF brightness race Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzv2m: Fix missing of_node_put() call Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Alice Ryhl <aliceryhl(a)google.com> rust: fix signature of rust_fmt_argument Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Select NUMA_NO_NODE to create map Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Fix calculation of total invalidated pages Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 Kees Bakker <kees(a)ijzerbout.nl> RDMA/mana_ib: Ensure variable err is initialized Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Fix string read in strncmp benchmark Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for sec spec check Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: histb: Fix an error handling path in histb_pcie_probe() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> drm/amd/display: avoid NPD when ASIC does not support DMUB Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Douglas Anderson <dianders(a)chromium.org> drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix potential premature regulator disabling Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix error path after a call to regulator_bulk_get() Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Use existing per-interface slice count in DSC timing Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't use active in atomic_check() Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Kai-Heng Feng <kaihengf(a)nvidia.com> PCI: Use downstream bridges for distributing resources José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Hermes Wu <Hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP V match check is not performed correctly Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Maud Spierings <maudspierings(a)gocontroll.com> dt-bindings: vendor-prefixes: add GOcontroll Jiri Kosina <jkosina(a)suse.com> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> ASoC: cs35l41: check the return value from spi_setup() Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-ddv: Fix temperature calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: HEVC: Initialize start_bit field Chao Gao <chao.gao(a)intel.com> x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Josh Poimboeuf <jpoimboe(a)kernel.org> x86/traps: Make exc_double_fault() consistently noreturn Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Disable the kernel perf counter during configure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Peter Zijlstra <peterz(a)infradead.org> lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Stanislav Spassov <stanspas(a)amazon.de> x86/fpu: Fix guest FPU state buffer allocation size Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Konstantin Andreev <andreev(a)swemel.ru> smack: dont compile ipv6 code unless ipv6 is configured zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch ------------- Diffstat: .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm64/kernel/compat_alignment.c | 2 + arch/loongarch/Kconfig | 4 +- arch/loongarch/include/asm/cache.h | 2 + arch/loongarch/kernel/kgdb.c | 5 +- arch/loongarch/net/bpf_jit.c | 12 +- arch/loongarch/net/bpf_jit.h | 5 + arch/powerpc/configs/mpc885_ads_defconfig | 2 +- arch/powerpc/platforms/cell/spufs/gang.c | 1 + arch/powerpc/platforms/cell/spufs/inode.c | 63 ++++++- arch/powerpc/platforms/cell/spufs/spufs.h | 2 + arch/riscv/errata/Makefile | 6 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/riscv/kvm/vcpu_pmu.c | 1 + arch/riscv/mm/hugetlbpage.c | 74 +++++--- arch/um/include/shared/os.h | 1 - arch/um/kernel/Makefile | 2 +- arch/um/kernel/maccess.c | 19 -- arch/um/os-Linux/process.c | 51 ------ arch/x86/Kconfig | 2 +- arch/x86/entry/calling.h | 2 + arch/x86/events/intel/core.c | 47 ++--- arch/x86/events/intel/ds.c | 13 +- arch/x86/events/perf_event.h | 3 +- arch/x86/hyperv/hv_vtl.c | 1 + arch/x86/hyperv/ivm.c | 5 +- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/sgx/driver.c | 10 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/fpu/core.c | 6 +- arch/x86/kernel/process.c | 7 +- arch/x86/kernel/traps.c | 18 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/lib/copy_user_64.S | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- arch/x86/mm/pat/memtype.c | 52 +++--- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 7 + drivers/acpi/x86/utils.c | 3 +- drivers/base/power/main.c | 21 +-- drivers/base/power/runtime.c | 2 +- drivers/clk/imx/clk-imx8mp-audiomix.c | 6 +- drivers/clk/meson/g12a.c | 38 ++-- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/cpufreq/cpufreq_governor.c | 45 ++--- drivers/cpufreq/scpi-cpufreq.c | 5 +- drivers/crypto/hisilicon/sec2/sec.h | 1 - drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 +++++-------- drivers/crypto/nx/nx-common-pseries.c | 37 ++-- drivers/dma/fsl-edma-main.c | 2 +- drivers/edac/i10nm_base.c | 2 + drivers/edac/ie31200_edac.c | 19 +- drivers/edac/skx_common.c | 33 ++++ drivers/edac/skx_common.h | 11 ++ drivers/firmware/cirrus/cs_dsp.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 -- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 + .../gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 + .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 + .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- drivers/gpu/drm/bridge/ite-it6505.c | 7 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/mediatek/mtk_dp.c | 6 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +++- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 - drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 8 +- drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 ++-- drivers/gpu/drm/msm/msm_dsc_helper.h | 11 -- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/hid/Makefile | 1 - drivers/hid/i2c-hid/i2c-hid-core.c | 2 +- drivers/hwmon/nct6775-core.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 20 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 ++++- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/accel/msa311.c | 28 +-- drivers/iio/adc/ad4130.c | 41 ++++- drivers/iio/adc/ad7124.c | 35 +++- drivers/infiniband/core/device.c | 9 + drivers/infiniband/core/mad.c | 38 ++-- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/erdma/erdma_cm.c | 1 - drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/infiniband/hw/mlx5/odp.c | 10 +- drivers/leds/led-core.c | 22 ++- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + .../platform/verisilicon/hantro_g2_hevc_dec.c | 1 + drivers/media/rc/streamzap.c | 2 +- drivers/memory/omap-gpmc.c | 20 -- drivers/mfd/sm501.c | 6 +- drivers/mmc/host/omap.c | 19 +- drivers/mmc/host/sdhci-omap.c | 4 +- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/dsa/mv88e6xxx/chip.c | 11 +- drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/ethernet/ibm/ibmveth.c | 39 ++-- drivers/net/ethernet/intel/e1000e/defines.h | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++++++- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 + drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++++++++------- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/usb/usbnet.c | 6 +- .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++--- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 +- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/pci.c | 34 +++- drivers/nvme/host/tcp.c | 5 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/dwc/pcie-histb.c | 12 +- drivers/pci/controller/pcie-brcmstb.c | 9 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/portdrv.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pci/setup-bus.c | 3 +- drivers/pinctrl/intel/pinctrl-intel.c | 1 - drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 + drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + drivers/platform/x86/dell/dell-wmi-ddv.c | 6 +- drivers/platform/x86/intel/hid.c | 7 + .../x86/intel/speed_select_if/isst_if_common.c | 2 +- drivers/platform/x86/intel/vsec.c | 7 + drivers/power/supply/max77693_charger.c | 2 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 ++- drivers/remoteproc/qcom_q6v5_pas.c | 12 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/soundwire/slave.c | 1 + drivers/staging/rtl8723bs/Kconfig | 1 + .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/n_tty.c | 13 +- drivers/usb/host/xhci-mem.c | 6 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +- drivers/vhost/scsi.c | 25 +-- drivers/video/console/Kconfig | 2 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/sm501fb.c | 7 + fs/affs/file.c | 9 +- fs/btrfs/extent-tree.c | 5 +- fs/exec.c | 15 +- fs/exfat/fatent.c | 2 +- fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 ++- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 2 +- fs/fuse/file.c | 4 +- fs/hostfs/hostfs.h | 2 +- fs/hostfs/hostfs_kern.c | 7 +- fs/hostfs/hostfs_user.c | 59 +++--- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/nfs/delegation.c | 33 ++-- fs/nfs/sysfs.c | 22 ++- fs/nfsd/nfs4state.c | 31 +++- fs/ntfs3/index.c | 4 +- fs/ntfs3/ntfs.h | 2 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/smb/client/cifsacl.c | 8 +- fs/smb/client/connect.c | 16 +- fs/smb/server/auth.c | 6 +- fs/smb/server/mgmt/user_session.c | 33 +++- fs/smb/server/mgmt/user_session.h | 2 + fs/smb/server/oplock.c | 12 +- fs/smb/server/smb2pdu.c | 40 ++-- fs/smb/server/smbacl.c | 5 + include/drm/display/drm_dp_mst_helper.h | 7 + include/linux/context_tracking_irq.h | 8 +- include/linux/coresight.h | 4 + include/linux/fwnode.h | 2 +- include/linux/interrupt.h | 8 +- include/linux/pgtable.h | 28 ++- include/linux/pm_runtime.h | 2 + include/linux/rcupdate.h | 2 +- include/linux/sched/smt.h | 2 +- include/linux/trace.h | 4 +- include/linux/trace_events.h | 14 ++ include/rdma/ib_verbs.h | 1 + kernel/events/core.c | 46 +++-- kernel/events/ring_buffer.c | 2 +- kernel/events/uprobes.c | 13 +- kernel/fork.c | 4 + kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/deadline.c | 2 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace.c | 23 ++- kernel/trace/trace.h | 1 + kernel/trace/trace_boot.c | 2 +- kernel/trace/trace_events.c | 62 ++++++- kernel/trace/trace_events_hist.c | 133 +++++++++++--- kernel/trace/trace_events_synth.c | 32 +++- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + lib/842/842_compress.c | 2 + lib/overflow_kunit.c | 3 +- lib/vsprintf.c | 2 +- mm/memory.c | 13 +- net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +++-- net/core/dst.c | 8 + net/core/rtnetlink.c | 3 + net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/udp.c | 16 +- net/ipv6/addrconf.c | 37 ++-- net/ipv6/calipso.c | 21 ++- net/ipv6/route.c | 42 ++++- net/mac80211/sta_info.c | 20 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_skbprio.c | 3 - net/vmw_vsock/af_vsock.c | 6 +- rust/kernel/print.rs | 7 +- samples/ftrace/sample-trace-array.c | 2 +- scripts/selinux/install_policy.sh | 15 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 10 +- sound/pci/hda/patch_realtek.c | 33 +++- sound/soc/codecs/cs35l41-spi.c | 4 +- sound/soc/codecs/rt5665.c | 24 +-- sound/soc/fsl/imx-card.c | 4 + sound/soc/ti/j721e-evm.c | 2 + tools/lib/bpf/linker.c | 2 +- tools/objtool/check.c | 35 +--- tools/perf/bench/syscall.c | 22 ++- .../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 + tools/perf/util/arm-spe.c | 8 +- tools/perf/util/evlist.c | 13 +- tools/perf/util/pmu.c | 7 +- tools/perf/util/pmu.h | 5 + tools/perf/util/pmus.c | 20 +- tools/perf/util/python.c | 17 +- tools/perf/util/stat-shadow.c | 3 +- tools/perf/util/units.c | 2 +- .../selftests/bpf/prog_tests/bloom_filter_map.c | 5 + tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +- tools/testing/selftests/mm/cow.c | 2 +- 280 files changed, 2331 insertions(+), 1182 deletions(-)

7 months

10
278
0 0

[PATCH] brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()

by Wentao Liang

The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl_cmd() fails and the 'state.state' and the 'state.bytes' are uninitialized. Fixes: 71bb244ba2fd ("brcm80211: fmac: add USB support for bcm43235/6/8 chipsets") Cc: stable(a)vger.kernel.org # v3.4+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c index 50dddac8a2ab..1c97cd777225 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c @@ -901,7 +901,9 @@ brcmf_usb_dl_writeimage(struct brcmf_usbdev_info *devinfo, u8 *fw, int fwlen) } /* 1) Prepare USB boot loader for runtime image */ - brcmf_usb_dl_cmd(devinfo, DL_START, &state, sizeof(state)); + err = brcmf_usb_dl_cmd(devinfo, DL_START, &state, sizeof(state)); + if (err) + goto fail; rdlstate = le32_to_cpu(state.state); rdlbytes = le32_to_cpu(state.bytes); -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH] kbuild: Add '-fno-builtin-wcslen'

by Nathan Chancellor

A recent optimization change in LLVM [1] aims to transform certain loop idioms into calls to strlen() or wcslen(). This change transforms the first while loop in UniStrcat() into a call to wcslen(), breaking the build when UniStrcat() gets inlined into alloc_path_with_tree_prefix(): ld.lld: error: undefined symbol: wcslen >>> referenced by nls_ucs2_utils.h:54 (fs/smb/client/../../nls/nls_ucs2_utils.h:54) >>> vmlinux.o:(alloc_path_with_tree_prefix) >>> referenced by nls_ucs2_utils.h:54 (fs/smb/client/../../nls/nls_ucs2_utils.h:54) >>> vmlinux.o:(alloc_path_with_tree_prefix) Disable this optimization with '-fno-builtin-wcslen', which prevents the compiler from assuming that wcslen() is available in the kernel's C library Cc: stable(a)vger.kernel.org Link: https://github.com/llvm/llvm-project/commit/9694844d7e36fd5e01011ab56b64f27… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 38689a0c3605..f42418556507 100644 --- a/Makefile +++ b/Makefile @@ -1068,6 +1068,9 @@ ifdef CONFIG_CC_IS_GCC KBUILD_CFLAGS += -fconserve-stack endif +# Ensure compilers do not transform certain loops into calls to wcslen() +KBUILD_CFLAGS += -fno-builtin-wcslen + # change __FILE__ to the relative path to the source directory ifdef building_out_of_srctree KBUILD_CPPFLAGS += $(call cc-option,-ffile-prefix-map=$(srcroot)/=) --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250407-fno-builtin-wcslen-90a858ae7d54 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

7 months

3
2
0 0

[PATCH net 0/2] mptcp: only inc MPJoinAckHMacFailure for HMAC failures

by Matthieu Baerts (NGI0)

Recently, during a debugging session using local MPTCP connections, I noticed MPJoinAckHMacFailure was strangely not zero on the server side. The first patch fixes this issue -- present since v5.9 -- and the second one validates it in the selftests. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (2): mptcp: only inc MPJoinAckHMacFailure for HMAC failures selftests: mptcp: validate MPJoin HMacFailure counters net/mptcp/subflow.c | 8 ++++++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) --- base-commit: 61f96e684edd28ca40555ec49ea1555df31ba619 change-id: 20250407-net-mptcp-hmac-failure-mib-66f599305ff3 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

7 months

3
3
0 0

+ mm-protect-kernel-pgtables-in-apply_to_pte_range.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: protect kernel pgtables in apply_to_pte_range() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-protect-kernel-pgtables-in-apply_to_pte_range.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: mm: protect kernel pgtables in apply_to_pte_range() Date: Tue, 8 Apr 2025 18:07:32 +0200 The lazy MMU mode can only be entered and left under the protection of the page table locks for all page tables which may be modified. Yet, when it comes to kernel mappings apply_to_pte_range() does not take any locks. That does not conform arch_enter|leave_lazy_mmu_mode() semantics and could potentially lead to re-schedulling a process while in lazy MMU mode or racing on a kernel page table updates. Link: https://lkml.kernel.org/r/ef8f6538b83b7fc3372602f90375348f9b4f3596.17441281… Fixes: 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Guenetr Roeck <linux(a)roeck-us.net> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jeremy Fitzhardinge <jeremy(a)goop.org> Cc: Juegren Gross <jgross(a)suse.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/shadow.c | 7 ++----- mm/memory.c | 5 ++++- 2 files changed, 6 insertions(+), 6 deletions(-) --- a/mm/kasan/shadow.c~mm-protect-kernel-pgtables-in-apply_to_pte_range +++ a/mm/kasan/shadow.c @@ -308,14 +308,14 @@ static int kasan_populate_vmalloc_pte(pt __memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE); pte = pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL); - spin_lock(&init_mm.page_table_lock); if (likely(pte_none(ptep_get(ptep)))) { set_pte_at(&init_mm, addr, ptep, pte); page = 0; } - spin_unlock(&init_mm.page_table_lock); + if (page) free_page(page); + return 0; } @@ -401,13 +401,10 @@ static int kasan_depopulate_vmalloc_pte( page = (unsigned long)__va(pte_pfn(ptep_get(ptep)) << PAGE_SHIFT); - spin_lock(&init_mm.page_table_lock); - if (likely(!pte_none(ptep_get(ptep)))) { pte_clear(&init_mm, addr, ptep); free_page(page); } - spin_unlock(&init_mm.page_table_lock); return 0; } --- a/mm/memory.c~mm-protect-kernel-pgtables-in-apply_to_pte_range +++ a/mm/memory.c @@ -2926,6 +2926,7 @@ static int apply_to_pte_range(struct mm_ pte = pte_offset_kernel(pmd, addr); if (!pte) return err; + spin_lock(&init_mm.page_table_lock); } else { if (create) pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); @@ -2951,7 +2952,9 @@ static int apply_to_pte_range(struct mm_ arch_leave_lazy_mmu_mode(); - if (mm != &init_mm) + if (mm == &init_mm) + spin_unlock(&init_mm.page_table_lock); + else pte_unmap_unlock(mapped_pte, ptl); *mask |= PGTBL_PTE_MODIFIED; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are kasan-avoid-sleepable-page-allocation-from-atomic-context.patch mm-cleanup-apply_to_pte_range-routine.patch mm-protect-kernel-pgtables-in-apply_to_pte_range.patch

7 months

1
0
0 0

+ mm-cleanup-apply_to_pte_range-routine.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: clean up apply_to_pte_range() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-cleanup-apply_to_pte_range-routine.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: mm: clean up apply_to_pte_range() Date: Tue, 8 Apr 2025 18:07:31 +0200 Reverse 'create' vs 'mm == &init_mm' conditions and move page table mask modification out of the atomic context. This is a prerequisite for fixing missing kernel page tables lock. Link: https://lkml.kernel.org/r/0c65bc334f17ff1d7d92d31c69d7065769bbce4e.17441281… Fixes: 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Guenetr Roeck <linux(a)roeck-us.net> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jeremy Fitzhardinge <jeremy(a)goop.org> Cc: Juegren Gross <jgross(a)suse.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) --- a/mm/memory.c~mm-cleanup-apply_to_pte_range-routine +++ a/mm/memory.c @@ -2915,24 +2915,28 @@ static int apply_to_pte_range(struct mm_ pte_fn_t fn, void *data, bool create, pgtbl_mod_mask *mask) { + int err = create ? -ENOMEM : -EINVAL; pte_t *pte, *mapped_pte; - int err = 0; spinlock_t *ptl; - if (create) { - mapped_pte = pte = (mm == &init_mm) ? - pte_alloc_kernel_track(pmd, addr, mask) : - pte_alloc_map_lock(mm, pmd, addr, &ptl); + if (mm == &init_mm) { + if (create) + pte = pte_alloc_kernel_track(pmd, addr, mask); + else + pte = pte_offset_kernel(pmd, addr); if (!pte) - return -ENOMEM; + return err; } else { - mapped_pte = pte = (mm == &init_mm) ? - pte_offset_kernel(pmd, addr) : - pte_offset_map_lock(mm, pmd, addr, &ptl); + if (create) + pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); + else + pte = pte_offset_map_lock(mm, pmd, addr, &ptl); if (!pte) - return -EINVAL; + return err; + mapped_pte = pte; } + err = 0; arch_enter_lazy_mmu_mode(); if (fn) { @@ -2944,12 +2948,14 @@ static int apply_to_pte_range(struct mm_ } } while (addr += PAGE_SIZE, addr != end); } - *mask |= PGTBL_PTE_MODIFIED; arch_leave_lazy_mmu_mode(); if (mm != &init_mm) pte_unmap_unlock(mapped_pte, ptl); + + *mask |= PGTBL_PTE_MODIFIED; + return err; } _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are kasan-avoid-sleepable-page-allocation-from-atomic-context.patch mm-cleanup-apply_to_pte_range-routine.patch mm-protect-kernel-pgtables-in-apply_to_pte_range.patch

7 months

1
0
0 0

+ kasan-avoid-sleepable-page-allocation-from-atomic-context.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: avoid sleepable page allocation from atomic context has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-avoid-sleepable-page-allocation-from-atomic-context.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: kasan: avoid sleepable page allocation from atomic context Date: Tue, 8 Apr 2025 18:07:30 +0200 Patch series "mm: Fix apply_to_pte_range() vs lazy MMU mode", v2. This series is an attempt to fix the violation of lazy MMU mode context requirement as described for arch_enter_lazy_mmu_mode(): This mode can only be entered and left under the protection of the page table locks for all page tables which may be modified. On s390 if I make arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preempt_disable() I am getting this: [ 553.332108] preempt_count: 1, expected: 0 [ 553.332117] no locks held by multipathd/2116. [ 553.332128] CPU: 24 PID: 2116 Comm: multipathd Kdump: loaded Tainted: [ 553.332139] Hardware name: IBM 3931 A01 701 (LPAR) [ 553.332146] Call Trace: [ 553.332152] [<00000000158de23a>] dump_stack_lvl+0xfa/0x150 [ 553.332167] [<0000000013e10d12>] __might_resched+0x57a/0x5e8 [ 553.332178] [<00000000144eb6c2>] __alloc_pages+0x2ba/0x7c0 [ 553.332189] [<00000000144d5cdc>] __get_free_pages+0x2c/0x88 [ 553.332198] [<00000000145663f6>] kasan_populate_vmalloc_pte+0x4e/0x110 [ 553.332207] [<000000001447625c>] apply_to_pte_range+0x164/0x3c8 [ 553.332218] [<000000001448125a>] apply_to_pmd_range+0xda/0x318 [ 553.332226] [<000000001448181c>] __apply_to_page_range+0x384/0x768 [ 553.332233] [<0000000014481c28>] apply_to_page_range+0x28/0x38 [ 553.332241] [<00000000145665da>] kasan_populate_vmalloc+0x82/0x98 [ 553.332249] [<00000000144c88d0>] alloc_vmap_area+0x590/0x1c90 [ 553.332257] [<00000000144ca108>] __get_vm_area_node.constprop.0+0x138/0x260 [ 553.332265] [<00000000144d17fc>] __vmalloc_node_range+0x134/0x360 [ 553.332274] [<0000000013d5dbf2>] alloc_thread_stack_node+0x112/0x378 [ 553.332284] [<0000000013d62726>] dup_task_struct+0x66/0x430 [ 553.332293] [<0000000013d63962>] copy_process+0x432/0x4b80 [ 553.332302] [<0000000013d68300>] kernel_clone+0xf0/0x7d0 [ 553.332311] [<0000000013d68bd6>] __do_sys_clone+0xae/0xc8 [ 553.332400] [<0000000013d68dee>] __s390x_sys_clone+0xd6/0x118 [ 553.332410] [<0000000013c9d34c>] do_syscall+0x22c/0x328 [ 553.332419] [<00000000158e7366>] __do_syscall+0xce/0xf0 [ 553.332428] [<0000000015913260>] system_call+0x70/0x98 This exposes a KASAN issue fixed with patch 1 and apply_to_pte_range() issue fixed with patch 3, while patch 2 is a prerequisite. Commit b9ef323ea168 ("powerpc/64s: Disable preemption in hash lazy mmu mode") looks like powerpc-only fix, yet not entirely conforming to the above provided requirement (page tables itself are still not protected). If I am not mistaken, xen and sparc are alike. This patch (of 3): apply_to_page_range() enters lazy MMU mode and then invokes kasan_populate_vmalloc_pte() callback on each page table walk iteration. The lazy MMU mode may only be entered only under protection of the page table lock. However, the callback can go into sleep when trying to allocate a single page. Change __get_free_page() allocation mode from GFP_KERNEL to GFP_ATOMIC to avoid scheduling out while in atomic context. Link: https://lkml.kernel.org/r/cover.1744128123.git.agordeev@linux.ibm.com Link: https://lkml.kernel.org/r/2d9f4ac4528701b59d511a379a60107fa608ad30.17441281… Fixes: 3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Guenetr Roeck <linux(a)roeck-us.net> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jeremy Fitzhardinge <jeremy(a)goop.org> Cc: Juegren Gross <jgross(a)suse.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/shadow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/kasan/shadow.c~kasan-avoid-sleepable-page-allocation-from-atomic-context +++ a/mm/kasan/shadow.c @@ -301,7 +301,7 @@ static int kasan_populate_vmalloc_pte(pt if (likely(!pte_none(ptep_get(ptep)))) return 0; - page = __get_free_page(GFP_KERNEL); + page = __get_free_page(GFP_ATOMIC); if (!page) return -ENOMEM; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are kasan-avoid-sleepable-page-allocation-from-atomic-context.patch mm-cleanup-apply_to_pte_range-routine.patch mm-protect-kernel-pgtables-in-apply_to_pte_range.patch

7 months

1
0
0 0

[PATCH v6 0/4] samsung: pinctrl: Add support for eint_fltcon_offset and filter selection on gs101

by Peter Griffin

Hi folks, This series fixes support for correctly saving and restoring fltcon0 and fltcon1 registers on gs101 for non-alive banks where the fltcon register offset is not at a fixed offset (unlike previous SoCs). This is done by adding a eint_fltcon_offset and providing GS101 specific pin macros that take an additional parameter (similar to how exynosautov920 handles it's eint_con_offset). Additionally the SoC specific suspend and resume callbacks are re-factored so that each SoC variant has it's own callback containing the peculiarities for that SoC. Finally support for filter selection on alive banks is added, this is currently only enabled for gs101. The code path can be excercised using `echo mem > /sys/power/state` regards, Peter To: Krzysztof Kozlowski <krzk(a)kernel.org> To: Sylwester Nawrocki <s.nawrocki(a)samsung.com> To: Alim Akhtar <alim.akhtar(a)samsung.com> To: Linus Walleij <linus.walleij(a)linaro.org> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-samsung-soc(a)vger.kernel.org Cc: linux-gpio(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: andre.draszik(a)linaro.org Cc: tudor.ambarus(a)linaro.org Cc: willmcvicker(a)google.com Cc: semen.protsenko(a)linaro.org Cc: kernel-team(a)android.com Cc: jaewon02.kim(a)samsung.com Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org> --- Changes in v6: - Make drvdata->suspend/resume symmetrically reversed (Krzysztof) - rebase on linux-next - Link to v5: https://lore.kernel.org/r/20250312-pinctrl-fltcon-suspend-v5-0-d98d5b271242… Changes in v5: - Split drvdata suspend & resume callbacks into a dedicated patch (Krzysztof) - Add comment about stable dependency (Krzysztof) - Add back in {} braces (Krzysztof) - Link to v4: https://lore.kernel.org/r/20250307-pinctrl-fltcon-suspend-v4-0-2d775e486036… Changes in v4: - save->eint_fltcon1 is an argument to pr_debug(), not readl() change alignment accordingly (Andre) - Link to v3: https://lore.kernel.org/r/20250306-pinctrl-fltcon-suspend-v3-0-f9ab4ff6a24e… Changes in v3: - Ensure EXYNOS_FLTCON_DIGITAL bit is cleared (Andre) - Make it obvious that exynos_eint_set_filter() is conditional on bank type (Andre) - Make it obvious exynos_set_wakeup() is conditional on bank type (Andre) - Align style where the '+' is placed first (Andre) - Remove unnecessary braces (Andre) - Link to v2: https://lore.kernel.org/r/20250301-pinctrl-fltcon-suspend-v2-0-a7eef9bb443b… Changes in v2: - Remove eint_flt_selectable bool as it can be deduced from EINT_TYPE_WKUP (Peter) - Move filter config register comment to header file (Andre) - Rename EXYNOS_FLTCON_DELAY to EXYNOS_FLTCON_ANALOG (Andre) - Remove misleading old comment (Andre) - Refactor exynos_eint_update_flt_reg() into a loop (Andre) - Split refactor of suspend/resume callbacks & gs101 parts into separate patches (Andre) - Link to v1: https://lore.kernel.org/r/20250120-pinctrl-fltcon-suspend-v1-0-e77900b2a854… --- Peter Griffin (4): pinctrl: samsung: refactor drvdata suspend & resume callbacks pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks pinctrl: samsung: Add filter selection support for alive bank on gs101 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 ++--- drivers/pinctrl/samsung/pinctrl-exynos.c | 294 +++++++++++++++---------- drivers/pinctrl/samsung/pinctrl-exynos.h | 28 ++- drivers/pinctrl/samsung/pinctrl-samsung.c | 21 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 8 +- 5 files changed, 252 insertions(+), 151 deletions(-) --- base-commit: cd37a617b4bfb43f84dbbf8058317b487f5203ae change-id: 20250120-pinctrl-fltcon-suspend-2333a137c4d4 Best regards, -- Peter Griffin <peter.griffin(a)linaro.org>

7 months

2
2
0 0

[PATCH v3] sched/rt: Fix race in push_rt_task

by Harshit Agarwal

Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migrated and is running on some other CPU. These cases are already handled. However, if the task is migrated and has already been executed and another CPU is now trying to wake it up (ttwu) such that it is queued again on the runqeue (on_rq is 1) and also if the task was run by the same CPU, then the current checks will pass even though the task was migrated out and is no longer in the pushable tasks list. Crashes ======= This bug resulted in quite a few flavors of crashes triggering kernel panics with various crash signatures such as assert failures, page faults, null pointer dereferences, and queue corruption errors all coming from scheduler itself. Some of the crashes: -> kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx >= MAX_RT_PRIO) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? pick_next_task_rt+0x6e/0x1d0 ? do_error_trap+0x64/0xa0 ? pick_next_task_rt+0x6e/0x1d0 ? exc_invalid_op+0x4c/0x60 ? pick_next_task_rt+0x6e/0x1d0 ? asm_exc_invalid_op+0x12/0x20 ? pick_next_task_rt+0x6e/0x1d0 __schedule+0x5cb/0x790 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb -> BUG: kernel NULL pointer dereference, address: 00000000000000c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? __warn+0x8a/0xe0 ? exc_page_fault+0x3d6/0x520 ? asm_exc_page_fault+0x1e/0x30 ? pick_next_task_rt+0xb5/0x1d0 ? pick_next_task_rt+0x8c/0x1d0 __schedule+0x583/0x7e0 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb -> BUG: unable to handle page fault for address: ffff9464daea5900 kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq->cpu != task_cpu(p)) -> kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq->nr_running) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? dequeue_top_rt_rq+0xa2/0xb0 ? do_error_trap+0x64/0xa0 ? dequeue_top_rt_rq+0xa2/0xb0 ? exc_invalid_op+0x4c/0x60 ? dequeue_top_rt_rq+0xa2/0xb0 ? asm_exc_invalid_op+0x12/0x20 ? dequeue_top_rt_rq+0xa2/0xb0 dequeue_rt_entity+0x1f/0x70 dequeue_task_rt+0x2d/0x70 __schedule+0x1a8/0x7e0 ? blk_finish_plug+0x25/0x40 schedule+0x3c/0xb0 futex_wait_queue_me+0xb6/0x120 futex_wait+0xd9/0x240 do_futex+0x344/0xa90 ? get_mm_exe_file+0x30/0x60 ? audit_exe_compare+0x58/0x70 ? audit_filter_rules.constprop.26+0x65e/0x1220 __x64_sys_futex+0x148/0x1f0 do_syscall_64+0x30/0x80 entry_SYSCALL_64_after_hwframe+0x62/0xc7 -> BUG: unable to handle page fault for address: ffff8cf3608bc2c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? spurious_kernel_fault+0x171/0x1c0 ? exc_page_fault+0x3b6/0x520 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? asm_exc_page_fault+0x1e/0x30 ? _cond_resched+0x15/0x30 ? futex_wait_queue_me+0xc8/0x120 ? futex_wait+0xd9/0x240 ? try_to_wake_up+0x1b8/0x490 ? futex_wake+0x78/0x160 ? do_futex+0xcd/0xa90 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? plist_del+0x6a/0xd0 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? dequeue_pushable_task+0x20/0x70 ? __schedule+0x382/0x7e0 ? asm_sysvec_reschedule_ipi+0xa/0x20 ? schedule+0x3c/0xb0 ? exit_to_user_mode_prepare+0x9e/0x150 ? irqentry_exit_to_user_mode+0x5/0x30 ? asm_sysvec_reschedule_ipi+0x12/0x20 Above are some of the common examples of the crashes that were observed due to this issue. Details ======= Let's look at the following scenario to understand this race. 1) CPU A enters push_rt_task a) CPU A has chosen next_task = task p. b) CPU A calls find_lock_lowest_rq(Task p, CPU Z’s rq). c) CPU A identifies CPU X as a destination CPU (X < Z). d) CPU A enters double_lock_balance(CPU Z’s rq, CPU X’s rq). e) Since X is lower than Z, CPU A unlocks CPU Z’s rq. Someone else has locked CPU X’s rq, and thus, CPU A must wait. 2) At CPU Z a) Previous task has completed execution and thus, CPU Z enters schedule, locks its own rq after CPU A releases it. b) CPU Z dequeues previous task and begins executing task p. c) CPU Z unlocks its rq. d) Task p yields the CPU (ex. by doing IO or waiting to acquire a lock) which triggers the schedule function on CPU Z. e) CPU Z enters schedule again, locks its own rq, and dequeues task p. f) As part of dequeue, it sets p.on_rq = 0 and unlocks its rq. 3) At CPU B a) CPU B enters try_to_wake_up with input task p. b) Since CPU Z dequeued task p, p.on_rq = 0, and CPU B updates B.state = WAKING. c) CPU B via select_task_rq determines CPU Y as the target CPU. 4) The race a) CPU A acquires CPU X’s lock and relocks CPU Z. b) CPU A reads task p.cpu = Z and incorrectly concludes task p is still on CPU Z. c) CPU A failed to notice task p had been dequeued from CPU Z while CPU A was waiting for locks in double_lock_balance. If CPU A knew that task p had been dequeued, it would return NULL forcing push_rt_task to give up the task p's migration. d) CPU B updates task p.cpu = Y and calls ttwu_queue. e) CPU B locks Ys rq. CPU B enqueues task p onto Y and sets task p.on_rq = 1. f) CPU B unlocks CPU Y, triggering memory synchronization. g) CPU A reads task p.on_rq = 1, cementing its assumption that task p has not migrated. h) CPU A decides to migrate p to CPU X. This leads to A dequeuing p from Y's queue and various crashes down the line. Solution ======== The solution here is fairly simple. After obtaining the lock (at 4a), the check is enhanced to make sure that the task is still at the head of the pushable tasks list. If not, then it is anyway not suitable for being pushed out. Testing ======= The fix is tested on a cluster of 3 nodes, where the panics due to this are hit every couple of days. A fix similar to this was deployed on such cluster and was stable for more than 30 days. Co-developed-by: Jon Kohler <jon(a)nutanix.com> Signed-off-by: Jon Kohler <jon(a)nutanix.com> Co-developed-by: Gauri Patwardhan <gauri.patwardhan(a)nutanix.com> Signed-off-by: Gauri Patwardhan <gauri.patwardhan(a)nutanix.com> Co-developed-by: Rahul Chunduru <rahul.chunduru(a)nutanix.com> Signed-off-by: Rahul Chunduru <rahul.chunduru(a)nutanix.com> Signed-off-by: Harshit Agarwal <harshit(a)nutanix.com> Tested-by: Will Ton <william.ton(a)nutanix.com> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Cc: stable(a)vger.kernel.org --- Changes in v2: - As per Steve's suggestion, removed some checks that are done after obtaining the lock that are no longer needed with the addition of new check. - Moved up is_migration_disabled check. - Link to v1: https://lore.kernel.org/lkml/20250211054646.23987-1-harshit@nutanix.com/ Changes in v3: - Updated commit message to add stable maintainers and reviewed-by tag. - Link to v2: https://lore.kernel.org/lkml/20250214170844.201692-1-harshit@nutanix.com/ --- kernel/sched/rt.c | 54 +++++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 4b8e33c615b1..4762dd3f50c5 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1885,6 +1885,27 @@ static int find_lowest_rq(struct task_struct *task) return -1; } +static struct task_struct *pick_next_pushable_task(struct rq *rq) +{ + struct task_struct *p; + + if (!has_pushable_tasks(rq)) + return NULL; + + p = plist_first_entry(&rq->rt.pushable_tasks, + struct task_struct, pushable_tasks); + + BUG_ON(rq->cpu != task_cpu(p)); + BUG_ON(task_current(rq, p)); + BUG_ON(task_current_donor(rq, p)); + BUG_ON(p->nr_cpus_allowed <= 1); + + BUG_ON(!task_on_rq_queued(p)); + BUG_ON(!rt_task(p)); + + return p; +} + /* Will lock the rq it finds */ static struct rq *find_lock_lowest_rq(struct task_struct *task, struct rq *rq) { @@ -1915,18 +1936,16 @@ static struct rq *find_lock_lowest_rq(struct task_struct *task, struct rq *rq) /* * We had to unlock the run queue. In * the mean time, task could have - * migrated already or had its affinity changed. - * Also make sure that it wasn't scheduled on its rq. + * migrated already or had its affinity changed, + * therefore check if the task is still at the + * head of the pushable tasks list. * It is possible the task was scheduled, set * "migrate_disabled" and then got preempted, so we must * check the task migration disable flag here too. */ - if (unlikely(task_rq(task) != rq || + if (unlikely(is_migration_disabled(task) || !cpumask_test_cpu(lowest_rq->cpu, &task->cpus_mask) || - task_on_cpu(rq, task) || - !rt_task(task) || - is_migration_disabled(task) || - !task_on_rq_queued(task))) { + task != pick_next_pushable_task(rq))) { double_unlock_balance(rq, lowest_rq); lowest_rq = NULL; @@ -1946,27 +1965,6 @@ static struct rq *find_lock_lowest_rq(struct task_struct *task, struct rq *rq) return lowest_rq; } -static struct task_struct *pick_next_pushable_task(struct rq *rq) -{ - struct task_struct *p; - - if (!has_pushable_tasks(rq)) - return NULL; - - p = plist_first_entry(&rq->rt.pushable_tasks, - struct task_struct, pushable_tasks); - - BUG_ON(rq->cpu != task_cpu(p)); - BUG_ON(task_current(rq, p)); - BUG_ON(task_current_donor(rq, p)); - BUG_ON(p->nr_cpus_allowed <= 1); - - BUG_ON(!task_on_rq_queued(p)); - BUG_ON(!rt_task(p)); - - return p; -} - /* * If the current CPU has more than one RT task, see if the non * running task can migrate over to a CPU that is running a task -- 2.22.3

7 months

6
11
0 0

[PATCH v3] sched_ext: Use kvzalloc for large exit_dump allocation

by Breno Leitao

Replace kzalloc with kvzalloc for the exit_dump buffer allocation, which can require large contiguous memory depending on the implementation. This change prevents allocation failures by allowing the system to fall back to vmalloc when contiguous memory allocation fails. Since this buffer is only used for debugging purposes, physical memory contiguity is not required, making vmalloc a suitable alternative. Cc: stable(a)vger.kernel.org Fixes: 07814a9439a3b0 ("sched_ext: Print debug dump after an error exit") Suggested-by: Rik van Riel <riel(a)surriel.com> Signed-off-by: Breno Leitao <leitao(a)debian.org> Acked-by: Andrea Righi <arighi(a)nvidia.com> --- Changes in v3: - Rewording the patch message - Link to v2: https://lore.kernel.org/r/20250408-scx-v2-1-1979fc040903@debian.org Changes in v2: - Use kvfree() on the free path as well. - Link to v1: https://lore.kernel.org/r/20250407-scx-v1-1-774ba74a2c17@debian.org --- kernel/sched/ext.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 66bcd40a28ca1..db9af6a3c04fd 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -4623,7 +4623,7 @@ static void scx_ops_bypass(bool bypass) static void free_exit_info(struct scx_exit_info *ei) { - kfree(ei->dump); + kvfree(ei->dump); kfree(ei->msg); kfree(ei->bt); kfree(ei); @@ -4639,7 +4639,7 @@ static struct scx_exit_info *alloc_exit_info(size_t exit_dump_len) ei->bt = kcalloc(SCX_EXIT_BT_LEN, sizeof(ei->bt[0]), GFP_KERNEL); ei->msg = kzalloc(SCX_EXIT_MSG_LEN, GFP_KERNEL); - ei->dump = kzalloc(exit_dump_len, GFP_KERNEL); + ei->dump = kvzalloc(exit_dump_len, GFP_KERNEL); if (!ei->bt || !ei->msg || !ei->dump) { free_exit_info(ei); --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250407-scx-11dbf94803c3 Best regards, -- Breno Leitao <leitao(a)debian.org>

7 months

3
2
0 0

[PATCH v2] sched/deadline: Fix race in push_dl_task

by Harshit Agarwal

This fix is the deadline version of the change made to the rt scheduler titled: "sched/rt: Fix race in push_rt_task". Here is the summary of the issue: When a CPU chooses to call push_dl_task and picks a task to push to another CPU's runqueue then it will call find_lock_later_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migrated and is running on some other CPU. These cases are already handled. However, if the task is migrated and has already been executed and another CPU is now trying to wake it up (ttwu) such that it is queued again on the runqeue (on_rq is 1) and also if the task was run by the same CPU, then the current checks will pass even though the task was migrated out and is no longer in the pushable tasks list. Please go through the original change for more details on the issue. In this fix, after the lock is obtained inside the find_lock_later_rq we ensure that the task is still at the head of pushable tasks list. Also removed some checks that are no longer needed with the addition this new check. However, the check of pushable tasks list only applies when find_lock_later_rq is called by push_dl_task. For the other caller i.e. dl_task_offline_migration, we use the existing checks. Signed-off-by: Harshit Agarwal <harshit(a)nutanix.com> Cc: stable(a)vger.kernel.org --- Changes in v2: - As per Juri's suggestion, moved the check inside find_lock_later_rq similar to rt change. Here we distinguish among the push_dl_task caller vs dl_task_offline_migration by checking if the task is throttled or not. - Fixed the commit message to refer to the rt change by title. - Link to v1: https://lore.kernel.org/lkml/20250307204255.60640-1-harshit@nutanix.com/ --- kernel/sched/deadline.c | 66 ++++++++++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 24 deletions(-) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 38e4537790af..2366801b4557 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -2621,6 +2621,25 @@ static int find_later_rq(struct task_struct *task) return -1; } +static struct task_struct *pick_next_pushable_dl_task(struct rq *rq) +{ + struct task_struct *p; + + if (!has_pushable_dl_tasks(rq)) + return NULL; + + p = __node_2_pdl(rb_first_cached(&rq->dl.pushable_dl_tasks_root)); + + WARN_ON_ONCE(rq->cpu != task_cpu(p)); + WARN_ON_ONCE(task_current(rq, p)); + WARN_ON_ONCE(p->nr_cpus_allowed <= 1); + + WARN_ON_ONCE(!task_on_rq_queued(p)); + WARN_ON_ONCE(!dl_task(p)); + + return p; +} + /* Locks the rq it finds */ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq) { @@ -2648,12 +2667,30 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq) /* Retry if something changed. */ if (double_lock_balance(rq, later_rq)) { - if (unlikely(task_rq(task) != rq || + /* + * We had to unlock the run queue. In the meantime, + * task could have migrated already or had its affinity + * changed. + * It is possible the task was scheduled, set + * "migrate_disabled" and then got preempted, so we must + * check the task migration disable flag here too. + * For throttled task (dl_task_offline_migration), we + * check if the task is migrated to a different rq or + * is not a dl task anymore. + * For the non-throttled task (push_dl_task), the check + * to ensure that this task is still at the head of the + * pushable tasks list is enough. + */ + if (unlikely(is_migration_disabled(task) || !cpumask_test_cpu(later_rq->cpu, &task->cpus_mask) || - task_on_cpu(rq, task) || - !dl_task(task) || - is_migration_disabled(task) || - !task_on_rq_queued(task))) { + (task->dl.dl_throttled && + (task_rq(task) != rq || + task_on_cpu(rq, task) || + !dl_task(task) || + !task_on_rq_queued(task))) || + (!task->dl.dl_throttled && + task != pick_next_pushable_dl_task(rq)))) { + double_unlock_balance(rq, later_rq); later_rq = NULL; break; @@ -2676,25 +2713,6 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq) return later_rq; } -static struct task_struct *pick_next_pushable_dl_task(struct rq *rq) -{ - struct task_struct *p; - - if (!has_pushable_dl_tasks(rq)) - return NULL; - - p = __node_2_pdl(rb_first_cached(&rq->dl.pushable_dl_tasks_root)); - - WARN_ON_ONCE(rq->cpu != task_cpu(p)); - WARN_ON_ONCE(task_current(rq, p)); - WARN_ON_ONCE(p->nr_cpus_allowed <= 1); - - WARN_ON_ONCE(!task_on_rq_queued(p)); - WARN_ON_ONCE(!dl_task(p)); - - return p; -} - /* * See if the non running -deadline tasks on this rq * can be sent to some other CPU where they can preempt -- 2.39.3

7 months

2
2
0 0

[PATCH] irqchip/loongson-liointc: Support to set IRQ_TYPE_EDGE_BOTH

by Huacai Chen

Some peripheral subsystems request IRQ_TYPE_EDGE_BOTH interrupt type and report request failures on LIOINTC. To avoid such failures we support to set IRQ_TYPE_EDGE_BOTH type on LIOINTC, by setting LIOINTC_REG_INTC_EDGE to true and keep LIOINTC_REG_INTC_POL as is. Cc: stable(a)vger.kernel.org Signed-off-by: Yinbo Zhu <zhuyinbo(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/irqchip/irq-loongson-liointc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/irqchip/irq-loongson-liointc.c b/drivers/irqchip/irq-loongson-liointc.c index 2b1bd4a96665..c0c8ef8d27cf 100644 --- a/drivers/irqchip/irq-loongson-liointc.c +++ b/drivers/irqchip/irq-loongson-liointc.c @@ -128,6 +128,10 @@ static int liointc_set_type(struct irq_data *data, unsigned int type) liointc_set_bit(gc, LIOINTC_REG_INTC_EDGE, mask, false); liointc_set_bit(gc, LIOINTC_REG_INTC_POL, mask, true); break; + case IRQ_TYPE_EDGE_BOTH: + liointc_set_bit(gc, LIOINTC_REG_INTC_EDGE, mask, true); + /* Requester need "both", keep LIOINTC_REG_INTC_POL as is */ + break; case IRQ_TYPE_EDGE_RISING: liointc_set_bit(gc, LIOINTC_REG_INTC_EDGE, mask, true); liointc_set_bit(gc, LIOINTC_REG_INTC_POL, mask, false); -- 2.47.1

7 months

3
7
0 0

[PATCH] tpm: Mask TPM RC in tpm2_start_auth_session()

by Jarkko Sakkinen

tpm2_start_auth_session() does not mask TPM RC correctly from the callers: [ 28.766528] tpm tpm0: A TPM error (2307) occurred start auth session Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX error codes. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Reported-by: Herbert Xu <herbert(a)gondor.apana.org.au> Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.a… Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- drivers/char/tpm/tpm2-sessions.c | 34 ++++++++++++++++---------------- include/linux/tpm.h | 1 + 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 3f89635ba5e8..1ed23375e4cb 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -40,11 +40,6 @@ * * These are the usage functions: * - * tpm2_start_auth_session() which allocates the opaque auth structure - * and gets a session from the TPM. This must be called before - * any of the following functions. The session is protected by a - * session_key which is derived from a random salt value - * encrypted to the NULL seed. * tpm2_end_auth_session() kills the session and frees the resources. * Under normal operation this function is done by * tpm_buf_check_hmac_response(), so this is only to be used on @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) } /** - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM - * @chip: the TPM chip structure to create the session with + * tpm2_start_auth_session() - Create an a HMAC authentication session + * @chip: A TPM chip * - * This function loads the NULL seed from its saved context and starts - * an authentication session on the null seed, fills in the - * @chip->auth structure to contain all the session details necessary - * for performing the HMAC, encrypt and decrypt operations and - * returns. The NULL seed is flushed before this function returns. + * Loads the ephemeral key (null seed), and starts an HMAC authenticated + * session. The null seed is flushed before the return. * - * Return: zero on success or actual error encountered. + * Returns zero on success, or a POSIX error code. */ int tpm2_start_auth_session(struct tpm_chip *chip) { @@ -1024,11 +1016,19 @@ int tpm2_start_auth_session(struct tpm_chip *chip) /* hash algorithm for session */ tpm_buf_append_u16(&buf, TPM_ALG_SHA256); - rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); + rc = tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"); tpm2_flush_context(chip, null_key); - - if (rc == TPM2_RC_SUCCESS) - rc = tpm2_parse_start_auth_session(auth, &buf); + switch (rc) { + case TPM2_RC_SUCCESS: + break; + case TPM2_RC_SESSION_MEMORY: + rc = -ENOMEM; + goto out; + default: + rc = -EFAULT; + goto out; + } + rc = tpm2_parse_start_auth_session(auth, &buf); tpm_buf_destroy(&buf); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 6c3125300c00..c1d3d60b416f 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -257,6 +257,7 @@ enum tpm2_return_codes { TPM2_RC_TESTING = 0x090A, /* RC_WARN */ TPM2_RC_REFERENCE_H0 = 0x0910, TPM2_RC_RETRY = 0x0922, + TPM2_RC_SESSION_MEMORY = 0x0903, }; enum tpm2_command_codes { -- 2.39.5

7 months

2
10
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) in vmlinux (scripts/Makefile.vmlinux:34) [logspec:kbuild,kbuild.co...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- in vmlinux (scripts/Makefile.vmlinux:34) [logspec:kbuild,kbuild.compiler.linker_error] --- - dashboard: https://d.kernelci.org/i/maestro:044a06526d293c2801fdbdc2f440e46bd3b51a52 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 8e9508dd93587658f8f8116bc709aeb272144427 Log excerpt: ===================================================== ld.lld: error: ./arch/arm/kernel/vmlinux.lds:36: ( expected, but got } >>> __vectors_lma = .; OVERLAY 0xffff0000 : AT(__vectors_lma) { .vectors { OVERLAY_KEEP(*(.vectors)) } .vectors.bhb.loop8 { OVERLAY_KEEP(*(.vectors.bhb.loop8)) } .vectors.bhb.bpiall { OVERLAY_KEEP(*(.vectors.bhb.bpiall)) } } __vectors_start = LOADADDR(.vectors); __vectors_end = LOADADDR(.vectors) + SIZEOF(.vectors); __vectors_bhb_loop8_start = LOADADDR(.vectors.bhb.loop8); __vectors_bhb_loop8_end = LOADADDR(.vectors.bhb.loop8) + SIZEOF(.vectors.bhb.loop8); __vectors_bhb_bpiall_start = LOADADDR(.vectors.bhb.bpiall); __vectors_bhb_bpiall_end = LOADADDR(.vectors.bhb.bpiall) + SIZEOF(.vectors.bhb.bpiall); . = __vectors_lma + SIZEOF(.vectors) + SIZEOF(.vectors.bhb.loop8) + SIZEOF(.vectors.bhb.bpiall); __stubs_lma = .; .stubs ADDR(.vectors) + 0x1000 : AT(__stubs_lma) { *(.stubs) } __stubs_start = LOADADDR(.stubs); __stubs_end = LOADADDR(.stubs) + SIZEOF(.stubs); . = __stubs_lma + SIZEOF(.stubs); PROVIDE(vector_fiq_offset = vector_fiq - ADDR(.vectors)); >>> ^ ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67f50be06fa43d168f278ccc #kernelci issue maestro:044a06526d293c2801fdbdc2f440e46bd3b51a52 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

7 months

1
0
0 0

[PATCH 6.6.y 0/6] Backported patches to fix selftest tpdir2

by Kang Wenlin

From: Wenlin Kang <wenlin.kang(a)windriver.com> The selftest tpdir2 terminated with a 'Segmentation fault' during loading. root@localhost:~# cd linux-kenel/tools/testing/selftests/arm64/abi && make root@localhost:~/linux-kernel/tools/testing/selftests/arm64/abi# ./tpidr2 Segmentation fault The cause of this is the __arch_clear_user() failure. load_elf_binary() [fs/binfmt_elf.c] -> if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bes))) -> padzero() -> clear_user() [arch/arm64/include/asm/uaccess.h] -> __arch_clear_user() [arch/arm64/lib/clear_user.S] For more details, please see: https://lore.kernel.org/lkml/1d0342f3-0474-482b-b6db-81ca7820a462@t-8ch.de/… This issue has been fixed in the mainline. Here I have backported the relevant commits for the linux-6.6.y branch and attached them. With these patches, tpdir2 works as: root@localhost:~/linux-kernel/tools/testing/selftests/arm64/abi# ./tpidr2 TAP version 13 1..5 ok 0 skipped, TPIDR2 not supported ok 1 skipped, TPIDR2 not supported ok 2 skipped, TPIDR2 not supported ok 3 skipped, TPIDR2 not supported ok 4 skipped, TPIDR2 not supported This issue is resolved by the first patch. However, to ensure functional completeness, all related patches were backported according to the following link. https://lore.kernel.org/all/20230929031716.it.155-kees@kernel.org/#t Eric W. Biederman (1): binfmt_elf: Support segments with 0 filesz and misaligned starts Kees Cook (5): binfmt_elf: elf_bss no longer used by load_elf_binary() binfmt_elf: Use elf_load() for interpreter binfmt_elf: Use elf_load() for library binfmt_elf: Only report padzero() errors when PROT_WRITE mm: Remove unused vm_brk() fs/binfmt_elf.c | 215 ++++++++++++++++----------------------------- include/linux/mm.h | 3 +- mm/mmap.c | 6 -- mm/nommu.c | 5 -- 4 files changed, 76 insertions(+), 153 deletions(-) -- 2.43.0

7 months

4
18
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) variable 'base_clk' is used uninitialized whenever 'if' condition ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- variable 'base_clk' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] in drivers/mmc/host/sdhci-brcmstb.o (drivers/mmc/host/sdhci-brcmstb.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:eb9b0da83cc077e6176b9903d98f0f78704ac17f - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0b4857306c618d2052f6455b90747ef1df364ecd Log excerpt: ===================================================== drivers/mmc/host/sdhci-brcmstb.c:303:6: error: variable 'base_clk' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] 303 | if (res) | ^~~ drivers/mmc/host/sdhci-brcmstb.c:377:24: note: uninitialized use occurs here 377 | clk_disable_unprepare(base_clk); | ^~~~~~~~ drivers/mmc/host/sdhci-brcmstb.c:303:2: note: remove the 'if' if its condition is always false 303 | if (res) | ^~~~~~~~ 304 | goto err; | ~~~~~~~~ drivers/mmc/host/sdhci-brcmstb.c:296:6: error: variable 'base_clk' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] 296 | if (IS_ERR(priv->cfg_regs)) { | ^~~~~~~~~~~~~~~~~~~~~~ drivers/mmc/host/sdhci-brcmstb.c:377:24: note: uninitialized use occurs here 377 | clk_disable_unprepare(base_clk); | ^~~~~~~~ drivers/mmc/host/sdhci-brcmstb.c:296:2: note: remove the 'if' if its condition is always false 296 | if (IS_ERR(priv->cfg_regs)) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 297 | res = PTR_ERR(priv->cfg_regs); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 298 | goto err; | ~~~~~~~~~ 299 | } | ~ drivers/mmc/host/sdhci-brcmstb.c:281:6: error: variable 'base_clk' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] 281 | if (IS_ERR(host)) { | ^~~~~~~~~~~~ drivers/mmc/host/sdhci-brcmstb.c:377:24: note: uninitialized use occurs here 377 | clk_disable_unprepare(base_clk); | ^~~~~~~~ drivers/mmc/host/sdhci-brcmstb.c:281:2: note: remove the 'if' if its condition is always false 281 | if (IS_ERR(host)) { | ^~~~~~~~~~~~~~~~~~~ 282 | res = PTR_ERR(host); | ~~~~~~~~~~~~~~~~~~~~ 283 | goto err_clk; | ~~~~~~~~~~~~~ 284 | } | ~ drivers/mmc/host/sdhci-brcmstb.c:260:22: note: initialize the variable 'base_clk' to silence this warning 260 | struct clk *base_clk; | ^ | = NULL 3 errors generated. CC [M] drivers/gpu/drm/drm_gem.o CC [M] drivers/staging/rtl8723bs/hal/odm_EdcaTurboCheck.o CC [M] drivers/net/ethernet/rocker/rocker_tlv.o CC [M] drivers/staging/nvec/nvec.o CC [M] drivers/staging/media/zoran/zoran_card.o ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67f509a66fa43d168f278a2b #kernelci issue maestro:eb9b0da83cc077e6176b9903d98f0f78704ac17f Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

7 months

1
0
0 0

[PATCH] USB: VLI disk crashes if LPM is used

by Oliver Neukum

This device needs the NO_LPM quirk. CC: stable(a)vger.kernel.org Signed-off-by: Oliver Neukum <oneukum(a)suse.com> --- drivers/usb/core/quirks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index 8efbacc5bc34..ad7b0ec59836 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -539,6 +539,9 @@ static const struct usb_device_id usb_quirk_list[] = { { USB_DEVICE(0x2040, 0x7200), .driver_info = USB_QUIRK_CONFIG_INTF_STRINGS }, + /* VLI disk */ + { USB_DEVICE(0x2109, 0x0711), .driver_info = USB_QUIRK_NO_LPM }, + /* Raydium Touchscreen */ { USB_DEVICE(0x2386, 0x3114), .driver_info = USB_QUIRK_NO_LPM }, -- 2.49.0

7 months

1
0
0 0

[PATCH v2] sched_ext: Use kvzalloc for large exit_dump allocation

by Breno Leitao

Replace kzalloc with kvzalloc for the exit_dump buffer allocation, which can require large contiguous memory (up to order=9) depending on the implementation. This change prevents allocation failures by allowing the system to fall back to vmalloc when contiguous memory allocation fails. Since this buffer is only used for debugging purposes, physical memory contiguity is not required, making vmalloc a suitable alternative. Cc: stable(a)vger.kernel.org Fixes: 07814a9439a3b0 ("sched_ext: Print debug dump after an error exit") Suggested-by: Rik van Riel <riel(a)surriel.com> Signed-off-by: Breno Leitao <leitao(a)debian.org> Acked-by: Andrea Righi <arighi(a)nvidia.com> --- Changes in v2: - Use kvfree() on the free path as well. - Link to v1: https://lore.kernel.org/r/20250407-scx-v1-1-774ba74a2c17@debian.org --- kernel/sched/ext.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 66bcd40a28ca1..db9af6a3c04fd 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -4623,7 +4623,7 @@ static void scx_ops_bypass(bool bypass) static void free_exit_info(struct scx_exit_info *ei) { - kfree(ei->dump); + kvfree(ei->dump); kfree(ei->msg); kfree(ei->bt); kfree(ei); @@ -4639,7 +4639,7 @@ static struct scx_exit_info *alloc_exit_info(size_t exit_dump_len) ei->bt = kcalloc(SCX_EXIT_BT_LEN, sizeof(ei->bt[0]), GFP_KERNEL); ei->msg = kzalloc(SCX_EXIT_MSG_LEN, GFP_KERNEL); - ei->dump = kzalloc(exit_dump_len, GFP_KERNEL); + ei->dump = kvzalloc(exit_dump_len, GFP_KERNEL); if (!ei->bt || !ei->msg || !ei->dump) { free_exit_info(ei); --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250407-scx-11dbf94803c3 Best regards, -- Breno Leitao <leitao(a)debian.org>

7 months

2
4
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) in vmlinux (vmlinux.lds) [logspec:kbuild,kbuild.compiler]

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- in vmlinux (vmlinux.lds) [logspec:kbuild,kbuild.compiler] --- - dashboard: https://d.kernelci.org/i/maestro:d8582423f1574ae10cdbf6f1574cd2d49264d0a7 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 8e9508dd93587658f8f8116bc709aeb272144427 Log excerpt: ===================================================== arm-linux-gnueabihf-ld:./arch/arm/kernel/vmlinux.lds:31: syntax error ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67f50ceb6fa43d168f278da2 ## omap2plus_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67f50c246fa43d168f278cf0 ## vexpress_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67f50c296fa43d168f278cf3 #kernelci issue maestro:d8582423f1574ae10cdbf6f1574cd2d49264d0a7 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

7 months

1
0
0 0

[PATCH 1/3] can: kvaser_pciefd: Force IRQ edge in case of nested IRQ

by Axel Forsman

Avoid the driver missing IRQs by temporarily masking IRQs in the ISR to enforce an edge even if a different IRQ is signalled before handled IRQs are cleared. Fixes: 48f827d4f48f ("can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR") Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> --- drivers/net/can/kvaser_pciefd.c | 83 ++++++++++++++++----------------- 1 file changed, 39 insertions(+), 44 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index fa04a7ced02b..0d1b895509c3 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1646,24 +1646,28 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) return res; } -static u32 kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) +static void kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) { + __le32 __iomem *srb_cmd_reg = KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG; u32 irq = ioread32(KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) { + kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, srb_cmd_reg); /* Rearm buffer */ + } + + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) { kvaser_pciefd_read_buffer(pcie, 1); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB1, srb_cmd_reg); /* Rearm buffer */ + } if (unlikely(irq & KVASER_PCIEFD_SRB_IRQ_DOF0 || irq & KVASER_PCIEFD_SRB_IRQ_DOF1 || irq & KVASER_PCIEFD_SRB_IRQ_DUF0 || irq & KVASER_PCIEFD_SRB_IRQ_DUF1)) dev_err(&pcie->pci->dev, "DMA IRQ error 0x%08X\n", irq); - - iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - return irq; } static void kvaser_pciefd_transmit_irq(struct kvaser_pciefd_can *can) @@ -1691,29 +1695,22 @@ static irqreturn_t kvaser_pciefd_irq_handler(int irq, void *dev) struct kvaser_pciefd *pcie = (struct kvaser_pciefd *)dev; const struct kvaser_pciefd_irq_mask *irq_mask = pcie->driver_data->irq_mask; u32 pci_irq = ioread32(KVASER_PCIEFD_PCI_IRQ_ADDR(pcie)); - u32 srb_irq = 0; - u32 srb_release = 0; int i; if (!(pci_irq & irq_mask->all)) return IRQ_NONE; + iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + if (pci_irq & irq_mask->kcan_rx0) - srb_irq = kvaser_pciefd_receive_irq(pcie); + kvaser_pciefd_receive_irq(pcie); for (i = 0; i < pcie->nr_channels; i++) { if (pci_irq & irq_mask->kcan_tx[i]) kvaser_pciefd_transmit_irq(pcie->can[i]); } - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB0; - - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD1) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB1; - - if (srb_release) - iowrite32(srb_release, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); return IRQ_HANDLED; } @@ -1733,13 +1730,22 @@ static void kvaser_pciefd_teardown_can_ctrls(struct kvaser_pciefd *pcie) } } +static void kvaser_pciefd_disable_irq_srcs(struct kvaser_pciefd *pcie) +{ + unsigned int i; + + /* Masking PCI_IRQ is insufficient as running ISR will unmask it */ + iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); + for (i = 0; i < pcie->nr_channels; ++i) + iowrite32(0, pcie->can[i]->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); +} + static int kvaser_pciefd_probe(struct pci_dev *pdev, const struct pci_device_id *id) { int ret; struct kvaser_pciefd *pcie; const struct kvaser_pciefd_irq_mask *irq_mask; - void __iomem *irq_en_base; pcie = devm_kzalloc(&pdev->dev, sizeof(*pcie), GFP_KERNEL); if (!pcie) @@ -1805,8 +1811,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); /* Enable PCI interrupts */ - irq_en_base = KVASER_PCIEFD_PCI_IEN_ADDR(pcie); - iowrite32(irq_mask->all, irq_en_base); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); /* Ready the DMA buffers */ iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); @@ -1820,8 +1825,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return 0; err_free_irq: - /* Disable PCI interrupts */ - iowrite32(0, irq_en_base); + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); err_pci_free_irq_vectors: @@ -1844,35 +1848,26 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return ret; } -static void kvaser_pciefd_remove_all_ctrls(struct kvaser_pciefd *pcie) -{ - int i; - - for (i = 0; i < pcie->nr_channels; i++) { - struct kvaser_pciefd_can *can = pcie->can[i]; - - if (can) { - iowrite32(0, can->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); - unregister_candev(can->can.dev); - del_timer(&can->bec_poll_timer); - kvaser_pciefd_pwm_stop(can); - free_candev(can->can.dev); - } - } -} - static void kvaser_pciefd_remove(struct pci_dev *pdev) { struct kvaser_pciefd *pcie = pci_get_drvdata(pdev); + unsigned int i; - kvaser_pciefd_remove_all_ctrls(pcie); + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; - /* Disable interrupts */ - iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CTRL_REG); - iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + unregister_candev(can->can.dev); + del_timer(&can->bec_poll_timer); + kvaser_pciefd_pwm_stop(can); + } + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); pci_free_irq_vectors(pcie->pci); + + for (i = 0; i < pcie->nr_channels; ++i) + free_candev(pcie->can[i]->can.dev); + pci_iounmap(pdev, pcie->reg_base); pci_release_regions(pdev); pci_disable_device(pdev); -- 2.47.2

7 months

2
2
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) in vmlinux (vmlinux.lds) [logspec:kbuild,kbuild.compiler]

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- in vmlinux (vmlinux.lds) [logspec:kbuild,kbuild.compiler] --- - dashboard: https://d.kernelci.org/i/maestro:9938a6d051bfcd7063bdcf21603c29bf8822a3a5 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 8e9508dd93587658f8f8116bc709aeb272144427 Log excerpt: ===================================================== arm-linux-gnueabihf-ld:./arch/arm/kernel/vmlinux.lds:30: syntax error ===================================================== # Builds where the incident occurred: ## multi_v5_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67f50c196fa43d168f278cea #kernelci issue maestro:9938a6d051bfcd7063bdcf21603c29bf8822a3a5 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

7 months

1
0
0 0

[PATCH] drm/i915/vrr: Add vrr.vsync_{start,end} in vrr_params_changed

by Ankit Nautiyal

Add the missing vrr parameters in vrr_params_changed() helper. This ensures that changes in vrr.vsync_{start,end} trigger a call to appropriate helpers to update the VRR registers. Fixes: e8cd188e91bb ("drm/i915/display: Compute vrr_vsync params") Cc: Mitul Golani <mitulkumar.ajitkumar.golani(a)intel.com> Cc: Arun R Murthy <arun.r.murthy(a)intel.com> Cc: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ Signed-off-by: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> --- drivers/gpu/drm/i915/display/intel_display.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/display/intel_display.c b/drivers/gpu/drm/i915/display/intel_display.c index c540e2cae1f0..ced8ba0f8d6d 100644 --- a/drivers/gpu/drm/i915/display/intel_display.c +++ b/drivers/gpu/drm/i915/display/intel_display.c @@ -969,7 +969,9 @@ static bool vrr_params_changed(const struct intel_crtc_state *old_crtc_state, old_crtc_state->vrr.vmin != new_crtc_state->vrr.vmin || old_crtc_state->vrr.vmax != new_crtc_state->vrr.vmax || old_crtc_state->vrr.guardband != new_crtc_state->vrr.guardband || - old_crtc_state->vrr.pipeline_full != new_crtc_state->vrr.pipeline_full; + old_crtc_state->vrr.pipeline_full != new_crtc_state->vrr.pipeline_full || + old_crtc_state->vrr.vsync_start != new_crtc_state->vrr.vsync_start || + old_crtc_state->vrr.vsync_end != new_crtc_state->vrr.vsync_end; } static bool cmrr_params_changed(const struct intel_crtc_state *old_crtc_state, -- 2.45.2

7 months

3
3
0 0

[PATCH 3/6] bus: fsl-mc: fix GET/SET_TAILDROP command ids

by Ioana Ciornei

From: Wan Junjie <junjie.wan(a)inceptio.ai> Command ids for taildrop get/set can not pass the check when they are using from the restool user space utility. Correct them according to the user manual. Fixes: d67cc29e6d1f ("bus: fsl-mc: list more commands as accepted through the ioctl") Signed-off-by: Wan Junjie <junjie.wan(a)inceptio.ai> Signed-off-by: Ioana Ciornei <ioana.ciornei(a)nxp.com> Cc: stable(a)vger.kernel.org --- drivers/bus/fsl-mc/fsl-mc-uapi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/bus/fsl-mc/fsl-mc-uapi.c b/drivers/bus/fsl-mc/fsl-mc-uapi.c index 9c4c1395fcdb..a376ec661653 100644 --- a/drivers/bus/fsl-mc/fsl-mc-uapi.c +++ b/drivers/bus/fsl-mc/fsl-mc-uapi.c @@ -275,13 +275,13 @@ static struct fsl_mc_cmd_desc fsl_mc_accepted_cmds[] = { .size = 8, }, [DPSW_GET_TAILDROP] = { - .cmdid_value = 0x0A80, + .cmdid_value = 0x0A90, .cmdid_mask = 0xFFF0, .token = true, .size = 14, }, [DPSW_SET_TAILDROP] = { - .cmdid_value = 0x0A90, + .cmdid_value = 0x0A80, .cmdid_mask = 0xFFF0, .token = true, .size = 24, -- 2.34.1

7 months

1
0
0 0

[PATCH 2/6] bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device

by Ioana Ciornei

The fsl-mc bus associated to the root DPRC in a DPAA2 system exports a device file for userspace access to the MC firmware. In case the DPRC's local MC portal (DPMCP) is currently in use, a new DPMCP device is allocated through the fsl_mc_portal_allocate() function. In this case, the call to fsl_mc_portal_allocate() will fail with -EINVAL when trying to add a device link between the root DPRC (consumer) and the newly allocated DPMCP device (supplier). This is because the DPMCP is a dependent of the DPRC device (the bus). Fix this by not adding a device link in case the DPMCP is allocated for the root DPRC's usage. Fixes: afb77422819f ("bus: fsl-mc: automatically add a device_link on fsl_mc_[portal,object]_allocate") Signed-off-by: Ioana Ciornei <ioana.ciornei(a)nxp.com> Cc: stable(a)vger.kernel.org --- drivers/bus/fsl-mc/mc-io.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/drivers/bus/fsl-mc/mc-io.c b/drivers/bus/fsl-mc/mc-io.c index a0ad7866cbfc..cd8754763f40 100644 --- a/drivers/bus/fsl-mc/mc-io.c +++ b/drivers/bus/fsl-mc/mc-io.c @@ -214,12 +214,19 @@ int __must_check fsl_mc_portal_allocate(struct fsl_mc_device *mc_dev, if (error < 0) goto error_cleanup_resource; - dpmcp_dev->consumer_link = device_link_add(&mc_dev->dev, - &dpmcp_dev->dev, - DL_FLAG_AUTOREMOVE_CONSUMER); - if (!dpmcp_dev->consumer_link) { - error = -EINVAL; - goto error_cleanup_mc_io; + /* If the DPRC device itself tries to allocate a portal (usually for + * UAPI interaction), don't add a device link between them since the + * DPMCP device is an actual child device of the DPRC and a reverse + * dependency is not allowed. + */ + if (mc_dev != mc_bus_dev) { + dpmcp_dev->consumer_link = device_link_add(&mc_dev->dev, + &dpmcp_dev->dev, + DL_FLAG_AUTOREMOVE_CONSUMER); + if (!dpmcp_dev->consumer_link) { + error = -EINVAL; + goto error_cleanup_mc_io; + } } *new_mc_io = mc_io; -- 2.34.1

7 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: fix dev reference leaked through" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x cbef7442fba510b7eb229dcc9f39d3dde4a159a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040846-bonsai-tackiness-6500@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbef7442fba510b7eb229dcc9f39d3dde4a159a4 Mon Sep 17 00:00:00 2001 From: Tudor Ambarus <tudor.ambarus(a)linaro.org> Date: Fri, 17 Jan 2025 14:18:51 +0000 Subject: [PATCH] mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get The driver leaks the device reference taken with of_find_device_by_node(). Fix the leak by using devm_of_qcom_ice_get(). Fixes: c7eed31e235c ("mmc: sdhci-msm: Switch to the new ICE API") Cc: stable(a)vger.kernel.org Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Acked-by: Ulf Hansson <ulf.hansson(a)linaro.org> Reviewed-by: Abel Vesa <abel.vesa(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20250117-qcom-ice-fix-dev-leak-v2-2-1ffa5b6884cb@… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index e3d39311fdc7..3fd898647237 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -1873,7 +1873,7 @@ static int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host, if (!(cqhci_readl(cq_host, CQHCI_CAP) & CQHCI_CAP_CS)) return 0; - ice = of_qcom_ice_get(dev); + ice = devm_of_qcom_ice_get(dev); if (ice == ERR_PTR(-EOPNOTSUPP)) { dev_warn(dev, "Disabling inline encryption support\n"); ice = NULL;

7 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: fix dev reference leaked through" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x cbef7442fba510b7eb229dcc9f39d3dde4a159a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040846-elude-harpist-dd96@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbef7442fba510b7eb229dcc9f39d3dde4a159a4 Mon Sep 17 00:00:00 2001 From: Tudor Ambarus <tudor.ambarus(a)linaro.org> Date: Fri, 17 Jan 2025 14:18:51 +0000 Subject: [PATCH] mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get The driver leaks the device reference taken with of_find_device_by_node(). Fix the leak by using devm_of_qcom_ice_get(). Fixes: c7eed31e235c ("mmc: sdhci-msm: Switch to the new ICE API") Cc: stable(a)vger.kernel.org Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Acked-by: Ulf Hansson <ulf.hansson(a)linaro.org> Reviewed-by: Abel Vesa <abel.vesa(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20250117-qcom-ice-fix-dev-leak-v2-2-1ffa5b6884cb@… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index e3d39311fdc7..3fd898647237 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -1873,7 +1873,7 @@ static int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host, if (!(cqhci_readl(cq_host, CQHCI_CAP) & CQHCI_CAP_CS)) return 0; - ice = of_qcom_ice_get(dev); + ice = devm_of_qcom_ice_get(dev); if (ice == ERR_PTR(-EOPNOTSUPP)) { dev_warn(dev, "Disabling inline encryption support\n"); ice = NULL;

7 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: fix dev reference leaked through" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x cbef7442fba510b7eb229dcc9f39d3dde4a159a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040845-carving-viscous-42cf@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbef7442fba510b7eb229dcc9f39d3dde4a159a4 Mon Sep 17 00:00:00 2001 From: Tudor Ambarus <tudor.ambarus(a)linaro.org> Date: Fri, 17 Jan 2025 14:18:51 +0000 Subject: [PATCH] mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get The driver leaks the device reference taken with of_find_device_by_node(). Fix the leak by using devm_of_qcom_ice_get(). Fixes: c7eed31e235c ("mmc: sdhci-msm: Switch to the new ICE API") Cc: stable(a)vger.kernel.org Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Acked-by: Ulf Hansson <ulf.hansson(a)linaro.org> Reviewed-by: Abel Vesa <abel.vesa(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20250117-qcom-ice-fix-dev-leak-v2-2-1ffa5b6884cb@… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index e3d39311fdc7..3fd898647237 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -1873,7 +1873,7 @@ static int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host, if (!(cqhci_readl(cq_host, CQHCI_CAP) & CQHCI_CAP_CS)) return 0; - ice = of_qcom_ice_get(dev); + ice = devm_of_qcom_ice_get(dev); if (ice == ERR_PTR(-EOPNOTSUPP)) { dev_warn(dev, "Disabling inline encryption support\n"); ice = NULL;

7 months

1
0
0 0

FAILED: patch "[PATCH] slab: kmalloc_size_roundup() must not return 0 for non-zero" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8446a4deb6b6bc998f1d8d2a85d1a0c64b9e3a71 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040857-displace-theorize-0492@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8446a4deb6b6bc998f1d8d2a85d1a0c64b9e3a71 Mon Sep 17 00:00:00 2001 From: David Laight <david.laight(a)aculab.com> Date: Thu, 7 Sep 2023 12:42:20 +0000 Subject: [PATCH] slab: kmalloc_size_roundup() must not return 0 for non-zero size The typical use of kmalloc_size_roundup() is: ptr = kmalloc(sz = kmalloc_size_roundup(size), ...); if (!ptr) return -ENOMEM. This means it is vitally important that the returned value isn't less than the argument even if the argument is insane. In particular if kmalloc_slab() fails or the value is above (MAX_ULONG - PAGE_SIZE) zero is returned and kmalloc() will return its single zero-length buffer ZERO_SIZE_PTR. Fix this by returning the input size if the size exceeds KMALLOC_MAX_SIZE. kmalloc() will then return NULL as the size really is too big. kmalloc_slab() should not normally return NULL, unless called too early. Again, returning zero is not the correct action as it can be in some usage scenarios stored to a variable and only later cause kmalloc() return ZERO_SIZE_PTR and subsequent crashes on access. Instead we can simply stop checking the kmalloc_slab() result completely, as calling kmalloc_size_roundup() too early would then result in an immediate crash during boot and the developer noticing an issue in their code. [vbabka(a)suse.cz: remove kmalloc_slab() result check, tweak comments and commit log] Fixes: 05a940656e1e ("slab: Introduce kmalloc_size_roundup()") Signed-off-by: David Laight <david.laight(a)aculab.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab_common.c b/mm/slab_common.c index e99e821065c3..306e6f0074ff 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -745,24 +745,24 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags, unsigned long caller) size_t kmalloc_size_roundup(size_t size) { - struct kmem_cache *c; + if (size && size <= KMALLOC_MAX_CACHE_SIZE) { + /* + * The flags don't matter since size_index is common to all. + * Neither does the caller for just getting ->object_size. + */ + return kmalloc_slab(size, GFP_KERNEL, 0)->object_size; + } - /* Short-circuit the 0 size case. */ - if (unlikely(size == 0)) - return 0; - /* Short-circuit saturated "too-large" case. */ - if (unlikely(size == SIZE_MAX)) - return SIZE_MAX; /* Above the smaller buckets, size is a multiple of page size. */ - if (size > KMALLOC_MAX_CACHE_SIZE) + if (size && size <= KMALLOC_MAX_SIZE) return PAGE_SIZE << get_order(size); /* - * The flags don't matter since size_index is common to all. - * Neither does the caller for just getting ->object_size. + * Return 'size' for 0 - kmalloc() returns ZERO_SIZE_PTR + * and very large size - kmalloc() may fail. */ - c = kmalloc_slab(size, GFP_KERNEL, 0); - return c ? c->object_size : 0; + return size; + } EXPORT_SYMBOL(kmalloc_size_roundup);

7 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 5b1122fc4995f308b21d7cfc64ef9880ac834d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040859-vocalist-germproof-0dee@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5b1122fc4995f308b21d7cfc64ef9880ac834d20 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Mon, 10 Mar 2025 22:48:29 +0300 Subject: [PATCH] platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are a few problems in this code: First, if amd_pmf_tee_init() fails then the function returns directly instead of cleaning up. We cannot simply do a "goto error;" because the amd_pmf_tee_init() cleanup calls tee_shm_free(dev->fw_shm_pool); and amd_pmf_tee_deinit() calls it as well leading to a double free. I have re-written this code to use an unwind ladder to free the allocations. Second, if amd_pmf_start_policy_engine() fails on every iteration though the loop then the code calls amd_pmf_tee_deinit() twice which is also a double free. Call amd_pmf_tee_deinit() inside the loop for each failed iteration. Also on that path the error codes are not necessarily negative kernel error codes. Set the error code to -EINVAL. There is a very subtle third bug which is that if the call to input_register_device() in amd_pmf_register_input_device() fails then we call input_unregister_device() on an input device that wasn't registered. This will lead to a reference counting underflow because of the device_del(&dev->dev) in __input_unregister_device(). It's unlikely that anyone would ever hit this bug in real life. Fixes: 376a8c2a1443 ("platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://lore.kernel.org/r/232231fc-6a71-495e-971b-be2a76f6db4c@stanley.moun… Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c index ceaff1ebb7b9..a1e43873a07b 100644 --- a/drivers/platform/x86/amd/pmf/tee-if.c +++ b/drivers/platform/x86/amd/pmf/tee-if.c @@ -510,18 +510,18 @@ int amd_pmf_init_smart_pc(struct amd_pmf_dev *dev) ret = amd_pmf_set_dram_addr(dev, true); if (ret) - goto error; + goto err_cancel_work; dev->policy_base = devm_ioremap_resource(dev->dev, dev->res); if (IS_ERR(dev->policy_base)) { ret = PTR_ERR(dev->policy_base); - goto error; + goto err_free_dram_buf; } dev->policy_buf = kzalloc(dev->policy_sz, GFP_KERNEL); if (!dev->policy_buf) { ret = -ENOMEM; - goto error; + goto err_free_dram_buf; } memcpy_fromio(dev->policy_buf, dev->policy_base, dev->policy_sz); @@ -531,13 +531,13 @@ int amd_pmf_init_smart_pc(struct amd_pmf_dev *dev) dev->prev_data = kzalloc(sizeof(*dev->prev_data), GFP_KERNEL); if (!dev->prev_data) { ret = -ENOMEM; - goto error; + goto err_free_policy; } for (i = 0; i < ARRAY_SIZE(amd_pmf_ta_uuid); i++) { ret = amd_pmf_tee_init(dev, &amd_pmf_ta_uuid[i]); if (ret) - return ret; + goto err_free_prev_data; ret = amd_pmf_start_policy_engine(dev); switch (ret) { @@ -550,27 +550,41 @@ int amd_pmf_init_smart_pc(struct amd_pmf_dev *dev) status = false; break; default: - goto error; + ret = -EINVAL; + amd_pmf_tee_deinit(dev); + goto err_free_prev_data; } if (status) break; } - if (!status && !pb_side_load) - goto error; + if (!status && !pb_side_load) { + ret = -EINVAL; + goto err_free_prev_data; + } if (pb_side_load) amd_pmf_open_pb(dev, dev->dbgfs_dir); ret = amd_pmf_register_input_device(dev); if (ret) - goto error; + goto err_pmf_remove_pb; return 0; -error: - amd_pmf_deinit_smart_pc(dev); +err_pmf_remove_pb: + if (pb_side_load && dev->esbin) + amd_pmf_remove_pb(dev); + amd_pmf_tee_deinit(dev); +err_free_prev_data: + kfree(dev->prev_data); +err_free_policy: + kfree(dev->policy_buf); +err_free_dram_buf: + kfree(dev->buf); +err_cancel_work: + cancel_delayed_work_sync(&dev->pb_work); return ret; }

7 months

1
0
0 0

[PATCH] firmware: arm_scmi: Fix timeout checks on polling path

by Cristian Marussi

Polling mode transactions wait for a reply busy-looping without holding a spinlock, but currently the timeout checks are based only on elapsed time: as a result we could hit a false positive whenever our busy-looping thread is pre-empted and scheduled out for a time greater than the polling timeout. Change the checks at the end of the busy-loop to make sure that the polling wasn't indeed successful or an out-of-order reply caused the polling to be forcibly terminated. Fixes: 31d2f803c19c ("firmware: arm_scmi: Add sync_cmds_completed_on_ret transport flag") Reported-by: Huangjie <huangjie1663(a)phytium.com.cn> Closes: https://lore.kernel.org/arm-scmi/20250123083323.2363749-1-jackhuang021@gmai… Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> Cc: <stable(a)vger.kernel.org> # 5.18.x --- This fix got to be backported to 5.4/5.10./5.15 due to small changes in the context --- drivers/firmware/arm_scmi/driver.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index 60050da54bf2..e6cf83950875 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -1248,7 +1248,8 @@ static void xfer_put(const struct scmi_protocol_handle *ph, } static bool scmi_xfer_done_no_timeout(struct scmi_chan_info *cinfo, - struct scmi_xfer *xfer, ktime_t stop) + struct scmi_xfer *xfer, ktime_t stop, + bool *ooo) { struct scmi_info *info = handle_to_scmi_info(cinfo->handle); @@ -1257,7 +1258,7 @@ static bool scmi_xfer_done_no_timeout(struct scmi_chan_info *cinfo, * in case of out-of-order receptions of delayed responses */ return info->desc->ops->poll_done(cinfo, xfer) || - try_wait_for_completion(&xfer->done) || + (*ooo = try_wait_for_completion(&xfer->done)) || ktime_after(ktime_get(), stop); } @@ -1274,15 +1275,17 @@ static int scmi_wait_for_reply(struct device *dev, const struct scmi_desc *desc, * itself to support synchronous commands replies. */ if (!desc->sync_cmds_completed_on_ret) { + bool ooo = false; + /* * Poll on xfer using transport provided .poll_done(); * assumes no completion interrupt was available. */ ktime_t stop = ktime_add_ms(ktime_get(), timeout_ms); - spin_until_cond(scmi_xfer_done_no_timeout(cinfo, - xfer, stop)); - if (ktime_after(ktime_get(), stop)) { + spin_until_cond(scmi_xfer_done_no_timeout(cinfo, xfer, + stop, &ooo)); + if (!ooo && !info->desc->ops->poll_done(cinfo, xfer)) { dev_err(dev, "timed out in resp(caller: %pS) - polling\n", (void *)_RET_IP_); -- 2.47.0

7 months

2
1
0 0

FAILED: patch "[PATCH] mm/vmscan: don't try to reclaim hwpoison folio" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 1b0449544c6482179ac84530b61fc192a6527bfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040821-frostlike-grandly-ca1b@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0449544c6482179ac84530b61fc192a6527bfd Mon Sep 17 00:00:00 2001 From: Jinjiang Tu <tujinjiang(a)huawei.com> Date: Tue, 18 Mar 2025 16:39:39 +0800 Subject: [PATCH] mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache page: Failed page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e memcg:ffff0000dd6d9000 anon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff) raw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9 raw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000 page dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio)) ------------[ cut here ]------------ kernel BUG at mm/swap_state.c:184! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules linked in: CPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3 Hardware name: linux,dummy-virt (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : add_to_swap+0xbc/0x158 lr : add_to_swap+0xbc/0x158 sp : ffff800087f37340 x29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780 x26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0 x23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4 x20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000 x17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c x14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b x11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000 x8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001 x5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000 Call trace: add_to_swap+0xbc/0x158 shrink_folio_list+0x12ac/0x2648 shrink_inactive_list+0x318/0x948 shrink_lruvec+0x450/0x720 shrink_node_memcgs+0x280/0x4a8 shrink_node+0x128/0x978 balance_pgdat+0x4f0/0xb20 kswapd+0x228/0x438 kthread+0x214/0x230 ret_from_fork+0x10/0x20 I can reproduce this issue with the following steps: 1) When a dirty swapcache page is isolated by reclaim process and the page isn't locked, inject memory failure for the page. me_swapcache_dirty() clears uptodate flag and tries to delete from lru, but fails. Reclaim process will put the hwpoisoned page back to lru. 2) The process that maps the hwpoisoned page exits, the page is deleted the page will never be freed and will be in the lru forever. 3) If we trigger a reclaim again and tries to reclaim the page, add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is cleared. To fix it, skip the hwpoisoned page in shrink_folio_list(). Besides, the hwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap it in shrink_folio_list(), otherwise the folio will fail to be unmaped by hwpoison_user_mappings() since the folio isn't in lru list. Link: https://lkml.kernel.org/r/20250318083939.987651-3-tujinjiang@huawei.com Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger,kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmscan.c b/mm/vmscan.c index 98e6ac82e428..2b2ab386cab5 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1127,6 +1127,13 @@ static unsigned int shrink_folio_list(struct list_head *folio_list, if (!folio_trylock(folio)) goto keep; + if (folio_contain_hwpoisoned_page(folio)) { + unmap_poisoned_folio(folio, folio_pfn(folio), false); + folio_unlock(folio); + folio_put(folio); + continue; + } + VM_BUG_ON_FOLIO(folio_test_active(folio), folio); nr_pages = folio_nr_pages(folio);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/vmscan: don't try to reclaim hwpoison folio" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 1b0449544c6482179ac84530b61fc192a6527bfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040845-curler-serve-797b@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0449544c6482179ac84530b61fc192a6527bfd Mon Sep 17 00:00:00 2001 From: Jinjiang Tu <tujinjiang(a)huawei.com> Date: Tue, 18 Mar 2025 16:39:39 +0800 Subject: [PATCH] mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache page: Failed page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e memcg:ffff0000dd6d9000 anon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff) raw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9 raw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000 page dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio)) ------------[ cut here ]------------ kernel BUG at mm/swap_state.c:184! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules linked in: CPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3 Hardware name: linux,dummy-virt (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : add_to_swap+0xbc/0x158 lr : add_to_swap+0xbc/0x158 sp : ffff800087f37340 x29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780 x26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0 x23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4 x20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000 x17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c x14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b x11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000 x8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001 x5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000 Call trace: add_to_swap+0xbc/0x158 shrink_folio_list+0x12ac/0x2648 shrink_inactive_list+0x318/0x948 shrink_lruvec+0x450/0x720 shrink_node_memcgs+0x280/0x4a8 shrink_node+0x128/0x978 balance_pgdat+0x4f0/0xb20 kswapd+0x228/0x438 kthread+0x214/0x230 ret_from_fork+0x10/0x20 I can reproduce this issue with the following steps: 1) When a dirty swapcache page is isolated by reclaim process and the page isn't locked, inject memory failure for the page. me_swapcache_dirty() clears uptodate flag and tries to delete from lru, but fails. Reclaim process will put the hwpoisoned page back to lru. 2) The process that maps the hwpoisoned page exits, the page is deleted the page will never be freed and will be in the lru forever. 3) If we trigger a reclaim again and tries to reclaim the page, add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is cleared. To fix it, skip the hwpoisoned page in shrink_folio_list(). Besides, the hwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap it in shrink_folio_list(), otherwise the folio will fail to be unmaped by hwpoison_user_mappings() since the folio isn't in lru list. Link: https://lkml.kernel.org/r/20250318083939.987651-3-tujinjiang@huawei.com Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger,kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmscan.c b/mm/vmscan.c index 98e6ac82e428..2b2ab386cab5 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1127,6 +1127,13 @@ static unsigned int shrink_folio_list(struct list_head *folio_list, if (!folio_trylock(folio)) goto keep; + if (folio_contain_hwpoisoned_page(folio)) { + unmap_poisoned_folio(folio, folio_pfn(folio), false); + folio_unlock(folio); + folio_put(folio); + continue; + } + VM_BUG_ON_FOLIO(folio_test_active(folio), folio); nr_pages = folio_nr_pages(folio);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/vmscan: don't try to reclaim hwpoison folio" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 1b0449544c6482179ac84530b61fc192a6527bfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040803-degraded-tastiness-6579@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0449544c6482179ac84530b61fc192a6527bfd Mon Sep 17 00:00:00 2001 From: Jinjiang Tu <tujinjiang(a)huawei.com> Date: Tue, 18 Mar 2025 16:39:39 +0800 Subject: [PATCH] mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache page: Failed page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e memcg:ffff0000dd6d9000 anon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff) raw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9 raw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000 page dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio)) ------------[ cut here ]------------ kernel BUG at mm/swap_state.c:184! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules linked in: CPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3 Hardware name: linux,dummy-virt (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : add_to_swap+0xbc/0x158 lr : add_to_swap+0xbc/0x158 sp : ffff800087f37340 x29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780 x26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0 x23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4 x20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000 x17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c x14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b x11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000 x8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001 x5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000 Call trace: add_to_swap+0xbc/0x158 shrink_folio_list+0x12ac/0x2648 shrink_inactive_list+0x318/0x948 shrink_lruvec+0x450/0x720 shrink_node_memcgs+0x280/0x4a8 shrink_node+0x128/0x978 balance_pgdat+0x4f0/0xb20 kswapd+0x228/0x438 kthread+0x214/0x230 ret_from_fork+0x10/0x20 I can reproduce this issue with the following steps: 1) When a dirty swapcache page is isolated by reclaim process and the page isn't locked, inject memory failure for the page. me_swapcache_dirty() clears uptodate flag and tries to delete from lru, but fails. Reclaim process will put the hwpoisoned page back to lru. 2) The process that maps the hwpoisoned page exits, the page is deleted the page will never be freed and will be in the lru forever. 3) If we trigger a reclaim again and tries to reclaim the page, add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is cleared. To fix it, skip the hwpoisoned page in shrink_folio_list(). Besides, the hwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap it in shrink_folio_list(), otherwise the folio will fail to be unmaped by hwpoison_user_mappings() since the folio isn't in lru list. Link: https://lkml.kernel.org/r/20250318083939.987651-3-tujinjiang@huawei.com Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger,kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmscan.c b/mm/vmscan.c index 98e6ac82e428..2b2ab386cab5 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1127,6 +1127,13 @@ static unsigned int shrink_folio_list(struct list_head *folio_list, if (!folio_trylock(folio)) goto keep; + if (folio_contain_hwpoisoned_page(folio)) { + unmap_poisoned_folio(folio, folio_pfn(folio), false); + folio_unlock(folio); + folio_put(folio); + continue; + } + VM_BUG_ON_FOLIO(folio_test_active(folio), folio); nr_pages = folio_nr_pages(folio);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/vmscan: don't try to reclaim hwpoison folio" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1b0449544c6482179ac84530b61fc192a6527bfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040837-caption-feminist-e877@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0449544c6482179ac84530b61fc192a6527bfd Mon Sep 17 00:00:00 2001 From: Jinjiang Tu <tujinjiang(a)huawei.com> Date: Tue, 18 Mar 2025 16:39:39 +0800 Subject: [PATCH] mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache page: Failed page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e memcg:ffff0000dd6d9000 anon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff) raw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9 raw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000 page dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio)) ------------[ cut here ]------------ kernel BUG at mm/swap_state.c:184! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules linked in: CPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3 Hardware name: linux,dummy-virt (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : add_to_swap+0xbc/0x158 lr : add_to_swap+0xbc/0x158 sp : ffff800087f37340 x29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780 x26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0 x23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4 x20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000 x17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c x14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b x11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000 x8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001 x5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000 Call trace: add_to_swap+0xbc/0x158 shrink_folio_list+0x12ac/0x2648 shrink_inactive_list+0x318/0x948 shrink_lruvec+0x450/0x720 shrink_node_memcgs+0x280/0x4a8 shrink_node+0x128/0x978 balance_pgdat+0x4f0/0xb20 kswapd+0x228/0x438 kthread+0x214/0x230 ret_from_fork+0x10/0x20 I can reproduce this issue with the following steps: 1) When a dirty swapcache page is isolated by reclaim process and the page isn't locked, inject memory failure for the page. me_swapcache_dirty() clears uptodate flag and tries to delete from lru, but fails. Reclaim process will put the hwpoisoned page back to lru. 2) The process that maps the hwpoisoned page exits, the page is deleted the page will never be freed and will be in the lru forever. 3) If we trigger a reclaim again and tries to reclaim the page, add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is cleared. To fix it, skip the hwpoisoned page in shrink_folio_list(). Besides, the hwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap it in shrink_folio_list(), otherwise the folio will fail to be unmaped by hwpoison_user_mappings() since the folio isn't in lru list. Link: https://lkml.kernel.org/r/20250318083939.987651-3-tujinjiang@huawei.com Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger,kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmscan.c b/mm/vmscan.c index 98e6ac82e428..2b2ab386cab5 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1127,6 +1127,13 @@ static unsigned int shrink_folio_list(struct list_head *folio_list, if (!folio_trylock(folio)) goto keep; + if (folio_contain_hwpoisoned_page(folio)) { + unmap_poisoned_folio(folio, folio_pfn(folio), false); + folio_unlock(folio); + folio_put(folio); + continue; + } + VM_BUG_ON_FOLIO(folio_test_active(folio), folio); nr_pages = folio_nr_pages(folio);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/vmscan: don't try to reclaim hwpoison folio" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1b0449544c6482179ac84530b61fc192a6527bfd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040820-basil-afoot-09de@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0449544c6482179ac84530b61fc192a6527bfd Mon Sep 17 00:00:00 2001 From: Jinjiang Tu <tujinjiang(a)huawei.com> Date: Tue, 18 Mar 2025 16:39:39 +0800 Subject: [PATCH] mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache page: Failed page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e memcg:ffff0000dd6d9000 anon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff) raw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9 raw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000 page dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio)) ------------[ cut here ]------------ kernel BUG at mm/swap_state.c:184! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules linked in: CPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3 Hardware name: linux,dummy-virt (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : add_to_swap+0xbc/0x158 lr : add_to_swap+0xbc/0x158 sp : ffff800087f37340 x29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780 x26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0 x23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4 x20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000 x17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c x14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b x11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000 x8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001 x5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000 Call trace: add_to_swap+0xbc/0x158 shrink_folio_list+0x12ac/0x2648 shrink_inactive_list+0x318/0x948 shrink_lruvec+0x450/0x720 shrink_node_memcgs+0x280/0x4a8 shrink_node+0x128/0x978 balance_pgdat+0x4f0/0xb20 kswapd+0x228/0x438 kthread+0x214/0x230 ret_from_fork+0x10/0x20 I can reproduce this issue with the following steps: 1) When a dirty swapcache page is isolated by reclaim process and the page isn't locked, inject memory failure for the page. me_swapcache_dirty() clears uptodate flag and tries to delete from lru, but fails. Reclaim process will put the hwpoisoned page back to lru. 2) The process that maps the hwpoisoned page exits, the page is deleted the page will never be freed and will be in the lru forever. 3) If we trigger a reclaim again and tries to reclaim the page, add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is cleared. To fix it, skip the hwpoisoned page in shrink_folio_list(). Besides, the hwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap it in shrink_folio_list(), otherwise the folio will fail to be unmaped by hwpoison_user_mappings() since the folio isn't in lru list. Link: https://lkml.kernel.org/r/20250318083939.987651-3-tujinjiang@huawei.com Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger,kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmscan.c b/mm/vmscan.c index 98e6ac82e428..2b2ab386cab5 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1127,6 +1127,13 @@ static unsigned int shrink_folio_list(struct list_head *folio_list, if (!folio_trylock(folio)) goto keep; + if (folio_contain_hwpoisoned_page(folio)) { + unmap_poisoned_folio(folio, folio_pfn(folio), false); + folio_unlock(folio); + folio_put(folio); + continue; + } + VM_BUG_ON_FOLIO(folio_test_active(folio), folio); nr_pages = folio_nr_pages(folio);

7 months

1
0
0 0

[PATCH v2] sfc: Propagate the return value of devlink_info_serial_number_put()

by Wentao Liang

The function efx_devlink_info_board_cfg() calls the function devlink_info_serial_number_put(), but does not check its return value. Return the error code if either the devlink_info_serial_number_put() or the efx_mcdi_get_board_cfg() fails.The control flow of the code is changed a little bit to simplify the code. The functionality of the code remain the same. Fixes: 14743ddd2495 ("sfc: add devlink info support for ef100") Cc: stable(a)vger.kernel.org # v6.3+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Simplify code logic. drivers/net/ethernet/sfc/efx_devlink.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/sfc/efx_devlink.c b/drivers/net/ethernet/sfc/efx_devlink.c index 3cd750820fdd..53b17cd252c8 100644 --- a/drivers/net/ethernet/sfc/efx_devlink.c +++ b/drivers/net/ethernet/sfc/efx_devlink.c @@ -584,11 +584,12 @@ static int efx_devlink_info_board_cfg(struct efx_nic *efx, int rc; rc = efx_mcdi_get_board_cfg(efx, (u8 *)mac_address, NULL, NULL); - if (!rc) { - snprintf(sn, EFX_MAX_SERIALNUM_LEN, "%pm", mac_address); - devlink_info_serial_number_put(req, sn); - } - return rc; + if (rc) + return rc; + + snprintf(sn, EFX_MAX_SERIALNUM_LEN, "%pm", mac_address); + + return devlink_info_serial_number_put(req, sn); } static int efx_devlink_info_get(struct devlink *devlink, -- 2.42.0.windows.2

7 months

2
1
0 0

FAILED: patch "[PATCH] media: vimc: skip .s_stream() for stopped entities" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 36cef585e2a31e4ddf33a004b0584a7a572246de # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040808-robust-remold-8c85@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 36cef585e2a31e4ddf33a004b0584a7a572246de Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Sun, 2 Mar 2025 17:58:25 +0300 Subject: [PATCH] media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs. Add a simple fix in vimc_streamer_pipeline_terminate() ensuring that entities skip a call to .s_stream() unless they have been previously properly started. [1] Syzbot report: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460 Modules linked in: CPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 ... Call Trace: <TASK> vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62 vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline] vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203 vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256 vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789 vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348 vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline] vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118 __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122 video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463 v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2b85c01b19 ... Reported-by: syzbot+5bcd7c809d365e14c4df(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5bcd7c809d365e14c4df Fixes: adc589d2a208 ("media: vimc: Add vimc-streamer for stream control") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/test-drivers/vimc/vimc-streamer.c b/drivers/media/test-drivers/vimc/vimc-streamer.c index 807551a5143b..15d863f97cbf 100644 --- a/drivers/media/test-drivers/vimc/vimc-streamer.c +++ b/drivers/media/test-drivers/vimc/vimc-streamer.c @@ -59,6 +59,12 @@ static void vimc_streamer_pipeline_terminate(struct vimc_stream *stream) continue; sd = media_entity_to_v4l2_subdev(ved->ent); + /* + * Do not call .s_stream() to stop an already + * stopped/unstarted subdev. + */ + if (!v4l2_subdev_is_streaming(sd)) + continue; v4l2_subdev_call(sd, video, s_stream, 0); } }

7 months

1
0
0 0

FAILED: patch "[PATCH] media: vimc: skip .s_stream() for stopped entities" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 36cef585e2a31e4ddf33a004b0584a7a572246de # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040830-unretired-aerosol-dcf4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 36cef585e2a31e4ddf33a004b0584a7a572246de Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Sun, 2 Mar 2025 17:58:25 +0300 Subject: [PATCH] media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs. Add a simple fix in vimc_streamer_pipeline_terminate() ensuring that entities skip a call to .s_stream() unless they have been previously properly started. [1] Syzbot report: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460 Modules linked in: CPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 ... Call Trace: <TASK> vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62 vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline] vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203 vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256 vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789 vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348 vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline] vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118 __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122 video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463 v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2b85c01b19 ... Reported-by: syzbot+5bcd7c809d365e14c4df(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5bcd7c809d365e14c4df Fixes: adc589d2a208 ("media: vimc: Add vimc-streamer for stream control") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/test-drivers/vimc/vimc-streamer.c b/drivers/media/test-drivers/vimc/vimc-streamer.c index 807551a5143b..15d863f97cbf 100644 --- a/drivers/media/test-drivers/vimc/vimc-streamer.c +++ b/drivers/media/test-drivers/vimc/vimc-streamer.c @@ -59,6 +59,12 @@ static void vimc_streamer_pipeline_terminate(struct vimc_stream *stream) continue; sd = media_entity_to_v4l2_subdev(ved->ent); + /* + * Do not call .s_stream() to stop an already + * stopped/unstarted subdev. + */ + if (!v4l2_subdev_is_streaming(sd)) + continue; v4l2_subdev_call(sd, video, s_stream, 0); } }

7 months

1
0
0 0

FAILED: patch "[PATCH] media: vimc: skip .s_stream() for stopped entities" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 36cef585e2a31e4ddf33a004b0584a7a572246de # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040801-surging-justify-20fe@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 36cef585e2a31e4ddf33a004b0584a7a572246de Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Sun, 2 Mar 2025 17:58:25 +0300 Subject: [PATCH] media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs. Add a simple fix in vimc_streamer_pipeline_terminate() ensuring that entities skip a call to .s_stream() unless they have been previously properly started. [1] Syzbot report: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460 Modules linked in: CPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 ... Call Trace: <TASK> vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62 vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline] vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203 vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256 vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789 vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348 vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline] vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118 __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122 video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463 v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2b85c01b19 ... Reported-by: syzbot+5bcd7c809d365e14c4df(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5bcd7c809d365e14c4df Fixes: adc589d2a208 ("media: vimc: Add vimc-streamer for stream control") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/test-drivers/vimc/vimc-streamer.c b/drivers/media/test-drivers/vimc/vimc-streamer.c index 807551a5143b..15d863f97cbf 100644 --- a/drivers/media/test-drivers/vimc/vimc-streamer.c +++ b/drivers/media/test-drivers/vimc/vimc-streamer.c @@ -59,6 +59,12 @@ static void vimc_streamer_pipeline_terminate(struct vimc_stream *stream) continue; sd = media_entity_to_v4l2_subdev(ved->ent); + /* + * Do not call .s_stream() to stop an already + * stopped/unstarted subdev. + */ + if (!v4l2_subdev_is_streaming(sd)) + continue; v4l2_subdev_call(sd, video, s_stream, 0); } }

7 months

1
0
0 0

FAILED: patch "[PATCH] media: vimc: skip .s_stream() for stopped entities" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 36cef585e2a31e4ddf33a004b0584a7a572246de # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040823-emerald-chloride-0854@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 36cef585e2a31e4ddf33a004b0584a7a572246de Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Sun, 2 Mar 2025 17:58:25 +0300 Subject: [PATCH] media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs. Add a simple fix in vimc_streamer_pipeline_terminate() ensuring that entities skip a call to .s_stream() unless they have been previously properly started. [1] Syzbot report: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460 Modules linked in: CPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 ... Call Trace: <TASK> vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62 vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline] vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203 vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256 vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789 vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348 vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline] vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118 __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122 video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463 v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2b85c01b19 ... Reported-by: syzbot+5bcd7c809d365e14c4df(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5bcd7c809d365e14c4df Fixes: adc589d2a208 ("media: vimc: Add vimc-streamer for stream control") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/test-drivers/vimc/vimc-streamer.c b/drivers/media/test-drivers/vimc/vimc-streamer.c index 807551a5143b..15d863f97cbf 100644 --- a/drivers/media/test-drivers/vimc/vimc-streamer.c +++ b/drivers/media/test-drivers/vimc/vimc-streamer.c @@ -59,6 +59,12 @@ static void vimc_streamer_pipeline_terminate(struct vimc_stream *stream) continue; sd = media_entity_to_v4l2_subdev(ved->ent); + /* + * Do not call .s_stream() to stop an already + * stopped/unstarted subdev. + */ + if (!v4l2_subdev_is_streaming(sd)) + continue; v4l2_subdev_call(sd, video, s_stream, 0); } }

7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix OOB read when checking dotdot dir" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d5e206778e96e8667d3bde695ad372c296dc9353 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040828-secrecy-alibi-685d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d5e206778e96e8667d3bde695ad372c296dc9353 Mon Sep 17 00:00:00 2001 From: "Acs, Jakub" <acsjakub(a)amazon.de> Date: Thu, 20 Mar 2025 15:46:49 +0000 Subject: [PATCH] ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted directory is removed). ext4_empty_dir() assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. It first loads the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry() and then uses its rec_len member to compute the location of '..' dir entry (in ext4_next_entry). It assumes the '..' dir entry fits into the same data block. If the rec_len of '.' is precisely one block (4KB), it slips through the sanity checks (it is considered the last directory entry in the data block) and leaves "struct ext4_dir_entry_2 *de" point exactly past the memory slot allocated to the data block. The following call to ext4_check_dir_entry() on new value of de then dereferences this pointer which results in out-of-bounds mem access. Fix this by extending __ext4_check_dir_entry() to check for '.' dir entries that reach the end of data block. Make sure to ignore the phony dir entries for checksum (by checking name_len for non-zero). Note: This is reported by KASAN as use-after-free in case another structure was recently freed from the slot past the bound, but it is really an OOB read. This issue was found by syzkaller tool. Call Trace: [ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710 [ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375 [ 38.595158] [ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1 [ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 38.595304] Call Trace: [ 38.595308] <TASK> [ 38.595311] dump_stack_lvl+0xa7/0xd0 [ 38.595325] print_address_description.constprop.0+0x2c/0x3f0 [ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595349] print_report+0xaa/0x250 [ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595368] ? kasan_addr_to_slab+0x9/0x90 [ 38.595378] kasan_report+0xab/0xe0 [ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595400] __ext4_check_dir_entry+0x67e/0x710 [ 38.595410] ext4_empty_dir+0x465/0x990 [ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10 [ 38.595432] ext4_rmdir.part.0+0x29a/0xd10 [ 38.595441] ? __dquot_initialize+0x2a7/0xbf0 [ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10 [ 38.595464] ? __pfx___dquot_initialize+0x10/0x10 [ 38.595478] ? down_write+0xdb/0x140 [ 38.595487] ? __pfx_down_write+0x10/0x10 [ 38.595497] ext4_rmdir+0xee/0x140 [ 38.595506] vfs_rmdir+0x209/0x670 [ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190 [ 38.595529] do_rmdir+0x363/0x3c0 [ 38.595537] ? __pfx_do_rmdir+0x10/0x10 [ 38.595544] ? strncpy_from_user+0x1ff/0x2e0 [ 38.595561] __x64_sys_unlinkat+0xf0/0x130 [ 38.595570] do_syscall_64+0x5b/0x180 [ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e Fixes: ac27a0ec112a0 ("[PATCH] ext4: initial copy of files from ext3") Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> Cc: Theodore Ts'o <tytso(a)mit.edu> Cc: Andreas Dilger <adilger.kernel(a)dilger.ca> Cc: linux-ext4(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Mahmoud Adam <mngyadam(a)amazon.com> Cc: stable(a)vger.kernel.org Cc: security(a)kernel.org Link: https://patch.msgid.link/b3ae36a6794c4a01944c7d70b403db5b@amazon.de Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c index d671b2c9eba2..d4164c507a90 100644 --- a/fs/ext4/dir.c +++ b/fs/ext4/dir.c @@ -104,6 +104,9 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, else if (unlikely(le32_to_cpu(de->inode) > le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count))) error_msg = "inode out of bounds"; + else if (unlikely(next_offset == size && de->name_len == 1 && + de->name[0] == '.')) + error_msg = "'.' directory cannot be the last in data block"; else return 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] NFSD: Never return NFS4ERR_FILE_OPEN when removing a" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 370345b4bd184a49ac68d6591801e5e3605b355a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040850-carwash-detention-d475@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 370345b4bd184a49ac68d6591801e5e3605b355a Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Sun, 26 Jan 2025 16:50:18 -0500 Subject: [PATCH] NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory RFC 8881 Section 18.25.4 paragraph 5 tells us that the server should return NFS4ERR_FILE_OPEN only if the target object is an opened file. This suggests that returning this status when removing a directory will confuse NFS clients. This is a version-specific issue; nfsd_proc_remove/rmdir() and nfsd3_proc_remove/rmdir() already return nfserr_access as appropriate. Unfortunately there is no quick way for nfsd4_remove() to determine whether the target object is a file or not, so the check is done in in nfsd_unlink() for now. Reported-by: Trond Myklebust <trondmy(a)hammerspace.com> Fixes: 466e16f0920f ("nfsd: check for EBUSY from vfs_rmdir/vfs_unink.") Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 749dd84bdb41..4e0a2c0549c7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1930,9 +1930,17 @@ nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen, return err; } -/* - * Unlink a file or directory - * N.B. After this call fhp needs an fh_put +/** + * nfsd_unlink - remove a directory entry + * @rqstp: RPC transaction context + * @fhp: the file handle of the parent directory to be modified + * @type: enforced file type of the object to be removed + * @fname: the name of directory entry to be removed + * @flen: length of @fname in octets + * + * After this call fhp needs an fh_put. + * + * Returns a generic NFS status code in network byte-order. */ __be32 nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, @@ -2006,10 +2014,14 @@ nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, fh_drop_write(fhp); out_nfserr: if (host_err == -EBUSY) { - /* name is mounted-on. There is no perfect - * error status. + /* + * See RFC 8881 Section 18.25.4 para 4: NFSv4 REMOVE + * wants a status unique to the object type. */ - err = nfserr_file_open; + if (type != S_IFDIR) + err = nfserr_file_open; + else + err = nfserr_acces; } out: return err != nfs_ok ? err : nfserrno(host_err);

7 months

1
0
0 0

FAILED: patch "[PATCH] NFSD: Never return NFS4ERR_FILE_OPEN when removing a" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 370345b4bd184a49ac68d6591801e5e3605b355a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040849-skimming-calamari-53b9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 370345b4bd184a49ac68d6591801e5e3605b355a Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Sun, 26 Jan 2025 16:50:18 -0500 Subject: [PATCH] NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory RFC 8881 Section 18.25.4 paragraph 5 tells us that the server should return NFS4ERR_FILE_OPEN only if the target object is an opened file. This suggests that returning this status when removing a directory will confuse NFS clients. This is a version-specific issue; nfsd_proc_remove/rmdir() and nfsd3_proc_remove/rmdir() already return nfserr_access as appropriate. Unfortunately there is no quick way for nfsd4_remove() to determine whether the target object is a file or not, so the check is done in in nfsd_unlink() for now. Reported-by: Trond Myklebust <trondmy(a)hammerspace.com> Fixes: 466e16f0920f ("nfsd: check for EBUSY from vfs_rmdir/vfs_unink.") Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 749dd84bdb41..4e0a2c0549c7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1930,9 +1930,17 @@ nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen, return err; } -/* - * Unlink a file or directory - * N.B. After this call fhp needs an fh_put +/** + * nfsd_unlink - remove a directory entry + * @rqstp: RPC transaction context + * @fhp: the file handle of the parent directory to be modified + * @type: enforced file type of the object to be removed + * @fname: the name of directory entry to be removed + * @flen: length of @fname in octets + * + * After this call fhp needs an fh_put. + * + * Returns a generic NFS status code in network byte-order. */ __be32 nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, @@ -2006,10 +2014,14 @@ nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, fh_drop_write(fhp); out_nfserr: if (host_err == -EBUSY) { - /* name is mounted-on. There is no perfect - * error status. + /* + * See RFC 8881 Section 18.25.4 para 4: NFSv4 REMOVE + * wants a status unique to the object type. */ - err = nfserr_file_open; + if (type != S_IFDIR) + err = nfserr_file_open; + else + err = nfserr_acces; } out: return err != nfs_ok ? err : nfserrno(host_err);

7 months

1
0
0 0

FAILED: patch "[PATCH] NFSD: Never return NFS4ERR_FILE_OPEN when removing a" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 370345b4bd184a49ac68d6591801e5e3605b355a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040849-frays-herald-f892@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 370345b4bd184a49ac68d6591801e5e3605b355a Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Sun, 26 Jan 2025 16:50:18 -0500 Subject: [PATCH] NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory RFC 8881 Section 18.25.4 paragraph 5 tells us that the server should return NFS4ERR_FILE_OPEN only if the target object is an opened file. This suggests that returning this status when removing a directory will confuse NFS clients. This is a version-specific issue; nfsd_proc_remove/rmdir() and nfsd3_proc_remove/rmdir() already return nfserr_access as appropriate. Unfortunately there is no quick way for nfsd4_remove() to determine whether the target object is a file or not, so the check is done in in nfsd_unlink() for now. Reported-by: Trond Myklebust <trondmy(a)hammerspace.com> Fixes: 466e16f0920f ("nfsd: check for EBUSY from vfs_rmdir/vfs_unink.") Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 749dd84bdb41..4e0a2c0549c7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1930,9 +1930,17 @@ nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen, return err; } -/* - * Unlink a file or directory - * N.B. After this call fhp needs an fh_put +/** + * nfsd_unlink - remove a directory entry + * @rqstp: RPC transaction context + * @fhp: the file handle of the parent directory to be modified + * @type: enforced file type of the object to be removed + * @fname: the name of directory entry to be removed + * @flen: length of @fname in octets + * + * After this call fhp needs an fh_put. + * + * Returns a generic NFS status code in network byte-order. */ __be32 nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, @@ -2006,10 +2014,14 @@ nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, fh_drop_write(fhp); out_nfserr: if (host_err == -EBUSY) { - /* name is mounted-on. There is no perfect - * error status. + /* + * See RFC 8881 Section 18.25.4 para 4: NFSv4 REMOVE + * wants a status unique to the object type. */ - err = nfserr_file_open; + if (type != S_IFDIR) + err = nfserr_file_open; + else + err = nfserr_acces; } out: return err != nfs_ok ? err : nfserrno(host_err);

7 months

1
0
0 0

FAILED: patch "[PATCH] NFSD: Never return NFS4ERR_FILE_OPEN when removing a" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 370345b4bd184a49ac68d6591801e5e3605b355a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040848-resize-avert-7b05@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 370345b4bd184a49ac68d6591801e5e3605b355a Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Sun, 26 Jan 2025 16:50:18 -0500 Subject: [PATCH] NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory RFC 8881 Section 18.25.4 paragraph 5 tells us that the server should return NFS4ERR_FILE_OPEN only if the target object is an opened file. This suggests that returning this status when removing a directory will confuse NFS clients. This is a version-specific issue; nfsd_proc_remove/rmdir() and nfsd3_proc_remove/rmdir() already return nfserr_access as appropriate. Unfortunately there is no quick way for nfsd4_remove() to determine whether the target object is a file or not, so the check is done in in nfsd_unlink() for now. Reported-by: Trond Myklebust <trondmy(a)hammerspace.com> Fixes: 466e16f0920f ("nfsd: check for EBUSY from vfs_rmdir/vfs_unink.") Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 749dd84bdb41..4e0a2c0549c7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1930,9 +1930,17 @@ nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen, return err; } -/* - * Unlink a file or directory - * N.B. After this call fhp needs an fh_put +/** + * nfsd_unlink - remove a directory entry + * @rqstp: RPC transaction context + * @fhp: the file handle of the parent directory to be modified + * @type: enforced file type of the object to be removed + * @fname: the name of directory entry to be removed + * @flen: length of @fname in octets + * + * After this call fhp needs an fh_put. + * + * Returns a generic NFS status code in network byte-order. */ __be32 nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, @@ -2006,10 +2014,14 @@ nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, fh_drop_write(fhp); out_nfserr: if (host_err == -EBUSY) { - /* name is mounted-on. There is no perfect - * error status. + /* + * See RFC 8881 Section 18.25.4 para 4: NFSv4 REMOVE + * wants a status unique to the object type. */ - err = nfserr_file_open; + if (type != S_IFDIR) + err = nfserr_file_open; + else + err = nfserr_acces; } out: return err != nfs_ok ? err : nfserrno(host_err);

7 months

1
0
0 0

FAILED: patch "[PATCH] nfsd: don't ignore the return code of svc_proc_register()" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 930b64ca0c511521f0abdd1d57ce52b2a6e3476b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040838-darling-scooter-0a13@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 930b64ca0c511521f0abdd1d57ce52b2a6e3476b Mon Sep 17 00:00:00 2001 From: Jeff Layton <jlayton(a)kernel.org> Date: Thu, 6 Feb 2025 13:12:13 -0500 Subject: [PATCH] nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM. Reported-by: syzbot+e34ad04f27991521104c(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.… Cc: stable(a)vger.kernel.org # v6.9 Signed-off-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index cca60a33697f..ac265d6fde35 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -2202,8 +2202,14 @@ static __net_init int nfsd_net_init(struct net *net) NFSD_STATS_COUNTERS_NUM); if (retval) goto out_repcache_error; + memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats)); nn->nfsd_svcstats.program = &nfsd_programs[0]; + if (!nfsd_proc_stat_init(net)) { + retval = -ENOMEM; + goto out_proc_error; + } + for (i = 0; i < sizeof(nn->nfsd_versions); i++) nn->nfsd_versions[i] = nfsd_support_version(i); for (i = 0; i < sizeof(nn->nfsd4_minorversions); i++) @@ -2213,13 +2219,14 @@ static __net_init int nfsd_net_init(struct net *net) nfsd4_init_leases_net(nn); get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key)); seqlock_init(&nn->writeverf_lock); - nfsd_proc_stat_init(net); #if IS_ENABLED(CONFIG_NFS_LOCALIO) spin_lock_init(&nn->local_clients_lock); INIT_LIST_HEAD(&nn->local_clients); #endif return 0; +out_proc_error: + percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM); out_repcache_error: nfsd_idmap_shutdown(net); out_idmap_error: diff --git a/fs/nfsd/stats.c b/fs/nfsd/stats.c index bb22893f1157..f7eaf95e20fc 100644 --- a/fs/nfsd/stats.c +++ b/fs/nfsd/stats.c @@ -73,11 +73,11 @@ static int nfsd_show(struct seq_file *seq, void *v) DEFINE_PROC_SHOW_ATTRIBUTE(nfsd); -void nfsd_proc_stat_init(struct net *net) +struct proc_dir_entry *nfsd_proc_stat_init(struct net *net) { struct nfsd_net *nn = net_generic(net, nfsd_net_id); - svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops); + return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops); } void nfsd_proc_stat_shutdown(struct net *net) diff --git a/fs/nfsd/stats.h b/fs/nfsd/stats.h index 04aacb6c36e2..e4efb0e4e56d 100644 --- a/fs/nfsd/stats.h +++ b/fs/nfsd/stats.h @@ -10,7 +10,7 @@ #include <uapi/linux/nfsd/stats.h> #include <linux/percpu_counter.h> -void nfsd_proc_stat_init(struct net *net); +struct proc_dir_entry *nfsd_proc_stat_init(struct net *net); void nfsd_proc_stat_shutdown(struct net *net); static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn)

7 months

1
0
0 0

FAILED: patch "[PATCH] nfsd: don't ignore the return code of svc_proc_register()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 930b64ca0c511521f0abdd1d57ce52b2a6e3476b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040838-january-snooper-9ce0@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 930b64ca0c511521f0abdd1d57ce52b2a6e3476b Mon Sep 17 00:00:00 2001 From: Jeff Layton <jlayton(a)kernel.org> Date: Thu, 6 Feb 2025 13:12:13 -0500 Subject: [PATCH] nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM. Reported-by: syzbot+e34ad04f27991521104c(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.… Cc: stable(a)vger.kernel.org # v6.9 Signed-off-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index cca60a33697f..ac265d6fde35 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -2202,8 +2202,14 @@ static __net_init int nfsd_net_init(struct net *net) NFSD_STATS_COUNTERS_NUM); if (retval) goto out_repcache_error; + memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats)); nn->nfsd_svcstats.program = &nfsd_programs[0]; + if (!nfsd_proc_stat_init(net)) { + retval = -ENOMEM; + goto out_proc_error; + } + for (i = 0; i < sizeof(nn->nfsd_versions); i++) nn->nfsd_versions[i] = nfsd_support_version(i); for (i = 0; i < sizeof(nn->nfsd4_minorversions); i++) @@ -2213,13 +2219,14 @@ static __net_init int nfsd_net_init(struct net *net) nfsd4_init_leases_net(nn); get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key)); seqlock_init(&nn->writeverf_lock); - nfsd_proc_stat_init(net); #if IS_ENABLED(CONFIG_NFS_LOCALIO) spin_lock_init(&nn->local_clients_lock); INIT_LIST_HEAD(&nn->local_clients); #endif return 0; +out_proc_error: + percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM); out_repcache_error: nfsd_idmap_shutdown(net); out_idmap_error: diff --git a/fs/nfsd/stats.c b/fs/nfsd/stats.c index bb22893f1157..f7eaf95e20fc 100644 --- a/fs/nfsd/stats.c +++ b/fs/nfsd/stats.c @@ -73,11 +73,11 @@ static int nfsd_show(struct seq_file *seq, void *v) DEFINE_PROC_SHOW_ATTRIBUTE(nfsd); -void nfsd_proc_stat_init(struct net *net) +struct proc_dir_entry *nfsd_proc_stat_init(struct net *net) { struct nfsd_net *nn = net_generic(net, nfsd_net_id); - svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops); + return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops); } void nfsd_proc_stat_shutdown(struct net *net) diff --git a/fs/nfsd/stats.h b/fs/nfsd/stats.h index 04aacb6c36e2..e4efb0e4e56d 100644 --- a/fs/nfsd/stats.h +++ b/fs/nfsd/stats.h @@ -10,7 +10,7 @@ #include <uapi/linux/nfsd/stats.h> #include <linux/percpu_counter.h> -void nfsd_proc_stat_init(struct net *net); +struct proc_dir_entry *nfsd_proc_stat_init(struct net *net); void nfsd_proc_stat_shutdown(struct net *net); static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn)

7 months

1
0
0 0

FAILED: patch "[PATCH] media: streamzap: fix race between device disconnection and" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f656cfbc7a293a039d6a0c7100e1c846845148c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040826-roving-harmony-dcd6@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f656cfbc7a293a039d6a0c7100e1c846845148c1 Mon Sep 17 00:00:00 2001 From: Murad Masimov <m.masimov(a)mt-integration.ru> Date: Mon, 13 Jan 2025 13:51:30 +0300 Subject: [PATCH] media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish. If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 8e9e60640067 ("V4L/DVB: staging/lirc: port lirc_streamzap to ir-core") Cc: stable(a)vger.kernel.org Reported-by: syzbot+34008406ee9a31b13c73(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=34008406ee9a31b13c73 Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/rc/streamzap.c b/drivers/media/rc/streamzap.c index 9b209e687f25..2ce62fe5d60f 100644 --- a/drivers/media/rc/streamzap.c +++ b/drivers/media/rc/streamzap.c @@ -385,8 +385,8 @@ static void streamzap_disconnect(struct usb_interface *interface) if (!sz) return; - rc_unregister_device(sz->rdev); usb_kill_urb(sz->urb_in); + rc_unregister_device(sz->rdev); usb_free_urb(sz->urb_in); usb_free_coherent(usbdev, sz->buf_in_len, sz->buf_in, sz->dma_in);

7 months

1
0
0 0

FAILED: patch "[PATCH] media: streamzap: fix race between device disconnection and" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f656cfbc7a293a039d6a0c7100e1c846845148c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040825-taunt-stencil-d364@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f656cfbc7a293a039d6a0c7100e1c846845148c1 Mon Sep 17 00:00:00 2001 From: Murad Masimov <m.masimov(a)mt-integration.ru> Date: Mon, 13 Jan 2025 13:51:30 +0300 Subject: [PATCH] media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish. If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 8e9e60640067 ("V4L/DVB: staging/lirc: port lirc_streamzap to ir-core") Cc: stable(a)vger.kernel.org Reported-by: syzbot+34008406ee9a31b13c73(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=34008406ee9a31b13c73 Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/rc/streamzap.c b/drivers/media/rc/streamzap.c index 9b209e687f25..2ce62fe5d60f 100644 --- a/drivers/media/rc/streamzap.c +++ b/drivers/media/rc/streamzap.c @@ -385,8 +385,8 @@ static void streamzap_disconnect(struct usb_interface *interface) if (!sz) return; - rc_unregister_device(sz->rdev); usb_kill_urb(sz->urb_in); + rc_unregister_device(sz->rdev); usb_free_urb(sz->urb_in); usb_free_coherent(usbdev, sz->buf_in_len, sz->buf_in, sz->dma_in);

7 months

1
0
0 0

FAILED: patch "[PATCH] media: streamzap: fix race between device disconnection and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f656cfbc7a293a039d6a0c7100e1c846845148c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040825-lankiness-posh-a49b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f656cfbc7a293a039d6a0c7100e1c846845148c1 Mon Sep 17 00:00:00 2001 From: Murad Masimov <m.masimov(a)mt-integration.ru> Date: Mon, 13 Jan 2025 13:51:30 +0300 Subject: [PATCH] media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish. If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 8e9e60640067 ("V4L/DVB: staging/lirc: port lirc_streamzap to ir-core") Cc: stable(a)vger.kernel.org Reported-by: syzbot+34008406ee9a31b13c73(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=34008406ee9a31b13c73 Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/rc/streamzap.c b/drivers/media/rc/streamzap.c index 9b209e687f25..2ce62fe5d60f 100644 --- a/drivers/media/rc/streamzap.c +++ b/drivers/media/rc/streamzap.c @@ -385,8 +385,8 @@ static void streamzap_disconnect(struct usb_interface *interface) if (!sz) return; - rc_unregister_device(sz->rdev); usb_kill_urb(sz->urb_in); + rc_unregister_device(sz->rdev); usb_free_urb(sz->urb_in); usb_free_coherent(usbdev, sz->buf_in_len, sz->buf_in, sz->dma_in);

7 months

1
0
0 0

FAILED: patch "[PATCH] media: vimc: skip .s_stream() for stopped entities" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 36cef585e2a31e4ddf33a004b0584a7a572246de # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040811-juniper-devoutly-0800@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 36cef585e2a31e4ddf33a004b0584a7a572246de Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Sun, 2 Mar 2025 17:58:25 +0300 Subject: [PATCH] media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs. Add a simple fix in vimc_streamer_pipeline_terminate() ensuring that entities skip a call to .s_stream() unless they have been previously properly started. [1] Syzbot report: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460 Modules linked in: CPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 ... Call Trace: <TASK> vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62 vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline] vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203 vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256 vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789 vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348 vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline] vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118 __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122 video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463 v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2b85c01b19 ... Reported-by: syzbot+5bcd7c809d365e14c4df(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5bcd7c809d365e14c4df Fixes: adc589d2a208 ("media: vimc: Add vimc-streamer for stream control") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/test-drivers/vimc/vimc-streamer.c b/drivers/media/test-drivers/vimc/vimc-streamer.c index 807551a5143b..15d863f97cbf 100644 --- a/drivers/media/test-drivers/vimc/vimc-streamer.c +++ b/drivers/media/test-drivers/vimc/vimc-streamer.c @@ -59,6 +59,12 @@ static void vimc_streamer_pipeline_terminate(struct vimc_stream *stream) continue; sd = media_entity_to_v4l2_subdev(ved->ent); + /* + * Do not call .s_stream() to stop an already + * stopped/unstarted subdev. + */ + if (!v4l2_subdev_is_streaming(sd)) + continue; v4l2_subdev_call(sd, video, s_stream, 0); } }

7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: don't over-report free space or inodes in statvfs" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f87d3af7419307ae26e705a2b2db36140db367a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040822-saline-starring-eabe@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f87d3af7419307ae26e705a2b2db36140db367a2 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <tytso(a)mit.edu> Date: Fri, 14 Mar 2025 00:38:42 -0400 Subject: [PATCH] ext4: don't over-report free space or inodes in statvfs This fixes an analogus bug that was fixed in xfs in commit 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs") where statfs can report misleading / incorrect information where project quota is enabled, and the free space is less than the remaining quota. This commit will resolve a test failure in generic/762 which tests for this bug. Cc: stable(a)kernel.org Fixes: 689c958cbe6b ("ext4: add project quota support") Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reviewed-by: "Darrick J. Wong" <djwong(a)kernel.org> diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 4768770715ca..8cafcd3e9f5f 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -6820,22 +6820,29 @@ static int ext4_statfs_project(struct super_block *sb, dquot->dq_dqb.dqb_bhardlimit); limit >>= sb->s_blocksize_bits; - if (limit && buf->f_blocks > limit) { + if (limit) { + uint64_t remaining = 0; + curblock = (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace) >> sb->s_blocksize_bits; - buf->f_blocks = limit; - buf->f_bfree = buf->f_bavail = - (buf->f_blocks > curblock) ? - (buf->f_blocks - curblock) : 0; + if (limit > curblock) + remaining = limit - curblock; + + buf->f_blocks = min(buf->f_blocks, limit); + buf->f_bfree = min(buf->f_bfree, remaining); + buf->f_bavail = min(buf->f_bavail, remaining); } limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, dquot->dq_dqb.dqb_ihardlimit); - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = - (buf->f_files > dquot->dq_dqb.dqb_curinodes) ? - (buf->f_files - dquot->dq_dqb.dqb_curinodes) : 0; + if (limit) { + uint64_t remaining = 0; + + if (limit > dquot->dq_dqb.dqb_curinodes) + remaining = limit - dquot->dq_dqb.dqb_curinodes; + + buf->f_files = min(buf->f_files, limit); + buf->f_ffree = min(buf->f_ffree, remaining); } spin_unlock(&dquot->dq_dqb_lock);

7 months

1
0
0 0

FAILED: patch "[PATCH] tracing: Verify event formats that have "%*p.."" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ea8d7647f9ddf1f81e2027ed305299797299aa03 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040813-truffle-chitchat-1344@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea8d7647f9ddf1f81e2027ed305299797299aa03 Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Thu, 27 Mar 2025 19:53:11 -0400 Subject: [PATCH] tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. If an event references data that was allocated when the event triggered and that same data is freed before the event is read, then the kernel can crash by reading freed memory. The verifier runs at boot up (or module load) and scans the print formats of the events and checks their arguments to make sure that dereferenced pointers are safe. If the format uses "%*p.." the verifier will ignore it, and that could be dangerous. Cover this case as well. Also add to the sample code a use case of "%*pbl". Link: https://lore.kernel.org/all/bcba4d76-2c3f-4d11-baf0-02905db953dd@oracle.com/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Link: https://lore.kernel.org/20250327195311.2d89ec66@gandalf.local.home Reported-by: Libo Chen <libo.chen(a)oracle.com> Reviewed-by: Libo Chen <libo.chen(a)oracle.com> Tested-by: Libo Chen <libo.chen(a)oracle.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 8638b7f7ff85..069e92856bda 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -470,6 +470,7 @@ static void test_event_printk(struct trace_event_call *call) case '%': continue; case 'p': + do_pointer: /* Find dereferencing fields */ switch (fmt[i + 1]) { case 'B': case 'R': case 'r': @@ -498,6 +499,12 @@ static void test_event_printk(struct trace_event_call *call) continue; if (fmt[i + j] == '*') { star = true; + /* Handle %*pbl case */ + if (!j && fmt[i + 1] == 'p') { + arg++; + i++; + goto do_pointer; + } continue; } if ((fmt[i + j] == 's')) { diff --git a/samples/trace_events/trace-events-sample.h b/samples/trace_events/trace-events-sample.h index 999f78d380ae..1a05fc153353 100644 --- a/samples/trace_events/trace-events-sample.h +++ b/samples/trace_events/trace-events-sample.h @@ -319,7 +319,8 @@ TRACE_EVENT(foo_bar, __assign_cpumask(cpum, cpumask_bits(mask)); ), - TP_printk("foo %s %d %s %s %s %s %s %s (%s) (%s) %s", __entry->foo, __entry->bar, + TP_printk("foo %s %d %s %s %s %s %s %s (%s) (%s) %s [%d] %*pbl", + __entry->foo, __entry->bar, /* * Notice here the use of some helper functions. This includes: @@ -370,7 +371,10 @@ TRACE_EVENT(foo_bar, __get_str(str), __get_str(lstr), __get_bitmask(cpus), __get_cpumask(cpum), - __get_str(vstr)) + __get_str(vstr), + __get_dynamic_array_len(cpus), + __get_dynamic_array_len(cpus), + __get_dynamic_array(cpus)) ); /*

7 months

1
0
0 0

FAILED: patch "[PATCH] tracing: Verify event formats that have "%*p.."" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ea8d7647f9ddf1f81e2027ed305299797299aa03 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040812-pulse-unsaid-621c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea8d7647f9ddf1f81e2027ed305299797299aa03 Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Thu, 27 Mar 2025 19:53:11 -0400 Subject: [PATCH] tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. If an event references data that was allocated when the event triggered and that same data is freed before the event is read, then the kernel can crash by reading freed memory. The verifier runs at boot up (or module load) and scans the print formats of the events and checks their arguments to make sure that dereferenced pointers are safe. If the format uses "%*p.." the verifier will ignore it, and that could be dangerous. Cover this case as well. Also add to the sample code a use case of "%*pbl". Link: https://lore.kernel.org/all/bcba4d76-2c3f-4d11-baf0-02905db953dd@oracle.com/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Link: https://lore.kernel.org/20250327195311.2d89ec66@gandalf.local.home Reported-by: Libo Chen <libo.chen(a)oracle.com> Reviewed-by: Libo Chen <libo.chen(a)oracle.com> Tested-by: Libo Chen <libo.chen(a)oracle.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 8638b7f7ff85..069e92856bda 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -470,6 +470,7 @@ static void test_event_printk(struct trace_event_call *call) case '%': continue; case 'p': + do_pointer: /* Find dereferencing fields */ switch (fmt[i + 1]) { case 'B': case 'R': case 'r': @@ -498,6 +499,12 @@ static void test_event_printk(struct trace_event_call *call) continue; if (fmt[i + j] == '*') { star = true; + /* Handle %*pbl case */ + if (!j && fmt[i + 1] == 'p') { + arg++; + i++; + goto do_pointer; + } continue; } if ((fmt[i + j] == 's')) { diff --git a/samples/trace_events/trace-events-sample.h b/samples/trace_events/trace-events-sample.h index 999f78d380ae..1a05fc153353 100644 --- a/samples/trace_events/trace-events-sample.h +++ b/samples/trace_events/trace-events-sample.h @@ -319,7 +319,8 @@ TRACE_EVENT(foo_bar, __assign_cpumask(cpum, cpumask_bits(mask)); ), - TP_printk("foo %s %d %s %s %s %s %s %s (%s) (%s) %s", __entry->foo, __entry->bar, + TP_printk("foo %s %d %s %s %s %s %s %s (%s) (%s) %s [%d] %*pbl", + __entry->foo, __entry->bar, /* * Notice here the use of some helper functions. This includes: @@ -370,7 +371,10 @@ TRACE_EVENT(foo_bar, __get_str(str), __get_str(lstr), __get_bitmask(cpus), __get_cpumask(cpum), - __get_str(vstr)) + __get_str(vstr), + __get_dynamic_array_len(cpus), + __get_dynamic_array_len(cpus), + __get_dynamic_array(cpus)) ); /*

7 months

1
0
0 0

FAILED: patch "[PATCH] tracing: Verify event formats that have "%*p.."" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ea8d7647f9ddf1f81e2027ed305299797299aa03 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040812-upscale-denture-306f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea8d7647f9ddf1f81e2027ed305299797299aa03 Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Thu, 27 Mar 2025 19:53:11 -0400 Subject: [PATCH] tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. If an event references data that was allocated when the event triggered and that same data is freed before the event is read, then the kernel can crash by reading freed memory. The verifier runs at boot up (or module load) and scans the print formats of the events and checks their arguments to make sure that dereferenced pointers are safe. If the format uses "%*p.." the verifier will ignore it, and that could be dangerous. Cover this case as well. Also add to the sample code a use case of "%*pbl". Link: https://lore.kernel.org/all/bcba4d76-2c3f-4d11-baf0-02905db953dd@oracle.com/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Link: https://lore.kernel.org/20250327195311.2d89ec66@gandalf.local.home Reported-by: Libo Chen <libo.chen(a)oracle.com> Reviewed-by: Libo Chen <libo.chen(a)oracle.com> Tested-by: Libo Chen <libo.chen(a)oracle.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 8638b7f7ff85..069e92856bda 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -470,6 +470,7 @@ static void test_event_printk(struct trace_event_call *call) case '%': continue; case 'p': + do_pointer: /* Find dereferencing fields */ switch (fmt[i + 1]) { case 'B': case 'R': case 'r': @@ -498,6 +499,12 @@ static void test_event_printk(struct trace_event_call *call) continue; if (fmt[i + j] == '*') { star = true; + /* Handle %*pbl case */ + if (!j && fmt[i + 1] == 'p') { + arg++; + i++; + goto do_pointer; + } continue; } if ((fmt[i + j] == 's')) { diff --git a/samples/trace_events/trace-events-sample.h b/samples/trace_events/trace-events-sample.h index 999f78d380ae..1a05fc153353 100644 --- a/samples/trace_events/trace-events-sample.h +++ b/samples/trace_events/trace-events-sample.h @@ -319,7 +319,8 @@ TRACE_EVENT(foo_bar, __assign_cpumask(cpum, cpumask_bits(mask)); ), - TP_printk("foo %s %d %s %s %s %s %s %s (%s) (%s) %s", __entry->foo, __entry->bar, + TP_printk("foo %s %d %s %s %s %s %s %s (%s) (%s) %s [%d] %*pbl", + __entry->foo, __entry->bar, /* * Notice here the use of some helper functions. This includes: @@ -370,7 +371,10 @@ TRACE_EVENT(foo_bar, __get_str(str), __get_str(lstr), __get_bitmask(cpus), __get_cpumask(cpum), - __get_str(vstr)) + __get_str(vstr), + __get_dynamic_array_len(cpus), + __get_dynamic_array_len(cpus), + __get_dynamic_array(cpus)) ); /*

7 months

1
0
0 0

FAILED: patch "[PATCH] tracing: Fix synth event printk format for str fields" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4d38328eb442dc06aec4350fd9594ffa6488af02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040851-snowstorm-anyhow-9887@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d38328eb442dc06aec4350fd9594ffa6488af02 Mon Sep 17 00:00:00 2001 From: Douglas Raillard <douglas.raillard(a)arm.com> Date: Tue, 25 Mar 2025 16:52:02 +0000 Subject: [PATCH] tracing: Fix synth event printk format for str fields The printk format for synth event uses "%.*s" to print string fields, but then only passes the pointer part as var arg. Replace %.*s with %s as the C string is guaranteed to be null-terminated. The output in print fmt should never have been updated as __get_str() handles the string limit because it can access the length of the string in the string meta data that is saved in the ring buffer. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 8db4d6bfbbf92 ("tracing: Change synthetic event string format to limit printed length") Link: https://lore.kernel.org/20250325165202.541088-1-douglas.raillard@arm.com Signed-off-by: Douglas Raillard <douglas.raillard(a)arm.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c index a5c5f34c207a..6d592cbc38e4 100644 --- a/kernel/trace/trace_events_synth.c +++ b/kernel/trace/trace_events_synth.c @@ -305,7 +305,7 @@ static const char *synth_field_fmt(char *type) else if (strcmp(type, "gfp_t") == 0) fmt = "%x"; else if (synth_field_is_string(type)) - fmt = "%.*s"; + fmt = "%s"; else if (synth_field_is_stack(type)) fmt = "%s";

7 months

1
0
0 0

[PATCH] sctp: detect and prevent references to a freed transport in sendmsg

by Ricardo Cañuelo Navarro

sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then sctp_sendmsg_to_asoc() sets the selected transport in all the message chunks to be sent. There's a possible race condition if another thread triggers the removal of that selected transport, for instance, by explicitly unbinding an address with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have been set up and before the message is sent. This can happen if the send buffer is full, during the period when the sender thread temporarily releases the socket lock in sctp_wait_for_sndbuf(). This causes the access to the transport data in sctp_outq_select_transport(), when the association outqueue is flushed, to result in a use-after-free read. This change avoids this scenario by having sctp_transport_free() signal the freeing of the transport, tagging it as "dead". In order to do this, the patch restores the "dead" bit in struct sctp_transport, which was removed in commit 47faa1e4c50e ("sctp: remove the dead field of sctp_transport"). Then, in the scenario where the sender thread has released the socket lock in sctp_wait_for_sndbuf(), the bit is checked again after re-acquiring the socket lock to detect the deletion. This is done while holding a reference to the transport to prevent it from being freed in the process. If the transport was deleted while the socket lock was relinquished, sctp_sendmsg_to_asoc() will return -EAGAIN to let userspace retry the send. The bug was found by a private syzbot instance (see the error report [1] and the C reproducer that triggers it [2]). Link: https://people.igalia.com/rcn/kernel_logs/20250402__KASAN_slab-use-after-fr… [1] Link: https://people.igalia.com/rcn/kernel_logs/20250402__KASAN_slab-use-after-fr… [2] Cc: stable(a)vger.kernel.org Fixes: df132eff4638 ("sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer") Suggested-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com> --- This patch supersedes this one I sent a few days ago, which proposed a different solution: https://lore.kernel.org/all/20250402-kasan_slab-use-after-free_read_in_sctp… As Xin Long pointed out in the discussion on that patch, that solution would have a significant performance impact, so this alternative was proposed instead. Although the purpose is the same, the patch implementation is completely different, hence the new patch instead of a v2. Cheers, Ricardo --- include/net/sctp/structs.h | 3 ++- net/sctp/socket.c | 22 ++++++++++++++-------- net/sctp/transport.c | 2 ++ 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 31248cfdfb235f1e6008c4a6b64a1103d2f355ef..dcd288fa1bb6fbbb33bb639a790d8edcbba7c389 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -775,6 +775,7 @@ struct sctp_transport { /* Reference counting. */ refcount_t refcnt; + __u32 dead:1, /* RTO-Pending : A flag used to track if one of the DATA * chunks sent to this address is currently being * used to compute a RTT. If this flag is 0, @@ -784,7 +785,7 @@ struct sctp_transport { * calculation completes (i.e. the DATA chunk * is SACK'd) clear this flag. */ - __u32 rto_pending:1, + rto_pending:1, /* * hb_sent : a flag that signals that we have a pending diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 36ee34f483d703ffcfe5ca9e6cc554fba24c75ef..53725ee7ba06d780e220c3a184b4f611a7cb5e51 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -72,8 +72,9 @@ /* Forward declarations for internal helper functions. */ static bool sctp_writeable(const struct sock *sk); static void sctp_wfree(struct sk_buff *skb); -static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, - size_t msg_len); +static int sctp_wait_for_sndbuf(struct sctp_association *asoc, + struct sctp_transport *transport, + long *timeo_p, size_t msg_len); static int sctp_wait_for_packet(struct sock *sk, int *err, long *timeo_p); static int sctp_wait_for_connect(struct sctp_association *, long *timeo_p); static int sctp_wait_for_accept(struct sock *sk, long timeo); @@ -1828,7 +1829,7 @@ static int sctp_sendmsg_to_asoc(struct sctp_association *asoc, if (sctp_wspace(asoc) <= 0 || !sk_wmem_schedule(sk, msg_len)) { timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); - err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len); + err = sctp_wait_for_sndbuf(asoc, transport, &timeo, msg_len); if (err) goto err; if (unlikely(sinfo->sinfo_stream >= asoc->stream.outcnt)) { @@ -9214,8 +9215,9 @@ void sctp_sock_rfree(struct sk_buff *skb) /* Helper function to wait for space in the sndbuf. */ -static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, - size_t msg_len) +static int sctp_wait_for_sndbuf(struct sctp_association *asoc, + struct sctp_transport *transport, + long *timeo_p, size_t msg_len) { struct sock *sk = asoc->base.sk; long current_timeo = *timeo_p; @@ -9225,7 +9227,9 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, pr_debug("%s: asoc:%p, timeo:%ld, msg_len:%zu\n", __func__, asoc, *timeo_p, msg_len); - /* Increment the association's refcnt. */ + /* Increment the transport and association's refcnt. */ + if (transport) + sctp_transport_hold(transport); sctp_association_hold(asoc); /* Wait on the association specific sndbuf space. */ @@ -9234,7 +9238,7 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, TASK_INTERRUPTIBLE); if (asoc->base.dead) goto do_dead; - if (!*timeo_p) + if ((!*timeo_p) || (transport && transport->dead)) goto do_nonblock; if (sk->sk_err || asoc->state >= SCTP_STATE_SHUTDOWN_PENDING) goto do_error; @@ -9259,7 +9263,9 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, out: finish_wait(&asoc->wait, &wait); - /* Release the association's refcnt. */ + /* Release the transport and association's refcnt. */ + if (transport) + sctp_transport_put(transport); sctp_association_put(asoc); return err; diff --git a/net/sctp/transport.c b/net/sctp/transport.c index 2abe45af98e7c6efd5baffb88a8687e595cf3f24..31eca29b6cfbfb146c389cc643126ce87620fccd 100644 --- a/net/sctp/transport.c +++ b/net/sctp/transport.c @@ -117,6 +117,8 @@ struct sctp_transport *sctp_transport_new(struct net *net, */ void sctp_transport_free(struct sctp_transport *transport) { + transport->dead = 1; + /* Try to delete the heartbeat timer. */ if (del_timer(&transport->hb_timer)) sctp_transport_put(transport); --- base-commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 change-id: 20250404-kasan_slab-use-after-free_read_in_sctp_outq_select_transport__20250404-9e1ff370061d

7 months

3
2
0 0

FAILED: patch "[PATCH] arm64: errata: Add newer ARM cores to the" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a5951389e58d2e816eed3dbec5877de9327fd881 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040857-whinny-coziness-437c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5951389e58d2e816eed3dbec5877de9327fd881 Mon Sep 17 00:00:00 2001 From: Douglas Anderson <dianders(a)chromium.org> Date: Tue, 7 Jan 2025 12:06:02 -0800 Subject: [PATCH] arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists When comparing to the ARM list [1], it appears that several ARM cores were missing from the lists in spectre_bhb_loop_affected(). Add them. NOTE: for some of these cores it may not matter since other ways of clearing the BHB may be used (like the CLRBHB instruction or ECBHB), but it still seems good to have all the info from ARM's whitepaper included. [1] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Signed-off-by: Douglas Anderson <dianders(a)chromium.org> Reviewed-by: James Morse <james.morse(a)arm.com> Link: https://lore.kernel.org/r/20250107120555.v4.5.I4a9a527e03f663040721c5401c41… Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 89405be53d8f..0f51fd10b4b0 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -876,6 +876,14 @@ static u8 spectre_bhb_loop_affected(void) { u8 k = 0; + static const struct midr_range spectre_bhb_k132_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_X3), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2), + }; + static const struct midr_range spectre_bhb_k38_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A715), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A720), + }; static const struct midr_range spectre_bhb_k32_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), @@ -889,6 +897,7 @@ static u8 spectre_bhb_loop_affected(void) }; static const struct midr_range spectre_bhb_k24_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76AE), MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), @@ -904,7 +913,11 @@ static u8 spectre_bhb_loop_affected(void) {}, }; - if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k132_list)) + k = 132; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k38_list)) + k = 38; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) k = 32; else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) k = 24;

7 months

1
0
0 0

FAILED: patch "[PATCH] arm64: errata: Add newer ARM cores to the" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a5951389e58d2e816eed3dbec5877de9327fd881 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040855-shingle-handcraft-3ca3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5951389e58d2e816eed3dbec5877de9327fd881 Mon Sep 17 00:00:00 2001 From: Douglas Anderson <dianders(a)chromium.org> Date: Tue, 7 Jan 2025 12:06:02 -0800 Subject: [PATCH] arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists When comparing to the ARM list [1], it appears that several ARM cores were missing from the lists in spectre_bhb_loop_affected(). Add them. NOTE: for some of these cores it may not matter since other ways of clearing the BHB may be used (like the CLRBHB instruction or ECBHB), but it still seems good to have all the info from ARM's whitepaper included. [1] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Signed-off-by: Douglas Anderson <dianders(a)chromium.org> Reviewed-by: James Morse <james.morse(a)arm.com> Link: https://lore.kernel.org/r/20250107120555.v4.5.I4a9a527e03f663040721c5401c41… Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 89405be53d8f..0f51fd10b4b0 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -876,6 +876,14 @@ static u8 spectre_bhb_loop_affected(void) { u8 k = 0; + static const struct midr_range spectre_bhb_k132_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_X3), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2), + }; + static const struct midr_range spectre_bhb_k38_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A715), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A720), + }; static const struct midr_range spectre_bhb_k32_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), @@ -889,6 +897,7 @@ static u8 spectre_bhb_loop_affected(void) }; static const struct midr_range spectre_bhb_k24_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76AE), MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), @@ -904,7 +913,11 @@ static u8 spectre_bhb_loop_affected(void) {}, }; - if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k132_list)) + k = 132; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k38_list)) + k = 38; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) k = 32; else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) k = 24;

7 months

1
0
0 0

FAILED: patch "[PATCH] arm64: errata: Add newer ARM cores to the" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a5951389e58d2e816eed3dbec5877de9327fd881 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040854-depict-predict-4b0d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5951389e58d2e816eed3dbec5877de9327fd881 Mon Sep 17 00:00:00 2001 From: Douglas Anderson <dianders(a)chromium.org> Date: Tue, 7 Jan 2025 12:06:02 -0800 Subject: [PATCH] arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists When comparing to the ARM list [1], it appears that several ARM cores were missing from the lists in spectre_bhb_loop_affected(). Add them. NOTE: for some of these cores it may not matter since other ways of clearing the BHB may be used (like the CLRBHB instruction or ECBHB), but it still seems good to have all the info from ARM's whitepaper included. [1] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Signed-off-by: Douglas Anderson <dianders(a)chromium.org> Reviewed-by: James Morse <james.morse(a)arm.com> Link: https://lore.kernel.org/r/20250107120555.v4.5.I4a9a527e03f663040721c5401c41… Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 89405be53d8f..0f51fd10b4b0 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -876,6 +876,14 @@ static u8 spectre_bhb_loop_affected(void) { u8 k = 0; + static const struct midr_range spectre_bhb_k132_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_X3), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2), + }; + static const struct midr_range spectre_bhb_k38_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A715), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A720), + }; static const struct midr_range spectre_bhb_k32_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), @@ -889,6 +897,7 @@ static u8 spectre_bhb_loop_affected(void) }; static const struct midr_range spectre_bhb_k24_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76AE), MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), @@ -904,7 +913,11 @@ static u8 spectre_bhb_loop_affected(void) {}, }; - if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k132_list)) + k = 132; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k38_list)) + k = 38; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) k = 32; else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) k = 24;

7 months

1
0
0 0

FAILED: patch "[PATCH] arm64: errata: Add newer ARM cores to the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a5951389e58d2e816eed3dbec5877de9327fd881 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040852-tweezers-roving-1cf8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5951389e58d2e816eed3dbec5877de9327fd881 Mon Sep 17 00:00:00 2001 From: Douglas Anderson <dianders(a)chromium.org> Date: Tue, 7 Jan 2025 12:06:02 -0800 Subject: [PATCH] arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists When comparing to the ARM list [1], it appears that several ARM cores were missing from the lists in spectre_bhb_loop_affected(). Add them. NOTE: for some of these cores it may not matter since other ways of clearing the BHB may be used (like the CLRBHB instruction or ECBHB), but it still seems good to have all the info from ARM's whitepaper included. [1] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Signed-off-by: Douglas Anderson <dianders(a)chromium.org> Reviewed-by: James Morse <james.morse(a)arm.com> Link: https://lore.kernel.org/r/20250107120555.v4.5.I4a9a527e03f663040721c5401c41… Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 89405be53d8f..0f51fd10b4b0 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -876,6 +876,14 @@ static u8 spectre_bhb_loop_affected(void) { u8 k = 0; + static const struct midr_range spectre_bhb_k132_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_X3), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2), + }; + static const struct midr_range spectre_bhb_k38_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A715), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A720), + }; static const struct midr_range spectre_bhb_k32_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), @@ -889,6 +897,7 @@ static u8 spectre_bhb_loop_affected(void) }; static const struct midr_range spectre_bhb_k24_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76AE), MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), @@ -904,7 +913,11 @@ static u8 spectre_bhb_loop_affected(void) {}, }; - if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k132_list)) + k = 132; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k38_list)) + k = 38; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) k = 32; else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) k = 24;

7 months

1
0
0 0

FAILED: patch "[PATCH] arm64: errata: Add newer ARM cores to the" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a5951389e58d2e816eed3dbec5877de9327fd881 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040850-subatomic-sake-782d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5951389e58d2e816eed3dbec5877de9327fd881 Mon Sep 17 00:00:00 2001 From: Douglas Anderson <dianders(a)chromium.org> Date: Tue, 7 Jan 2025 12:06:02 -0800 Subject: [PATCH] arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists When comparing to the ARM list [1], it appears that several ARM cores were missing from the lists in spectre_bhb_loop_affected(). Add them. NOTE: for some of these cores it may not matter since other ways of clearing the BHB may be used (like the CLRBHB instruction or ECBHB), but it still seems good to have all the info from ARM's whitepaper included. [1] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Signed-off-by: Douglas Anderson <dianders(a)chromium.org> Reviewed-by: James Morse <james.morse(a)arm.com> Link: https://lore.kernel.org/r/20250107120555.v4.5.I4a9a527e03f663040721c5401c41… Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 89405be53d8f..0f51fd10b4b0 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -876,6 +876,14 @@ static u8 spectre_bhb_loop_affected(void) { u8 k = 0; + static const struct midr_range spectre_bhb_k132_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_X3), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2), + }; + static const struct midr_range spectre_bhb_k38_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A715), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A720), + }; static const struct midr_range spectre_bhb_k32_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), @@ -889,6 +897,7 @@ static u8 spectre_bhb_loop_affected(void) }; static const struct midr_range spectre_bhb_k24_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76AE), MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), @@ -904,7 +913,11 @@ static u8 spectre_bhb_loop_affected(void) {}, }; - if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k132_list)) + k = 132; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k38_list)) + k = 38; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) k = 32; else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) k = 24;

7 months

1
0
0 0

FAILED: patch "[PATCH] arm64: errata: Add newer ARM cores to the" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a5951389e58d2e816eed3dbec5877de9327fd881 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040848-lukewarm-footprint-06c8@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5951389e58d2e816eed3dbec5877de9327fd881 Mon Sep 17 00:00:00 2001 From: Douglas Anderson <dianders(a)chromium.org> Date: Tue, 7 Jan 2025 12:06:02 -0800 Subject: [PATCH] arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists When comparing to the ARM list [1], it appears that several ARM cores were missing from the lists in spectre_bhb_loop_affected(). Add them. NOTE: for some of these cores it may not matter since other ways of clearing the BHB may be used (like the CLRBHB instruction or ECBHB), but it still seems good to have all the info from ARM's whitepaper included. [1] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Signed-off-by: Douglas Anderson <dianders(a)chromium.org> Reviewed-by: James Morse <james.morse(a)arm.com> Link: https://lore.kernel.org/r/20250107120555.v4.5.I4a9a527e03f663040721c5401c41… Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 89405be53d8f..0f51fd10b4b0 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -876,6 +876,14 @@ static u8 spectre_bhb_loop_affected(void) { u8 k = 0; + static const struct midr_range spectre_bhb_k132_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_X3), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2), + }; + static const struct midr_range spectre_bhb_k38_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A715), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A720), + }; static const struct midr_range spectre_bhb_k32_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), @@ -889,6 +897,7 @@ static u8 spectre_bhb_loop_affected(void) }; static const struct midr_range spectre_bhb_k24_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76AE), MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), @@ -904,7 +913,11 @@ static u8 spectre_bhb_loop_affected(void) {}, }; - if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k132_list)) + k = 132; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k38_list)) + k = 38; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) k = 32; else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) k = 24;

7 months

1
0
0 0

FAILED: patch "[PATCH] arm64: errata: Add newer ARM cores to the" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x a5951389e58d2e816eed3dbec5877de9327fd881 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040846-certified-entering-89c3@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5951389e58d2e816eed3dbec5877de9327fd881 Mon Sep 17 00:00:00 2001 From: Douglas Anderson <dianders(a)chromium.org> Date: Tue, 7 Jan 2025 12:06:02 -0800 Subject: [PATCH] arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists When comparing to the ARM list [1], it appears that several ARM cores were missing from the lists in spectre_bhb_loop_affected(). Add them. NOTE: for some of these cores it may not matter since other ways of clearing the BHB may be used (like the CLRBHB instruction or ECBHB), but it still seems good to have all the info from ARM's whitepaper included. [1] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Signed-off-by: Douglas Anderson <dianders(a)chromium.org> Reviewed-by: James Morse <james.morse(a)arm.com> Link: https://lore.kernel.org/r/20250107120555.v4.5.I4a9a527e03f663040721c5401c41… Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 89405be53d8f..0f51fd10b4b0 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -876,6 +876,14 @@ static u8 spectre_bhb_loop_affected(void) { u8 k = 0; + static const struct midr_range spectre_bhb_k132_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_X3), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2), + }; + static const struct midr_range spectre_bhb_k38_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A715), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A720), + }; static const struct midr_range spectre_bhb_k32_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), @@ -889,6 +897,7 @@ static u8 spectre_bhb_loop_affected(void) }; static const struct midr_range spectre_bhb_k24_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76AE), MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), @@ -904,7 +913,11 @@ static u8 spectre_bhb_loop_affected(void) {}, }; - if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k132_list)) + k = 132; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k38_list)) + k = 38; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) k = 32; else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) k = 24;

7 months

1
0
0 0

FAILED: patch "[PATCH] ARM: 9443/1: Require linker to support KEEP within OVERLAY" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x e7607f7d6d81af71dcc5171278aadccc94d277cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040805-goal-richness-0c23@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e7607f7d6d81af71dcc5171278aadccc94d277cd Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Thu, 20 Mar 2025 22:33:49 +0100 Subject: [PATCH] ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE ld.lld prior to 21.0.0 does not support using the KEEP keyword within an overlay description, which may be needed to avoid discarding necessary sections within an overlay with '--gc-sections', which can be enabled for the kernel via CONFIG_LD_DEAD_CODE_DATA_ELIMINATION. Disallow CONFIG_LD_DEAD_CODE_DATA_ELIMINATION without support for KEEP within OVERLAY and introduce a macro, OVERLAY_KEEP, that can be used to conditionally add KEEP when it is properly supported to avoid breaking old versions of ld.lld. Cc: stable(a)vger.kernel.org Link: https://github.com/llvm/llvm-project/commit/381599f1fe973afad3094e55ec99b16… Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 202dbd17ad2f..25ed6f1a7c7a 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -121,7 +121,7 @@ config ARM select HAVE_KERNEL_XZ select HAVE_KPROBES if !XIP_KERNEL && !CPU_ENDIAN_BE32 && !CPU_V7M select HAVE_KRETPROBES if HAVE_KPROBES - select HAVE_LD_DEAD_CODE_DATA_ELIMINATION if (LD_VERSION >= 23600 || LD_IS_LLD) + select HAVE_LD_DEAD_CODE_DATA_ELIMINATION if (LD_VERSION >= 23600 || LD_CAN_USE_KEEP_IN_OVERLAY) select HAVE_MOD_ARCH_SPECIFIC select HAVE_NMI select HAVE_OPTPROBES if !THUMB2_KERNEL diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h index 89697f204715..a54db342653a 100644 --- a/arch/arm/include/asm/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -34,6 +34,12 @@ #define NOCROSSREFS #endif +#ifdef CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY +#define OVERLAY_KEEP(x) KEEP(x) +#else +#define OVERLAY_KEEP(x) x +#endif + /* Set start/end symbol names to the LMA for the section */ #define ARM_LMA(sym, section) \ sym##_start = LOADADDR(section); \ diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..fc994f5cd5db 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -129,6 +129,11 @@ config CC_HAS_COUNTED_BY # https://github.com/llvm/llvm-project/pull/112636 depends on !(CC_IS_CLANG && CLANG_VERSION < 190103) +config LD_CAN_USE_KEEP_IN_OVERLAY + # ld.lld prior to 21.0.0 did not support KEEP within an overlay description + # https://github.com/llvm/llvm-project/pull/130661 + def_bool LD_IS_BFD || LLD_VERSION >= 210000 + config RUSTC_HAS_COERCE_POINTEE def_bool RUSTC_VERSION >= 108400

7 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: platform-profile: Fix CFI violation when accessing" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x dd4f730b557ce701a2cd4f604bf1e57667bd8b6e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040805-untaken-baggage-498c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dd4f730b557ce701a2cd4f604bf1e57667bd8b6e Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Mon, 10 Feb 2025 21:28:25 -0500 Subject: [PATCH] ACPI: platform-profile: Fix CFI violation when accessing sysfs files When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be of the same type as the callbacks in 'struct kobj_attribute'. However, ->show() and ->store() in the platform_profile driver are defined for struct device_attribute with the help of DEVICE_ATTR_RO() and DEVICE_ATTR_RW(), which results in a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) There is no functional issue from the type mismatch because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast does not break anything aside from CFI. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: All applicable <stable(a)vger.kernel.org> Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Reviewed-by: Sami Tolvanen <samitolvanen(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Link: https://patch.msgid.link/20250210-acpi-platform_profile-fix-cfi-violation-v… [ rjw: Changelog edits ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index fc92e43d0fe9..1b6317f759f9 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -260,14 +260,14 @@ static int _aggregate_choices(struct device *dev, void *data) /** * platform_profile_choices_show - Show the available profile choices for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { unsigned long aggregate[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -333,14 +333,14 @@ static int _store_and_notify(struct device *dev, void *data) /** * platform_profile_show - Show the current profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_LAST; @@ -362,15 +362,15 @@ static ssize_t platform_profile_show(struct device *dev, /** * platform_profile_store - Set the profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to read from * @count: The number of bytes to read * * Return: The number of bytes read */ -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { unsigned long choices[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -401,12 +401,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL };

7 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: platform-profile: Fix CFI violation when accessing" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x dd4f730b557ce701a2cd4f604bf1e57667bd8b6e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040805-murmuring-number-bbb8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dd4f730b557ce701a2cd4f604bf1e57667bd8b6e Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Mon, 10 Feb 2025 21:28:25 -0500 Subject: [PATCH] ACPI: platform-profile: Fix CFI violation when accessing sysfs files When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be of the same type as the callbacks in 'struct kobj_attribute'. However, ->show() and ->store() in the platform_profile driver are defined for struct device_attribute with the help of DEVICE_ATTR_RO() and DEVICE_ATTR_RW(), which results in a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) There is no functional issue from the type mismatch because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast does not break anything aside from CFI. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: All applicable <stable(a)vger.kernel.org> Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Reviewed-by: Sami Tolvanen <samitolvanen(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Link: https://patch.msgid.link/20250210-acpi-platform_profile-fix-cfi-violation-v… [ rjw: Changelog edits ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index fc92e43d0fe9..1b6317f759f9 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -260,14 +260,14 @@ static int _aggregate_choices(struct device *dev, void *data) /** * platform_profile_choices_show - Show the available profile choices for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { unsigned long aggregate[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -333,14 +333,14 @@ static int _store_and_notify(struct device *dev, void *data) /** * platform_profile_show - Show the current profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_LAST; @@ -362,15 +362,15 @@ static ssize_t platform_profile_show(struct device *dev, /** * platform_profile_store - Set the profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to read from * @count: The number of bytes to read * * Return: The number of bytes read */ -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { unsigned long choices[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -401,12 +401,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL };

7 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: platform-profile: Fix CFI violation when accessing" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x dd4f730b557ce701a2cd4f604bf1e57667bd8b6e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040804-submitter-spur-cf1a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dd4f730b557ce701a2cd4f604bf1e57667bd8b6e Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Mon, 10 Feb 2025 21:28:25 -0500 Subject: [PATCH] ACPI: platform-profile: Fix CFI violation when accessing sysfs files When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be of the same type as the callbacks in 'struct kobj_attribute'. However, ->show() and ->store() in the platform_profile driver are defined for struct device_attribute with the help of DEVICE_ATTR_RO() and DEVICE_ATTR_RW(), which results in a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) There is no functional issue from the type mismatch because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast does not break anything aside from CFI. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: All applicable <stable(a)vger.kernel.org> Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Reviewed-by: Sami Tolvanen <samitolvanen(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Link: https://patch.msgid.link/20250210-acpi-platform_profile-fix-cfi-violation-v… [ rjw: Changelog edits ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index fc92e43d0fe9..1b6317f759f9 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -260,14 +260,14 @@ static int _aggregate_choices(struct device *dev, void *data) /** * platform_profile_choices_show - Show the available profile choices for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { unsigned long aggregate[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -333,14 +333,14 @@ static int _store_and_notify(struct device *dev, void *data) /** * platform_profile_show - Show the current profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_LAST; @@ -362,15 +362,15 @@ static ssize_t platform_profile_show(struct device *dev, /** * platform_profile_store - Set the profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to read from * @count: The number of bytes to read * * Return: The number of bytes read */ -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { unsigned long choices[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -401,12 +401,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL };

7 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: platform-profile: Fix CFI violation when accessing" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x dd4f730b557ce701a2cd4f604bf1e57667bd8b6e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040804-level-crystal-ca73@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dd4f730b557ce701a2cd4f604bf1e57667bd8b6e Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Mon, 10 Feb 2025 21:28:25 -0500 Subject: [PATCH] ACPI: platform-profile: Fix CFI violation when accessing sysfs files When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be of the same type as the callbacks in 'struct kobj_attribute'. However, ->show() and ->store() in the platform_profile driver are defined for struct device_attribute with the help of DEVICE_ATTR_RO() and DEVICE_ATTR_RW(), which results in a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) There is no functional issue from the type mismatch because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast does not break anything aside from CFI. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: All applicable <stable(a)vger.kernel.org> Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Reviewed-by: Sami Tolvanen <samitolvanen(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Link: https://patch.msgid.link/20250210-acpi-platform_profile-fix-cfi-violation-v… [ rjw: Changelog edits ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index fc92e43d0fe9..1b6317f759f9 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -260,14 +260,14 @@ static int _aggregate_choices(struct device *dev, void *data) /** * platform_profile_choices_show - Show the available profile choices for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { unsigned long aggregate[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -333,14 +333,14 @@ static int _store_and_notify(struct device *dev, void *data) /** * platform_profile_show - Show the current profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_LAST; @@ -362,15 +362,15 @@ static ssize_t platform_profile_show(struct device *dev, /** * platform_profile_store - Set the profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to read from * @count: The number of bytes to read * * Return: The number of bytes read */ -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { unsigned long choices[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -401,12 +401,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL };

7 months

1
0
0 0

Re: Patch "sfc: rip out MDIO support" has been added to the 6.14-stable tree

by Edward Cree

On 07/04/2025 15:57, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > sfc: rip out MDIO support > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… ... > Stable-dep-of: 8241ecec1cdc ("sfc: fix NULL dereferences in ef100_process_design_param()") I wouldn't say it's really a dependency; it's completely unrelated, just happens to create a textual diff conflict which should be pretty trivial to resolve (it's only the contexts that overlap, not the actual changes). Obviously you can take this in if you want but I would've said this was a bit big for -stable.

7 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2fa87c71d2adb4b82c105f9191e6120340feff00 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040812-alumni-tightness-cb66@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2fa87c71d2adb4b82c105f9191e6120340feff00 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 25 Mar 2025 22:04:50 +0100 Subject: [PATCH] ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Depending on the secureboot signature on EFI\BOOT\BOOTX86.EFI the Lenovo Yoga Tab 3 UEFI will switch its OSID ACPI variable between 1 (Windows) and 4 (Android(GMIN)). In Windows mode a GPIO event handler gets installed for GPO1 pin 5, causing Linux' x86-android-tables code which deals with the general brokenness of this device's ACPI tables to fail to probe with: [ 17.853705] x86_android_tablets: error -16 getting GPIO INT33FF:01 5 [ 17.859623] x86_android_tablets x86_android_tablets: probe with driver which renders sound, the touchscreen, charging-management, battery-monitoring and more non functional. Add ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS to the existing quirks for this device to fix this. Reported-by: Agoston Lorincz <pipacsba(a)gmail.com> Closes: https://lore.kernel.org/platform-driver-x86/CAMEzqD+DNXrAvUOHviB2O2bjtcbmo3… Cc: All applicable <stable(a)kernel.org> Fixes: fe820db35275 ("ACPI: x86: Add skip i2c clients quirk for Lenovo Yoga Tab 3 Pro (YT3-X90F)") Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://patch.msgid.link/20250325210450.358506-1-hdegoede@redhat.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/x86/utils.c b/drivers/acpi/x86/utils.c index 068c1612660b..4ee30c2897a2 100644 --- a/drivers/acpi/x86/utils.c +++ b/drivers/acpi/x86/utils.c @@ -374,7 +374,8 @@ static const struct dmi_system_id acpi_quirk_skip_dmi_ids[] = { DMI_MATCH(DMI_PRODUCT_VERSION, "Blade3-10A-001"), }, .driver_data = (void *)(ACPI_QUIRK_SKIP_I2C_CLIENTS | - ACPI_QUIRK_SKIP_ACPI_AC_AND_BATTERY), + ACPI_QUIRK_SKIP_ACPI_AC_AND_BATTERY | + ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS), }, { /* Medion Lifetab S10346 */

7 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f9bdf1f953392c9edd69a7f884f78c0390127029 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040839-deputize-undertook-8a56@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f9bdf1f953392c9edd69a7f884f78c0390127029 Mon Sep 17 00:00:00 2001 From: Kan Liang <kan.liang(a)linux.intel.com> Date: Tue, 21 Jan 2025 07:23:01 -0800 Subject: [PATCH] perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read The WARN_ON(this_cpu_read(cpu_hw_events.enabled)) in the intel_pmu_save_and_restart_reload() is triggered, when sampling read topdown events. In a NMI handler, the cpu_hw_events.enabled is set and used to indicate the status of core PMU. The generic pmu->pmu_disable_count, updated in the perf_pmu_disable/enable pair, is not touched. However, the perf_pmu_disable/enable pair is invoked when sampling read in a NMI handler. The cpuc->enabled is mistakenly set by the perf_pmu_enable(). Avoid disabling PMU if the core PMU is already disabled. Merge the logic together. Fixes: 7b2c05a15d29 ("perf/x86/intel: Generic support for hardware TopDown metrics") Suggested-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20250121152303.3128733-2-kan.liang@linux.intel.com diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 2acea83526c6..1ccc961f8182 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -2785,28 +2785,33 @@ static u64 icl_update_topdown_event(struct perf_event *event) DEFINE_STATIC_CALL(intel_pmu_update_topdown_event, x86_perf_event_update); -static void intel_pmu_read_topdown_event(struct perf_event *event) -{ - struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events); - - /* Only need to call update_topdown_event() once for group read. */ - if ((cpuc->txn_flags & PERF_PMU_TXN_READ) && - !is_slots_event(event)) - return; - - perf_pmu_disable(event->pmu); - static_call(intel_pmu_update_topdown_event)(event); - perf_pmu_enable(event->pmu); -} - static void intel_pmu_read_event(struct perf_event *event) { - if (event->hw.flags & PERF_X86_EVENT_AUTO_RELOAD) - intel_pmu_auto_reload_read(event); - else if (is_topdown_count(event)) - intel_pmu_read_topdown_event(event); - else - x86_perf_event_update(event); + if (event->hw.flags & (PERF_X86_EVENT_AUTO_RELOAD | PERF_X86_EVENT_TOPDOWN)) { + struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events); + bool pmu_enabled = cpuc->enabled; + + /* Only need to call update_topdown_event() once for group read. */ + if (is_metric_event(event) && (cpuc->txn_flags & PERF_PMU_TXN_READ)) + return; + + cpuc->enabled = 0; + if (pmu_enabled) + intel_pmu_disable_all(); + + if (is_topdown_event(event)) + static_call(intel_pmu_update_topdown_event)(event); + else + intel_pmu_drain_pebs_buffer(); + + cpuc->enabled = pmu_enabled; + if (pmu_enabled) + intel_pmu_enable_all(0); + + return; + } + + x86_perf_event_update(event); } static void intel_pmu_enable_fixed(struct perf_event *event) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index 322963b02a91..eb14b46423e5 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -953,7 +953,7 @@ int intel_pmu_drain_bts_buffer(void) return 1; } -static inline void intel_pmu_drain_pebs_buffer(void) +void intel_pmu_drain_pebs_buffer(void) { struct perf_sample_data data; @@ -2094,15 +2094,6 @@ get_next_pebs_record_by_bit(void *base, void *top, int bit) return NULL; } -void intel_pmu_auto_reload_read(struct perf_event *event) -{ - WARN_ON(!(event->hw.flags & PERF_X86_EVENT_AUTO_RELOAD)); - - perf_pmu_disable(event->pmu); - intel_pmu_drain_pebs_buffer(); - perf_pmu_enable(event->pmu); -} - /* * Special variant of intel_pmu_save_and_restart() for auto-reload. */ diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h index 084e9196b458..536a112f6353 100644 --- a/arch/x86/events/perf_event.h +++ b/arch/x86/events/perf_event.h @@ -1644,7 +1644,7 @@ void intel_pmu_pebs_disable_all(void); void intel_pmu_pebs_sched_task(struct perf_event_pmu_context *pmu_ctx, bool sched_in); -void intel_pmu_auto_reload_read(struct perf_event *event); +void intel_pmu_drain_pebs_buffer(void); void intel_pmu_store_pebs_lbrs(struct lbr_entry *lbr);

7 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/intel: Apply static call for drain_pebs" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 314dfe10576912e1d786b13c5d4eee8c51b63caa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040819-awry-tutor-54ca@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 314dfe10576912e1d786b13c5d4eee8c51b63caa Mon Sep 17 00:00:00 2001 From: "Peter Zijlstra (Intel)" <peterz(a)infradead.org> Date: Tue, 21 Jan 2025 07:23:00 -0800 Subject: [PATCH] perf/x86/intel: Apply static call for drain_pebs The x86_pmu_drain_pebs static call was introduced in commit 7c9903c9bf71 ("x86/perf, static_call: Optimize x86_pmu methods"), but it's not really used to replace the old method. Apply the static call for drain_pebs. Fixes: 7c9903c9bf71 ("x86/perf, static_call: Optimize x86_pmu methods") Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20250121152303.3128733-1-kan.liang@linux.intel.com diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 7601196d1d18..2acea83526c6 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -3076,7 +3076,7 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status) handled++; x86_pmu_handle_guest_pebs(regs, &data); - x86_pmu.drain_pebs(regs, &data); + static_call(x86_pmu_drain_pebs)(regs, &data); status &= intel_ctrl | GLOBAL_STATUS_TRACE_TOPAPMI; /* diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index ba74e1198328..322963b02a91 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -957,7 +957,7 @@ static inline void intel_pmu_drain_pebs_buffer(void) { struct perf_sample_data data; - x86_pmu.drain_pebs(NULL, &data); + static_call(x86_pmu_drain_pebs)(NULL, &data); } /* diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h index 31c2771545a6..084e9196b458 100644 --- a/arch/x86/events/perf_event.h +++ b/arch/x86/events/perf_event.h @@ -1107,6 +1107,7 @@ extern struct x86_pmu x86_pmu __read_mostly; DECLARE_STATIC_CALL(x86_pmu_set_period, *x86_pmu.set_period); DECLARE_STATIC_CALL(x86_pmu_update, *x86_pmu.update); +DECLARE_STATIC_CALL(x86_pmu_drain_pebs, *x86_pmu.drain_pebs); static __always_inline struct x86_perf_task_context_opt *task_context_opt(void *ctx) {

7 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/intel: Apply static call for drain_pebs" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 314dfe10576912e1d786b13c5d4eee8c51b63caa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040820-semester-skewed-a578@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 314dfe10576912e1d786b13c5d4eee8c51b63caa Mon Sep 17 00:00:00 2001 From: "Peter Zijlstra (Intel)" <peterz(a)infradead.org> Date: Tue, 21 Jan 2025 07:23:00 -0800 Subject: [PATCH] perf/x86/intel: Apply static call for drain_pebs The x86_pmu_drain_pebs static call was introduced in commit 7c9903c9bf71 ("x86/perf, static_call: Optimize x86_pmu methods"), but it's not really used to replace the old method. Apply the static call for drain_pebs. Fixes: 7c9903c9bf71 ("x86/perf, static_call: Optimize x86_pmu methods") Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20250121152303.3128733-1-kan.liang@linux.intel.com diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 7601196d1d18..2acea83526c6 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -3076,7 +3076,7 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status) handled++; x86_pmu_handle_guest_pebs(regs, &data); - x86_pmu.drain_pebs(regs, &data); + static_call(x86_pmu_drain_pebs)(regs, &data); status &= intel_ctrl | GLOBAL_STATUS_TRACE_TOPAPMI; /* diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index ba74e1198328..322963b02a91 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -957,7 +957,7 @@ static inline void intel_pmu_drain_pebs_buffer(void) { struct perf_sample_data data; - x86_pmu.drain_pebs(NULL, &data); + static_call(x86_pmu_drain_pebs)(NULL, &data); } /* diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h index 31c2771545a6..084e9196b458 100644 --- a/arch/x86/events/perf_event.h +++ b/arch/x86/events/perf_event.h @@ -1107,6 +1107,7 @@ extern struct x86_pmu x86_pmu __read_mostly; DECLARE_STATIC_CALL(x86_pmu_set_period, *x86_pmu.set_period); DECLARE_STATIC_CALL(x86_pmu_update, *x86_pmu.update); +DECLARE_STATIC_CALL(x86_pmu_drain_pebs, *x86_pmu.drain_pebs); static __always_inline struct x86_perf_task_context_opt *task_context_opt(void *ctx) {

7 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: ISST: Correct command storage data length" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9462e74c5c983cce34019bfb27f734552bebe59f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040821-pleading-cone-6de8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9462e74c5c983cce34019bfb27f734552bebe59f Mon Sep 17 00:00:00 2001 From: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Date: Fri, 28 Mar 2025 15:47:49 -0700 Subject: [PATCH] platform/x86: ISST: Correct command storage data length MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After resume/online turbo limit ratio (TRL) is restored partially if the admin explicitly changed TRL from user space. A hash table is used to store SST mail box and MSR settings when modified to restore those settings after resume or online. This uses a struct isst_cmd field "data" to store these settings. This is a 64 bit field. But isst_store_new_cmd() is only assigning as u32. This results in truncation of 32 bits. Change the argument to u64 from u32. Fixes: f607874f35cb ("platform/x86: ISST: Restore state on resume") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250328224749.2691272-1-srinivas.pandruvada@linu… Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/intel/speed_select_if/isst_if_common.c b/drivers/platform/x86/intel/speed_select_if/isst_if_common.c index dbcd3087aaa4..31239a93dd71 100644 --- a/drivers/platform/x86/intel/speed_select_if/isst_if_common.c +++ b/drivers/platform/x86/intel/speed_select_if/isst_if_common.c @@ -84,7 +84,7 @@ static DECLARE_HASHTABLE(isst_hash, 8); static DEFINE_MUTEX(isst_hash_lock); static int isst_store_new_cmd(int cmd, u32 cpu, int mbox_cmd_type, u32 param, - u32 data) + u64 data) { struct isst_cmd *sst_cmd;

7 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: ISST: Correct command storage data length" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9462e74c5c983cce34019bfb27f734552bebe59f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040821-underdone-luster-6e41@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9462e74c5c983cce34019bfb27f734552bebe59f Mon Sep 17 00:00:00 2001 From: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Date: Fri, 28 Mar 2025 15:47:49 -0700 Subject: [PATCH] platform/x86: ISST: Correct command storage data length MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After resume/online turbo limit ratio (TRL) is restored partially if the admin explicitly changed TRL from user space. A hash table is used to store SST mail box and MSR settings when modified to restore those settings after resume or online. This uses a struct isst_cmd field "data" to store these settings. This is a 64 bit field. But isst_store_new_cmd() is only assigning as u32. This results in truncation of 32 bits. Change the argument to u64 from u32. Fixes: f607874f35cb ("platform/x86: ISST: Restore state on resume") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250328224749.2691272-1-srinivas.pandruvada@linu… Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/intel/speed_select_if/isst_if_common.c b/drivers/platform/x86/intel/speed_select_if/isst_if_common.c index dbcd3087aaa4..31239a93dd71 100644 --- a/drivers/platform/x86/intel/speed_select_if/isst_if_common.c +++ b/drivers/platform/x86/intel/speed_select_if/isst_if_common.c @@ -84,7 +84,7 @@ static DECLARE_HASHTABLE(isst_hash, 8); static DEFINE_MUTEX(isst_hash_lock); static int isst_store_new_cmd(int cmd, u32 cpu, int mbox_cmd_type, u32 param, - u32 data) + u64 data) { struct isst_cmd *sst_cmd;

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/tdx: Fix arch_safe_halt() execution for TDX VMs" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9f98a4f4e7216dbe366010b4cdcab6b220f229c4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040846-deafening-unmanaged-f966@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9f98a4f4e7216dbe366010b4cdcab6b220f229c4 Mon Sep 17 00:00:00 2001 From: Vishal Annapurve <vannapurve(a)google.com> Date: Fri, 28 Feb 2025 01:44:15 +0000 Subject: [PATCH] x86/tdx: Fix arch_safe_halt() execution for TDX VMs Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. If HLT is executed in STI-shadow, resulting #VE handler will enable interrupts before TDCALL is routed to hypervisor leading to missed wakeup events, as current TDX spec doesn't expose interruptibility state information to allow #VE handler to selectively enable interrupts. Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") prevented the idle routines from executing HLT instruction in STI-shadow. But it missed the paravirt routine which can be reached via this path as an example: kvm_wait() => safe_halt() => raw_safe_halt() => arch_safe_halt() => irq.safe_halt() => pv_native_safe_halt() To reliably handle arch_safe_halt() for TDX VMs, introduce explicit dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt() routines with TDX-safe versions that execute direct TDCALL and needed interrupt flag updates. Executing direct TDCALL brings in additional benefit of avoiding HLT related #VEs altogether. As tested by Ryan Afranji: "Tested with the specjbb2015 benchmark. It has heavy lock contention which leads to many halt calls. TDX VMs suffered a poor score before this patchset. Verified the major performance improvement with this patchset applied." Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Tested-by: Ryan Afranji <afranji(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250228014416.3925664-3-vannapurve@google.com diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 05b4eca156cf..f614c0522a0b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -878,6 +878,7 @@ config INTEL_TDX_GUEST depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC depends on EFI_STUB + depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 7772b01ab738..aa0eb4057226 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,6 +14,7 @@ #include <asm/ia32.h> #include <asm/insn.h> #include <asm/insn-eval.h> +#include <asm/paravirt_types.h> #include <asm/pgtable.h> #include <asm/set_memory.h> #include <asm/traps.h> @@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } -void __cpuidle tdx_safe_halt(void) +void __cpuidle tdx_halt(void) { const bool irq_disabled = false; @@ -409,6 +410,16 @@ void __cpuidle tdx_safe_halt(void) WARN_ONCE(1, "HLT instruction emulation failed\n"); } +static void __cpuidle tdx_safe_halt(void) +{ + tdx_halt(); + /* + * "__cpuidle" section doesn't support instrumentation, so stick + * with raw_* variant that avoids tracing hooks. + */ + raw_local_irq_enable(); +} + static int read_msr(struct pt_regs *regs, struct ve_info *ve) { struct tdx_module_args args = { @@ -1109,6 +1120,19 @@ void __init tdx_early_init(void) x86_platform.guest.enc_kexec_begin = tdx_kexec_begin; x86_platform.guest.enc_kexec_finish = tdx_kexec_finish; + /* + * Avoid "sti;hlt" execution in TDX guests as HLT induces a #VE that + * will enable interrupts before HLT TDCALL invocation if executed + * in STI-shadow, possibly resulting in missed wakeup events. + * + * Modify all possible HLT execution paths to use TDX specific routines + * that directly execute TDCALL and toggle the interrupt state as + * needed after TDCALL completion. This also reduces HLT related #VEs + * in addition to having a reliable halt logic execution. + */ + pv_ops.irq.safe_halt = tdx_safe_halt; + pv_ops.irq.halt = tdx_halt; + /* * TDX intercepts the RDMSR to read the X2APIC ID in the parallel * bringup low level code. That raises #VE which cannot be handled diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 65394aa9b49f..4a1922ec80cf 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve); bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); -void tdx_safe_halt(void); +void tdx_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); @@ -72,7 +72,7 @@ void __init tdx_dump_td_ctls(u64 td_ctls); #else static inline void tdx_early_init(void) { }; -static inline void tdx_safe_halt(void) { }; +static inline void tdx_halt(void) { }; static inline bool tdx_early_handle_ve(struct pt_regs *regs) { return false; } diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 91f6ff618852..962c3ce39323 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -939,7 +939,7 @@ void __init select_idle_routine(void) static_call_update(x86_idle, mwait_idle); } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_safe_halt); + static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); }

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/tdx: Fix arch_safe_halt() execution for TDX VMs" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9f98a4f4e7216dbe366010b4cdcab6b220f229c4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040845-quantum-situation-f9b0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9f98a4f4e7216dbe366010b4cdcab6b220f229c4 Mon Sep 17 00:00:00 2001 From: Vishal Annapurve <vannapurve(a)google.com> Date: Fri, 28 Feb 2025 01:44:15 +0000 Subject: [PATCH] x86/tdx: Fix arch_safe_halt() execution for TDX VMs Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. If HLT is executed in STI-shadow, resulting #VE handler will enable interrupts before TDCALL is routed to hypervisor leading to missed wakeup events, as current TDX spec doesn't expose interruptibility state information to allow #VE handler to selectively enable interrupts. Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") prevented the idle routines from executing HLT instruction in STI-shadow. But it missed the paravirt routine which can be reached via this path as an example: kvm_wait() => safe_halt() => raw_safe_halt() => arch_safe_halt() => irq.safe_halt() => pv_native_safe_halt() To reliably handle arch_safe_halt() for TDX VMs, introduce explicit dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt() routines with TDX-safe versions that execute direct TDCALL and needed interrupt flag updates. Executing direct TDCALL brings in additional benefit of avoiding HLT related #VEs altogether. As tested by Ryan Afranji: "Tested with the specjbb2015 benchmark. It has heavy lock contention which leads to many halt calls. TDX VMs suffered a poor score before this patchset. Verified the major performance improvement with this patchset applied." Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Tested-by: Ryan Afranji <afranji(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250228014416.3925664-3-vannapurve@google.com diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 05b4eca156cf..f614c0522a0b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -878,6 +878,7 @@ config INTEL_TDX_GUEST depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC depends on EFI_STUB + depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 7772b01ab738..aa0eb4057226 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,6 +14,7 @@ #include <asm/ia32.h> #include <asm/insn.h> #include <asm/insn-eval.h> +#include <asm/paravirt_types.h> #include <asm/pgtable.h> #include <asm/set_memory.h> #include <asm/traps.h> @@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } -void __cpuidle tdx_safe_halt(void) +void __cpuidle tdx_halt(void) { const bool irq_disabled = false; @@ -409,6 +410,16 @@ void __cpuidle tdx_safe_halt(void) WARN_ONCE(1, "HLT instruction emulation failed\n"); } +static void __cpuidle tdx_safe_halt(void) +{ + tdx_halt(); + /* + * "__cpuidle" section doesn't support instrumentation, so stick + * with raw_* variant that avoids tracing hooks. + */ + raw_local_irq_enable(); +} + static int read_msr(struct pt_regs *regs, struct ve_info *ve) { struct tdx_module_args args = { @@ -1109,6 +1120,19 @@ void __init tdx_early_init(void) x86_platform.guest.enc_kexec_begin = tdx_kexec_begin; x86_platform.guest.enc_kexec_finish = tdx_kexec_finish; + /* + * Avoid "sti;hlt" execution in TDX guests as HLT induces a #VE that + * will enable interrupts before HLT TDCALL invocation if executed + * in STI-shadow, possibly resulting in missed wakeup events. + * + * Modify all possible HLT execution paths to use TDX specific routines + * that directly execute TDCALL and toggle the interrupt state as + * needed after TDCALL completion. This also reduces HLT related #VEs + * in addition to having a reliable halt logic execution. + */ + pv_ops.irq.safe_halt = tdx_safe_halt; + pv_ops.irq.halt = tdx_halt; + /* * TDX intercepts the RDMSR to read the X2APIC ID in the parallel * bringup low level code. That raises #VE which cannot be handled diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 65394aa9b49f..4a1922ec80cf 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve); bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); -void tdx_safe_halt(void); +void tdx_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); @@ -72,7 +72,7 @@ void __init tdx_dump_td_ctls(u64 td_ctls); #else static inline void tdx_early_init(void) { }; -static inline void tdx_safe_halt(void) { }; +static inline void tdx_halt(void) { }; static inline bool tdx_early_handle_ve(struct pt_regs *regs) { return false; } diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 91f6ff618852..962c3ce39323 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -939,7 +939,7 @@ void __init select_idle_routine(void) static_call_update(x86_idle, mwait_idle); } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_safe_halt); + static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); }

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040828-overreach-yummy-48f0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Fri, 28 Feb 2025 01:44:14 +0000 Subject: [PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Tested-by: Ryan Afranji <afranji(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20250228014416.3925664-2-vannapurve@google.com diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index abb8374c9ff7..9a9b21b78905 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags) #endif +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include <asm/paravirt.h> #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index bed346bfac89..c4c23190925c 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -102,6 +102,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -165,16 +175,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 62912023b46f..631c306ce1ff 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 97925632c28e..1ccd05d8999f 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -75,6 +75,11 @@ void paravirt_set_sched_clock(u64 (*func)(void)) static_call_update(pv_sched_clock, func); } +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -100,11 +105,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif struct pv_info pv_info = { @@ -161,9 +161,11 @@ struct paravirt_patch_template pv_ops = { .irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt = pv_native_safe_halt, .irq.halt = native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ /* Mmu ops. */ .mmu.flush_tlb_user = native_flush_tlb_local,

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/mce: use is_copy_from_user() to determine copy-from-user" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1a15bb8303b6b104e78028b6c68f76a0d4562134 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040811-capable-unblock-8997@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1a15bb8303b6b104e78028b6c68f76a0d4562134 Mon Sep 17 00:00:00 2001 From: Shuai Xue <xueshuai(a)linux.alibaba.com> Date: Wed, 12 Mar 2025 19:28:50 +0800 Subject: [PATCH] x86/mce: use is_copy_from_user() to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This patchset resolves two critical regressions related to memory failure handling that have appeared in the upstream kernel since version 5.17, as compared to 5.10 LTS. - copyin case: poison found in user page while kernel copying from user space - instr case: poison found while instruction fetching in user space ## 2. What is the expected outcome and why - For copyin case: Kernel can recover from poison found where kernel is doing get_user() or copy_from_user() if those places get an error return and the kernel return -EFAULT to the process instead of crashing. More specifily, MCE handler checks the fixup handler type to decide whether an in kernel #MC can be recovered. When EX_TYPE_UACCESS is found, the PC jumps to recovery code specified in _ASM_EXTABLE_FAULT() and return a -EFAULT to user space. - For instr case: If a poison found while instruction fetching in user space, full recovery is possible. User process takes #PF, Linux allocates a new page and fills by reading from storage. ## 3. What actually happens and why - For copyin case: kernel panic since v5.17 Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and later patches updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. It breaks previous EX_TYPE_UACCESS handling when posion found in get_user() or copy_from_user(). - For instr case: user process is killed by a SIGBUS signal due to #CMCI and #MCE race When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. ### Background: why *UN*corrected errors tied to *C*MCI in Intel platform [1] Prior to Icelake memory controllers reported patrol scrub events that detected a previously unseen uncorrected error in memory by signaling a broadcast machine check with an SRAO (Software Recoverable Action Optional) signature in the machine check bank. This was overkill because it's not an urgent problem that no core is on the verge of consuming that bad data. It's also found that multi SRAO UCE may cause nested MCE interrupts and finally become an IERR. Hence, Intel downgrades the machine check bank signature of patrol scrub from SRAO to UCNA (Uncorrected, No Action required), and signal changed to #CMCI. Just to add to the confusion, Linux does take an action (in uc_decode_notifier()) to try to offline the page despite the UC*NA* signature name. ### Background: why #CMCI and #MCE race when poison is consuming in Intel platform [1] Having decided that CMCI/UCNA is the best action for patrol scrub errors, the memory controller uses it for reads too. But the memory controller is executing asynchronously from the core, and can't tell the difference between a "real" read and a speculative read. So it will do CMCI/UCNA if an error is found in any read. Thus: 1) Core is clever and thinks address A is needed soon, issues a speculative read. 2) Core finds it is going to use address A soon after sending the read request 3) The CMCI from the memory controller is in a race with MCE from the core that will soon try to retire the load from address A. Quite often (because speculation has got better) the CMCI from the memory controller is delivered before the core is committed to the instruction reading address A, so the interrupt is taken, and Linux offlines the page (marking it as poison). ## Why user process is killed for instr case Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") tries to fix noise message "Memory error not recovered" and skips duplicate SIGBUSs due to the race. But it also introduced a bug that kill_accessing_process() return -EHWPOISON for instr case, as result, kill_me_maybe() send a SIGBUS to user process. # 4. The fix, in my opinion, should be: - For copyin case: The key point is whether the error context is in a read from user memory. We do not care about the ex-type if we know its a MOV reading from userspace. is_copy_from_user() return true when both of the following two checks are true: - the current instruction is copy - source address is user memory If copy_user is true, we set m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; Then do_machine_check() will try fixup_exception() first. - For instr case: let kill_accessing_process() return 0 to prevent a SIGBUS. - For patch 3: The return value of memory_failure() is quite important while discussed instr case regression with Tony and Miaohe for patch 2, so add comment about the return value. This patch (of 3): Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and commit 4c132d1d844a ("x86/futex: Remove .fixup usage") updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. The error context for copy-from-user operations no longer functions as an in-kernel recovery context. Consequently, the error context for copy-from-user operations no longer functions as an in-kernel recovery context, resulting in kernel panics with the message: "Machine check: Data load in unrecoverable area of kernel." To address this, it is crucial to identify if an error context involves a read operation from user memory. The function is_copy_from_user() can be utilized to determine: - the current operation is copy - when reading user memory When these conditions are met, is_copy_from_user() will return true, confirming that it is indeed a direct copy from user memory. This check is essential for correctly handling the context of errors in these operations without relying on the extable fixup types that previously allowed for in-kernel recovery. So, use is_copy_from_user() to determine if a context is copy user directly. Link: https://lkml.kernel.org/r/20250312112852.82415-1-xueshuai@linux.alibaba.com Link: https://lkml.kernel.org/r/20250312112852.82415-2-xueshuai@linux.alibaba.com Fixes: 4c132d1d844a ("x86/futex: Remove .fixup usage") Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Suggested-by: Peter Zijlstra <peterz(a)infradead.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Tony Luck <tony.luck(a)intel.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c index dac4d64dfb2a..2235a7477436 100644 --- a/arch/x86/kernel/cpu/mce/severity.c +++ b/arch/x86/kernel/cpu/mce/severity.c @@ -300,13 +300,12 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs) copy_user = is_copy_from_user(regs); instrumentation_end(); - switch (fixup_type) { - case EX_TYPE_UACCESS: - if (!copy_user) - return IN_KERNEL; - m->kflags |= MCE_IN_KERNEL_COPYIN; - fallthrough; + if (copy_user) { + m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; + return IN_KERNEL_RECOV; + } + switch (fixup_type) { case EX_TYPE_FAULT_MCE_SAFE: case EX_TYPE_DEFAULT_MCE_SAFE: m->kflags |= MCE_IN_KERNEL_RECOV;

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/mce: use is_copy_from_user() to determine copy-from-user" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1a15bb8303b6b104e78028b6c68f76a0d4562134 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040808-ammonia-petal-1583@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1a15bb8303b6b104e78028b6c68f76a0d4562134 Mon Sep 17 00:00:00 2001 From: Shuai Xue <xueshuai(a)linux.alibaba.com> Date: Wed, 12 Mar 2025 19:28:50 +0800 Subject: [PATCH] x86/mce: use is_copy_from_user() to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This patchset resolves two critical regressions related to memory failure handling that have appeared in the upstream kernel since version 5.17, as compared to 5.10 LTS. - copyin case: poison found in user page while kernel copying from user space - instr case: poison found while instruction fetching in user space ## 2. What is the expected outcome and why - For copyin case: Kernel can recover from poison found where kernel is doing get_user() or copy_from_user() if those places get an error return and the kernel return -EFAULT to the process instead of crashing. More specifily, MCE handler checks the fixup handler type to decide whether an in kernel #MC can be recovered. When EX_TYPE_UACCESS is found, the PC jumps to recovery code specified in _ASM_EXTABLE_FAULT() and return a -EFAULT to user space. - For instr case: If a poison found while instruction fetching in user space, full recovery is possible. User process takes #PF, Linux allocates a new page and fills by reading from storage. ## 3. What actually happens and why - For copyin case: kernel panic since v5.17 Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and later patches updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. It breaks previous EX_TYPE_UACCESS handling when posion found in get_user() or copy_from_user(). - For instr case: user process is killed by a SIGBUS signal due to #CMCI and #MCE race When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. ### Background: why *UN*corrected errors tied to *C*MCI in Intel platform [1] Prior to Icelake memory controllers reported patrol scrub events that detected a previously unseen uncorrected error in memory by signaling a broadcast machine check with an SRAO (Software Recoverable Action Optional) signature in the machine check bank. This was overkill because it's not an urgent problem that no core is on the verge of consuming that bad data. It's also found that multi SRAO UCE may cause nested MCE interrupts and finally become an IERR. Hence, Intel downgrades the machine check bank signature of patrol scrub from SRAO to UCNA (Uncorrected, No Action required), and signal changed to #CMCI. Just to add to the confusion, Linux does take an action (in uc_decode_notifier()) to try to offline the page despite the UC*NA* signature name. ### Background: why #CMCI and #MCE race when poison is consuming in Intel platform [1] Having decided that CMCI/UCNA is the best action for patrol scrub errors, the memory controller uses it for reads too. But the memory controller is executing asynchronously from the core, and can't tell the difference between a "real" read and a speculative read. So it will do CMCI/UCNA if an error is found in any read. Thus: 1) Core is clever and thinks address A is needed soon, issues a speculative read. 2) Core finds it is going to use address A soon after sending the read request 3) The CMCI from the memory controller is in a race with MCE from the core that will soon try to retire the load from address A. Quite often (because speculation has got better) the CMCI from the memory controller is delivered before the core is committed to the instruction reading address A, so the interrupt is taken, and Linux offlines the page (marking it as poison). ## Why user process is killed for instr case Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") tries to fix noise message "Memory error not recovered" and skips duplicate SIGBUSs due to the race. But it also introduced a bug that kill_accessing_process() return -EHWPOISON for instr case, as result, kill_me_maybe() send a SIGBUS to user process. # 4. The fix, in my opinion, should be: - For copyin case: The key point is whether the error context is in a read from user memory. We do not care about the ex-type if we know its a MOV reading from userspace. is_copy_from_user() return true when both of the following two checks are true: - the current instruction is copy - source address is user memory If copy_user is true, we set m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; Then do_machine_check() will try fixup_exception() first. - For instr case: let kill_accessing_process() return 0 to prevent a SIGBUS. - For patch 3: The return value of memory_failure() is quite important while discussed instr case regression with Tony and Miaohe for patch 2, so add comment about the return value. This patch (of 3): Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and commit 4c132d1d844a ("x86/futex: Remove .fixup usage") updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. The error context for copy-from-user operations no longer functions as an in-kernel recovery context. Consequently, the error context for copy-from-user operations no longer functions as an in-kernel recovery context, resulting in kernel panics with the message: "Machine check: Data load in unrecoverable area of kernel." To address this, it is crucial to identify if an error context involves a read operation from user memory. The function is_copy_from_user() can be utilized to determine: - the current operation is copy - when reading user memory When these conditions are met, is_copy_from_user() will return true, confirming that it is indeed a direct copy from user memory. This check is essential for correctly handling the context of errors in these operations without relying on the extable fixup types that previously allowed for in-kernel recovery. So, use is_copy_from_user() to determine if a context is copy user directly. Link: https://lkml.kernel.org/r/20250312112852.82415-1-xueshuai@linux.alibaba.com Link: https://lkml.kernel.org/r/20250312112852.82415-2-xueshuai@linux.alibaba.com Fixes: 4c132d1d844a ("x86/futex: Remove .fixup usage") Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Suggested-by: Peter Zijlstra <peterz(a)infradead.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Tony Luck <tony.luck(a)intel.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c index dac4d64dfb2a..2235a7477436 100644 --- a/arch/x86/kernel/cpu/mce/severity.c +++ b/arch/x86/kernel/cpu/mce/severity.c @@ -300,13 +300,12 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs) copy_user = is_copy_from_user(regs); instrumentation_end(); - switch (fixup_type) { - case EX_TYPE_UACCESS: - if (!copy_user) - return IN_KERNEL; - m->kflags |= MCE_IN_KERNEL_COPYIN; - fallthrough; + if (copy_user) { + m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; + return IN_KERNEL_RECOV; + } + switch (fixup_type) { case EX_TYPE_FAULT_MCE_SAFE: case EX_TYPE_DEFAULT_MCE_SAFE: m->kflags |= MCE_IN_KERNEL_RECOV;

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/mce: use is_copy_from_user() to determine copy-from-user" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1a15bb8303b6b104e78028b6c68f76a0d4562134 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040805-enlisted-regular-7bac@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1a15bb8303b6b104e78028b6c68f76a0d4562134 Mon Sep 17 00:00:00 2001 From: Shuai Xue <xueshuai(a)linux.alibaba.com> Date: Wed, 12 Mar 2025 19:28:50 +0800 Subject: [PATCH] x86/mce: use is_copy_from_user() to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This patchset resolves two critical regressions related to memory failure handling that have appeared in the upstream kernel since version 5.17, as compared to 5.10 LTS. - copyin case: poison found in user page while kernel copying from user space - instr case: poison found while instruction fetching in user space ## 2. What is the expected outcome and why - For copyin case: Kernel can recover from poison found where kernel is doing get_user() or copy_from_user() if those places get an error return and the kernel return -EFAULT to the process instead of crashing. More specifily, MCE handler checks the fixup handler type to decide whether an in kernel #MC can be recovered. When EX_TYPE_UACCESS is found, the PC jumps to recovery code specified in _ASM_EXTABLE_FAULT() and return a -EFAULT to user space. - For instr case: If a poison found while instruction fetching in user space, full recovery is possible. User process takes #PF, Linux allocates a new page and fills by reading from storage. ## 3. What actually happens and why - For copyin case: kernel panic since v5.17 Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and later patches updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. It breaks previous EX_TYPE_UACCESS handling when posion found in get_user() or copy_from_user(). - For instr case: user process is killed by a SIGBUS signal due to #CMCI and #MCE race When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. ### Background: why *UN*corrected errors tied to *C*MCI in Intel platform [1] Prior to Icelake memory controllers reported patrol scrub events that detected a previously unseen uncorrected error in memory by signaling a broadcast machine check with an SRAO (Software Recoverable Action Optional) signature in the machine check bank. This was overkill because it's not an urgent problem that no core is on the verge of consuming that bad data. It's also found that multi SRAO UCE may cause nested MCE interrupts and finally become an IERR. Hence, Intel downgrades the machine check bank signature of patrol scrub from SRAO to UCNA (Uncorrected, No Action required), and signal changed to #CMCI. Just to add to the confusion, Linux does take an action (in uc_decode_notifier()) to try to offline the page despite the UC*NA* signature name. ### Background: why #CMCI and #MCE race when poison is consuming in Intel platform [1] Having decided that CMCI/UCNA is the best action for patrol scrub errors, the memory controller uses it for reads too. But the memory controller is executing asynchronously from the core, and can't tell the difference between a "real" read and a speculative read. So it will do CMCI/UCNA if an error is found in any read. Thus: 1) Core is clever and thinks address A is needed soon, issues a speculative read. 2) Core finds it is going to use address A soon after sending the read request 3) The CMCI from the memory controller is in a race with MCE from the core that will soon try to retire the load from address A. Quite often (because speculation has got better) the CMCI from the memory controller is delivered before the core is committed to the instruction reading address A, so the interrupt is taken, and Linux offlines the page (marking it as poison). ## Why user process is killed for instr case Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") tries to fix noise message "Memory error not recovered" and skips duplicate SIGBUSs due to the race. But it also introduced a bug that kill_accessing_process() return -EHWPOISON for instr case, as result, kill_me_maybe() send a SIGBUS to user process. # 4. The fix, in my opinion, should be: - For copyin case: The key point is whether the error context is in a read from user memory. We do not care about the ex-type if we know its a MOV reading from userspace. is_copy_from_user() return true when both of the following two checks are true: - the current instruction is copy - source address is user memory If copy_user is true, we set m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; Then do_machine_check() will try fixup_exception() first. - For instr case: let kill_accessing_process() return 0 to prevent a SIGBUS. - For patch 3: The return value of memory_failure() is quite important while discussed instr case regression with Tony and Miaohe for patch 2, so add comment about the return value. This patch (of 3): Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and commit 4c132d1d844a ("x86/futex: Remove .fixup usage") updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. The error context for copy-from-user operations no longer functions as an in-kernel recovery context. Consequently, the error context for copy-from-user operations no longer functions as an in-kernel recovery context, resulting in kernel panics with the message: "Machine check: Data load in unrecoverable area of kernel." To address this, it is crucial to identify if an error context involves a read operation from user memory. The function is_copy_from_user() can be utilized to determine: - the current operation is copy - when reading user memory When these conditions are met, is_copy_from_user() will return true, confirming that it is indeed a direct copy from user memory. This check is essential for correctly handling the context of errors in these operations without relying on the extable fixup types that previously allowed for in-kernel recovery. So, use is_copy_from_user() to determine if a context is copy user directly. Link: https://lkml.kernel.org/r/20250312112852.82415-1-xueshuai@linux.alibaba.com Link: https://lkml.kernel.org/r/20250312112852.82415-2-xueshuai@linux.alibaba.com Fixes: 4c132d1d844a ("x86/futex: Remove .fixup usage") Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Suggested-by: Peter Zijlstra <peterz(a)infradead.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Tony Luck <tony.luck(a)intel.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c index dac4d64dfb2a..2235a7477436 100644 --- a/arch/x86/kernel/cpu/mce/severity.c +++ b/arch/x86/kernel/cpu/mce/severity.c @@ -300,13 +300,12 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs) copy_user = is_copy_from_user(regs); instrumentation_end(); - switch (fixup_type) { - case EX_TYPE_UACCESS: - if (!copy_user) - return IN_KERNEL; - m->kflags |= MCE_IN_KERNEL_COPYIN; - fallthrough; + if (copy_user) { + m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; + return IN_KERNEL_RECOV; + } + switch (fixup_type) { case EX_TYPE_FAULT_MCE_SAFE: case EX_TYPE_DEFAULT_MCE_SAFE: m->kflags |= MCE_IN_KERNEL_RECOV;

7 months

1
0
0 0

FAILED: patch "[PATCH] LoongArch: BPF: Don't override subprog's return value" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 60f3caff1492e5b8616b9578c4bedb5c0a88ed14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040845-repeater-uninvited-9d3b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 60f3caff1492e5b8616b9578c4bedb5c0a88ed14 Mon Sep 17 00:00:00 2001 From: Hengqi Chen <hengqi.chen(a)gmail.com> Date: Sun, 30 Mar 2025 16:31:09 +0800 Subject: [PATCH] LoongArch: BPF: Don't override subprog's return value The verifier test `calls: div by 0 in subprog` triggers a panic at the ld.bu instruction. The ld.bu insn is trying to load byte from memory address returned by the subprog. The subprog actually set the correct address at the a5 register (dedicated register for BPF return values). But at commit 73c359d1d356 ("LoongArch: BPF: Sign-extend return values") we also sign extended a5 to the a0 register (return value in LoongArch). For function call insn, we later propagate the a0 register back to a5 register. This is right for native calls but wrong for bpf2bpf calls which expect zero-extended return value in a5 register. So only move a0 to a5 for native calls (i.e. non-BPF_PSEUDO_CALL). Cc: stable(a)vger.kernel.org Fixes: 73c359d1d356 ("LoongArch: BPF: Sign-extend return values") Signed-off-by: Hengqi Chen <hengqi.chen(a)gmail.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c index a06bf89fed67..fa1500d4aa3e 100644 --- a/arch/loongarch/net/bpf_jit.c +++ b/arch/loongarch/net/bpf_jit.c @@ -907,7 +907,10 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx, bool ext move_addr(ctx, t1, func_addr); emit_insn(ctx, jirl, LOONGARCH_GPR_RA, t1, 0); - move_reg(ctx, regmap[BPF_REG_0], LOONGARCH_GPR_A0); + + if (insn->src_reg != BPF_PSEUDO_CALL) + move_reg(ctx, regmap[BPF_REG_0], LOONGARCH_GPR_A0); + break; /* tail call */

7 months

1
0
0 0

Re: Patch "wifi: mac80211: remove debugfs dir for virtual monitor" has been added to the 6.13-stable tree

by Alexander Wetzel

On 4/7/25 17:25, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > wifi: mac80211: remove debugfs dir for virtual monitor > > to the 6.13-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > wifi-mac80211-remove-debugfs-dir-for-virtual-monitor.patch > and it can be found in the queue-6.13 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > The commit here is causing a sparse warning. Please always add commit 861d0445e72e ("wifi: mac80211: Fix sparse warning for monitor_sdata") when you backport this patch to avoid that. (So far I got the backport notification for 6.12 and 6.13.) It's also no big deal when you decide to not backport this patch. > > > commit 193bafe31a2a08b5631a98ecf148fa0d18e94b0d > Author: Alexander Wetzel <Alexander(a)wetzel-home.de> > Date: Tue Feb 4 17:42:40 2025 +0100 > > wifi: mac80211: remove debugfs dir for virtual monitor > > [ Upstream commit 646262c71aca87bb66945933abe4e620796d6c5a ] > > Don't call ieee80211_debugfs_recreate_netdev() for virtual monitor > interface when deleting it. > > The virtual monitor interface shouldn't have debugfs entries and trying > to update them will *create* them on deletion. > > And when the virtual monitor interface is created/destroyed multiple > times we'll get warnings about debugfs name conflicts. > > Signed-off-by: Alexander Wetzel <Alexander(a)wetzel-home.de> > Link: https://patch.msgid.link/20250204164240.370153-1-Alexander@wetzel-home.de > Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/mac80211/driver-ops.c b/net/mac80211/driver-ops.c > index 299d38e9e8630..2fc60e1e77a55 100644 > --- a/net/mac80211/driver-ops.c > +++ b/net/mac80211/driver-ops.c > @@ -116,8 +116,14 @@ void drv_remove_interface(struct ieee80211_local *local, > > sdata->flags &= ~IEEE80211_SDATA_IN_DRIVER; > > - /* Remove driver debugfs entries */ > - ieee80211_debugfs_recreate_netdev(sdata, sdata->vif.valid_links); > + /* > + * Remove driver debugfs entries. > + * The virtual monitor interface doesn't get a debugfs > + * entry, so it's exempt here. > + */ > + if (sdata != local->monitor_sdata) > + ieee80211_debugfs_recreate_netdev(sdata, > + sdata->vif.valid_links); > > trace_drv_remove_interface(local, sdata); > local->ops->remove_interface(&local->hw, &sdata->vif); > diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c > index 806dffa48ef92..04b3626387309 100644 > --- a/net/mac80211/iface.c > +++ b/net/mac80211/iface.c > @@ -1212,16 +1212,17 @@ void ieee80211_del_virtual_monitor(struct ieee80211_local *local) > return; > } > > - RCU_INIT_POINTER(local->monitor_sdata, NULL); > - mutex_unlock(&local->iflist_mtx); > - > - synchronize_net(); > - > + clear_bit(SDATA_STATE_RUNNING, &sdata->state); > ieee80211_link_release_channel(&sdata->deflink); > > if (ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) > drv_remove_interface(local, sdata); > > + RCU_INIT_POINTER(local->monitor_sdata, NULL); > + mutex_unlock(&local->iflist_mtx); > + > + synchronize_net(); > + > kfree(sdata); > } >

7 months

2
1
0 0

[PATCH v7] staging: rtl8723bs: Add error handling for sd_read()

by Wentao Liang

The sdio_read32() calls sd_read(), but does not handle the error if sd_read() fails. This could lead to subsequent operations processing invalid data. A proper implementation can be found in sdio_readN(), which has an error handling for the sd_read(). Add error handling for the sd_read() to free tmpbuf and return error code if sd_read() fails. This ensure that the memcpy() is only performed when the read operation is successful. Since none of the callers check for the errors, there is no need to return the error code propagated from sd_read(). Returning SDIO_ERR_VAL32 might be a better choice, which is a specialized error code for SDIO. Another problem of returning propagated error code is that the error code is a s32 type value, which is not fit with the u32 type return value of the sdio_read32(). An practical option would be to go through all the callers and add error handling, which need to pass a pointer to u32 *val and return zero on success or negative on failure. It is not a better choice since will cost unnecessary effort on the error code. The other opion is to replace sd_read() by sd_read32(), which return an u32 type error code that can be directly used as the return value of sdio_read32(). But, it is also a bad choice to use sd_read32() in a alignment failed branch. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v7: Fix error code and add patch explanation v6: Fix improper code to propagate error code v5: Fix error code v4: Add change log and fix error code v3: Add Cc flag v2: Change code to initialize val drivers/staging/rtl8723bs/hal/sdio_ops.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c b/drivers/staging/rtl8723bs/hal/sdio_ops.c index 21e9f1858745..d79d41727042 100644 --- a/drivers/staging/rtl8723bs/hal/sdio_ops.c +++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c @@ -185,7 +185,12 @@ static u32 sdio_read32(struct intf_hdl *intfhdl, u32 addr) return SDIO_ERR_VAL32; ftaddr &= ~(u16)0x3; - sd_read(intfhdl, ftaddr, 8, tmpbuf); + err = sd_read(intfhdl, ftaddr, 8, tmpbuf); + if (err) { + kfree(tmpbuf); + return SDIO_ERR_VAL32; + } + memcpy(&le_tmp, tmpbuf + shift, 4); val = le32_to_cpu(le_tmp); -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH v3] platform/x86: thinkpad-acpi: Add error check for tpacpi_check_quirks

by Wentao Liang

In tpacpi_battery_init(), the return value of tpacpi_check_quirks() needs to be checked. The battery should not be hooked if there is no matched battery information in quirk table. Add an error check and return -ENODEV immediately if the device fail the check. Fixes: 1a32ebb26ba9 ("platform/x86: thinkpad_acpi: Support battery quirk") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v3: Fix error code v2: Fix double assignment error drivers/platform/x86/thinkpad_acpi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c index 2cfb2ac3f465..ab538bf53716 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -9974,6 +9974,8 @@ static int __init tpacpi_battery_init(struct ibm_init_struct *ibm) tp_features.battery_force_primary = tpacpi_check_quirks( battery_quirk_table, ARRAY_SIZE(battery_quirk_table)); + if (!tp_features.battery_force_primary) + return -ENODEV; battery_hook_register(&battery_hook); return 0; -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH 6.6.y] drm/amd/display: Check link_index before accessing dc->links[]

by jianqi.ren.cn＠windriver.com

From: Alex Hung <alex.hung(a)amd.com> [ Upstream commit 8aa2864044b9d13e95fe224f32e808afbf79ecdf ] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity. Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [The macro MAX_LINKS is introduced by Commit 60df5628144b ("drm/amd/display: handle invalid connector indices") after 6.10. So here we still use the original array length MAX_PIPES * 2] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c b/drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c index f365773d5714..e9b3c1c7a931 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c @@ -37,6 +37,9 @@ #include "dce/dce_i2c.h" struct dc_link *dc_get_link_at_index(struct dc *dc, uint32_t link_index) { + if (link_index >= (MAX_PIPES * 2)) + return NULL; + return dc->links[link_index]; } -- 2.34.1

7 months

2
1
0 0

[PATCH 5.15.y] drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration

by jianqi.ren.cn＠windriver.com

From: Hersen Wu <hersenxs.wu(a)amd.com> [ Upstream commit a54f7e866cc73a4cb71b8b24bb568ba35c8969df ] [Why] Coverity reports Memory - illegal accesses. [How] Skip inactive planes. Reviewed-by: Alex Hung <alex.hung(a)amd.com> Acked-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [get_pipe_idx() was introduced as a helper by dda4fb85e433 ("drm/amd/display: DML changes for DCN32/321") in v6.0. This patch backports it to make code clearer. And minor conflict is resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- .../drm/amd/display/dc/dml/display_mode_vba.c | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c b/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c index 0fad15020c74..2beca0b06925 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c +++ b/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c @@ -867,11 +867,30 @@ static unsigned int CursorBppEnumToBits(enum cursor_bpp ebpp) } } +static unsigned int get_pipe_idx(struct display_mode_lib *mode_lib, unsigned int plane_idx) +{ + int pipe_idx = -1; + int i; + + ASSERT(plane_idx < DC__NUM_DPP__MAX); + + for (i = 0; i < DC__NUM_DPP__MAX ; i++) { + if (plane_idx == mode_lib->vba.pipe_plane[i]) { + pipe_idx = i; + break; + } + } + ASSERT(pipe_idx >= 0); + + return pipe_idx; +} + void ModeSupportAndSystemConfiguration(struct display_mode_lib *mode_lib) { soc_bounding_box_st *soc = &mode_lib->vba.soc; unsigned int k; unsigned int total_pipes = 0; + unsigned int pipe_idx = 0; mode_lib->vba.VoltageLevel = mode_lib->vba.cache_pipes[0].clks_cfg.voltage; mode_lib->vba.ReturnBW = mode_lib->vba.ReturnBWPerState[mode_lib->vba.VoltageLevel][mode_lib->vba.maxMpcComb]; @@ -892,6 +911,11 @@ void ModeSupportAndSystemConfiguration(struct display_mode_lib *mode_lib) // Total Available Pipes Support Check for (k = 0; k < mode_lib->vba.NumberOfActivePlanes; ++k) { + pipe_idx = get_pipe_idx(mode_lib, k); + if (pipe_idx == -1) { + ASSERT(0); + continue; // skip inactive planes + } total_pipes += mode_lib->vba.DPPPerPlane[k]; } ASSERT(total_pipes <= DC__NUM_DPP__MAX); -- 2.34.1

7 months

2
1
0 0

[RESEND Patch v2 1/3] maple_tree: Fix mt_destroy_walk() on root leaf node

by Wei Yang

On destroy, we should set each node dead. But current code miss this when the maple tree has only the root node. The reason is mt_destroy_walk() leverage mte_destroy_descend() to set node dead, but this is skipped since the only root node is a leaf. Fixes this by setting the node dead if it is a leaf. Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> CC: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: <stable(a)vger.kernel.org> --- v2: * move the operation into mt_destroy_walk() * adjust the title accordingly --- lib/maple_tree.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/maple_tree.c b/lib/maple_tree.c index 4bd5a5be1440..0696e8d1c4e9 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -5284,6 +5284,7 @@ static void mt_destroy_walk(struct maple_enode *enode, struct maple_tree *mt, struct maple_enode *start; if (mte_is_leaf(enode)) { + mte_set_node_dead(enode); node->type = mte_node_type(enode); goto free_leaf; } -- 2.34.1

7 months

2
1
0 0

[PATCH] sched_ext: Use kvzalloc for large exit_dump allocation

by Breno Leitao

Replace kzalloc with kvzalloc for the exit_dump buffer allocation, which can require large contiguous memory (up to order=9) depending on the implementation. This change prevents allocation failures by allowing the system to fall back to vmalloc when contiguous memory allocation fails. Since this buffer is only used for debugging purposes, physical memory contiguity is not required, making vmalloc a suitable alternative. Cc: stable(a)vger.kernel.org Fixes: 07814a9439a3b0 ("sched_ext: Print debug dump after an error exit") Suggested-by: Rik van Riel <riel(a)surriel.com> Signed-off-by: Breno Leitao <leitao(a)debian.org> --- kernel/sched/ext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 66bcd40a28ca1..c82725f9b0559 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -4639,7 +4639,7 @@ static struct scx_exit_info *alloc_exit_info(size_t exit_dump_len) ei->bt = kcalloc(SCX_EXIT_BT_LEN, sizeof(ei->bt[0]), GFP_KERNEL); ei->msg = kzalloc(SCX_EXIT_MSG_LEN, GFP_KERNEL); - ei->dump = kzalloc(exit_dump_len, GFP_KERNEL); + ei->dump = kvzalloc(exit_dump_len, GFP_KERNEL); if (!ei->bt || !ei->msg || !ei->dump) { free_exit_info(ei); --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250407-scx-11dbf94803c3 Best regards, -- Breno Leitao <leitao(a)debian.org>

7 months

4
3
0 0

Re: Patch "timekeeping: Fix possible inconsistencies in _COARSE clockids" has been added to the 6.14-stable tree

by Thomas Gleixner

On Mon, Apr 07 2025 at 10:07, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > timekeeping: Fix possible inconsistencies in _COARSE clockids > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > timekeeping-fix-possible-inconsistencies-in-_coarse-.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. As I asked on the stable list already, please do not add that to any stable tree. It has been reverted in Linus tree and the problem will be fixed differently. Thanks, tglx

7 months

2
1
0 0

[PATCH AUTOSEL 5.4] sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP

by Sasha Levin

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 975776841e689dd8ba36df9fa72ac3eca3c2957a ] kernel/sched/isolation.c obviously makes no sense without CONFIG_SMP, but the Kconfig entry we have right now: config CPU_ISOLATION bool "CPU isolation" depends on SMP || COMPILE_TEST allows the creation of pointless .config's which cause build failures. Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20250330134955.GA7910@redhat.com Closes: https://lore.kernel.org/oe-kbuild-all/202503260646.lrUqD3j5-lkp@intel.com/ Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- init/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init/Kconfig b/init/Kconfig index f641518f4ac5c..01beb047aff2f 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -559,7 +559,7 @@ endmenu # "CPU/Task time and stats accounting" config CPU_ISOLATION bool "CPU isolation" - depends on SMP || COMPILE_TEST + depends on SMP default y help Make sure that CPUs running critical tasks are not disturbed by -- 2.39.5

7 months

1
0
0 0

[PATCH AUTOSEL 5.10] sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP

by Sasha Levin

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 975776841e689dd8ba36df9fa72ac3eca3c2957a ] kernel/sched/isolation.c obviously makes no sense without CONFIG_SMP, but the Kconfig entry we have right now: config CPU_ISOLATION bool "CPU isolation" depends on SMP || COMPILE_TEST allows the creation of pointless .config's which cause build failures. Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20250330134955.GA7910@redhat.com Closes: https://lore.kernel.org/oe-kbuild-all/202503260646.lrUqD3j5-lkp@intel.com/ Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- init/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init/Kconfig b/init/Kconfig index 9807c66b24bb6..d9dd8cbe99b11 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -656,7 +656,7 @@ endmenu # "CPU/Task time and stats accounting" config CPU_ISOLATION bool "CPU isolation" - depends on SMP || COMPILE_TEST + depends on SMP default y help Make sure that CPUs running critical tasks are not disturbed by -- 2.39.5

7 months

1
0
0 0

[PATCH AUTOSEL 5.15] sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP

by Sasha Levin

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 975776841e689dd8ba36df9fa72ac3eca3c2957a ] kernel/sched/isolation.c obviously makes no sense without CONFIG_SMP, but the Kconfig entry we have right now: config CPU_ISOLATION bool "CPU isolation" depends on SMP || COMPILE_TEST allows the creation of pointless .config's which cause build failures. Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20250330134955.GA7910@redhat.com Closes: https://lore.kernel.org/oe-kbuild-all/202503260646.lrUqD3j5-lkp@intel.com/ Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- init/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init/Kconfig b/init/Kconfig index dafc3ba6fa7a1..c7d81fc823964 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -674,7 +674,7 @@ endmenu # "CPU/Task time and stats accounting" config CPU_ISOLATION bool "CPU isolation" - depends on SMP || COMPILE_TEST + depends on SMP default y help Make sure that CPUs running critical tasks are not disturbed by -- 2.39.5

7 months

1
0
0 0

[PATCH AUTOSEL 6.1] sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP

by Sasha Levin

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 975776841e689dd8ba36df9fa72ac3eca3c2957a ] kernel/sched/isolation.c obviously makes no sense without CONFIG_SMP, but the Kconfig entry we have right now: config CPU_ISOLATION bool "CPU isolation" depends on SMP || COMPILE_TEST allows the creation of pointless .config's which cause build failures. Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20250330134955.GA7910@redhat.com Closes: https://lore.kernel.org/oe-kbuild-all/202503260646.lrUqD3j5-lkp@intel.com/ Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- init/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init/Kconfig b/init/Kconfig index b6786ddc88a80..8b6a2848da4a5 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -678,7 +678,7 @@ endmenu # "CPU/Task time and stats accounting" config CPU_ISOLATION bool "CPU isolation" - depends on SMP || COMPILE_TEST + depends on SMP default y help Make sure that CPUs running critical tasks are not disturbed by -- 2.39.5

7 months

1
0
0 0

[PATCH AUTOSEL 6.6] sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP

by Sasha Levin

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 975776841e689dd8ba36df9fa72ac3eca3c2957a ] kernel/sched/isolation.c obviously makes no sense without CONFIG_SMP, but the Kconfig entry we have right now: config CPU_ISOLATION bool "CPU isolation" depends on SMP || COMPILE_TEST allows the creation of pointless .config's which cause build failures. Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20250330134955.GA7910@redhat.com Closes: https://lore.kernel.org/oe-kbuild-all/202503260646.lrUqD3j5-lkp@intel.com/ Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- init/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init/Kconfig b/init/Kconfig index 1105cb53f391a..8b630143c720f 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -689,7 +689,7 @@ endmenu # "CPU/Task time and stats accounting" config CPU_ISOLATION bool "CPU isolation" - depends on SMP || COMPILE_TEST + depends on SMP default y help Make sure that CPUs running critical tasks are not disturbed by -- 2.39.5

7 months

1
0
0 0

[PATCH AUTOSEL 6.12 1/2] kbuild: add dependency from vmlinux to sorttable

by Sasha Levin

From: Xi Ruoyao <xry111(a)xry111.site> [ Upstream commit 82c09de2d4c472ab1b973e6e033671020691e637 ] Without this dependency it's really puzzling when we bisect for a "bad" commit in a series of sorttable change: when "git bisect" switches to another commit, "make" just does nothing to vmlinux. Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Acked-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/Makefile.vmlinux | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/Makefile.vmlinux b/scripts/Makefile.vmlinux index 1284f05555b97..0c2494ffcaf87 100644 --- a/scripts/Makefile.vmlinux +++ b/scripts/Makefile.vmlinux @@ -33,6 +33,10 @@ targets += vmlinux vmlinux: scripts/link-vmlinux.sh vmlinux.o $(KBUILD_LDS) FORCE +$(call if_changed_dep,link_vmlinux) +ifdef CONFIG_BUILDTIME_TABLE_SORT +vmlinux: scripts/sorttable +endif + # module.builtin.ranges # --------------------------------------------------------------------------- ifdef CONFIG_BUILTIN_MODULE_RANGES -- 2.39.5

7 months

1
1
0 0

[PATCH AUTOSEL 6.13 1/3] kbuild, rust: use -fremap-path-prefix to make paths relative

by Sasha Levin

From: Thomas Weißschuh <linux(a)weissschuh.net> [ Upstream commit dbdffaf50ff9cee3259a7cef8a7bd9e0f0ba9f13 ] Remap source path prefixes in all output, including compiler diagnostics, debug information, macro expansions, etc. This removes a few absolute paths from the binary and also makes it possible to use core::panic::Location properly. Equivalent to the same configuration done for C sources in commit 1d3730f0012f ("kbuild: support -fmacro-prefix-map for external modules") and commit a73619a845d5 ("kbuild: use -fmacro-prefix-map to make __FILE__ a relative path"). Link: https://doc.rust-lang.org/rustc/command-line-arguments.html#--remap-path-pr… Acked-by: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Tested-by: Gary Guo <gary(a)garyguo.net> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 21a34e8991ac6..9c1b66bf4bf6e 100644 --- a/Makefile +++ b/Makefile @@ -1067,6 +1067,7 @@ endif # change __FILE__ to the relative path to the source directory ifdef building_out_of_srctree KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srcroot)/=) +KBUILD_RUSTFLAGS += --remap-path-prefix=$(srcroot)/= endif # include additional Makefiles when needed -- 2.39.5

7 months

1
2
0 0

[PATCH AUTOSEL 6.14 1/3] kbuild, rust: use -fremap-path-prefix to make paths relative

by Sasha Levin

From: Thomas Weißschuh <linux(a)weissschuh.net> [ Upstream commit dbdffaf50ff9cee3259a7cef8a7bd9e0f0ba9f13 ] Remap source path prefixes in all output, including compiler diagnostics, debug information, macro expansions, etc. This removes a few absolute paths from the binary and also makes it possible to use core::panic::Location properly. Equivalent to the same configuration done for C sources in commit 1d3730f0012f ("kbuild: support -fmacro-prefix-map for external modules") and commit a73619a845d5 ("kbuild: use -fmacro-prefix-map to make __FILE__ a relative path"). Link: https://doc.rust-lang.org/rustc/command-line-arguments.html#--remap-path-pr… Acked-by: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Tested-by: Gary Guo <gary(a)garyguo.net> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 8b6764d44a610..c4eeb97ab3df2 100644 --- a/Makefile +++ b/Makefile @@ -1068,6 +1068,7 @@ endif # change __FILE__ to the relative path to the source directory ifdef building_out_of_srctree KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srcroot)/=) +KBUILD_RUSTFLAGS += --remap-path-prefix=$(srcroot)/= endif # include additional Makefiles when needed -- 2.39.5

7 months

1
2
0 0

[PATCH for v6.15] ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16

by Peter Ujfalusi

Asus laptops with sound PCI subsystem ID 1043:1f43 have the DMICs connected to the host instead of the CS42L43 so need the SOC_SDW_CODEC_MIC quirk. Link: https://github.com/thesofproject/sof/issues/9930 Fixes: 084344970808 ("ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S14") Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Reviewed-by: Simon Trimmer <simont(a)opensource.cirrus.com> Cc: stable(a)vger.kernel.org --- Hi, The S16 variant of the Zenbook has 4 PCH connected DMICs and the new topology needed for it is released alongside with the -2ch variant for the S14. Add a Fixes tag so this is backported to 6.14 since we have at least one user with this laptop without audio support. Regards, Peter sound/soc/intel/boards/sof_sdw.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/intel/boards/sof_sdw.c b/sound/soc/intel/boards/sof_sdw.c index 90dafa810b2e..095d08b3fc82 100644 --- a/sound/soc/intel/boards/sof_sdw.c +++ b/sound/soc/intel/boards/sof_sdw.c @@ -764,6 +764,7 @@ static const struct dmi_system_id sof_sdw_quirk_table[] = { static const struct snd_pci_quirk sof_sdw_ssid_quirk_table[] = { SND_PCI_QUIRK(0x1043, 0x1e13, "ASUS Zenbook S14", SOC_SDW_CODEC_MIC), + SND_PCI_QUIRK(0x1043, 0x1f43, "ASUS Zenbook S16", SOC_SDW_CODEC_MIC), {} }; -- 2.49.0

7 months

2
1
0 0

[PATCH] ASoC: qcom: Fix sc7280 lpass potential buffer overflow

by Evgeny Pimenov

Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 77d0ffef793d ("ASoC: qcom: Add macro for lpass DAI id's max limit") Cc: stable(a)vger.kernel.org # v6.0+ Suggested-by: Mikhail Kobuk <m.kobuk(a)ispras.ru> Suggested-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Signed-off-by: Evgeny Pimenov <pimenoveu12(a)gmail.com> --- sound/soc/qcom/lpass.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/qcom/lpass.h b/sound/soc/qcom/lpass.h index 27a2bf9a6613..de3ec6f594c1 100644 --- a/sound/soc/qcom/lpass.h +++ b/sound/soc/qcom/lpass.h @@ -13,10 +13,11 @@ #include <linux/platform_device.h> #include <linux/regmap.h> #include <dt-bindings/sound/qcom,lpass.h> +#include <dt-bindings/sound/qcom,q6afe.h> #include "lpass-hdmi.h" #define LPASS_AHBIX_CLOCK_FREQUENCY 131072000 -#define LPASS_MAX_PORTS (LPASS_CDC_DMA_VA_TX8 + 1) +#define LPASS_MAX_PORTS (DISPLAY_PORT_RX_7 + 1) #define LPASS_MAX_MI2S_PORTS (8) #define LPASS_MAX_DMA_CHANNELS (8) #define LPASS_MAX_HDMI_DMA_CHANNELS (4) -- 2.39.5

7 months

2
1
0 0

[RESEND Patch v2 2/3] maple_tree: restart walk on correct status

by Wei Yang

Commit a8091f039c1e ("maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states") adds more status during maple tree walk. But it introduce a typo on the status check during walk. It expects to mean neither active nor start, we would restart the walk, while current code means we would always restart the walk. Fixes: a8091f039c1e ("maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> CC: Liam R. Howlett <Liam.Howlett(a)Oracle.com> CC: <stable(a)vger.kernel.org> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> --- lib/maple_tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/maple_tree.c b/lib/maple_tree.c index 0696e8d1c4e9..81970b3a6af7 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -4895,7 +4895,7 @@ void *mas_walk(struct ma_state *mas) { void *entry; - if (!mas_is_active(mas) || !mas_is_start(mas)) + if (!mas_is_active(mas) && !mas_is_start(mas)) mas->status = ma_start; retry: entry = mas_state_walk(mas); -- 2.34.1

7 months

1
0
0 0

[PATCH v5] usb: dwc3: gadget: check that event count does not exceed event buffer length

by Frode Isaksen

From: Frode Isaksen <frode(a)meta.com> The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0x114/0x180 lr : dwc3_check_event_buf+0xec/0x348 x3 : 0000000000000030 x2 : 000000000000dfc4 x1 : ffffffc0129be000 x0 : ffffff87aad60080 Call trace: __memcpy+0x114/0x180 dwc3_interrupt+0x24/0x34 Signed-off-by: Frode Isaksen <frode(a)meta.com> Fixes: 72246da40f37 ("usb: Introduce DesignWare USB3 DRD Driver") Cc: stable(a)vger.kernel.org --- v1 -> v2: Added Fixes and Cc tag. v2 -> v3: Added error log v3 -> v4: Rate limit error log v4 -> v5: Changed Fixes tag drivers/usb/dwc3/gadget.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 89a4dc8ebf94..b75b4c5ca7fc 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4564,6 +4564,12 @@ static irqreturn_t dwc3_check_event_buf(struct dwc3_event_buffer *evt) if (!count) return IRQ_NONE; + if (count > evt->length) { + dev_err_ratelimited(dwc->dev, "invalid count(%u) > evt->length(%u)\n", + count, evt->length); + return IRQ_NONE; + } + evt->count = count; evt->flags |= DWC3_EVENT_PENDING; -- 2.49.0

7 months

2
1
0 0

+ mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix filemap_get_folios_contig returning batches of identical folios has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: mm: fix filemap_get_folios_contig returning batches of identical folios Date: Thu, 3 Apr 2025 16:54:17 -0700 filemap_get_folios_contig() is supposed to return distinct folios found within [start, end]. Large folios in the Xarray become multi-index entries. xas_next() can iterate through the sub-indexes before finding a sibling entry and breaking out of the loop. This can result in a returned folio_batch containing an indeterminate number of duplicate folios, which forces the callers to skeptically handle the returned batch. This is inefficient and incurs a large maintenance overhead. We can fix this by calling xas_advance() after we have successfully adding a folio to the batch to ensure our Xarray is positioned such that it will correctly find the next folio - similar to filemap_get_read_batch(). Link: https://lkml.kernel.org/r/Z-8s1-kiIDkzgRbc@fedora Fixes: 35b471467f88 ("filemap: add filemap_get_folios_contig()") Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Reported-by: Qu Wenruo <quwenruo.btrfs(a)gmx.com> Closes: https://lkml.kernel.org/r/b714e4de-2583-4035-b829-72cfb5eb6fc6@gmx.com Tested-by: Qu Wenruo <quwenruo.btrfs(a)gmx.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/filemap.c~mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios +++ a/mm/filemap.c @@ -2244,6 +2244,7 @@ unsigned filemap_get_folios_contig(struc *start = folio->index + nr; goto out; } + xas_advance(&xas, folio_next_index(folio) - 1); continue; put_folio: folio_put(folio); _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are mm-compaction-fix-bug-in-hugetlb-handling-pathway.patch mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios.patch mm-compaction-use-folio-in-hugetlb-pathway.patch

7 months

1
0
0 0

[PATCH 2/2] rust: pin-init: use Markdown autolinks in Rust comments

by Benno Lossin

From: Miguel Ojeda <ojeda(a)kernel.org> "Normal" comments in Rust (`//`) are also formatted in Markdown, like the documentation (`///` and `//!`), see Documentation/rust/coding-guidelines.rst Thus use Markdown autolinks for a couple links that were missing it. It also helps to get proper linking in some software like kitty [1]. Suggested-by: Benno Lossin <benno.lossin(a)proton.me> Link: https://github.com/Rust-for-Linux/pin-init/pull/32#discussion_r2023103712 [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> Link: https://github.com/Rust-for-Linux/pin-init/pull/32/commits/dd230d61bf053828… Fixes: 84837cf6fa54 ("rust: pin-init: change examples to the user-space version") Cc: stable(a)vger.kernel.org [ Change case in title. Reworded commit message. - Benno ] Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> --- rust/pin-init/examples/pthread_mutex.rs | 2 +- rust/pin-init/src/lib.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/pin-init/examples/pthread_mutex.rs b/rust/pin-init/examples/pthread_mutex.rs index 9164298c44c0..5ac22f1880d2 100644 --- a/rust/pin-init/examples/pthread_mutex.rs +++ b/rust/pin-init/examples/pthread_mutex.rs @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 OR MIT -// inspired by https://github.com/nbdd0121/pin-init/blob/trunk/examples/pthread_mutex.rs +// inspired by <https://github.com/nbdd0121/pin-init/blob/trunk/examples/pthread_mutex.rs> #![allow(clippy::undocumented_unsafe_blocks)] #![cfg_attr(feature = "alloc", feature(allocator_api))] #[cfg(not(windows))] diff --git a/rust/pin-init/src/lib.rs b/rust/pin-init/src/lib.rs index 05c44514765e..0806c689f693 100644 --- a/rust/pin-init/src/lib.rs +++ b/rust/pin-init/src/lib.rs @@ -1447,7 +1447,7 @@ macro_rules! impl_zeroable { {<T: ?Sized + Zeroable>} UnsafeCell<T>, // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee: - // https://doc.rust-lang.org/stable/std/option/index.html#representation). + // <https://doc.rust-lang.org/stable/std/option/index.html#representation>). Option<NonZeroU8>, Option<NonZeroU16>, Option<NonZeroU32>, Option<NonZeroU64>, Option<NonZeroU128>, Option<NonZeroUsize>, Option<NonZeroI8>, Option<NonZeroI16>, Option<NonZeroI32>, Option<NonZeroI64>, -- 2.48.1

7 months

1
0
0 0

[PATCH 1/2] rust: pin-init: alloc: restrict `impl ZeroableOption` for `Box` to `T: Sized`

by Benno Lossin

From: Miguel Ojeda <ojeda(a)kernel.org> Similar to what was done for `Zeroable<NonNull<T>>` in commit df27cef15360 ("rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and `Option<KBox<T>>`"), the latest Rust documentation [1] says it guarantees that `transmute::<_, Option<T>>([0u8; size_of::<T>()])` is sound and produces `Option::<T>::None` only in some cases. In particular, it says: `Box<U>` (specifically, only `Box<U, Global>`) when `U: Sized` Thus restrict the `impl` to `Sized`, and use similar wording as in that commit too. Link: https://doc.rust-lang.org/stable/std/option/index.html#representation [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> Link: https://github.com/Rust-for-Linux/pin-init/pull/32/commits/a6007cf555e5946b… Fixes: 9b2299af3b92 ("rust: pin-init: add `std` and `alloc` support from the user-space version") Cc: stable(a)vger.kernel.org [ Adjust mentioned commit to the one from the kernel. - Benno ] Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> --- rust/pin-init/src/alloc.rs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/rust/pin-init/src/alloc.rs b/rust/pin-init/src/alloc.rs index e16baa3b434e..5017f57442d8 100644 --- a/rust/pin-init/src/alloc.rs +++ b/rust/pin-init/src/alloc.rs @@ -17,11 +17,9 @@ pub extern crate alloc; -// SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). -// -// In this case we are allowed to use `T: ?Sized`, since all zeros is the `None` variant and there -// is no problem with a VTABLE pointer being null. -unsafe impl<T: ?Sized> ZeroableOption for Box<T> {} +// SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee: +// <https://doc.rust-lang.org/stable/std/option/index.html#representation>). +unsafe impl<T> ZeroableOption for Box<T> {} /// Smart pointer that can initialize memory in-place. pub trait InPlaceInit<T>: Sized { -- 2.48.1

7 months

1
0
0 0

[PATCH AUTOSEL 5.4 1/2] qibfs: fix _another_ leak

by Sasha Levin

From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit bdb43af4fdb39f844ede401bdb1258f67a580a27 ] failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/qib/qib_fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c index e336d778e076e..5ec67e3c2d03c 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -56,6 +56,7 @@ static int qibfs_mknod(struct inode *dir, struct dentry *dentry, struct inode *inode = new_inode(dir->i_sb); if (!inode) { + dput(dentry); error = -EPERM; goto bail; } -- 2.39.5

7 months

1
1
0 0

[PATCH AUTOSEL 5.10 1/2] qibfs: fix _another_ leak

by Sasha Levin

From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit bdb43af4fdb39f844ede401bdb1258f67a580a27 ] failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/qib/qib_fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c index e336d778e076e..5ec67e3c2d03c 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -56,6 +56,7 @@ static int qibfs_mknod(struct inode *dir, struct dentry *dentry, struct inode *inode = new_inode(dir->i_sb); if (!inode) { + dput(dentry); error = -EPERM; goto bail; } -- 2.39.5

7 months

1
1
0 0

[PATCH AUTOSEL 5.15 1/2] qibfs: fix _another_ leak

by Sasha Levin

From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit bdb43af4fdb39f844ede401bdb1258f67a580a27 ] failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/qib/qib_fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c index 8665e506404f9..774037ea44a92 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -56,6 +56,7 @@ static int qibfs_mknod(struct inode *dir, struct dentry *dentry, struct inode *inode = new_inode(dir->i_sb); if (!inode) { + dput(dentry); error = -EPERM; goto bail; } -- 2.39.5

7 months

1
1
0 0

[PATCH AUTOSEL 6.1 1/5] qibfs: fix _another_ leak

by Sasha Levin

From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit bdb43af4fdb39f844ede401bdb1258f67a580a27 ] failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/qib/qib_fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c index 182a89bb24ef4..caade796bc3cb 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -55,6 +55,7 @@ static int qibfs_mknod(struct inode *dir, struct dentry *dentry, struct inode *inode = new_inode(dir->i_sb); if (!inode) { + dput(dentry); error = -EPERM; goto bail; } -- 2.39.5

7 months

1
4
0 0

[PATCH AUTOSEL 6.6 1/6] qibfs: fix _another_ leak

by Sasha Levin

From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit bdb43af4fdb39f844ede401bdb1258f67a580a27 ] failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/qib/qib_fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c index 11155e0fb8395..35d777976c295 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -55,6 +55,7 @@ static int qibfs_mknod(struct inode *dir, struct dentry *dentry, struct inode *inode = new_inode(dir->i_sb); if (!inode) { + dput(dentry); error = -EPERM; goto bail; } -- 2.39.5

7 months

1
5
0 0

[PATCH AUTOSEL 6.12 1/7] qibfs: fix _another_ leak

by Sasha Levin

From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit bdb43af4fdb39f844ede401bdb1258f67a580a27 ] failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/qib/qib_fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c index b27791029fa93..b9f4a2937c3ac 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -55,6 +55,7 @@ static int qibfs_mknod(struct inode *dir, struct dentry *dentry, struct inode *inode = new_inode(dir->i_sb); if (!inode) { + dput(dentry); error = -EPERM; goto bail; } -- 2.39.5

7 months

1
6
0 0

[PATCH AUTOSEL 6.13 1/8] qibfs: fix _another_ leak

by Sasha Levin

From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit bdb43af4fdb39f844ede401bdb1258f67a580a27 ] failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/qib/qib_fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c index b27791029fa93..b9f4a2937c3ac 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -55,6 +55,7 @@ static int qibfs_mknod(struct inode *dir, struct dentry *dentry, struct inode *inode = new_inode(dir->i_sb); if (!inode) { + dput(dentry); error = -EPERM; goto bail; } -- 2.39.5

7 months

1
7
0 0

[PATCH AUTOSEL 6.14 1/9] qibfs: fix _another_ leak

by Sasha Levin

From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit bdb43af4fdb39f844ede401bdb1258f67a580a27 ] failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/qib/qib_fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c index b27791029fa93..b9f4a2937c3ac 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -55,6 +55,7 @@ static int qibfs_mknod(struct inode *dir, struct dentry *dentry, struct inode *inode = new_inode(dir->i_sb); if (!inode) { + dput(dentry); error = -EPERM; goto bail; } -- 2.39.5

7 months

1
8
0 0

[PATCH AUTOSEL 5.4 1/3] usb: host: max3421-hcd: Add missing spi_device_id table

by Sasha Levin

From: Alexander Stein <alexander.stein(a)mailbox.org> [ Upstream commit 41d5e3806cf589f658f92c75195095df0b66f66a ] "maxim,max3421" DT compatible is missing its SPI device ID entry, not allowing module autoloading and leading to the following message: "SPI driver max3421-hcd has no spi_device_id for maxim,max3421" Fix this by adding the spi_device_id table. Signed-off-by: Alexander Stein <alexander.stein(a)mailbox.org> Link: https://lore.kernel.org/r/20250128195114.56321-1-alexander.stein@mailbox.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/host/max3421-hcd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c index 0a5e0e6449826..5a21777197e95 100644 --- a/drivers/usb/host/max3421-hcd.c +++ b/drivers/usb/host/max3421-hcd.c @@ -1956,6 +1956,12 @@ max3421_remove(struct spi_device *spi) return 0; } +static const struct spi_device_id max3421_spi_ids[] = { + { "max3421" }, + { }, +}; +MODULE_DEVICE_TABLE(spi, max3421_spi_ids); + static const struct of_device_id max3421_of_match_table[] = { { .compatible = "maxim,max3421", }, {}, @@ -1965,6 +1971,7 @@ MODULE_DEVICE_TABLE(of, max3421_of_match_table); static struct spi_driver max3421_driver = { .probe = max3421_probe, .remove = max3421_remove, + .id_table = max3421_spi_ids, .driver = { .name = "max3421-hcd", .of_match_table = of_match_ptr(max3421_of_match_table), -- 2.39.5

7 months

1
2
0 0

[PATCH AUTOSEL 5.10 1/4] usb: host: max3421-hcd: Add missing spi_device_id table

by Sasha Levin

From: Alexander Stein <alexander.stein(a)mailbox.org> [ Upstream commit 41d5e3806cf589f658f92c75195095df0b66f66a ] "maxim,max3421" DT compatible is missing its SPI device ID entry, not allowing module autoloading and leading to the following message: "SPI driver max3421-hcd has no spi_device_id for maxim,max3421" Fix this by adding the spi_device_id table. Signed-off-by: Alexander Stein <alexander.stein(a)mailbox.org> Link: https://lore.kernel.org/r/20250128195114.56321-1-alexander.stein@mailbox.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/host/max3421-hcd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c index 44a35629d68c6..db1b73486e90b 100644 --- a/drivers/usb/host/max3421-hcd.c +++ b/drivers/usb/host/max3421-hcd.c @@ -1956,6 +1956,12 @@ max3421_remove(struct spi_device *spi) return 0; } +static const struct spi_device_id max3421_spi_ids[] = { + { "max3421" }, + { }, +}; +MODULE_DEVICE_TABLE(spi, max3421_spi_ids); + static const struct of_device_id max3421_of_match_table[] = { { .compatible = "maxim,max3421", }, {}, @@ -1965,6 +1971,7 @@ MODULE_DEVICE_TABLE(of, max3421_of_match_table); static struct spi_driver max3421_driver = { .probe = max3421_probe, .remove = max3421_remove, + .id_table = max3421_spi_ids, .driver = { .name = "max3421-hcd", .of_match_table = of_match_ptr(max3421_of_match_table), -- 2.39.5

7 months

1
3
0 0

[PATCH AUTOSEL 5.15 1/8] usb: host: max3421-hcd: Add missing spi_device_id table

by Sasha Levin

From: Alexander Stein <alexander.stein(a)mailbox.org> [ Upstream commit 41d5e3806cf589f658f92c75195095df0b66f66a ] "maxim,max3421" DT compatible is missing its SPI device ID entry, not allowing module autoloading and leading to the following message: "SPI driver max3421-hcd has no spi_device_id for maxim,max3421" Fix this by adding the spi_device_id table. Signed-off-by: Alexander Stein <alexander.stein(a)mailbox.org> Link: https://lore.kernel.org/r/20250128195114.56321-1-alexander.stein@mailbox.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/host/max3421-hcd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c index 6d95b90683bc8..37a5914f79871 100644 --- a/drivers/usb/host/max3421-hcd.c +++ b/drivers/usb/host/max3421-hcd.c @@ -1956,6 +1956,12 @@ max3421_remove(struct spi_device *spi) return 0; } +static const struct spi_device_id max3421_spi_ids[] = { + { "max3421" }, + { }, +}; +MODULE_DEVICE_TABLE(spi, max3421_spi_ids); + static const struct of_device_id max3421_of_match_table[] = { { .compatible = "maxim,max3421", }, {}, @@ -1965,6 +1971,7 @@ MODULE_DEVICE_TABLE(of, max3421_of_match_table); static struct spi_driver max3421_driver = { .probe = max3421_probe, .remove = max3421_remove, + .id_table = max3421_spi_ids, .driver = { .name = "max3421-hcd", .of_match_table = of_match_ptr(max3421_of_match_table), -- 2.39.5

7 months

1
7
0 0

+ mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: page_alloc: speed up fallbacks in rmqueue_bulk() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: page_alloc: speed up fallbacks in rmqueue_bulk() Date: Mon, 7 Apr 2025 14:01:53 -0400 The test robot identified c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") as the root cause of a 56.4% regression in vm-scalability::lru-file-mmap-read. Carlos reports an earlier patch, c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion"), as the root cause for a regression in worst-case zone->lock+irqoff hold times. Both of these patches modify the page allocator's fallback path to be less greedy in an effort to stave off fragmentation. The flip side of this is that fallbacks are also less productive each time around, which means the fallback search can run much more frequently. Carlos' traces point to rmqueue_bulk() specifically, which tries to refill the percpu cache by allocating a large batch of pages in a loop. It highlights how once the native freelists are exhausted, the fallback code first scans orders top-down for whole blocks to claim, then falls back to a bottom-up search for the smallest buddy to steal. For the next batch page, it goes through the same thing again. This can be made more efficient. Since rmqueue_bulk() holds the zone->lock over the entire batch, the freelists are not subject to outside changes; when the search for a block to claim has already failed, there is no point in trying again for the next page. Modify __rmqueue() to remember the last successful fallback mode, and restart directly from there on the next rmqueue_bulk() iteration. Oliver confirms that this improves beyond the regression that the test robot reported against c2f6ea38fc1b: commit: f3b92176f4 ("tools/selftests: add guard region test for /proc/$pid/pagemap") c2f6ea38fc ("mm: page_alloc: don't steal single pages from biggest buddy") acc4d5ff0b ("Merge tag 'net-6.15-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") 2c847f27c3 ("mm: page_alloc: speed up fallbacks in rmqueue_bulk()") <--- your patch f3b92176f4f7100f c2f6ea38fc1b640aa7a2e155cc1 acc4d5ff0b61eb1715c498b6536 2c847f27c37da65a93d23c237c5 ---------------- --------------------------- --------------------------- --------------------------- %stddev %change %stddev %change %stddev %change %stddev \ | \ | \ | \ 25525364 �� 3% -56.4% 11135467 -57.8% 10779336 +31.6% 33581409 vm-scalability.throughput Carlos confirms that worst-case times are almost fully recovered compared to before the earlier culprit patch: 2dd482ba627d (before freelist hygiene): 1ms c0cd6f557b90 (after freelist hygiene): 90ms next-20250319 (steal smallest buddy): 280ms this patch : 8ms Link: https://lkml.kernel.org/r/20250407180154.63348-1-hannes@cmpxchg.org Fixes: c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion") Fixes: c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: kernel test robot <oliver.sang(a)intel.com> Reported-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202503271547.fc08b188-lkp@intel.com Cc: <stable(a)vger.kernel.org> [6.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 100 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 74 insertions(+), 26 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk +++ a/mm/page_alloc.c @@ -2189,11 +2189,11 @@ try_to_claim_block(struct zone *zone, st * The use of signed ints for order and current_order is a deliberate * deviation from the rest of this file, to make the for loop * condition simpler. - * - * Return the stolen page, or NULL if none can be found. */ + +/* Try to claim a whole foreign block, take a page, expand the remainder */ static __always_inline struct page * -__rmqueue_fallback(struct zone *zone, int order, int start_migratetype, +__rmqueue_claim(struct zone *zone, int order, int start_migratetype, unsigned int alloc_flags) { struct free_area *area; @@ -2231,14 +2231,26 @@ __rmqueue_fallback(struct zone *zone, in page = try_to_claim_block(zone, page, current_order, order, start_migratetype, fallback_mt, alloc_flags); - if (page) - goto got_one; + if (page) { + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; + } } - if (alloc_flags & ALLOC_NOFRAGMENT) - return NULL; + return NULL; +} + +/* Try to steal a single page from a foreign block */ +static __always_inline struct page * +__rmqueue_steal(struct zone *zone, int order, int start_migratetype) +{ + struct free_area *area; + int current_order; + struct page *page; + int fallback_mt; + bool claim_block; - /* No luck claiming pageblock. Find the smallest fallback page */ for (current_order = order; current_order < NR_PAGE_ORDERS; current_order++) { area = &(zone->free_area[current_order]); fallback_mt = find_suitable_fallback(area, current_order, @@ -2248,25 +2260,28 @@ __rmqueue_fallback(struct zone *zone, in page = get_page_from_free_area(area, fallback_mt); page_del_and_expand(zone, page, order, current_order, fallback_mt); - goto got_one; + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; } return NULL; - -got_one: - trace_mm_page_alloc_extfrag(page, order, current_order, - start_migratetype, fallback_mt); - - return page; } +enum rmqueue_mode { + RMQUEUE_NORMAL, + RMQUEUE_CMA, + RMQUEUE_CLAIM, + RMQUEUE_STEAL, +}; + /* * Do the hard work of removing an element from the buddy allocator. * Call me with the zone->lock already held. */ static __always_inline struct page * __rmqueue(struct zone *zone, unsigned int order, int migratetype, - unsigned int alloc_flags) + unsigned int alloc_flags, enum rmqueue_mode *mode) { struct page *page; @@ -2285,16 +2300,47 @@ __rmqueue(struct zone *zone, unsigned in } } - page = __rmqueue_smallest(zone, order, migratetype); - if (unlikely(!page)) { - if (alloc_flags & ALLOC_CMA) + /* + * Try the different freelists, native then foreign. + * + * The fallback logic is expensive and rmqueue_bulk() calls in + * a loop with the zone->lock held, meaning the freelists are + * not subject to any outside changes. Remember in *mode where + * we found pay dirt, to save us the search on the next call. + */ + switch (*mode) { + case RMQUEUE_NORMAL: + page = __rmqueue_smallest(zone, order, migratetype); + if (page) + return page; + fallthrough; + case RMQUEUE_CMA: + if (alloc_flags & ALLOC_CMA) { page = __rmqueue_cma_fallback(zone, order); - - if (!page) - page = __rmqueue_fallback(zone, order, migratetype, - alloc_flags); + if (page) { + *mode = RMQUEUE_CMA; + return page; + } + } + fallthrough; + case RMQUEUE_CLAIM: + page = __rmqueue_claim(zone, order, migratetype, alloc_flags); + if (page) { + /* Replenished native freelist, back to normal mode */ + *mode = RMQUEUE_NORMAL; + return page; + } + fallthrough; + case RMQUEUE_STEAL: + if (!(alloc_flags & ALLOC_NOFRAGMENT)) { + page = __rmqueue_steal(zone, order, migratetype); + if (page) { + *mode = RMQUEUE_STEAL; + return page; + } + } } - return page; + return NULL; } /* @@ -2306,6 +2352,7 @@ static int rmqueue_bulk(struct zone *zon unsigned long count, struct list_head *list, int migratetype, unsigned int alloc_flags) { + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; unsigned long flags; int i; @@ -2317,7 +2364,7 @@ static int rmqueue_bulk(struct zone *zon } for (i = 0; i < count; ++i) { struct page *page = __rmqueue(zone, order, migratetype, - alloc_flags); + alloc_flags, &rmqm); if (unlikely(page == NULL)) break; @@ -2930,6 +2977,7 @@ struct page *rmqueue_buddy(struct zone * { struct page *page; unsigned long flags; + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; do { page = NULL; @@ -2942,7 +2990,7 @@ struct page *rmqueue_buddy(struct zone * if (alloc_flags & ALLOC_HIGHATOMIC) page = __rmqueue_smallest(zone, order, MIGRATE_HIGHATOMIC); if (!page) { - page = __rmqueue(zone, order, migratetype, alloc_flags); + page = __rmqueue(zone, order, migratetype, alloc_flags, &rmqm); /* * If the allocation fails, allow OOM handling and _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk.patch

7 months

1
0
0 0

[PATCH AUTOSEL 6.1 01/13] usb: host: max3421-hcd: Add missing spi_device_id table

by Sasha Levin

From: Alexander Stein <alexander.stein(a)mailbox.org> [ Upstream commit 41d5e3806cf589f658f92c75195095df0b66f66a ] "maxim,max3421" DT compatible is missing its SPI device ID entry, not allowing module autoloading and leading to the following message: "SPI driver max3421-hcd has no spi_device_id for maxim,max3421" Fix this by adding the spi_device_id table. Signed-off-by: Alexander Stein <alexander.stein(a)mailbox.org> Link: https://lore.kernel.org/r/20250128195114.56321-1-alexander.stein@mailbox.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/host/max3421-hcd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c index ab12d76b01fbe..8aaafba058aa9 100644 --- a/drivers/usb/host/max3421-hcd.c +++ b/drivers/usb/host/max3421-hcd.c @@ -1955,6 +1955,12 @@ max3421_remove(struct spi_device *spi) usb_put_hcd(hcd); } +static const struct spi_device_id max3421_spi_ids[] = { + { "max3421" }, + { }, +}; +MODULE_DEVICE_TABLE(spi, max3421_spi_ids); + static const struct of_device_id max3421_of_match_table[] = { { .compatible = "maxim,max3421", }, {}, @@ -1964,6 +1970,7 @@ MODULE_DEVICE_TABLE(of, max3421_of_match_table); static struct spi_driver max3421_driver = { .probe = max3421_probe, .remove = max3421_remove, + .id_table = max3421_spi_ids, .driver = { .name = "max3421-hcd", .of_match_table = of_match_ptr(max3421_of_match_table), -- 2.39.5

7 months

1
12
0 0

[PATCH AUTOSEL 6.6 01/15] usb: host: max3421-hcd: Add missing spi_device_id table

by Sasha Levin

From: Alexander Stein <alexander.stein(a)mailbox.org> [ Upstream commit 41d5e3806cf589f658f92c75195095df0b66f66a ] "maxim,max3421" DT compatible is missing its SPI device ID entry, not allowing module autoloading and leading to the following message: "SPI driver max3421-hcd has no spi_device_id for maxim,max3421" Fix this by adding the spi_device_id table. Signed-off-by: Alexander Stein <alexander.stein(a)mailbox.org> Link: https://lore.kernel.org/r/20250128195114.56321-1-alexander.stein@mailbox.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/host/max3421-hcd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c index a219260ad3e6c..cc1f579f02de1 100644 --- a/drivers/usb/host/max3421-hcd.c +++ b/drivers/usb/host/max3421-hcd.c @@ -1946,6 +1946,12 @@ max3421_remove(struct spi_device *spi) usb_put_hcd(hcd); } +static const struct spi_device_id max3421_spi_ids[] = { + { "max3421" }, + { }, +}; +MODULE_DEVICE_TABLE(spi, max3421_spi_ids); + static const struct of_device_id max3421_of_match_table[] = { { .compatible = "maxim,max3421", }, {}, @@ -1955,6 +1961,7 @@ MODULE_DEVICE_TABLE(of, max3421_of_match_table); static struct spi_driver max3421_driver = { .probe = max3421_probe, .remove = max3421_remove, + .id_table = max3421_spi_ids, .driver = { .name = "max3421-hcd", .of_match_table = max3421_of_match_table, -- 2.39.5

7 months

1
14
0 0

[PATCH AUTOSEL 6.12 01/22] usb: host: max3421-hcd: Add missing spi_device_id table

by Sasha Levin

From: Alexander Stein <alexander.stein(a)mailbox.org> [ Upstream commit 41d5e3806cf589f658f92c75195095df0b66f66a ] "maxim,max3421" DT compatible is missing its SPI device ID entry, not allowing module autoloading and leading to the following message: "SPI driver max3421-hcd has no spi_device_id for maxim,max3421" Fix this by adding the spi_device_id table. Signed-off-by: Alexander Stein <alexander.stein(a)mailbox.org> Link: https://lore.kernel.org/r/20250128195114.56321-1-alexander.stein@mailbox.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/host/max3421-hcd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c index 0881fdd1823e0..dcf31a592f5d1 100644 --- a/drivers/usb/host/max3421-hcd.c +++ b/drivers/usb/host/max3421-hcd.c @@ -1946,6 +1946,12 @@ max3421_remove(struct spi_device *spi) usb_put_hcd(hcd); } +static const struct spi_device_id max3421_spi_ids[] = { + { "max3421" }, + { }, +}; +MODULE_DEVICE_TABLE(spi, max3421_spi_ids); + static const struct of_device_id max3421_of_match_table[] = { { .compatible = "maxim,max3421", }, {}, @@ -1955,6 +1961,7 @@ MODULE_DEVICE_TABLE(of, max3421_of_match_table); static struct spi_driver max3421_driver = { .probe = max3421_probe, .remove = max3421_remove, + .id_table = max3421_spi_ids, .driver = { .name = "max3421-hcd", .of_match_table = max3421_of_match_table, -- 2.39.5

7 months

1
21
0 0

[PATCH v3] x86/e820: Fix handling of subpage regions when calculating nosave ranges

by Myrrh Periwinkle

The current implementation of e820__register_nosave_regions suffers from multiple serious issues: - The end of last region is tracked by PFN, causing it to find holes that aren't there if two consecutive subpage regions are present - The nosave PFN ranges derived from holes are rounded out (instead of rounded in) which makes it inconsistent with how explicitly reserved regions are handled Fix this by: - Treating reserved regions as if they were holes, to ensure consistent handling (rounding out nosave PFN ranges is more correct as the kernel does not use partial pages) - Tracking the end of the last RAM region by address instead of pages to detect holes more precisely Cc: stable(a)vger.kernel.org Fixes: e5540f875404 ("x86/boot/e820: Consolidate 'struct e820_entry *entry' local variable names") Reported-by: Roberto Ricci <io(a)r-ricci.it> Closes: https://lore.kernel.org/all/Z4WFjBVHpndct7br@desktop0a/ Signed-off-by: Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> --- The issue of the kernel failing to resume from hibernation after kexec_load() is used is likely due to kexec-tools passing in a different e820 memory map from the one provided by system firmware, causing the e820 consistency check to fail. That issue is not addressed in this patch and will need to be fixed in kexec-tools instead. Changes in v3: - Round out nosave PFN ranges since the kernel does not use partial pages - Link to v2: https://lore.kernel.org/r/20250405-fix-e820-nosave-v2-1-d40dbe457c95@qtmlab… Changes in v2: - Updated author details - Rewrote commit message - Link to v1: https://lore.kernel.org/r/20250405-fix-e820-nosave-v1-1-162633199548@qtmlab… --- arch/x86/kernel/e820.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c index 57120f0749cc3c23844eeb36820705687e08bbf7..9d8dd8deb2a702bd34b961ca4f5eba8a8d9643d0 100644 --- a/arch/x86/kernel/e820.c +++ b/arch/x86/kernel/e820.c @@ -753,22 +753,21 @@ void __init e820__memory_setup_extended(u64 phys_addr, u32 data_len) void __init e820__register_nosave_regions(unsigned long limit_pfn) { int i; - unsigned long pfn = 0; + u64 last_addr = 0; for (i = 0; i < e820_table->nr_entries; i++) { struct e820_entry *entry = &e820_table->entries[i]; - if (pfn < PFN_UP(entry->addr)) - register_nosave_region(pfn, PFN_UP(entry->addr)); - - pfn = PFN_DOWN(entry->addr + entry->size); - if (entry->type != E820_TYPE_RAM) - register_nosave_region(PFN_UP(entry->addr), pfn); + continue; - if (pfn >= limit_pfn) - break; + if (last_addr < entry->addr) + register_nosave_region(PFN_DOWN(last_addr), PFN_UP(entry->addr)); + + last_addr = entry->addr + entry->size; } + + register_nosave_region(PFN_DOWN(last_addr), limit_pfn); } #ifdef CONFIG_ACPI --- base-commit: a8662bcd2ff152bfbc751cab20f33053d74d0963 change-id: 20250405-fix-e820-nosave-f5cb985a9a61 Best regards, -- Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>

7 months

3
6
0 0

[PATCH 5.10] cifs: fix integer overflow in match_server()

by Roman Smirnov

From: Roman Smirnov <r.smirnov(a)omp.ru> [ Upstream commit 2510859475d7f46ed7940db0853f3342bf1b65ee ] The echo_interval is not limited in any way during mounting, which makes it possible to write a large number to it. This can cause an overflow when multiplying ctx->echo_interval by HZ in match_server(). Add constraints for echo_interval to smb3_fs_context_parse_param(). Found by Linux Verification Center (linuxtesting.org) with Svace. Fixes: adfeb3e00e8e1 ("cifs: Make echo interval tunable") Cc: stable(a)vger.kernel.org Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- fs/cifs/connect.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index a3c0e6a4e484..322b8be73bb8 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1915,6 +1915,12 @@ cifs_parse_mount_options(const char *mountdata, const char *devname, __func__); goto cifs_parse_mount_err; } + if (option < SMB_ECHO_INTERVAL_MIN || + option > SMB_ECHO_INTERVAL_MAX) { + cifs_dbg(VFS, "%s: Echo interval is out of bounds\n", + __func__); + goto cifs_parse_mount_err; + } vol->echo_interval = option; break; case Opt_snapshot: -- 2.43.0

7 months

1
0
0 0

[PATCH 5.15] cifs: fix integer overflow in match_server()

by Roman Smirnov

From: Roman Smirnov <r.smirnov(a)omp.ru> [ Upstream commit 2510859475d7f46ed7940db0853f3342bf1b65ee ] The echo_interval is not limited in any way during mounting, which makes it possible to write a large number to it. This can cause an overflow when multiplying ctx->echo_interval by HZ in match_server(). Add constraints for echo_interval to smb3_fs_context_parse_param(). Found by Linux Verification Center (linuxtesting.org) with Svace. Fixes: adfeb3e00e8e1 ("cifs: Make echo interval tunable") Cc: stable(a)vger.kernel.org Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- fs/cifs/fs_context.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/cifs/fs_context.c b/fs/cifs/fs_context.c index fb3651513f83..3479f0072cf6 100644 --- a/fs/cifs/fs_context.c +++ b/fs/cifs/fs_context.c @@ -1088,6 +1088,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, } break; case Opt_echo_interval: + if (result.uint_32 < SMB_ECHO_INTERVAL_MIN || + result.uint_32 > SMB_ECHO_INTERVAL_MAX) { + cifs_errorf(fc, "echo interval is out of bounds\n"); + goto cifs_parse_mount_err; + } ctx->echo_interval = result.uint_32; break; case Opt_snapshot: -- 2.43.0

7 months

1
0
0 0

[PATCH v2] platform/x86: thinkpad-acpi: Add error check for tpacpi_check_quirks()

by Wentao Liang

In tpacpi_battery_init(), the return value of tpacpi_check_quirks() needs to be checked. The battery should not be hooked if there is no matched battery information in quirk table. Add an error check and return -ENODEV immediately if the device fail the check. Fixes: 1a32ebb26ba9 ("platform/x86: thinkpad_acpi: Support battery quirk") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Fix double assignment error. drivers/platform/x86/thinkpad_acpi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c index 2cfb2ac3f465..93eaca3bd9d1 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -9973,7 +9973,9 @@ static int __init tpacpi_battery_init(struct ibm_init_struct *ibm) tp_features.battery_force_primary = tpacpi_check_quirks( battery_quirk_table, - ARRAY_SIZE(battery_quirk_table)); + ARRAY_SIZE(battery_quirk_table)) + if (!tp_features.battery_force_primary) + return -ENODEV; battery_hook_register(&battery_hook); return 0; -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH v2 net] net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.

by Kuniyuki Iwashima

When I ran the repro [0] and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by a null-ptr-deref. [1] Reproduction Steps: 1) Mount CIFS 2) Add an iptables rule to drop incoming FIN packets for CIFS 3) Unmount CIFS 4) Unload the CIFS module 5) Remove the iptables rule At step 3), the CIFS module calls sock_release() for the underlying TCP socket, and it returns quickly. However, the socket remains in FIN_WAIT_1 because incoming FIN packets are dropped. At this point, the module's refcnt is 0 while the socket is still alive, so the following rmmod command succeeds. # ss -tan State Recv-Q Send-Q Local Address:Port Peer Address:Port FIN-WAIT-1 0 477 10.0.2.15:51062 10.0.0.137:445 # lsmod | grep cifs cifs 1159168 0 This highlights a discrepancy between the lifetime of the CIFS module and the underlying TCP socket. Even after CIFS calls sock_release() and it returns, the TCP socket does not die immediately in order to close the connection gracefully. While this is generally fine, it causes an issue with LOCKDEP because CIFS assigns a different lock class to the TCP socket's sk->sk_lock using sock_lock_init_class_and_name(). Once an incoming packet is processed for the socket or a timer fires, sk->sk_lock is acquired. Then, LOCKDEP checks the lock context in check_wait_context(), where hlock_class() is called to retrieve the lock class. However, since the module has already been unloaded, hlock_class() logs a warning and returns NULL, triggering the null-ptr-deref. If LOCKDEP is enabled, we must ensure that a module calling sock_lock_init_class_and_name() (CIFS, NFS, etc) cannot be unloaded while such a socket is still alive to prevent this issue. Let's hold the module reference in sock_lock_init_class_and_name() and release it when the socket is freed in __sk_destruct(). Note that sock_lock_init() clears sk->sk_owner for svc_create_socket() that calls sock_lock_init_class_and_name() for a listening socket, which clones a socket by sk_clone_lock() without GFP_ZERO. [0]: CIFS_SERVER="10.0.0.137" CIFS_PATH="//${CIFS_SERVER}/Users/Administrator/Desktop/CIFS_TEST" DEV="enp0s3" CRED="/root/WindowsCredential.txt" MNT=$(mktemp -d /tmp/XXXXXX) mount -t cifs ${CIFS_PATH} ${MNT} -o vers=3.0,credentials=${CRED},cache=none,echo_interval=1 iptables -A INPUT -s ${CIFS_SERVER} -j DROP for i in $(seq 10); do umount ${MNT} rmmod cifs sleep 1 done rm -r ${MNT} iptables -D INPUT -s ${CIFS_SERVER} -j DROP [1]: DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 10 PID: 0 at kernel/locking/lockdep.c:234 hlock_class (kernel/locking/lockdep.c:234 kernel/locking/lockdep.c:223) Modules linked in: cifs_arc4 nls_ucs2_utils cifs_md4 [last unloaded: cifs] CPU: 10 UID: 0 PID: 0 Comm: swapper/10 Not tainted 6.14.0 #36 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:hlock_class (kernel/locking/lockdep.c:234 kernel/locking/lockdep.c:223) ... Call Trace: <IRQ> __lock_acquire (kernel/locking/lockdep.c:4853 kernel/locking/lockdep.c:5178) lock_acquire (kernel/locking/lockdep.c:469 kernel/locking/lockdep.c:5853 kernel/locking/lockdep.c:5816) _raw_spin_lock_nested (kernel/locking/spinlock.c:379) tcp_v4_rcv (./include/linux/skbuff.h:1678 ./include/net/tcp.h:2547 net/ipv4/tcp_ipv4.c:2350) ... BUG: kernel NULL pointer dereference, address: 00000000000000c4 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 10 UID: 0 PID: 0 Comm: swapper/10 Tainted: G W 6.14.0 #36 Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__lock_acquire (kernel/locking/lockdep.c:4852 kernel/locking/lockdep.c:5178) Code: 15 41 09 c7 41 8b 44 24 20 25 ff 1f 00 00 41 09 c7 8b 84 24 a0 00 00 00 45 89 7c 24 20 41 89 44 24 24 e8 e1 bc ff ff 4c 89 e7 <44> 0f b6 b8 c4 00 00 00 e8 d1 bc ff ff 0f b6 80 c5 00 00 00 88 44 RSP: 0018:ffa0000000468a10 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ff1100010091cc38 RCX: 0000000000000027 RDX: ff1100081f09ca48 RSI: 0000000000000001 RDI: ff1100010091cc88 RBP: ff1100010091c200 R08: ff1100083fe6e228 R09: 00000000ffffbfff R10: ff1100081eca0000 R11: ff1100083fe10dc0 R12: ff1100010091cc88 R13: 0000000000000001 R14: 0000000000000000 R15: 00000000000424b1 FS: 0000000000000000(0000) GS:ff1100081f080000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000c4 CR3: 0000000002c4a003 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> lock_acquire (kernel/locking/lockdep.c:469 kernel/locking/lockdep.c:5853 kernel/locking/lockdep.c:5816) _raw_spin_lock_nested (kernel/locking/spinlock.c:379) tcp_v4_rcv (./include/linux/skbuff.h:1678 ./include/net/tcp.h:2547 net/ipv4/tcp_ipv4.c:2350) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1)) ip_local_deliver_finish (./include/linux/rcupdate.h:878 net/ipv4/ip_input.c:234) ip_sublist_rcv_finish (net/ipv4/ip_input.c:576) ip_list_rcv_finish (net/ipv4/ip_input.c:628) ip_list_rcv (net/ipv4/ip_input.c:670) __netif_receive_skb_list_core (net/core/dev.c:5939 net/core/dev.c:5986) netif_receive_skb_list_internal (net/core/dev.c:6040 net/core/dev.c:6129) napi_complete_done (./include/linux/list.h:37 ./include/net/gro.h:519 ./include/net/gro.h:514 net/core/dev.c:6496) e1000_clean (drivers/net/ethernet/intel/e1000/e1000_main.c:3815) __napi_poll.constprop.0 (net/core/dev.c:7191) net_rx_action (net/core/dev.c:7262 net/core/dev.c:7382) handle_softirqs (kernel/softirq.c:561) __irq_exit_rcu (kernel/softirq.c:596 kernel/softirq.c:435 kernel/softirq.c:662) irq_exit_rcu (kernel/softirq.c:680) common_interrupt (arch/x86/kernel/irq.c:280 (discriminator 14)) </IRQ> <TASK> asm_common_interrupt (./arch/x86/include/asm/idtentry.h:693) RIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:744) Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d c3 2b 15 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 RSP: 0018:ffa00000000ffee8 EFLAGS: 00000202 RAX: 000000000000640b RBX: ff1100010091c200 RCX: 0000000000061aa4 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff812f30c5 RBP: 000000000000000a R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ? do_idle (kernel/sched/idle.c:186 kernel/sched/idle.c:325) default_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118) do_idle (kernel/sched/idle.c:186 kernel/sched/idle.c:325) cpu_startup_entry (kernel/sched/idle.c:422 (discriminator 1)) start_secondary (arch/x86/kernel/smpboot.c:315) common_startup_64 (arch/x86/kernel/head_64.S:421) </TASK> Modules linked in: cifs_arc4 nls_ucs2_utils cifs_md4 [last unloaded: cifs] CR2: 00000000000000c4 Fixes: ed07536ed673 ("[PATCH] lockdep: annotate nfs/nfsd in-kernel sockets") Signed-off-by: Kuniyuki Iwashima <kuniyu(a)amazon.com> Cc: stable(a)vger.kernel.org --- v2: * Clear sk_owner in sock_lock_init() * Define helper under the same #if guard * Remove redundant null check before module_put() v1: https://lore.kernel.org/netdev/20250403020837.51664-1-kuniyu@amazon.com/ --- include/net/sock.h | 38 ++++++++++++++++++++++++++++++++++++-- net/core/sock.c | 4 ++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/include/net/sock.h b/include/net/sock.h index 8daf1b3b12c6..4216d7d86150 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -547,6 +547,10 @@ struct sock { struct rcu_head sk_rcu; netns_tracker ns_tracker; struct xarray sk_user_frags; + +#if IS_ENABLED(CONFIG_PROVE_LOCKING) && IS_ENABLED(CONFIG_MODULES) + struct module *sk_owner; +#endif }; struct sock_bh_locked { @@ -1583,6 +1587,35 @@ static inline void sk_mem_uncharge(struct sock *sk, int size) sk_mem_reclaim(sk); } +#if IS_ENABLED(CONFIG_PROVE_LOCKING) && IS_ENABLED(CONFIG_MODULES) +static inline void sk_owner_set(struct sock *sk, struct module *owner) +{ + __module_get(owner); + sk->sk_owner = owner; +} + +static inline void sk_owner_clear(struct sock *sk) +{ + sk->sk_owner = NULL; +} + +static inline void sk_owner_put(struct sock *sk) +{ + module_put(sk->sk_owner); +} +#else +static inline void sk_owner_set(struct sock *sk, struct module *owner) +{ +} + +static inline void sk_owner_clear(struct sock *sk) +{ +} + +static inline void sk_owner_put(struct sock *sk) +{ +} +#endif /* * Macro so as to not evaluate some arguments when * lockdep is not enabled. @@ -1592,13 +1625,14 @@ static inline void sk_mem_uncharge(struct sock *sk, int size) */ #define sock_lock_init_class_and_name(sk, sname, skey, name, key) \ do { \ + sk_owner_set(sk, THIS_MODULE); \ sk->sk_lock.owned = 0; \ init_waitqueue_head(&sk->sk_lock.wq); \ spin_lock_init(&(sk)->sk_lock.slock); \ debug_check_no_locks_freed((void *)&(sk)->sk_lock, \ - sizeof((sk)->sk_lock)); \ + sizeof((sk)->sk_lock)); \ lockdep_set_class_and_name(&(sk)->sk_lock.slock, \ - (skey), (sname)); \ + (skey), (sname)); \ lockdep_init_map(&(sk)->sk_lock.dep_map, (name), (key), 0); \ } while (0) diff --git a/net/core/sock.c b/net/core/sock.c index 323892066def..d426c5f8e20f 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -2130,6 +2130,8 @@ int sk_getsockopt(struct sock *sk, int level, int optname, */ static inline void sock_lock_init(struct sock *sk) { + sk_owner_clear(sk); + if (sk->sk_kern_sock) sock_lock_init_class_and_name( sk, @@ -2324,6 +2326,8 @@ static void __sk_destruct(struct rcu_head *head) __netns_tracker_free(net, &sk->ns_tracker, false); net_passive_dec(net); } + + sk_owner_put(sk); sk_prot_free(sk->sk_prot_creator, sk); } -- 2.48.1

7 months

3
4
0 0

[PATCH v2] platform/x86: amd: pmf: Fix STT limits

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> On some platforms it has been observed that STT limits are not being applied properly causing poor performance as power limits are set too low. STT limits that are sent to the platform are supposed to be in Q8.8 format. Convert them before sending. Reported-by: Yijun Shen <Yijun.Shen(a)dell.com> Fixes: 7c45534afa443 ("platform/x86/amd/pmf: Add support for PMF Policy Binary") Cc: stable(a)vger.kernel.org Tested-By: Yijun Shen <Yijun_Shen(a)Dell.com> Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- v2: * Handle cases for auto-mode, cnqf, and sps as well --- drivers/platform/x86/amd/pmf/auto-mode.c | 4 ++-- drivers/platform/x86/amd/pmf/cnqf.c | 4 ++-- drivers/platform/x86/amd/pmf/sps.c | 8 ++++---- drivers/platform/x86/amd/pmf/tee-if.c | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/platform/x86/amd/pmf/auto-mode.c b/drivers/platform/x86/amd/pmf/auto-mode.c index 02ff68be10d01..df37f8a84a007 100644 --- a/drivers/platform/x86/amd/pmf/auto-mode.c +++ b/drivers/platform/x86/amd/pmf/auto-mode.c @@ -120,9 +120,9 @@ static void amd_pmf_set_automode(struct amd_pmf_dev *dev, int idx, amd_pmf_send_cmd(dev, SET_SPPT_APU_ONLY, false, pwr_ctrl->sppt_apu_only, NULL); amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, pwr_ctrl->stt_min, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, - pwr_ctrl->stt_skin_temp[STT_TEMP_APU], NULL); + pwr_ctrl->stt_skin_temp[STT_TEMP_APU] << 8, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, - pwr_ctrl->stt_skin_temp[STT_TEMP_HS2], NULL); + pwr_ctrl->stt_skin_temp[STT_TEMP_HS2] << 8, NULL); if (is_apmf_func_supported(dev, APMF_FUNC_SET_FAN_IDX)) apmf_update_fan_idx(dev, config_store.mode_set[idx].fan_control.manual, diff --git a/drivers/platform/x86/amd/pmf/cnqf.c b/drivers/platform/x86/amd/pmf/cnqf.c index bc8899e15c914..6a5ecc05961d9 100644 --- a/drivers/platform/x86/amd/pmf/cnqf.c +++ b/drivers/platform/x86/amd/pmf/cnqf.c @@ -81,9 +81,9 @@ static int amd_pmf_set_cnqf(struct amd_pmf_dev *dev, int src, int idx, amd_pmf_send_cmd(dev, SET_SPPT, false, pc->sppt, NULL); amd_pmf_send_cmd(dev, SET_SPPT_APU_ONLY, false, pc->sppt_apu_only, NULL); amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, pc->stt_min, NULL); - amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, pc->stt_skin_temp[STT_TEMP_APU], + amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, pc->stt_skin_temp[STT_TEMP_APU] << 8, NULL); - amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, pc->stt_skin_temp[STT_TEMP_HS2], + amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, pc->stt_skin_temp[STT_TEMP_HS2] << 8, NULL); if (is_apmf_func_supported(dev, APMF_FUNC_SET_FAN_IDX)) diff --git a/drivers/platform/x86/amd/pmf/sps.c b/drivers/platform/x86/amd/pmf/sps.c index d3083383f11fb..ec10db1bfa5ec 100644 --- a/drivers/platform/x86/amd/pmf/sps.c +++ b/drivers/platform/x86/amd/pmf/sps.c @@ -198,9 +198,9 @@ static void amd_pmf_update_slider_v2(struct amd_pmf_dev *dev, int idx) amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, apts_config_store.val[idx].stt_min_limit, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, - apts_config_store.val[idx].stt_skin_temp_limit_apu, NULL); + apts_config_store.val[idx].stt_skin_temp_limit_apu << 8, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, - apts_config_store.val[idx].stt_skin_temp_limit_hs2, NULL); + apts_config_store.val[idx].stt_skin_temp_limit_hs2 << 8, NULL); } void amd_pmf_update_slider(struct amd_pmf_dev *dev, bool op, int idx, @@ -217,9 +217,9 @@ void amd_pmf_update_slider(struct amd_pmf_dev *dev, bool op, int idx, amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, config_store.prop[src][idx].stt_min, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, - config_store.prop[src][idx].stt_skin_temp[STT_TEMP_APU], NULL); + config_store.prop[src][idx].stt_skin_temp[STT_TEMP_APU] << 8, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, - config_store.prop[src][idx].stt_skin_temp[STT_TEMP_HS2], NULL); + config_store.prop[src][idx].stt_skin_temp[STT_TEMP_HS2] << 8, NULL); } else if (op == SLIDER_OP_GET) { amd_pmf_send_cmd(dev, GET_SPL, true, ARG_NONE, &table->prop[src][idx].spl); amd_pmf_send_cmd(dev, GET_FPPT, true, ARG_NONE, &table->prop[src][idx].fppt); diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c index d6a871f0d8ff2..7096923107929 100644 --- a/drivers/platform/x86/amd/pmf/tee-if.c +++ b/drivers/platform/x86/amd/pmf/tee-if.c @@ -142,7 +142,7 @@ static void amd_pmf_apply_policies(struct amd_pmf_dev *dev, struct ta_pmf_enact_ case PMF_POLICY_STT_SKINTEMP_APU: if (dev->prev_data->stt_skintemp_apu != val) { - amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, val, NULL); + amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, val << 8, NULL); dev_dbg(dev->dev, "update STT_SKINTEMP_APU: %u\n", val); dev->prev_data->stt_skintemp_apu = val; } @@ -150,7 +150,7 @@ static void amd_pmf_apply_policies(struct amd_pmf_dev *dev, struct ta_pmf_enact_ case PMF_POLICY_STT_SKINTEMP_HS2: if (dev->prev_data->stt_skintemp_hs2 != val) { - amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, val, NULL); + amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, val << 8, NULL); dev_dbg(dev->dev, "update STT_SKINTEMP_HS2: %u\n", val); dev->prev_data->stt_skintemp_hs2 = val; } -- 2.43.0

7 months

2
3
0 0

Linux 6.1.133

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.133 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6qdl-apalis.dtsi | 10 - arch/arm/mm/fault.c | 8 drivers/counter/microchip-tcb-capture.c | 19 ++ drivers/counter/stm32-lptimer-cnt.c | 24 +- drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c | 2 drivers/hid/hid-plantronics.c | 144 +++++++--------- drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/net/usb/qmi_wwan.c | 2 drivers/net/usb/usbnet.c | 21 +- drivers/tty/serial/8250/8250_dma.c | 2 drivers/tty/serial/8250/8250_pci.c | 46 +++++ drivers/usb/gadget/function/uvc_v4l2.c | 12 + drivers/usb/typec/ucsi/ucsi.c | 13 - net/atm/mpc.c | 2 net/ipv6/netfilter/nf_socket_ipv6.c | 23 ++ sound/pci/hda/patch_realtek.c | 1 sound/usb/mixer_quirks.c | 51 +++++ 19 files changed, 278 insertions(+), 109 deletions(-) Abhishek Tamboli (1): usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c Alex Hung (1): drm/amd/display: Check denominator crb_pipes before used Andrei Kuchynski (1): usb: typec: ucsi: Fix NULL pointer access Cameron Williams (2): tty: serial: 8250: Add some more device IDs tty: serial: 8250: Add Brainboxes XC devices Dhruv Deshpande (1): ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Dominique Martinet (1): net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda (2): net: usb: qmi_wwan: add Telit Cinterion FN990B composition net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabrice Gasnier (1): counter: stm32-lptimer-cnt: fix error handling when enabling Greg Kroah-Hartman (1): Linux 6.1.133 John Keeping (1): serial: 8250_dma: terminate correct DMA in tx_dma_flush() Kees Cook (2): ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() ARM: 9351/1: fault: Add "cut here" line for prefetch aborts Luo Qiu (1): memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Maxim Mikityanskiy (1): netfilter: socket: Lookup orig tuple for IPv6 SNAT Minjoong Kim (1): atm: Fix NULL pointer dereference Stefan Eichenberger (1): ARM: dts: imx6qdl-apalis: Fix poweroff on Apalis iMX6 Terry Junge (2): ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names HID: hid-plantronics: Add mic mute mapping and generalize quirks Uwe Kleine-König (1): media: i2c: et8ek8: Don't strip remove function when driver is builtin William Breathitt Gray (1): counter: microchip-tcb-capture: Fix undefined counter channel state on probe Yanjun Yang (1): ARM: Remove address checking for MMUless devices

7 months

2
2
0 0

[PATCH v4 1/2] HID: amd_sfh: Fix SRA sensor when it's the only sensor

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> On systems that only have an SRA sensor connected to SFH the sensor doesn't get enabled due to a bad optimization condition of breaking the sensor walk loop. This optimization is unnecessary in the first place because if there is only one device then the loop only runs once. Drop the condition and explicitly mark sensor as enabled. Reported-by: Yijun Shen <Yijun.Shen(a)dell.com> Tested-By: Yijun Shen <Yijun_Shen(a)Dell.com> Fixes: d1c444b47100d ("HID: amd_sfh: Add support to export device operating states") Cc: stable(a)vger.kernel.org Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- v2: * Add tag --- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c index 25f0ebfcbd5f5..c1bdf1e0d44af 100644 --- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c +++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c @@ -134,9 +134,6 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata) for (i = 0; i < cl_data->num_hid_devices; i++) { cl_data->sensor_sts[i] = SENSOR_DISABLED; - if (cl_data->num_hid_devices == 1 && cl_data->sensor_idx[0] == SRA_IDX) - break; - if (cl_data->sensor_idx[i] == SRA_IDX) { info.sensor_idx = cl_data->sensor_idx[i]; writel(0, privdata->mmio + amd_get_p2c_val(privdata, 0)); @@ -145,8 +142,10 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata) (privdata, cl_data->sensor_idx[i], ENABLE_SENSOR); cl_data->sensor_sts[i] = (status == 0) ? SENSOR_ENABLED : SENSOR_DISABLED; - if (cl_data->sensor_sts[i] == SENSOR_ENABLED) + if (cl_data->sensor_sts[i] == SENSOR_ENABLED) { + cl_data->is_any_sensor_enabled = true; privdata->dev_en.is_sra_present = true; + } continue; } -- 2.43.0

7 months

1
0
0 0

[PATCH] e1000e: Add error handling for e1e_rphy_locked()

by Wentao Liang

The e1000_suspend_workarounds_ich8lan() calls e1e_rphy_locked to disable the SMB release, but does not check its return value. A proper implementation can be found in e1000_resume_workarounds_pchlan() from /source/drivers/net/ethernet/intel/e1000e/ich8lan.c. Add an error check for e1e_rphy_locked(). Log the error message and jump to 'release' label if the e1e_rphy_locked() fails. Fixes: 2fbe4526e5aa ("e1000e: initial support for i217") Cc: stable(a)vger.kernel.org # v3.5+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/ethernet/intel/e1000e/ich8lan.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index 2f9655cf5dd9..d16e3aa50809 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -5497,7 +5497,11 @@ void e1000_suspend_workarounds_ich8lan(struct e1000_hw *hw) e1e_wphy_locked(hw, I217_SxCTRL, phy_reg); /* Disable the SMB release on LCD reset. */ - e1e_rphy_locked(hw, I217_MEMPWR, &phy_reg); + ret_val = e1e_rphy_locked(hw, I217_MEMPWR, &phy_reg); + if (ret_val) { + e_dbg("Fail to Disable the SMB release on LCD reset."); + goto release; + } phy_reg &= ~I217_MEMPWR_DISABLE_SMB_RELEASE; e1e_wphy_locked(hw, I217_MEMPWR, phy_reg); } -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH 1/2] drm/xe/dma_buf: stop relying on placement in unmap

by Matthew Auld

The is_vram() is checking the current placement, however if we consider exported VRAM with dynamic dma-buf, it looks possible for the xe driver to async evict the memory, notifying the importer, however importer does not have to call unmap_attachment() immediately, but rather just as "soon as possible", like when the dma-resv idles. Following from this we would then pipeline the move, attaching the fence to the manager, and then update the current placement. But when the unmap_attachment() runs at some later point we might see that is_vram() is now false, and take the complete wrong path when dma-unmapping the sg, leading to explosions. To fix this check if the sgl was mapping a struct page. v2: - The attachment can be mapped multiple times it seems, so we can't really rely on encoding something in the attachment->priv. Instead see if the page_link has an encoded struct page. For vram we expect this to be NULL. Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/4563 Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_dma_buf.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_dma_buf.c b/drivers/gpu/drm/xe/xe_dma_buf.c index f67803e15a0e..f7a20264ea33 100644 --- a/drivers/gpu/drm/xe/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/xe_dma_buf.c @@ -145,10 +145,7 @@ static void xe_dma_buf_unmap(struct dma_buf_attachment *attach, struct sg_table *sgt, enum dma_data_direction dir) { - struct dma_buf *dma_buf = attach->dmabuf; - struct xe_bo *bo = gem_to_xe_bo(dma_buf->priv); - - if (!xe_bo_is_vram(bo)) { + if (sg_page(sgt->sgl)) { dma_unmap_sgtable(attach->dev, sgt, dir, 0); sg_free_table(sgt); kfree(sgt); -- 2.49.0

7 months

4
6
0 0

Improving Linux Commit Backporting

by Manthey, Norbert

Dear Linux Stable Maintainers, while maintaining downstream Linux releases, we noticed that we have to backport some patches manually, because they are not picked up by your automated backporting. Some of these backports can be done with improved cherry-pick tooling. We have implemented a script/tool "git- fuzzy-pick" which we would like to share. Besides picking more commits, the tool also supports executing a validation script right after picking, e.g. compiling the modified source file. Picking stats and details are presented below. We would like to discuss whether you can integrate this improved tool into into your daily workflows. We already found the stable-tools repository [1] with some scripts that help automate backporting. To contribute git-fuzzy-pick there, we would need you to declare a license for the current state of this repository. To test backporting performance, we tried to backport stable-candidate patches from 6.12 to 6.1. Specifically, on tag 6.1.125 we executed the command stable show-missing-stable v6.12.12..v6.12.17 to collect patches considered for backporting. This results in 431 backport candidates. When using git-fuzzy-pick, we can pick 9 patches more than with default cherry-picking. All modifications have been validated by attempting to build the object files of the modified C source files with make using the kernels “allyesconfig” configuration. 196 Cherry-picked with --strategy=recursive --Xpatience -x 1 Applied with patch -p1 ... --fuzz=1 8 Applied with patch -p1 ... --fuzz=2 Please let us know how to best share the tool with you! Long term, we would like to integrate it into your backporting workflow, so that more kernel commits can be applied automatically. Best, Norbert [1] https://kernel.googlesource.com/pub/scm/linux/kernel/git/sashal/stable-tool…

7 months

4
7
0 0

[REGRESSION] Chrome and VSCode breakage with the commit b9b588f22a0c

by Takashi Iwai

[ resent due to a wrong address for regression reporting, sorry! ] Hi, we received a bug report showing the regression on 6.13.1 kernel against 6.13.0. The symptom is that Chrome and VSCode stopped working with Gnome Scaling, as reported on openSUSE Tumbleweed bug tracker https://bugzilla.suse.com/show_bug.cgi?id=1236943 Quoting from there: """ I use the latest TW on Gnome with a 4K display and 150% scaling. Everything has been working fine, but recently both Chrome and VSCode (installed from official non-openSUSE channels) stopped working with Scaling. .... I am using VSCode with: `--enable-features=UseOzonePlatform --enable-features=WaylandWindowDecorations --ozone-platform-hint=auto` and for Chrome, I select `Preferred Ozone platform` == `Wayland`. """ Surprisingly, the bisection pointed to the backport of the commit b9b588f22a0c049a14885399e27625635ae6ef91 ("libfs: Use d_children list to iterate simple_offset directories"). Indeed, the revert of this patch on the latest 6.13.4 was confirmed to fix the issue. Also, the reporter verified that the latest 6.14-rc release is still affected, too. For now I have no concrete idea how the patch could break the behavior of a graphical application like the above. Let us know if you need something for debugging. (Or at easiest, join to the bugzilla entry and ask there; or open another bug report at whatever you like.) BTW, I'll be traveling tomorrow, so my reply will be delayed. thanks, Takashi #regzbot introduced: b9b588f22a0c049a14885399e27625635ae6ef91 #regzbot monitor: https://bugzilla.suse.com/show_bug.cgi?id=1236943

7 months

6
29
0 0

6.1-stable fix

by Jens Axboe

Hi, Ran into an issue testing 6.1, which I discovered was introduced by a backport that was done. Here's the fix for it, please add it to the 6.1-stable mix. Thanks! -- Jens Axboe

7 months

2
3
0 0

[PATCH 1/2] drm/simpledrm: Do not upcast in release helpers

by Thomas Zimmermann

The res pointer passed to simpledrm_device_release_clocks() and simpledrm_device_release_regulators() points to an instance of struct simpledrm_device. No need to upcast from struct drm_device. The upcast is harmless, as DRM device is the first field in struct simpledrm_device. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 11e8f5fd223b ("drm: Add simpledrm driver") Cc: <stable(a)vger.kernel.org> # v5.14+ --- drivers/gpu/drm/sysfb/simpledrm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/sysfb/simpledrm.c b/drivers/gpu/drm/sysfb/simpledrm.c index cfb1fe07704d7..78672422bcada 100644 --- a/drivers/gpu/drm/sysfb/simpledrm.c +++ b/drivers/gpu/drm/sysfb/simpledrm.c @@ -275,7 +275,7 @@ static struct simpledrm_device *simpledrm_device_of_dev(struct drm_device *dev) static void simpledrm_device_release_clocks(void *res) { - struct simpledrm_device *sdev = simpledrm_device_of_dev(res); + struct simpledrm_device *sdev = res; unsigned int i; for (i = 0; i < sdev->clk_count; ++i) { @@ -373,7 +373,7 @@ static int simpledrm_device_init_clocks(struct simpledrm_device *sdev) static void simpledrm_device_release_regulators(void *res) { - struct simpledrm_device *sdev = simpledrm_device_of_dev(res); + struct simpledrm_device *sdev = res; unsigned int i; for (i = 0; i < sdev->regulator_count; ++i) { -- 2.49.0

7 months

3
2
0 0

[PATCH v3 1/2] HID: amd_sfh: Fix SRA sensor when it's the only sensor

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> On systems that only have an SRA sensor connected to SFH the sensor doesn't get enabled due to a bad optimization condition of breaking the sensor walk loop. This optimization is unnecessary in the first place because if there is only one device then the loop only runs once. Drop the condition and explicitly mark sensor as enabled. Reported-by: Yijun Shen <Yijun.Shen(a)dell.com> Tested-By: Yijun Shen <Yijun_Shen(a)Dell.com> Fixes: d1c444b47100d ("HID: amd_sfh: Add support to export device operating states") Cc: stable(a)vger.kernel.org Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- v2: * Add tag --- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c index 25f0ebfcbd5f5..c1bdf1e0d44af 100644 --- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c +++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c @@ -134,9 +134,6 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata) for (i = 0; i < cl_data->num_hid_devices; i++) { cl_data->sensor_sts[i] = SENSOR_DISABLED; - if (cl_data->num_hid_devices == 1 && cl_data->sensor_idx[0] == SRA_IDX) - break; - if (cl_data->sensor_idx[i] == SRA_IDX) { info.sensor_idx = cl_data->sensor_idx[i]; writel(0, privdata->mmio + amd_get_p2c_val(privdata, 0)); @@ -145,8 +142,10 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata) (privdata, cl_data->sensor_idx[i], ENABLE_SENSOR); cl_data->sensor_sts[i] = (status == 0) ? SENSOR_ENABLED : SENSOR_DISABLED; - if (cl_data->sensor_sts[i] == SENSOR_ENABLED) + if (cl_data->sensor_sts[i] == SENSOR_ENABLED) { + cl_data->is_any_sensor_enabled = true; privdata->dev_en.is_sra_present = true; + } continue; } -- 2.43.0

7 months

1
0
0 0

[PATCH 1/1] x86/cpu/topology: Don't limit CPUs to 1 for Xen PV guests due to disabled APIC

by Petr Vaněk

Xen PV guests in DomU have APIC disabled by design, which causes topology_apply_cmdline_limits_early() to limit the number of possible CPUs to 1, regardless of the configured number of vCPUs. This is a regression introduced in version 6.9 in commit 7c0edad3643f ("x86/cpu/topology: Rework possible CPU management") which added an early check that limits CPUs if apic_is_disabled, without accounting for the fact that Xen PV guests always disable APIC even when SMP is supported. This patch fixes the issue by skipping the apic_is_disabled check for Xen PV guests, allowing them to boot with the full set of configured vCPUs. Fixes: 7c0edad3643f ("x86/cpu/topology: Rework possible CPU management") Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: x86(a)kernel.org Cc: xen-devel(a)lists.xenproject.org Cc: stable(a)vger.kernel.org # 6.9+ Signed-off-by: Petr Vaněk <arkamar(a)atlas.cz> --- arch/x86/kernel/cpu/topology.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/topology.c b/arch/x86/kernel/cpu/topology.c index 01456236a6dd..10aa7f471ec9 100644 --- a/arch/x86/kernel/cpu/topology.c +++ b/arch/x86/kernel/cpu/topology.c @@ -428,8 +428,13 @@ void __init topology_apply_cmdline_limits_early(void) { unsigned int possible = nr_cpu_ids; - /* 'maxcpus=0' 'nosmp' 'nolapic' */ - if (!setup_max_cpus || apic_is_disabled) + /* 'maxcpus=0' 'nosmp' 'nolapic' + * + * The apic_is_disabled check is ignored for Xen PV domains because Xen + * disables ACPI in unprivileged PV DomU guests, which would otherwise limit + * CPUs to 1, even if multiple vCPUs were configured. + */ + if (!setup_max_cpus || (!xen_pv_domain() && apic_is_disabled)) possible = 1; /* 'possible_cpus=N' */ -- 2.48.1

7 months

2
3
0 0

[PATCH v7] KEYS: Add a list for unreferenced keys

by Jarkko Sakkinen

From: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> Add an isolated list of unreferenced keys to be queued for deletion, and try to pin the keys in the garbage collector before processing anything. Skip unpinnable keys. Use this list for blocking the reaping process during the teardown: 1. First off, the keys added to `keys_graveyard` are snapshotted, and the list is flushed. This the very last step in `key_put()`. 2. `key_put()` reaches zero. This will mark key as busy for the garbage collector. 3. `key_garbage_collector()` will try to increase refcount, which won't go above zero. Whenever this happens, the key will be skipped. Cc: stable(a)vger.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> --- v7: - Fixed multiple definitions (from rebasing, sorry). v6: - Rebase went wrong in v5. v5: - Rebased on top of v6.15-rc - Updated commit message to explain how spin lock and refcount isolate the time window in key_put(). v4: - Pin the key while processing key type teardown. Skip dead keys. - Revert key_gc_graveyard back key_gc_unused_keys. - Rewrote the commit message. - "unsigned long flags" declaration somehow did make to the previous patch (sorry). v3: - Using spin_lock() fails since key_put() is executed inside IRQs. Using spin_lock_irqsave() would neither work given the lock is acquired for /proc/keys. Therefore, separate the lock for graveyard and key_graveyard before reaping key_serial_tree. v2: - Rename key_gc_unused_keys as key_gc_graveyard, and re-document the function. --- include/linux/key.h | 7 ++----- security/keys/gc.c | 40 ++++++++++++++++++++++++---------------- security/keys/internal.h | 5 +++++ security/keys/key.c | 7 +++++-- 4 files changed, 36 insertions(+), 23 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index ba05de8579ec..c50659184bdf 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -195,10 +195,8 @@ enum key_state { struct key { refcount_t usage; /* number of references */ key_serial_t serial; /* key serial number */ - union { - struct list_head graveyard_link; - struct rb_node serial_node; - }; + struct list_head graveyard_link; /* key->usage == 0 */ + struct rb_node serial_node; #ifdef CONFIG_KEY_NOTIFICATIONS struct watch_list *watchers; /* Entities watching this key for changes */ #endif @@ -236,7 +234,6 @@ struct key { #define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */ #define KEY_FLAG_KEEP 8 /* set if key should not be removed */ #define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */ -#define KEY_FLAG_FINAL_PUT 10 /* set if final put has happened on key */ /* the key type and key description string * - the desc is used to match a key against search criteria diff --git a/security/keys/gc.c b/security/keys/gc.c index f27223ea4578..0a3beb68633c 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -189,6 +189,7 @@ static void key_garbage_collector(struct work_struct *work) struct rb_node *cursor; struct key *key; time64_t new_timer, limit, expiry; + unsigned long flags; kenter("[%lx,%x]", key_gc_flags, gc_state); @@ -206,21 +207,35 @@ static void key_garbage_collector(struct work_struct *work) new_timer = TIME64_MAX; + spin_lock_irqsave(&key_graveyard_lock, flags); + list_splice_init(&key_graveyard, &graveyard); + spin_unlock_irqrestore(&key_graveyard_lock, flags); + + list_for_each_entry(key, &graveyard, graveyard_link) { + spin_lock(&key_serial_lock); + kdebug("unrefd key %d", key->serial); + rb_erase(&key->serial_node, &key_serial_tree); + spin_unlock(&key_serial_lock); + } + /* As only this function is permitted to remove things from the key * serial tree, if cursor is non-NULL then it will always point to a * valid node in the tree - even if lock got dropped. */ spin_lock(&key_serial_lock); + key = NULL; cursor = rb_first(&key_serial_tree); continue_scanning: + key_put(key); while (cursor) { key = rb_entry(cursor, struct key, serial_node); cursor = rb_next(cursor); - - if (test_bit(KEY_FLAG_FINAL_PUT, &key->flags)) { - smp_mb(); /* Clobber key->user after FINAL_PUT seen. */ - goto found_unreferenced_key; + /* key_get(), unless zero: */ + if (!refcount_inc_not_zero(&key->usage)) { + key = NULL; + gc_state |= KEY_GC_REAP_AGAIN; + goto skip_dead_key; } if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) { @@ -274,6 +289,7 @@ static void key_garbage_collector(struct work_struct *work) spin_lock(&key_serial_lock); goto continue_scanning; } + key_put(key); /* We've completed the pass. Set the timer if we need to and queue a * new cycle if necessary. We keep executing cycles until we find one @@ -286,6 +302,10 @@ static void key_garbage_collector(struct work_struct *work) key_schedule_gc(new_timer); } + spin_lock(&key_graveyard_lock); + list_splice_init(&key_graveyard, &graveyard); + spin_unlock(&key_graveyard_lock); + if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2) || !list_empty(&graveyard)) { /* Make sure that all pending keyring payload destructions are @@ -328,18 +348,6 @@ static void key_garbage_collector(struct work_struct *work) kleave(" [end %x]", gc_state); return; - /* We found an unreferenced key - once we've removed it from the tree, - * we can safely drop the lock. - */ -found_unreferenced_key: - kdebug("unrefd key %d", key->serial); - rb_erase(&key->serial_node, &key_serial_tree); - spin_unlock(&key_serial_lock); - - list_add_tail(&key->graveyard_link, &graveyard); - gc_state |= KEY_GC_REAP_AGAIN; - goto maybe_resched; - /* We found a restricted keyring and need to update the restriction if * it is associated with the dead key type. */ diff --git a/security/keys/internal.h b/security/keys/internal.h index 2cffa6dc8255..4e3d9b322390 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -63,9 +63,14 @@ struct key_user { int qnbytes; /* number of bytes allocated to this user */ }; +extern struct list_head key_graveyard; +extern spinlock_t key_graveyard_lock; + extern struct rb_root key_user_tree; extern spinlock_t key_user_lock; extern struct key_user root_key_user; +extern struct list_head key_graveyard; +extern spinlock_t key_graveyard_lock; extern struct key_user *key_user_lookup(kuid_t uid); extern void key_user_put(struct key_user *user); diff --git a/security/keys/key.c b/security/keys/key.c index 7198cd2ac3a3..7511f2017b6b 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -22,6 +22,8 @@ DEFINE_SPINLOCK(key_serial_lock); struct rb_root key_user_tree; /* tree of quota records indexed by UID */ DEFINE_SPINLOCK(key_user_lock); +LIST_HEAD(key_graveyard); +DEFINE_SPINLOCK(key_graveyard_lock); unsigned int key_quota_root_maxkeys = 1000000; /* root's key count quota */ unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */ @@ -658,8 +660,9 @@ void key_put(struct key *key) key->user->qnbytes -= key->quotalen; spin_unlock_irqrestore(&key->user->lock, flags); } - smp_mb(); /* key->user before FINAL_PUT set. */ - set_bit(KEY_FLAG_FINAL_PUT, &key->flags); + spin_lock_irqsave(&key_graveyard_lock, flags); + list_add_tail(&key->graveyard_link, &key_graveyard); + spin_unlock_irqrestore(&key_graveyard_lock, flags); schedule_work(&key_gc_work); } } -- 2.39.5

7 months

2
5
0 0

[PATCH v6] staging: rtl8723bs: Add error handling for sd_read()

by Wentao Liang

The sdio_read32() calls sd_read(), but does not handle the error if sd_read() fails. This could lead to subsequent operations processing invalid data. A proper implementation can be found in sdio_readN(). Add error handling for the sd_read() to free tmpbuf and return error code if sd_read() fails. This ensure that the memcpy() is only performed when the read operation is successful. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v6: Fix improper code to propagate error code v5: Fix error code v4: Add change log and fix error code v3: Add Cc flag v2: Change code to initialize val drivers/staging/rtl8723bs/hal/sdio_ops.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c b/drivers/staging/rtl8723bs/hal/sdio_ops.c index 21e9f1858745..eb21c7e55949 100644 --- a/drivers/staging/rtl8723bs/hal/sdio_ops.c +++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c @@ -185,7 +185,12 @@ static u32 sdio_read32(struct intf_hdl *intfhdl, u32 addr) return SDIO_ERR_VAL32; ftaddr &= ~(u16)0x3; - sd_read(intfhdl, ftaddr, 8, tmpbuf); + err = sd_read(intfhdl, ftaddr, 8, tmpbuf); + if (err) { + kfree(tmpbuf); + return (u32)err; + } + memcpy(&le_tmp, tmpbuf + shift, 4); val = le32_to_cpu(le_tmp); -- 2.42.0.windows.2

7 months

3
3
0 0

[PATCH 1/2] drm/i915: Schedule the HPD poll init work on an unbound workqueue

by Imre Deak

Disabling HPD polling from i915_hpd_poll_init_work() involves probing all display connectors explicitly to account for lost hotplug interrupts. On some platforms (mostly pre-ICL) with HDMI connectors the I2C EDID bit-banging using udelay() triggers in turn the workqueue: i915_hpd_poll_init_work [i915] hogged CPU for >10000us 4 times, consider switching to WQ_UNBOUND warning. Fix the above by scheduling i915_hpd_poll_init_work() on a WQ_UNBOUND workqueue. It's ok to use a system WQ, since i915_hpd_poll_init_work() is properly flushed in intel_hpd_cancel_work(). The connector probing from drm_mode_config::output_poll_work resulting in the same warning is fixed by the next patch. Cc: Tejun Heo <tj(a)kernel.org> Cc: Heiner Kallweit <hkallweit1(a)gmail.com> CC: stable(a)vger.kernel.org # 6.5 Suggested-by: Tejun Heo <tj(a)kernel.org> Suggested-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reported-by: Heiner Kallweit <hkallweit1(a)gmail.com> Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/9245 Link: https://lore.kernel.org/all/f7e21caa-e98d-e5b5-932a-fe12d27fde9b@gmail.com Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/display/intel_hotplug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_hotplug.c b/drivers/gpu/drm/i915/display/intel_hotplug.c index e8562f6f8bb44..accc2fec562a0 100644 --- a/drivers/gpu/drm/i915/display/intel_hotplug.c +++ b/drivers/gpu/drm/i915/display/intel_hotplug.c @@ -774,7 +774,7 @@ void intel_hpd_poll_enable(struct drm_i915_private *dev_priv) * As well, there's no issue if we race here since we always reschedule * this worker anyway */ - queue_work(dev_priv->unordered_wq, + queue_work(system_unbound_wq, &dev_priv->display.hotplug.poll_init_work); } @@ -803,7 +803,7 @@ void intel_hpd_poll_disable(struct drm_i915_private *dev_priv) return; WRITE_ONCE(dev_priv->display.hotplug.poll_enabled, false); - queue_work(dev_priv->unordered_wq, + queue_work(system_unbound_wq, &dev_priv->display.hotplug.poll_init_work); } -- 2.37.2

7 months

4
5
0 0

[PATCH] platform/x86: thinkpad-acpi: Add error handling for tpacpi_check_quirks

by Wentao Liang

In tpacpi_battery_init(), the return value of tpacpi_check_quirks() needs to be checked. The battery should not be hooked if there is no matched battery information in quirk table. Add an error check and return -ENODEV immediately if the device fail the check. Fixes: 1a32ebb26ba9 ("platform/x86: thinkpad_acpi: Support battery quirk") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/platform/x86/thinkpad_acpi.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c index 2cfb2ac3f465..a3227f60aa43 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -9969,11 +9969,15 @@ static const struct tpacpi_quirk battery_quirk_table[] __initconst = { static int __init tpacpi_battery_init(struct ibm_init_struct *ibm) { + unsigned long r; + memset(&battery_info, 0, sizeof(battery_info)); - tp_features.battery_force_primary = tpacpi_check_quirks( + r = tp_features.battery_force_primary = tpacpi_check_quirks( battery_quirk_table, ARRAY_SIZE(battery_quirk_table)); + if (!r) + return -ENODEV; battery_hook_register(&battery_hook); return 0; -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH 5.15.y 0/1] Manual Backport of 099606a7b2d5 to 5.15

by Harshvardhan Jha

The patch 099606a7b2d5 didn't cleanly apply to 5.15 due to the significant difference in codebases. I've tried to manually bring it back to 5.15 via some minor conflict resolution but also invoking the newly introduced API using inverted logic as the conditional statements present in 5.15 are the opposite of those in 6.1 xen/swiotlib. Harshvardhan Jha (1): xen/swiotlb: relax alignment requirements drivers/xen/swiotlb-xen.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) -- 2.47.1

7 months

2
3
0 0

[PATCH v2 1/1] phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking

by Wayne Chang

The current implementation uses bias_pad_enable as a reference count to manage the shared bias pad for all UTMI PHYs. However, during system suspension with connected USB devices, multiple power-down requests for the UTMI pad result in a mismatch in the reference count, which in turn produces warnings such as: [ 237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763103] Call trace: [ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30 [ 237.763110] phy_power_off+0x48/0x100 [ 237.763113] tegra_xusb_enter_elpg+0x204/0x500 [ 237.763119] tegra_xusb_suspend+0x48/0x140 [ 237.763122] platform_pm_suspend+0x2c/0xb0 [ 237.763125] dpm_run_callback.isra.0+0x20/0xa0 [ 237.763127] __device_suspend+0x118/0x330 [ 237.763129] dpm_suspend+0x10c/0x1f0 [ 237.763130] dpm_suspend_start+0x88/0xb0 [ 237.763132] suspend_devices_and_enter+0x120/0x500 [ 237.763135] pm_suspend+0x1ec/0x270 The root cause was traced back to the dynamic power-down changes introduced in commit a30951d31b25 ("xhci: tegra: USB2 pad power controls"), where the UTMI pad was being powered down without verifying its current state. This unbalanced behavior led to discrepancies in the reference count. To rectify this issue, this patch replaces the single reference counter with a bitmask, renamed to utmi_pad_enabled. Each bit in the mask corresponds to one of the four USB2 PHYs, allowing us to track each pad's enablement status individually. With this change: - The bias pad is powered on only when the mask is clear. - Each UTMI pad is powered on or down based on its corresponding bit in the mask, preventing redundant operations. - The overall power state of the shared bias pad is maintained correctly during suspend/resume cycles. Cc: stable(a)vger.kernel.org Fixes: a30951d31b25 ("xhci: tegra: USB2 pad power controls") Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- V1 -> V2: holding the padctl->lock to protect shared bitmask drivers/phy/tegra/xusb-tegra186.c | 44 +++++++++++++++++++------------ 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index fae6242aa730..cc7b8a6a999f 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -237,6 +237,8 @@ #define DATA0_VAL_PD BIT(1) #define USE_XUSB_AO BIT(4) +#define TEGRA_UTMI_PAD_MAX 4 + #define TEGRA186_LANE(_name, _offset, _shift, _mask, _type) \ { \ .name = _name, \ @@ -269,7 +271,7 @@ struct tegra186_xusb_padctl { /* UTMI bias and tracking */ struct clk *usb2_trk_clk; - unsigned int bias_pad_enable; + DECLARE_BITMAP(utmi_pad_enabled, TEGRA_UTMI_PAD_MAX); /* padctl context */ struct tegra186_xusb_padctl_context context; @@ -603,12 +605,8 @@ static void tegra186_utmi_bias_pad_power_on(struct tegra_xusb_padctl *padctl) u32 value; int err; - mutex_lock(&padctl->lock); - - if (priv->bias_pad_enable++ > 0) { - mutex_unlock(&padctl->lock); + if (!bitmap_empty(priv->utmi_pad_enabled, TEGRA_UTMI_PAD_MAX)) return; - } err = clk_prepare_enable(priv->usb2_trk_clk); if (err < 0) @@ -667,17 +665,8 @@ static void tegra186_utmi_bias_pad_power_off(struct tegra_xusb_padctl *padctl) struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl); u32 value; - mutex_lock(&padctl->lock); - - if (WARN_ON(priv->bias_pad_enable == 0)) { - mutex_unlock(&padctl->lock); - return; - } - - if (--priv->bias_pad_enable > 0) { - mutex_unlock(&padctl->lock); + if (!bitmap_empty(priv->utmi_pad_enabled, TEGRA_UTMI_PAD_MAX)) return; - } value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL1); value |= USB2_PD_TRK; @@ -690,13 +679,13 @@ static void tegra186_utmi_bias_pad_power_off(struct tegra_xusb_padctl *padctl) clk_disable_unprepare(priv->usb2_trk_clk); } - mutex_unlock(&padctl->lock); } static void tegra186_utmi_pad_power_on(struct phy *phy) { struct tegra_xusb_lane *lane = phy_get_drvdata(phy); struct tegra_xusb_padctl *padctl = lane->pad->padctl; + struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl); struct tegra_xusb_usb2_port *port; struct device *dev = padctl->dev; unsigned int index = lane->index; @@ -705,9 +694,16 @@ static void tegra186_utmi_pad_power_on(struct phy *phy) if (!phy) return; + mutex_lock(&padctl->lock); + if (test_bit(index, priv->utmi_pad_enabled)) { + mutex_unlock(&padctl->lock); + return; + } + port = tegra_xusb_find_usb2_port(padctl, index); if (!port) { dev_err(dev, "no port found for USB2 lane %u\n", index); + mutex_unlock(&padctl->lock); return; } @@ -724,18 +720,28 @@ static void tegra186_utmi_pad_power_on(struct phy *phy) value = padctl_readl(padctl, XUSB_PADCTL_USB2_OTG_PADX_CTL1(index)); value &= ~USB2_OTG_PD_DR; padctl_writel(padctl, value, XUSB_PADCTL_USB2_OTG_PADX_CTL1(index)); + + set_bit(index, priv->utmi_pad_enabled); + mutex_unlock(&padctl->lock); } static void tegra186_utmi_pad_power_down(struct phy *phy) { struct tegra_xusb_lane *lane = phy_get_drvdata(phy); struct tegra_xusb_padctl *padctl = lane->pad->padctl; + struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl); unsigned int index = lane->index; u32 value; if (!phy) return; + mutex_lock(&padctl->lock); + if (!test_bit(index, priv->utmi_pad_enabled)) { + mutex_unlock(&padctl->lock); + return; + } + dev_dbg(padctl->dev, "power down UTMI pad %u\n", index); value = padctl_readl(padctl, XUSB_PADCTL_USB2_OTG_PADX_CTL0(index)); @@ -748,7 +754,11 @@ static void tegra186_utmi_pad_power_down(struct phy *phy) udelay(2); + clear_bit(index, priv->utmi_pad_enabled); + tegra186_utmi_bias_pad_power_off(padctl); + + mutex_unlock(&padctl->lock); } static int tegra186_xusb_padctl_vbus_override(struct tegra_xusb_padctl *padctl, -- 2.25.1

7 months

2
2
0 0

[PATCH 6.1.y] net/sched: act_mirred: don't override retval if we already lost the skb

by jianqi.ren.cn＠windriver.com

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 ] If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it. Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> Fixes: e5cf1baf92cb ("act_mirred: use TC_ACT_REINSERT when possible") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/sched/act_mirred.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 36395e5db3b4..df64acc8acde 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -259,13 +259,13 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, dev = rcu_dereference_bh(m->tcfm_dev); if (unlikely(!dev)) { pr_notice_once("tc mirred: target device is gone\n"); - goto out; + goto err_cant_do; } if (unlikely(!(dev->flags & IFF_UP)) || !netif_carrier_ok(dev)) { net_notice_ratelimited("tc mirred to Houston: device %s is down\n", dev->name); - goto out; + goto err_cant_do; } /* we could easily avoid the clone only if called by ingress and clsact; @@ -279,7 +279,7 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, if (!use_reinsert) { skb2 = skb_clone(skb, GFP_ATOMIC); if (!skb2) - goto out; + goto err_cant_do; } want_ingress = tcf_mirred_act_wants_ingress(m_eaction); @@ -321,12 +321,16 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, } err = tcf_mirred_forward(want_ingress, skb2); - if (err) { -out: + if (err) tcf_action_inc_overlimit_qstats(&m->common); - if (tcf_mirred_is_act_redirect(m_eaction)) - retval = TC_ACT_SHOT; - } + __this_cpu_dec(mirred_nest_level); + + return retval; + +err_cant_do: + if (is_redirect) + retval = TC_ACT_SHOT; + tcf_action_inc_overlimit_qstats(&m->common); __this_cpu_dec(mirred_nest_level); return retval; -- 2.34.1

7 months

1
0
0 0

[PATCH] sfc: Add error handling for devlink_info_serial_number_put()

by Wentao Liang

In efx_devlink_info_board_cfg(), the return value of devlink_info_serial_number_put() needs to be checked. This could result in silent failures if the function failed. Add error checking for efx_devlink_info_board_cfg() and propagate any errors immediately to ensure proper error handling and prevents silent failures. Fixes: 14743ddd2495 ("sfc: add devlink info support for ef100") Cc: stable(a)vger.kernel.org # v6.3+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/ethernet/sfc/efx_devlink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/sfc/efx_devlink.c b/drivers/net/ethernet/sfc/efx_devlink.c index 3cd750820fdd..17279bbd81d5 100644 --- a/drivers/net/ethernet/sfc/efx_devlink.c +++ b/drivers/net/ethernet/sfc/efx_devlink.c @@ -581,12 +581,14 @@ static int efx_devlink_info_board_cfg(struct efx_nic *efx, { char sn[EFX_MAX_SERIALNUM_LEN]; u8 mac_address[ETH_ALEN]; - int rc; + int rc, err; rc = efx_mcdi_get_board_cfg(efx, (u8 *)mac_address, NULL, NULL); if (!rc) { snprintf(sn, EFX_MAX_SERIALNUM_LEN, "%pm", mac_address); - devlink_info_serial_number_put(req, sn); + err = devlink_info_serial_number_put(req, sn); + if (err) + return err; } return rc; } -- 2.42.0.windows.2

7 months

3
2
0 0

[PATCH v3] x86/xen: fix balloon target initialization for PVH dom0

by Roger Pau Monne

PVH dom0 re-uses logic from PV dom0, in which RAM ranges not assigned to dom0 are re-used as scratch memory to map foreign and grant pages. Such logic relies on reporting those unpopulated ranges as RAM to Linux, and mark them as reserved. This way Linux creates the underlying page structures required for metadata management. Such approach works fine on PV because the initial balloon target is calculated using specific Xen data, that doesn't take into account the memory type changes described above. However on HVM and PVH the initial balloon target is calculated using get_num_physpages(), and that function does take into account the unpopulated RAM regions used as scratch space for remote domain mappings. This leads to PVH dom0 having an incorrect initial balloon target, which causes malfunction (excessive memory freeing) of the balloon driver if the dom0 memory target is later adjusted from the toolstack. Fix this by using xen_released_pages to account for any pages that are part of the memory map, but are already unpopulated when the balloon driver is initialized. This accounts for any regions used for scratch remote mappings. Note on x86 xen_released_pages definition is moved to enlighten.c so it's uniformly available for all Xen-enabled builds. Take the opportunity to unify PV with PVH/HVM guests regarding the usage of get_num_physpages(), as that avoids having to add different logic for PV vs PVH in both balloon_add_regions() and arch_xen_unpopulated_init(). Much like a6aa4eb994ee, the code in this changeset should have been part of 38620fc4e893. Fixes: a6aa4eb994ee ('xen/x86: add extra pages to unpopulated-alloc if available') Signed-off-by: Roger Pau Monné <roger.pau(a)citrix.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Cc: stable(a)vger.kernel.org --- Changes since v2: - For x86: Move xen_released_pages definition from setup.c (PV specific) to enlighten.c (shared between all guest modes). Changes since v1: - Replace BUG_ON() with a WARN and failure to initialize the balloon driver. --- arch/x86/xen/enlighten.c | 10 ++++++++++ arch/x86/xen/setup.c | 3 --- drivers/xen/balloon.c | 34 ++++++++++++++++++++++++---------- 3 files changed, 34 insertions(+), 13 deletions(-) diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c index 43dcd8c7badc..1b7710bd0d05 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -70,6 +70,9 @@ EXPORT_SYMBOL(xen_start_flags); */ struct shared_info *HYPERVISOR_shared_info = &xen_dummy_shared_info; +/* Number of pages released from the initial allocation. */ +unsigned long xen_released_pages; + static __ref void xen_get_vendor(void) { init_cpu_devs(); @@ -466,6 +469,13 @@ int __init arch_xen_unpopulated_init(struct resource **res) xen_free_unpopulated_pages(1, &pg); } + /* + * Account for the region being in the physmap but unpopulated. + * The value in xen_released_pages is used by the balloon + * driver to know how much of the physmap is unpopulated and + * set an accurate initial memory target. + */ + xen_released_pages += xen_extra_mem[i].n_pfns; /* Zero so region is not also added to the balloon driver. */ xen_extra_mem[i].n_pfns = 0; } diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c index c3db71d96c43..3823e52aef52 100644 --- a/arch/x86/xen/setup.c +++ b/arch/x86/xen/setup.c @@ -37,9 +37,6 @@ #define GB(x) ((uint64_t)(x) * 1024 * 1024 * 1024) -/* Number of pages released from the initial allocation. */ -unsigned long xen_released_pages; - /* Memory map would allow PCI passthrough. */ bool xen_pv_pci_possible; diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c index 163f7f1d70f1..ee165f4f7fe6 100644 --- a/drivers/xen/balloon.c +++ b/drivers/xen/balloon.c @@ -675,7 +675,7 @@ void xen_free_ballooned_pages(unsigned int nr_pages, struct page **pages) } EXPORT_SYMBOL(xen_free_ballooned_pages); -static void __init balloon_add_regions(void) +static int __init balloon_add_regions(void) { unsigned long start_pfn, pages; unsigned long pfn, extra_pfn_end; @@ -698,26 +698,38 @@ static void __init balloon_add_regions(void) for (pfn = start_pfn; pfn < extra_pfn_end; pfn++) balloon_append(pfn_to_page(pfn)); - balloon_stats.total_pages += extra_pfn_end - start_pfn; + /* + * Extra regions are accounted for in the physmap, but need + * decreasing from current_pages to balloon down the initial + * allocation, because they are already accounted for in + * total_pages. + */ + if (extra_pfn_end - start_pfn >= balloon_stats.current_pages) { + WARN(1, "Extra pages underflow current target"); + return -ERANGE; + } + balloon_stats.current_pages -= extra_pfn_end - start_pfn; } + + return 0; } static int __init balloon_init(void) { struct task_struct *task; + int rc; if (!xen_domain()) return -ENODEV; pr_info("Initialising balloon driver\n"); -#ifdef CONFIG_XEN_PV - balloon_stats.current_pages = xen_pv_domain() - ? min(xen_start_info->nr_pages - xen_released_pages, max_pfn) - : get_num_physpages(); -#else - balloon_stats.current_pages = get_num_physpages(); -#endif + if (xen_released_pages >= get_num_physpages()) { + WARN(1, "Released pages underflow current target"); + return -ERANGE; + } + + balloon_stats.current_pages = get_num_physpages() - xen_released_pages; balloon_stats.target_pages = balloon_stats.current_pages; balloon_stats.balloon_low = 0; balloon_stats.balloon_high = 0; @@ -734,7 +746,9 @@ static int __init balloon_init(void) register_sysctl_init("xen/balloon", balloon_table); #endif - balloon_add_regions(); + rc = balloon_add_regions(); + if (rc) + return rc; task = kthread_run(balloon_thread, NULL, "xen-balloon"); if (IS_ERR(task)) { -- 2.48.1

7 months

1
0
0 0

Linux 6.14.1

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.1 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/counter/microchip-tcb-capture.c | 19 +++ drivers/counter/stm32-lptimer-cnt.c | 24 +++-- drivers/hid/hid-plantronics.c | 144 +++++++++++++----------------- drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/net/usb/qmi_wwan.c | 2 drivers/net/usb/usbnet.c | 21 +++- drivers/tty/serial/8250/8250_dma.c | 2 drivers/tty/serial/8250/8250_pci.c | 46 +++++++++ drivers/tty/serial/fsl_lpuart.c | 17 +++ drivers/tty/serial/stm32-usart.c | 4 drivers/usb/host/xhci-ring.c | 4 drivers/usb/host/xhci.h | 13 ++ kernel/cgroup/rstat.c | 29 ++---- net/atm/mpc.c | 2 net/ipv6/netfilter/nf_socket_ipv6.c | 23 ++++ sound/pci/hda/patch_realtek.c | 2 sound/usb/mixer_quirks.c | 51 ++++++++++ tools/perf/Documentation/intel-hybrid.txt | 12 +- tools/perf/Documentation/perf-list.txt | 2 tools/perf/arch/x86/util/iostat.c | 2 tools/perf/builtin-stat.c | 2 tools/perf/util/mem-events.c | 2 tools/perf/util/pmu.c | 4 24 files changed, 303 insertions(+), 127 deletions(-) Abel Wu (1): cgroup/rstat: Fix forceidle time in cpu.stat Andres Traumann (1): ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA Cameron Williams (2): tty: serial: 8250: Add some more device IDs tty: serial: 8250: Add Brainboxes XC devices Cheick Traore (1): serial: stm32: do not deassert RS485 RTS GPIO prematurely Dhruv Deshpande (1): ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Dominique Martinet (1): net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda (2): net: usb: qmi_wwan: add Telit Cinterion FN990B composition net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabrice Gasnier (1): counter: stm32-lptimer-cnt: fix error handling when enabling Greg Kroah-Hartman (2): perf tools: Fix up some comments and code to properly use the event_source bus Linux 6.14.1 John Keeping (1): serial: 8250_dma: terminate correct DMA in tx_dma_flush() Luo Qiu (1): memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Maxim Mikityanskiy (1): netfilter: socket: Lookup orig tuple for IPv6 SNAT Michal Pecio (2): usb: xhci: Don't skip on Stopped - Length Invalid usb: xhci: Apply the link chain quirk on NEC isoc endpoints Minjoong Kim (1): atm: Fix NULL pointer dereference Sherry Sun (1): tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Terry Junge (2): ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names HID: hid-plantronics: Add mic mute mapping and generalize quirks William Breathitt Gray (1): counter: microchip-tcb-capture: Fix undefined counter channel state on probe

7 months

1
1
0 0

Linux 6.13.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.10 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/counter/microchip-tcb-capture.c | 19 +++ drivers/counter/stm32-lptimer-cnt.c | 24 +++-- drivers/hid/hid-plantronics.c | 144 +++++++++++++----------------- drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/net/usb/qmi_wwan.c | 2 drivers/net/usb/usbnet.c | 21 +++- drivers/tty/serial/8250/8250_dma.c | 2 drivers/tty/serial/8250/8250_pci.c | 46 +++++++++ drivers/tty/serial/fsl_lpuart.c | 17 +++ drivers/tty/serial/stm32-usart.c | 4 drivers/usb/host/xhci-ring.c | 4 drivers/usb/host/xhci.h | 13 ++ fs/bcachefs/fs-ioctl.c | 6 - fs/nfsd/nfs4recover.c | 1 kernel/cgroup/rstat.c | 29 ++---- net/atm/mpc.c | 2 net/ipv6/netfilter/nf_socket_ipv6.c | 23 ++++ sound/pci/hda/patch_realtek.c | 2 sound/usb/mixer_quirks.c | 51 ++++++++++ tools/perf/Documentation/intel-hybrid.txt | 12 +- tools/perf/Documentation/perf-list.txt | 2 tools/perf/arch/x86/util/iostat.c | 2 tools/perf/builtin-stat.c | 2 tools/perf/util/mem-events.c | 2 tools/perf/util/pmu.c | 4 26 files changed, 307 insertions(+), 130 deletions(-) Abel Wu (1): cgroup/rstat: Fix forceidle time in cpu.stat Andres Traumann (1): ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA Cameron Williams (2): tty: serial: 8250: Add some more device IDs tty: serial: 8250: Add Brainboxes XC devices Cheick Traore (1): serial: stm32: do not deassert RS485 RTS GPIO prematurely Dhruv Deshpande (1): ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Dominique Martinet (1): net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda (2): net: usb: qmi_wwan: add Telit Cinterion FN990B composition net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabrice Gasnier (1): counter: stm32-lptimer-cnt: fix error handling when enabling Greg Kroah-Hartman (2): perf tools: Fix up some comments and code to properly use the event_source bus Linux 6.13.10 John Keeping (1): serial: 8250_dma: terminate correct DMA in tx_dma_flush() Kent Overstreet (1): bcachefs: bch2_ioctl_subvolume_destroy() fixes Luo Qiu (1): memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Maxim Mikityanskiy (1): netfilter: socket: Lookup orig tuple for IPv6 SNAT Michal Pecio (2): usb: xhci: Don't skip on Stopped - Length Invalid usb: xhci: Apply the link chain quirk on NEC isoc endpoints Minjoong Kim (1): atm: Fix NULL pointer dereference Scott Mayhew (1): nfsd: fix legacy client tracking initialization Sherry Sun (1): tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Terry Junge (2): ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names HID: hid-plantronics: Add mic mute mapping and generalize quirks William Breathitt Gray (1): counter: microchip-tcb-capture: Fix undefined counter channel state on probe

7 months

1
1
0 0

Linux 6.12.22

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.22 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/counter/microchip-tcb-capture.c | 19 ++ drivers/counter/stm32-lptimer-cnt.c | 24 ++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 -- drivers/hid/hid-plantronics.c | 144 ++++++++++------------ drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/net/usb/qmi_wwan.c | 2 drivers/net/usb/usbnet.c | 21 ++- drivers/tty/serial/8250/8250_dma.c | 2 drivers/tty/serial/8250/8250_pci.c | 46 +++++++ drivers/tty/serial/fsl_lpuart.c | 17 ++ drivers/tty/serial/stm32-usart.c | 4 drivers/usb/host/xhci-ring.c | 4 drivers/usb/host/xhci.h | 13 + fs/bcachefs/fs-ioctl.c | 6 fs/nfsd/nfs4recover.c | 1 net/atm/mpc.c | 2 net/ipv6/netfilter/nf_socket_ipv6.c | 23 +++ sound/pci/hda/patch_realtek.c | 1 sound/usb/mixer_quirks.c | 51 +++++++ tools/perf/Documentation/intel-hybrid.txt | 12 - tools/perf/Documentation/perf-list.txt | 2 tools/perf/arch/x86/util/iostat.c | 2 tools/perf/builtin-stat.c | 2 tools/perf/util/mem-events.c | 2 tools/perf/util/pmu.c | 4 26 files changed, 297 insertions(+), 126 deletions(-) Cameron Williams (2): tty: serial: 8250: Add some more device IDs tty: serial: 8250: Add Brainboxes XC devices Cheick Traore (1): serial: stm32: do not deassert RS485 RTS GPIO prematurely Dhruv Deshpande (1): ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Dominique Martinet (1): net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda (2): net: usb: qmi_wwan: add Telit Cinterion FN990B composition net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabrice Gasnier (1): counter: stm32-lptimer-cnt: fix error handling when enabling Greg Kroah-Hartman (2): perf tools: Fix up some comments and code to properly use the event_source bus Linux 6.12.22 John Keeping (1): serial: 8250_dma: terminate correct DMA in tx_dma_flush() Kent Overstreet (1): bcachefs: bch2_ioctl_subvolume_destroy() fixes Luo Qiu (1): memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Maxim Mikityanskiy (1): netfilter: socket: Lookup orig tuple for IPv6 SNAT Michal Pecio (2): usb: xhci: Don't skip on Stopped - Length Invalid usb: xhci: Apply the link chain quirk on NEC isoc endpoints Minjoong Kim (1): atm: Fix NULL pointer dereference Scott Mayhew (1): nfsd: fix legacy client tracking initialization Sherry Sun (1): tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Terry Junge (2): ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names HID: hid-plantronics: Add mic mute mapping and generalize quirks Wayne Lin (1): drm/amd/display: Don't write DP_MSTM_CTRL after LT William Breathitt Gray (1): counter: microchip-tcb-capture: Fix undefined counter channel state on probe

7 months

1
1
0 0

Linux 6.6.86

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.86 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mm/fault.c | 8 drivers/counter/microchip-tcb-capture.c | 19 ++ drivers/counter/stm32-lptimer-cnt.c | 24 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 - drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c | 2 drivers/gpu/drm/display/drm_dp_mst_topology.c | 36 +++- drivers/hid/hid-plantronics.c | 144 +++++++--------- drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/net/usb/qmi_wwan.c | 2 drivers/net/usb/usbnet.c | 21 +- drivers/reset/starfive/reset-starfive-jh71x0.c | 3 drivers/tty/serial/8250/8250_dma.c | 2 drivers/tty/serial/8250/8250_pci.c | 46 +++++ drivers/tty/serial/fsl_lpuart.c | 17 + drivers/ufs/host/ufs-qcom.c | 4 drivers/usb/gadget/function/uvc_v4l2.c | 12 + include/drm/display/drm_dp_mst_helper.h | 2 mm/page_alloc.c | 14 + net/atm/mpc.c | 2 net/ipv6/netfilter/nf_socket_ipv6.c | 23 ++ sound/pci/hda/patch_realtek.c | 1 sound/usb/mixer_quirks.c | 51 +++++ 23 files changed, 339 insertions(+), 113 deletions(-) Abhishek Tamboli (1): usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c Alex Hung (1): drm/amd/display: Check denominator crb_pipes before used Cameron Williams (2): tty: serial: 8250: Add some more device IDs tty: serial: 8250: Add Brainboxes XC devices Changhuang Liang (1): reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC Dhruv Deshpande (1): ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Dominique Martinet (1): net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda (2): net: usb: qmi_wwan: add Telit Cinterion FN990B composition net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabrice Gasnier (1): counter: stm32-lptimer-cnt: fix error handling when enabling Greg Kroah-Hartman (1): Linux 6.6.86 Imre Deak (2): drm/dp_mst: Factor out function to queue a topology probe work drm/dp_mst: Add a helper to queue a topology probe John Keeping (1): serial: 8250_dma: terminate correct DMA in tx_dma_flush() Kees Cook (2): ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() ARM: 9351/1: fault: Add "cut here" line for prefetch aborts Kirill A. Shutemov (1): mm/page_alloc: fix memory accept before watermarks gets initialized Luo Qiu (1): memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Manivannan Sadhasivam (1): scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Maxim Mikityanskiy (1): netfilter: socket: Lookup orig tuple for IPv6 SNAT Minjoong Kim (1): atm: Fix NULL pointer dereference Sherry Sun (1): tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Terry Junge (2): ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names HID: hid-plantronics: Add mic mute mapping and generalize quirks Wayne Lin (1): drm/amd/display: Don't write DP_MSTM_CTRL after LT William Breathitt Gray (1): counter: microchip-tcb-capture: Fix undefined counter channel state on probe Yanjun Yang (1): ARM: Remove address checking for MMUless devices

7 months

1
1
0 0

[PATCH v5 RESEND] [ARM] fix reference leak in locomo_init_one_child()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_register() says, 'NOTE: _Never_ directly free @dev after calling this function, even if it returned an error! Always use put_device() to give up the reference initialized in this function instead.' Found by code review. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v5: - modified the bug description as suggestions; Changes in v4: - deleted the redundant initialization; Changes in v3: - modified the patch as suggestions; Changes in v2: - modified the patch as suggestions. --- arch/arm/common/locomo.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/arm/common/locomo.c b/arch/arm/common/locomo.c index cb6ef449b987..45106066a17f 100644 --- a/arch/arm/common/locomo.c +++ b/arch/arm/common/locomo.c @@ -223,10 +223,8 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) int ret; dev = kzalloc(sizeof(struct locomo_dev), GFP_KERNEL); - if (!dev) { - ret = -ENOMEM; - goto out; - } + if (!dev) + return -ENOMEM; /* * If the parent device has a DMA mask associated with it, @@ -254,10 +252,9 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) NO_IRQ : lchip->irq_base + info->irq[0]; ret = device_register(&dev->dev); - if (ret) { - out: - kfree(dev); - } + if (ret) + put_device(&dev->dev); + return ret; } -- 2.25.1

7 months

1
0
0 0

[PATCH 5.10/5.15] Input: pegasus-notetaker - check pipe type when probing

by Vasiliy Kovalev

From: Soumya Negi <soumya.negi97(a)gmail.com> commit b3d80fd27a3c2d8715a40cbf876139b56195f162 upstream. Fix WARNING in pegasus_open/usb_submit_urb [1] Warning raised because pegasus_driver submits transfer request for bogus URB (pipe type does not match endpoint type). Add sanity check at probe time for pipe value extracted from endpoint descriptor. Probe will fail if sanity check fails. Fixes: 1afca2b66aac ("Input: add Pegasus Notetaker tablet driver") Reported-and-tested-by: syzbot+04ee0cb4caccaed12d78(a)syzkaller.appspotmail.com Signed-off-by: Soumya Negi <soumya.negi97(a)gmail.com> Link: https://lore.kernel.org/r/20230404074145.11523-1-soumya.negi97@gmail.com Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> [1] Link: https://syzkaller.appspot.com/bug?id=bbc107584dcf3262253ce93183e51f3612aaeb… [ kovalev: Added the "Fixes" tag and moved the link to the Syzbot report. ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/input/tablet/pegasus_notetaker.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/input/tablet/pegasus_notetaker.c b/drivers/input/tablet/pegasus_notetaker.c index 749edbdb7ffa49..e79621fd84af39 100644 --- a/drivers/input/tablet/pegasus_notetaker.c +++ b/drivers/input/tablet/pegasus_notetaker.c @@ -296,6 +296,12 @@ static int pegasus_probe(struct usb_interface *intf, pegasus->intf = intf; pipe = usb_rcvintpipe(dev, endpoint->bEndpointAddress); + /* Sanity check that pipe's type matches endpoint's type */ + if (usb_pipe_type_check(dev, pipe)) { + error = -EINVAL; + goto err_free_mem; + } + pegasus->data_len = usb_maxpacket(dev, pipe, usb_pipeout(pipe)); pegasus->data = usb_alloc_coherent(dev, pegasus->data_len, GFP_KERNEL, -- 2.42.2

7 months

1
0
0 0

[PATCH RESEND] sparc: fix error handling in scan_one_device()

by Ma Ke

Once of_device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: cf44bbc26cf1 ("[SPARC]: Beginnings of generic of_device framework.") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- arch/sparc/kernel/of_device_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/sparc/kernel/of_device_64.c b/arch/sparc/kernel/of_device_64.c index f98c2901f335..4272746d7166 100644 --- a/arch/sparc/kernel/of_device_64.c +++ b/arch/sparc/kernel/of_device_64.c @@ -677,7 +677,7 @@ static struct platform_device * __init scan_one_device(struct device_node *dp, if (of_device_register(op)) { printk("%pOF: Could not register of device.\n", dp); - kfree(op); + put_device(&op->dev); op = NULL; } -- 2.25.1

7 months

1
0
0 0

[PATCH] sctp: check transport existence before processing a send primitive

by Ricardo Cañuelo Navarro

sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then sctp_sendmsg_to_asoc() sets the selected transport in all the message chunks to be sent. There's a possible race condition if another thread triggers the removal of that selected transport, for instance, by explicitly unbinding an address with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have been set up and before the message is sent. This causes the access to the transport data in sctp_outq_select_transport(), when the association outqueue is flushed, to do a use-after-free read. This patch addresses this scenario by checking if the transport still exists right after the chunks to be sent are set up to use it and before proceeding to sending them. If the transport was freed since it was found, the send is aborted. The reason to add the check here is that once the transport is assigned to the chunks, deleting that transport is safe, since it will also set chunk->transport to NULL in the affected chunks. This scenario is correctly handled already, see Fixes below. The bug was found by a private syzbot instance (see the error report [1] and the C reproducer that triggers it [2]). Link: https://people.igalia.com/rcn/kernel_logs/20250402__KASAN_slab-use-after-fr… [1] Link: https://people.igalia.com/rcn/kernel_logs/20250402__KASAN_slab-use-after-fr… [2] Cc: stable(a)vger.kernel.org Fixes: df132eff4638 ("sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer") Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com> --- net/sctp/socket.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 36ee34f483d703ffcfe5ca9e6cc554fba24c75ef..9c5ff44fa73cae6a6a04790800cc33dfa08a8da9 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1787,17 +1787,24 @@ static int sctp_sendmsg_check_sflags(struct sctp_association *asoc, return 1; } +static union sctp_addr *sctp_sendmsg_get_daddr(struct sock *sk, + const struct msghdr *msg, + struct sctp_cmsgs *cmsgs); + static int sctp_sendmsg_to_asoc(struct sctp_association *asoc, struct msghdr *msg, size_t msg_len, struct sctp_transport *transport, struct sctp_sndrcvinfo *sinfo) { + struct sctp_transport *aux_transport = NULL; struct sock *sk = asoc->base.sk; + struct sctp_endpoint *ep = sctp_sk(sk)->ep; struct sctp_sock *sp = sctp_sk(sk); struct net *net = sock_net(sk); struct sctp_datamsg *datamsg; bool wait_connect = false; struct sctp_chunk *chunk; + union sctp_addr *daddr; long timeo; int err; @@ -1869,6 +1876,15 @@ static int sctp_sendmsg_to_asoc(struct sctp_association *asoc, sctp_set_owner_w(chunk); chunk->transport = transport; } + /* Fail if transport was deleted after lookup in sctp_sendmsg() */ + daddr = sctp_sendmsg_get_daddr(sk, msg, NULL); + if (daddr) { + sctp_endpoint_lookup_assoc(ep, daddr, &aux_transport); + if (!aux_transport || aux_transport != transport) { + sctp_datamsg_free(datamsg); + goto err; + } + } err = sctp_primitive_SEND(net, asoc, datamsg); if (err) { --- base-commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 change-id: 20250402-kasan_slab-use-after-free_read_in_sctp_outq_select_transport-46c9c30bcb7d

7 months

3
10
0 0

[PATCH RESEND] fsi/core: fix error handling in fsi_slave_init()

by Ma Ke

Once cdev_device_add() failed, we should use put_device() to decrement reference count for cleanup. Or it could cause memory leak. Although operations in err_free_ida are similar to the operations in callback function fsi_slave_release(), put_device() is a correct handling operation as comments require when cdev_device_add() fails. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 371975b0b075 ("fsi/core: Fix error paths on CFAM init") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/fsi/fsi-core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c index 50e8736039fe..c494fc0bd747 100644 --- a/drivers/fsi/fsi-core.c +++ b/drivers/fsi/fsi-core.c @@ -1084,7 +1084,8 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) rc = cdev_device_add(&slave->cdev, &slave->dev); if (rc) { dev_err(&slave->dev, "Error %d creating slave device\n", rc); - goto err_free_ida; + put_device(&slave->dev); + return rc; } /* Now that we have the cdev registered with the core, any fatal @@ -1110,8 +1111,6 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) return 0; -err_free_ida: - fsi_free_minor(slave->dev.devt); err_free: of_node_put(slave->dev.of_node); kfree(slave); -- 2.25.1

7 months

1
0
0 0

[PATCH 5.15.y] f2fs: check validation of fault attrs in f2fs_build_fault_attr()

by Cliff Liu

From: Chao Yu <chao(a)kernel.org> [ Upstream commit 4ed886b187f47447ad559619c48c086f432d2b77 ] - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test after enabled CONFIG_F2FS_FAULT_INJECTION. --- fs/f2fs/f2fs.h | 12 ++++++++---- fs/f2fs/super.c | 27 ++++++++++++++++++++------- fs/f2fs/sysfs.c | 14 ++++++++++---- 3 files changed, 38 insertions(+), 15 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 135927974e28..e67be3783740 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -64,7 +64,7 @@ enum { struct f2fs_fault_info { atomic_t inject_ops; - unsigned int inject_rate; + int inject_rate; unsigned int inject_type; }; @@ -4373,10 +4373,14 @@ static inline bool f2fs_need_verity(const struct inode *inode, pgoff_t idx) } #ifdef CONFIG_F2FS_FAULT_INJECTION -extern void f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned int rate, - unsigned int type); +extern int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate, + unsigned long type); #else -#define f2fs_build_fault_attr(sbi, rate, type) do { } while (0) +static int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate, + unsigned long type) +{ + return 0; +} #endif static inline bool is_journalled_quota(struct f2fs_sb_info *sbi) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index f8aaff9b1784..0cf564ded140 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -61,21 +61,31 @@ const char *f2fs_fault_name[FAULT_MAX] = { [FAULT_DQUOT_INIT] = "dquot initialize", }; -void f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned int rate, - unsigned int type) +int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate, + unsigned long type) { struct f2fs_fault_info *ffi = &F2FS_OPTION(sbi).fault_info; if (rate) { + if (rate > INT_MAX) + return -EINVAL; atomic_set(&ffi->inject_ops, 0); - ffi->inject_rate = rate; + ffi->inject_rate = (int)rate; } - if (type) - ffi->inject_type = type; + if (type) { + if (type >= BIT(FAULT_MAX)) + return -EINVAL; + ffi->inject_type = (unsigned int)type; + } if (!rate && !type) memset(ffi, 0, sizeof(struct f2fs_fault_info)); + else + f2fs_info(sbi, + "build fault injection attr: rate: %lu, type: 0x%lx", + rate, type); + return 0; } #endif @@ -901,14 +911,17 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) case Opt_fault_injection: if (args->from && match_int(args, &arg)) return -EINVAL; - f2fs_build_fault_attr(sbi, arg, F2FS_ALL_FAULT_TYPE); + if (f2fs_build_fault_attr(sbi, arg, + F2FS_ALL_FAULT_TYPE)) + return -EINVAL; set_opt(sbi, FAULT_INJECTION); break; case Opt_fault_type: if (args->from && match_int(args, &arg)) return -EINVAL; - f2fs_build_fault_attr(sbi, 0, arg); + if (f2fs_build_fault_attr(sbi, 0, arg)) + return -EINVAL; set_opt(sbi, FAULT_INJECTION); break; #else diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c index 63af1573ebca..30ff2c087726 100644 --- a/fs/f2fs/sysfs.c +++ b/fs/f2fs/sysfs.c @@ -407,10 +407,16 @@ static ssize_t __sbi_store(struct f2fs_attr *a, if (ret < 0) return ret; #ifdef CONFIG_F2FS_FAULT_INJECTION - if (a->struct_type == FAULT_INFO_TYPE && t >= (1 << FAULT_MAX)) - return -EINVAL; - if (a->struct_type == FAULT_INFO_RATE && t >= UINT_MAX) - return -EINVAL; + if (a->struct_type == FAULT_INFO_TYPE) { + if (f2fs_build_fault_attr(sbi, 0, t)) + return -EINVAL; + return count; + } + if (a->struct_type == FAULT_INFO_RATE) { + if (f2fs_build_fault_attr(sbi, t, 0)) + return -EINVAL; + return count; + } #endif if (a->struct_type == RESERVED_BLOCKS) { spin_lock(&sbi->stat_lock); -- 2.34.1

7 months

1
0
0 0

[PATCH v2] arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi

by Dragan Simic

The differences in the vendor-approved CPU and GPU OPPs for the standard Rockchip RK3588 variant [1] and the industrial Rockchip RK3588J variant [2] come from the latter, presumably, supporting an extended temperature range that's usually associated with industrial applications, despite the two SoC variant datasheets specifying the same upper limit for the allowed ambient temperature for both variants. However, the lower temperature limit is specified much lower for the RK3588J variant. [1][2] To be on the safe side and to ensure maximum longevity of the RK3588J SoCs, only the CPU and GPU OPPs that are declared by the vendor to be always safe for this SoC variant may be provided. As explained by the vendor [3] and according to the RK3588J datasheet, [2] higher-frequency/higher-voltage CPU and GPU OPPs can be used as well, but at the risk of reducing the SoC lifetime expectancy. Presumably, using the higher OPPs may be safe only when not enjoying the assumed extended temperature range that the RK3588J, as an SoC variant targeted specifically at higher-temperature, industrial applications, is made (or binned) for. Anyone able to keep their RK3588J-based board outside the above-presumed extended temperature range at all times, and willing to take the associated risk of possibly reducing the SoC lifetime expectancy, is free to apply a DT overlay that adds the higher CPU and GPU OPPs. With all this and the downstream RK3588(J) DT definitions [4][5] in mind, let's delete the RK3588J CPU and GPU OPPs that are not considered belonging to the normal operation mode for this SoC variant. To quote the RK3588J datasheet [2], "normal mode means the chipset works under safety voltage and frequency; for the industrial environment, highly recommend to keep in normal mode, the lifetime is reasonably guaranteed", while "overdrive mode brings higher frequency, and the voltage will increase accordingly; under the overdrive mode for a long time, the chipset may shorten the lifetime, especially in high-temperature condition". To sum the RK3588J datasheet [2] and the vendor-provided DTs up, [4][5] the maximum allowed CPU core, GPU and NPU frequencies are as follows: IP core | Normal mode | Overdrive mode ------------+-------------+---------------- Cortex-A55 | 1,296 MHz | 1,704 MHz Cortex-A76 | 1,608 MHz | 2,016 MHz GPU | 700 MHz | 850 MHz NPU | 800 MHz | 950 MHz Unfortunately, when it comes to the actual voltages for the RK3588J CPU and GPU OPPs, there's a discrepancy between the RK3588J datasheet [2] and the downstream kernel code. [4][5] The RK3588J datasheet states that "the max. working voltage of CPU/GPU/NPU is 0.75 V under the normal mode", while the downstream kernel code actually allows voltage ranges that go up to 0.95 V, which is still within the voltage range allowed by the datasheet. However, the RK3588J datasheet also tells us to "strictly refer to the software configuration of SDK and the hardware reference design", so let's embrace the voltage ranges provided by the downstream kernel code, which also prevents the undesirable theoretical outcome of ending up with no usable OPPs on a particular board, as a result of the board's voltage regulator(s) being unable to deliver the exact voltages, for whatever reason. The above-described voltage ranges for the RK3588J CPU OPPs remain taken from the downstream kernel code [4][5] by picking the highest, worst-bin values, which ensure that all RK3588J bins will work reliably. Yes, with some power inevitably wasted as unnecessarily generated heat, but the reliability is paramount, together with the longevity. This deficiency may be revisited separately at some point in the future. The provided RK3588J CPU OPPs follow the slightly debatable "provide only the highest-frequency OPP from the same-voltage group" approach that's been established earlier, [6] as a result of the "same-voltage, lower-frequency" OPPs being considered inefficient from the IPA governor's standpoint, which may also be revisited separately at some point in the future. [1] https://wiki.friendlyelec.com/wiki/images/e/ee/Rockchip_RK3588_Datasheet_V1… [2] https://wmsc.lcsc.com/wmsc/upload/file/pdf/v2/lcsc/2403201054_Rockchip-RK35… [3] https://lore.kernel.org/linux-rockchip/e55125ed-64fb-455e-b1e4-cebe2cf006e4… [4] https://raw.githubusercontent.com/rockchip-linux/kernel/604cec4004abe5a96c7… [5] https://raw.githubusercontent.com/rockchip-linux/kernel/604cec4004abe5a96c7… [6] https://lore.kernel.org/all/20240229-rk-dts-additions-v3-5-6afe8473a631@gma… Fixes: 667885a68658 ("arm64: dts: rockchip: Add OPP data for CPU cores on RK3588j") Fixes: a7b2070505a2 ("arm64: dts: rockchip: Split GPU OPPs of RK3588 and RK3588j") Cc: stable(a)vger.kernel.org Cc: Heiko Stuebner <heiko(a)sntech.de> Cc: Alexey Charkov <alchark(a)gmail.com> Helped-by: Quentin Schulz <quentin.schulz(a)cherry.de> Reviewed-by: Quentin Schulz <quentin.schulz(a)cherry.de> Signed-off-by: Dragan Simic <dsimic(a)manjaro.org> --- Notes: Changes in v2: - Reworded and expanded the patch description a bit, to include some more information and to make it more clear what are the implied speculations and assumptions, and what are the available official statements from Rockchip, as suggested by Quentin [7] - Collected Reviewed-by tag from Quentin [7] Link to v1: https://lore.kernel.org/linux-rockchip/f929da061de35925ea591c969f985430e23c… [7] https://lore.kernel.org/linux-rockchip/71b7c81b-6a4e-442b-a661-04d63639962a… arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 ++++++++--------------- 1 file changed, 17 insertions(+), 36 deletions(-) diff --git a/arch/arm64/boot/dts/rockchip/rk3588j.dtsi b/arch/arm64/boot/dts/rockchip/rk3588j.dtsi index bce72bac4503..3045cb3bd68c 100644 --- a/arch/arm64/boot/dts/rockchip/rk3588j.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3588j.dtsi @@ -11,74 +11,59 @@ cluster0_opp_table: opp-table-cluster0 { compatible = "operating-points-v2"; opp-shared; - opp-1416000000 { - opp-hz = /bits/ 64 <1416000000>; + opp-1200000000 { + opp-hz = /bits/ 64 <1200000000>; opp-microvolt = <750000 750000 950000>; clock-latency-ns = <40000>; opp-suspend; }; - opp-1608000000 { - opp-hz = /bits/ 64 <1608000000>; - opp-microvolt = <887500 887500 950000>; - clock-latency-ns = <40000>; - }; - opp-1704000000 { - opp-hz = /bits/ 64 <1704000000>; - opp-microvolt = <937500 937500 950000>; + opp-1296000000 { + opp-hz = /bits/ 64 <1296000000>; + opp-microvolt = <775000 775000 950000>; clock-latency-ns = <40000>; }; }; cluster1_opp_table: opp-table-cluster1 { compatible = "operating-points-v2"; opp-shared; + opp-1200000000{ + opp-hz = /bits/ 64 <1200000000>; + opp-microvolt = <750000 750000 950000>; + clock-latency-ns = <40000>; + }; opp-1416000000 { opp-hz = /bits/ 64 <1416000000>; - opp-microvolt = <750000 750000 950000>; + opp-microvolt = <762500 762500 950000>; clock-latency-ns = <40000>; }; opp-1608000000 { opp-hz = /bits/ 64 <1608000000>; opp-microvolt = <787500 787500 950000>; clock-latency-ns = <40000>; }; - opp-1800000000 { - opp-hz = /bits/ 64 <1800000000>; - opp-microvolt = <875000 875000 950000>; - clock-latency-ns = <40000>; - }; - opp-2016000000 { - opp-hz = /bits/ 64 <2016000000>; - opp-microvolt = <950000 950000 950000>; - clock-latency-ns = <40000>; - }; }; cluster2_opp_table: opp-table-cluster2 { compatible = "operating-points-v2"; opp-shared; + opp-1200000000{ + opp-hz = /bits/ 64 <1200000000>; + opp-microvolt = <750000 750000 950000>; + clock-latency-ns = <40000>; + }; opp-1416000000 { opp-hz = /bits/ 64 <1416000000>; - opp-microvolt = <750000 750000 950000>; + opp-microvolt = <762500 762500 950000>; clock-latency-ns = <40000>; }; opp-1608000000 { opp-hz = /bits/ 64 <1608000000>; opp-microvolt = <787500 787500 950000>; clock-latency-ns = <40000>; }; - opp-1800000000 { - opp-hz = /bits/ 64 <1800000000>; - opp-microvolt = <875000 875000 950000>; - clock-latency-ns = <40000>; - }; - opp-2016000000 { - opp-hz = /bits/ 64 <2016000000>; - opp-microvolt = <950000 950000 950000>; - clock-latency-ns = <40000>; - }; }; gpu_opp_table: opp-table { @@ -104,10 +89,6 @@ opp-700000000 { opp-hz = /bits/ 64 <700000000>; opp-microvolt = <750000 750000 850000>; }; - opp-850000000 { - opp-hz = /bits/ 64 <800000000>; - opp-microvolt = <787500 787500 850000>; - }; }; };

7 months

3
3
0 0

[PATCH] mtd: spinand: Fix build with gcc < 7.5

by Miquel Raynal

__VA_OPT__ is a macro that is useful when some arguments can be present or not to entirely skip some part of a definition. Unfortunately, it is a too recent addition that some of the still supported old GCC versions do not know about, and is anyway not part of C11 that is the version used in the kernel. Find a trick to remove this macro, typically '__VA_ARGS__ + 0' is a workaround used in netlink.h which works very well here, as we either expect: - 0 - A positive value - No value, which means the field should be 0. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202503181330.YcDXGy7F-lkp@intel.com/ Fixes: 7ce0d16d5802 ("mtd: spinand: Add an optional frequency to read from cache macros") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- include/linux/mtd/spinand.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/mtd/spinand.h b/include/linux/mtd/spinand.h index 83301ef11aa9..0bb06aeffa62 100644 --- a/include/linux/mtd/spinand.h +++ b/include/linux/mtd/spinand.h @@ -67,7 +67,7 @@ SPI_MEM_OP_ADDR(2, addr, 1), \ SPI_MEM_OP_DUMMY(ndummy, 1), \ SPI_MEM_OP_DATA_IN(len, buf, 1), \ - __VA_OPT__(SPI_MEM_OP_MAX_FREQ(__VA_ARGS__))) + SPI_MEM_OP_MAX_FREQ(__VA_ARGS__ + 0)) #define SPINAND_PAGE_READ_FROM_CACHE_FAST_1S_1S_1S_OP(addr, ndummy, buf, len) \ SPI_MEM_OP(SPI_MEM_OP_CMD(0x0b, 1), \ -- 2.48.1

7 months

2
2
0 0

[PATCH] mtd: rawnand: Add status chack in r852_ready()

by Wentao Liang

In r852_ready(), the dev get from r852_get_dev() need to be checked. An unstable device should not be ready. A proper implementation can be found in r852_read_byte(). Add a status check and return 0 when it is unstable. Fixes: 50a487e7719c ("mtd: rawnand: Pass a nand_chip object to chip->dev_ready()") Cc: stable(a)vger.kernel.org # v4.20+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/mtd/nand/raw/r852.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/mtd/nand/raw/r852.c b/drivers/mtd/nand/raw/r852.c index b07c2f8b4035..918974d088cf 100644 --- a/drivers/mtd/nand/raw/r852.c +++ b/drivers/mtd/nand/raw/r852.c @@ -387,6 +387,9 @@ static int r852_wait(struct nand_chip *chip) static int r852_ready(struct nand_chip *chip) { struct r852_device *dev = r852_get_dev(nand_to_mtd(chip)); + if (dev->card_unstable) + return 0; + return !(r852_read_reg(dev, R852_CARD_STA) & R852_CARD_STA_BUSY); } -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH] mtd: inftlcore: Add error check for inftl_read_oob()

by Wentao Liang

In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be checked. A proper implementation can be found in INFTL_deleteblock(). The status will be set as SECTOR_IGNORE to break from the while-loop correctly if the inftl_read_oob() fails. Fixes: 8593fbc68b0d ("[MTD] Rework the out of band handling completely") Cc: stable(a)vger.kernel.org # v2.6+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/mtd/inftlcore.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/inftlcore.c b/drivers/mtd/inftlcore.c index 9739387cff8c..58c6e1743f5c 100644 --- a/drivers/mtd/inftlcore.c +++ b/drivers/mtd/inftlcore.c @@ -482,10 +482,11 @@ static inline u16 INFTL_findwriteunit(struct INFTLrecord *inftl, unsigned block) silly = MAX_LOOPS; while (thisEUN <= inftl->lastEUN) { - inftl_read_oob(mtd, (thisEUN * inftl->EraseSize) + - blockofs, 8, &retlen, (char *)&bci); - - status = bci.Status | bci.Status1; + if (inftl_read_oob(mtd, (thisEUN * inftl->EraseSize) + + blockofs, 8, &retlen, (char *)&bci) < 0) + status = SECTOR_IGNORE; + else + status = bci.Status | bci.Status1; pr_debug("INFTL: status of block %d in EUN %d is %x\n", block , writeEUN, status); -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH v5] staging: rtl8723bs: Add error handling for sd_read()

by Wentao Liang

The sdio_read32() calls sd_read(), but does not handle the error if sd_read() fails. This could lead to subsequent operations processing invalid data. A proper implementation can be found in sdio_readN(). Add error handling for the sd_read() to free tmpbuf and return error code if sd_read() fails. This ensure that the memcpy() is only performed when the read operation is successful. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v5: Fix error code v4: Add change log and fix error code v3: Add Cc flag v2: Change code to initialize val drivers/staging/rtl8723bs/hal/sdio_ops.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c b/drivers/staging/rtl8723bs/hal/sdio_ops.c index 21e9f1858745..d79d41727042 100644 --- a/drivers/staging/rtl8723bs/hal/sdio_ops.c +++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c @@ -185,7 +185,12 @@ static u32 sdio_read32(struct intf_hdl *intfhdl, u32 addr) return SDIO_ERR_VAL32; ftaddr &= ~(u16)0x3; - sd_read(intfhdl, ftaddr, 8, tmpbuf); + err = sd_read(intfhdl, ftaddr, 8, tmpbuf); + if (err) { + kfree(tmpbuf); + return SDIO_ERR_VAL32; + } + memcpy(&le_tmp, tmpbuf + shift, 4); val = le32_to_cpu(le_tmp); -- 2.42.0.windows.2

7 months

2
1
0 0

[RESEND PATCH] powerpc64/bpf: fix JIT code size calculation of bpf trampoline

by Hari Bathini

The JIT compile of ldimm instructions can be anywhere between 1-5 instructions long depending on the value being loaded. arch_bpf_trampoline_size() provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. BPF trampoline JIT code has ldimm instructions that need to load the value of pointer to struct bpf_tramp_image. But this pointer value is not same while calling arch_bpf_trampoline_size() & arch_prepare_bpf_trampoline(). So, the size arrived at using arch_bpf_trampoline_size() can vary from the size needed in arch_prepare_bpf_trampoline(). When the number of ldimm instructions emitted in arch_bpf_trampoline_size() is less than the number of ldimm instructions emitted during the actual JIT compile of trampoline, the below warning is produced: WARNING: CPU: 8 PID: 204190 at arch/powerpc/net/bpf_jit_comp.c:981 __arch_prepare_bpf_trampoline.isra.0+0xd2c/0xdcc which is: /* Make sure the trampoline generation logic doesn't overflow */ if (image && WARN_ON_ONCE(&image[ctx->idx] > (u32 *)rw_image_end - BPF_INSN_SAFETY)) { Pass NULL as the first argument to __arch_prepare_bpf_trampoline() call from arch_bpf_trampoline_size() function, to differentiate it from how arch_prepare_bpf_trampoline() calls it and ensure maximum possible instructions are emitted in arch_bpf_trampoline_size() for ldimm instructions that load a different value during the actual JIT compile of BPF trampoline. Fixes: d243b62b7bd3 ("powerpc64/bpf: Add support for bpf trampolines") Reported-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Closes: https://lore.kernel.org/all/6168bfc8-659f-4b5a-a6fb-90a916dde3b3@linux.ibm.… Cc: stable(a)vger.kernel.org # v6.13+ Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- * Removed a redundant '/' accidently added in a comment and resending. arch/powerpc/net/bpf_jit_comp.c | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c index 2991bb171a9b..c94717ccb2bd 100644 --- a/arch/powerpc/net/bpf_jit_comp.c +++ b/arch/powerpc/net/bpf_jit_comp.c @@ -833,7 +833,12 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *rw_im EMIT(PPC_RAW_STL(_R26, _R1, nvr_off + SZL)); if (flags & BPF_TRAMP_F_CALL_ORIG) { - PPC_LI_ADDR(_R3, (unsigned long)im); + /* + * Emit maximum possible instructions while getting the size of + * bpf trampoline to ensure trampoline JIT code doesn't overflow. + */ + PPC_LI_ADDR(_R3, im ? (unsigned long)im : + (unsigned long)(~(1UL << (BITS_PER_LONG - 1)))); ret = bpf_jit_emit_func_call_rel(image, ro_image, ctx, (unsigned long)__bpf_tramp_enter); if (ret) @@ -889,7 +894,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *rw_im bpf_trampoline_restore_tail_call_cnt(image, ctx, func_frame_offset, r4_off); /* Reserve space to patch branch instruction to skip fexit progs */ - im->ip_after_call = &((u32 *)ro_image)[ctx->idx]; + if (im) + im->ip_after_call = &((u32 *)ro_image)[ctx->idx]; EMIT(PPC_RAW_NOP()); } @@ -912,8 +918,14 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *rw_im } if (flags & BPF_TRAMP_F_CALL_ORIG) { - im->ip_epilogue = &((u32 *)ro_image)[ctx->idx]; - PPC_LI_ADDR(_R3, im); + if (im) + im->ip_epilogue = &((u32 *)ro_image)[ctx->idx]; + /* + * Emit maximum possible instructions while getting the size of + * bpf trampoline to ensure trampoline JIT code doesn't overflow. + */ + PPC_LI_ADDR(_R3, im ? (unsigned long)im : + (unsigned long)(~(1UL << (BITS_PER_LONG - 1)))); ret = bpf_jit_emit_func_call_rel(image, ro_image, ctx, (unsigned long)__bpf_tramp_exit); if (ret) @@ -972,7 +984,6 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *rw_im int arch_bpf_trampoline_size(const struct btf_func_model *m, u32 flags, struct bpf_tramp_links *tlinks, void *func_addr) { - struct bpf_tramp_image im; void *image; int ret; @@ -988,7 +999,13 @@ int arch_bpf_trampoline_size(const struct btf_func_model *m, u32 flags, if (!image) return -ENOMEM; - ret = __arch_prepare_bpf_trampoline(&im, image, image + PAGE_SIZE, image, + /* + * Pass NULL as bpf_tramp_image pointer to differentiate the intent to get the + * buffer size for trampoline here. This differentiation helps in accounting for + * maximum possible instructions if the JIT code size is likely to vary during + * the actual JIT compile of the trampoline. + */ + ret = __arch_prepare_bpf_trampoline(NULL, image, image + PAGE_SIZE, image, m, flags, tlinks, func_addr); bpf_jit_free_exec(image); -- 2.48.1

7 months

3
3
0 0

[PATCH] platform/x86: amd: pmf: Fix STT limits

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> On some platforms it has been observed that STT limits are not being applied properly causing poor performance as power limits are set too low. STT limits that are sent to the platform are supposed to be in Q8.8 format. Convert them before sending. Reported-by: Yijun Shen <Yijun.Shen(a)dell.com> Fixes: 7c45534afa443 ("platform/x86/amd/pmf: Add support for PMF Policy Binary") Cc: stable(a)vger.kernel.org Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/platform/x86/amd/pmf/tee-if.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c index 5d513161d7302..9a51258df0564 100644 --- a/drivers/platform/x86/amd/pmf/tee-if.c +++ b/drivers/platform/x86/amd/pmf/tee-if.c @@ -123,7 +123,7 @@ static void amd_pmf_apply_policies(struct amd_pmf_dev *dev, struct ta_pmf_enact_ case PMF_POLICY_STT_SKINTEMP_APU: if (dev->prev_data->stt_skintemp_apu != val) { - amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, val, NULL); + amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, val << 8, NULL); dev_dbg(dev->dev, "update STT_SKINTEMP_APU: %u\n", val); dev->prev_data->stt_skintemp_apu = val; } @@ -131,7 +131,7 @@ static void amd_pmf_apply_policies(struct amd_pmf_dev *dev, struct ta_pmf_enact_ case PMF_POLICY_STT_SKINTEMP_HS2: if (dev->prev_data->stt_skintemp_hs2 != val) { - amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, val, NULL); + amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, val << 8, NULL); dev_dbg(dev->dev, "update STT_SKINTEMP_HS2: %u\n", val); dev->prev_data->stt_skintemp_hs2 = val; } -- 2.43.0

7 months

3
2
0 0

Re: Request to back-port this patch to v5.4 stable tree

by Hardik Gohil

Hi Greg, My apologies! I'll test-build it before submitting again. Thanks for pointing out my mistake. build is failing and there is a need for a dependent patch. Hardik On Mon, Apr 7, 2025 at 10:43 AM Hardik Gohil <hgohil(a)mvista.com> wrote: > > Hi Greg, > > My apologies! I'll test-build it before submitting again. Thanks for pointing out my mistake. > > build is failing and there is a need for a dependent patch. > > Hardik > > > On Thu, Apr 3, 2025 at 7:30 PM Greg KH <gregkh(a)linuxfoundation.org> wrote: >> >> On Thu, Apr 03, 2025 at 03:36:05PM +0530, Hardik Gohil wrote: >> > Hello Greg, >> > >> > This patch applies cleanly to the v5.4 kernel. >> > >> > dmaengine: ti: edma: Add some null pointer checks to the edma_probe >> > >> > [upstream commit 6e2276203ac9ff10fc76917ec9813c660f627369] >> > >> >> You obviously did not test-build this change :( >> >> Please always do so when asking for patches to be backported, otherwise >> we get grumpy as it breaks our workflow... >> >> thanks, >> >> greg k-h

7 months

1
0
0 0

+ mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Date: Fri, 21 Mar 2025 10:09:37 +0000 Currently, if a VMA merge fails due to an OOM condition arising on commit merge or a failure to duplicate anon_vma's, we report this so the caller can handle it. However there are cases where the caller is only ostensibly trying a merge, and doesn't mind if it fails due to this condition. Since we do not want to introduce an implicit assumption that we only actually modify VMAs after OOM conditions might arise, add a 'give up on oom' option and make an explicit contract that, should this flag be set, we absolutely will not modify any VMAs should OOM arise and just bail out. Since it'd be very unusual for a user to try to vma_modify() with this flag set but be specifying a range within a VMA which ends up being split (which can fail due to rlimit issues, not only OOM), we add a debug warning for this condition. The motivating reason for this is uffd release - syzkaller (and Pedro Falcato's VERY astute analysis) found a way in which an injected fault on allocation, triggering an OOM condition on commit merge, would result in uffd code becoming confused and treating an error value as if it were a VMA pointer. To avoid this, we make use of this new VMG flag to ensure that this never occurs, utilising the fact that, should we be clearing entire VMAs, we do not wish an OOM event to be reported to us. Many thanks to Pedro Falcato for his excellent analysis and Jann Horn for his insightful and intelligent analysis of the situation, both of whom were instrumental in this fix. Link: https://lkml.kernel.org/r/20250321100937.46634-1-lorenzo.stoakes@oracle.com Reported-by: syzbot+20ed41006cf9d842c2b5(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/67dc67f0.050a0220.25ae54.001e.GAE@google.com/ Fixes: 47b16d0462a4 ("mm: abort vma_modify() on merge out of memory failure") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Suggested-by: Pedro Falcato <pfalcato(a)suse.de> Suggested-by: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 13 +++++++++-- mm/vma.c | 51 +++++++++++++++++++++++++++++++++++++++++---- mm/vma.h | 9 +++++++ 3 files changed, 66 insertions(+), 7 deletions(-) --- a/mm/userfaultfd.c~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release +++ a/mm/userfaultfd.c @@ -1902,6 +1902,14 @@ struct vm_area_struct *userfaultfd_clear unsigned long end) { struct vm_area_struct *ret; + bool give_up_on_oom = false; + + /* + * If we are modifying only and not splitting, just give up on the merge + * if OOM prevents us from merging successfully. + */ + if (start == vma->vm_start && end == vma->vm_end) + give_up_on_oom = true; /* Reset ptes for the whole vma range if wr-protected */ if (userfaultfd_wp(vma)) @@ -1909,7 +1917,7 @@ struct vm_area_struct *userfaultfd_clear ret = vma_modify_flags_uffd(vmi, prev, vma, start, end, vma->vm_flags & ~__VM_UFFD_FLAGS, - NULL_VM_UFFD_CTX); + NULL_VM_UFFD_CTX, give_up_on_oom); /* * In the vma_merge() successful mprotect-like case 8: @@ -1960,7 +1968,8 @@ int userfaultfd_register_range(struct us new_flags = (vma->vm_flags & ~__VM_UFFD_FLAGS) | vm_flags; vma = vma_modify_flags_uffd(&vmi, prev, vma, start, vma_end, new_flags, - (struct vm_userfaultfd_ctx){ctx}); + (struct vm_userfaultfd_ctx){ctx}, + /* give_up_on_oom = */false); if (IS_ERR(vma)) return PTR_ERR(vma); --- a/mm/vma.c~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release +++ a/mm/vma.c @@ -666,6 +666,9 @@ static void vmg_adjust_set_range(struct /* * Actually perform the VMA merge operation. * + * IMPORTANT: We guarantee that, should vmg->give_up_on_oom is set, to not + * modify any VMAs or cause inconsistent state should an OOM condition arise. + * * Returns 0 on success, or an error value on failure. */ static int commit_merge(struct vma_merge_struct *vmg) @@ -685,6 +688,12 @@ static int commit_merge(struct vma_merge init_multi_vma_prep(&vp, vma, vmg); + /* + * If vmg->give_up_on_oom is set, we're safe, because we don't actually + * manipulate any VMAs until we succeed at preallocation. + * + * Past this point, we will not return an error. + */ if (vma_iter_prealloc(vmg->vmi, vma)) return -ENOMEM; @@ -915,7 +924,13 @@ static __must_check struct vm_area_struc if (anon_dup) unlink_anon_vmas(anon_dup); - vmg->state = VMA_MERGE_ERROR_NOMEM; + /* + * We've cleaned up any cloned anon_vma's, no VMAs have been + * modified, no harm no foul if the user requests that we not + * report this and just give up, leaving the VMAs unmerged. + */ + if (!vmg->give_up_on_oom) + vmg->state = VMA_MERGE_ERROR_NOMEM; return NULL; } @@ -926,7 +941,15 @@ static __must_check struct vm_area_struc abort: vma_iter_set(vmg->vmi, start); vma_iter_load(vmg->vmi); - vmg->state = VMA_MERGE_ERROR_NOMEM; + + /* + * This means we have failed to clone anon_vma's correctly, but no + * actual changes to VMAs have occurred, so no harm no foul - if the + * user doesn't want this reported and instead just wants to give up on + * the merge, allow it. + */ + if (!vmg->give_up_on_oom) + vmg->state = VMA_MERGE_ERROR_NOMEM; return NULL; } @@ -1068,6 +1091,10 @@ int vma_expand(struct vma_merge_struct * /* This should already have been checked by this point. */ VM_WARN_ON_VMG(!can_merge_remove_vma(next), vmg); vma_start_write(next); + /* + * In this case we don't report OOM, so vmg->give_up_on_mm is + * safe. + */ ret = dup_anon_vma(middle, next, &anon_dup); if (ret) return ret; @@ -1090,9 +1117,15 @@ int vma_expand(struct vma_merge_struct * return 0; nomem: - vmg->state = VMA_MERGE_ERROR_NOMEM; if (anon_dup) unlink_anon_vmas(anon_dup); + /* + * If the user requests that we just give upon OOM, we are safe to do so + * here, as commit merge provides this contract to us. Nothing has been + * changed - no harm no foul, just don't report it. + */ + if (!vmg->give_up_on_oom) + vmg->state = VMA_MERGE_ERROR_NOMEM; return -ENOMEM; } @@ -1534,6 +1567,13 @@ static struct vm_area_struct *vma_modify if (vmg_nomem(vmg)) return ERR_PTR(-ENOMEM); + /* + * Split can fail for reasons other than OOM, so if the user requests + * this it's probably a mistake. + */ + VM_WARN_ON(vmg->give_up_on_oom && + (vma->vm_start != start || vma->vm_end != end)); + /* Split any preceding portion of the VMA. */ if (vma->vm_start < start) { int err = split_vma(vmg->vmi, vma, start, 1); @@ -1602,12 +1642,15 @@ struct vm_area_struct struct vm_area_struct *vma, unsigned long start, unsigned long end, unsigned long new_flags, - struct vm_userfaultfd_ctx new_ctx) + struct vm_userfaultfd_ctx new_ctx, + bool give_up_on_oom) { VMG_VMA_STATE(vmg, vmi, prev, vma, start, end); vmg.flags = new_flags; vmg.uffd_ctx = new_ctx; + if (give_up_on_oom) + vmg.give_up_on_oom = true; return vma_modify(&vmg); } --- a/mm/vma.h~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release +++ a/mm/vma.h @@ -114,6 +114,12 @@ struct vma_merge_struct { */ bool just_expand :1; + /* + * If a merge is possible, but an OOM error occurs, give up and don't + * execute the merge, returning NULL. + */ + bool give_up_on_oom :1; + /* Internal flags set during merge process: */ /* @@ -255,7 +261,8 @@ __must_check struct vm_area_struct struct vm_area_struct *vma, unsigned long start, unsigned long end, unsigned long new_flags, - struct vm_userfaultfd_ctx new_ctx); + struct vm_userfaultfd_ctx new_ctx, + bool give_up_on_oom); __must_check struct vm_area_struct *vma_merge_new_range(struct vma_merge_struct *vmg); _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release.patch

7 months

1
0
0 0

[PATCH] media: dvb: Add error checking for bcm3510_writeB()

by Wentao Liang

In bcm3510_bert_reset(), the function performed multiple writes without checking the return value of bcm3510_writeB(). This could result in silent failures if the writes failed, leaving the BER counter in an undefined state. Add error checking for each bcm3510_writeB call and propagate any errors immediately. This ensures proper error handling and prevents silent failures during BER counter initialization. Fixes: 55f51efdb696 ("[PATCH] dvb: flexcop: add BCM3510 ATSC frontend support for Air2PC card") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/media/dvb-frontends/bcm3510.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/media/dvb-frontends/bcm3510.c b/drivers/media/dvb-frontends/bcm3510.c index d935fb10e620..fc5853fc9595 100644 --- a/drivers/media/dvb-frontends/bcm3510.c +++ b/drivers/media/dvb-frontends/bcm3510.c @@ -270,10 +270,18 @@ static int bcm3510_bert_reset(struct bcm3510_state *st) if ((ret = bcm3510_readB(st,0xfa,&b)) < 0) return ret; - b.BERCTL_fa.RESYNC = 0; bcm3510_writeB(st,0xfa,b); - b.BERCTL_fa.RESYNC = 1; bcm3510_writeB(st,0xfa,b); - b.BERCTL_fa.RESYNC = 0; bcm3510_writeB(st,0xfa,b); - b.BERCTL_fa.CNTCTL = 1; b.BERCTL_fa.BITCNT = 1; bcm3510_writeB(st,0xfa,b); + b.BERCTL_fa.RESYNC = 0; + if ((ret = bcm3510_writeB(st,0xfa,b)) < 0) + return ret; + b.BERCTL_fa.RESYNC = 1; + if ((ret = bcm3510_writeB(st,0xfa,b)) < 0) + return ret; + b.BERCTL_fa.RESYNC = 0; + if ((ret = bcm3510_writeB(st,0xfa,b)) < 0) + return ret; + b.BERCTL_fa.CNTCTL = 1; b.BERCTL_fa.BITCNT = 1; + if ((ret = bcm3510_writeB(st,0xfa,b)) < 0) + return ret; /* clear residual bit counter TODO */ return 0; -- 2.42.0.windows.2

7 months

2
1
0 0

+ mm-memory_hotplug-fix-call-folio_test_large-with-tail-page-in-do_migrate_range.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory_hotplug: fix call folio_test_large with tail page in do_migrate_range has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory_hotplug-fix-call-folio_test_large-with-tail-page-in-do_migrate_range.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jinjiang Tu <tujinjiang(a)huawei.com> Subject: mm/memory_hotplug: fix call folio_test_large with tail page in do_migrate_range Date: Mon, 24 Mar 2025 21:17:50 +0800 We triggered the below BUG: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x240402 head: order:9 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x1ffffe0000000040(head|node=1|zone=3|lastcpupid=0x1ffff) page_type: f4(hugetlb) page dumped because: VM_BUG_ON_PAGE(page->compound_head & 1) ------------[ cut here ]------------ kernel BUG at ./include/linux/page-flags.h:310! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 7 UID: 0 PID: 166 Comm: sh Not tainted 6.14.0-rc7-dirty #374 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : const_folio_flags+0x3c/0x58 lr : const_folio_flags+0x3c/0x58 Call trace: const_folio_flags+0x3c/0x58 (P) do_migrate_range+0x164/0x720 offline_pages+0x63c/0x6fc memory_subsys_offline+0x190/0x1f4 device_offline+0xc0/0x13c state_store+0x90/0xd8 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x120/0x1cc vfs_write+0x240/0x378 ksys_write+0x70/0x108 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x10c el0_svc_common.constprop.0+0x40/0xe0 When allocating a hugetlb folio, between the folio is taken from buddy and prep_compound_page() is called, start_isolate_page_range() and do_migrate_range() is called. When do_migrate_range() scans the head page of the hugetlb folio, the compound_head field isn't set, so scans the tail page next. And at this time, the compound_head field of tail page is set, folio_test_large() is called by tail page, thus triggers VM_BUG_ON(). To fix it, get folio refcount before calling folio_test_large(). Link: https://lkml.kernel.org/r/20250324131750.1551884-1-tujinjiang@huawei.com Fixes: 8135d8926c08 ("mm: memory_hotplug: memory hotremove supports thp migration") Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) --- a/mm/memory_hotplug.c~mm-memory_hotplug-fix-call-folio_test_large-with-tail-page-in-do_migrate_range +++ a/mm/memory_hotplug.c @@ -1813,21 +1813,15 @@ static void do_migrate_range(unsigned lo page = pfn_to_page(pfn); folio = page_folio(page); - /* - * No reference or lock is held on the folio, so it might - * be modified concurrently (e.g. split). As such, - * folio_nr_pages() may read garbage. This is fine as the outer - * loop will revisit the split folio later. - */ - if (folio_test_large(folio)) - pfn = folio_pfn(folio) + folio_nr_pages(folio) - 1; - if (!folio_try_get(folio)) continue; if (unlikely(page_folio(page) != folio)) goto put_folio; + if (folio_test_large(folio)) + pfn = folio_pfn(folio) + folio_nr_pages(folio) - 1; + if (folio_contain_hwpoisoned_page(folio)) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); _ Patches currently in -mm which might be from tujinjiang(a)huawei.com are mm-contig_alloc-fix-alloc_contig_range-when-__gfp_comp-and-order-max_order.patch mm-memory_hotplug-fix-call-folio_test_large-with-tail-page-in-do_migrate_range.patch

7 months

1
0
0 0

[PATCH 5.10.y] btrfs: handle errors from btrfs_dec_ref() properly

by jianqi.ren.cn＠windriver.com

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit 5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 ] In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/extent-tree.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index a8089bf2be98..cf2b65be04b5 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5240,7 +5240,10 @@ static noinline int walk_up_proc(struct btrfs_trans_handle *trans, ret = btrfs_dec_ref(trans, root, eb, 1); else ret = btrfs_dec_ref(trans, root, eb, 0); - BUG_ON(ret); /* -ENOMEM */ + if (ret) { + btrfs_abort_transaction(trans, ret); + return ret; + } if (is_fstree(root->root_key.objectid)) { ret = btrfs_qgroup_trace_leaf_items(trans, eb); if (ret) { -- 2.34.1

7 months

1
0
0 0

[PATCH 5.15.y] btrfs: handle errors from btrfs_dec_ref() properly

by jianqi.ren.cn＠windriver.com

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit 5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 ] In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/extent-tree.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index e9659e29d657..551faae77bc3 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5461,7 +5461,10 @@ static noinline int walk_up_proc(struct btrfs_trans_handle *trans, ret = btrfs_dec_ref(trans, root, eb, 1); else ret = btrfs_dec_ref(trans, root, eb, 0); - BUG_ON(ret); /* -ENOMEM */ + if (ret) { + btrfs_abort_transaction(trans, ret); + return ret; + } if (is_fstree(root->root_key.objectid)) { ret = btrfs_qgroup_trace_leaf_items(trans, eb); if (ret) { -- 2.34.1

7 months

1
0
0 0

[PATCH 6.1.y] btrfs: handle errors from btrfs_dec_ref() properly

by jianqi.ren.cn＠windriver.com

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit 5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 ] In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/extent-tree.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 50bc553cc73a..9040108eda64 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5575,7 +5575,10 @@ static noinline int walk_up_proc(struct btrfs_trans_handle *trans, ret = btrfs_dec_ref(trans, root, eb, 1); else ret = btrfs_dec_ref(trans, root, eb, 0); - BUG_ON(ret); /* -ENOMEM */ + if (ret) { + btrfs_abort_transaction(trans, ret); + return ret; + } if (is_fstree(root->root_key.objectid)) { ret = btrfs_qgroup_trace_leaf_items(trans, eb); if (ret) { -- 2.34.1

7 months

1
0
0 0

[PATCH 6.6.y] btrfs: handle errors from btrfs_dec_ref() properly

by jianqi.ren.cn＠windriver.com

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit 5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 ] In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/extent-tree.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 021cf468274b..af03a1c6ba76 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5540,7 +5540,10 @@ static noinline int walk_up_proc(struct btrfs_trans_handle *trans, ret = btrfs_dec_ref(trans, root, eb, 1); else ret = btrfs_dec_ref(trans, root, eb, 0); - BUG_ON(ret); /* -ENOMEM */ + if (ret) { + btrfs_abort_transaction(trans, ret); + return ret; + } if (is_fstree(root->root_key.objectid)) { ret = btrfs_qgroup_trace_leaf_items(trans, eb); if (ret) { -- 2.34.1

7 months

1
0
0 0

[PATCH 6.1.y] kunit/overflow: Fix UB in overflow_allocation_test

by jianqi.ren.cn＠windriver.com

From: Ivan Orlov <ivan.orlov0322(a)gmail.com> [ Upstream commit 92e9bac18124682c4b99ede9ee3bcdd68f121e92 ] The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. However, it is being used as a driver name when calling 'kunit_driver_create' from 'kunit_device_register'. It produces the kernel panic with KASAN enabled. Since this variable is used in one place only, remove it and pass the device name into kunit_device_register directly as an ascii string. Signed-off-by: Ivan Orlov <ivan.orlov0322(a)gmail.com> Reviewed-by: David Gow <davidgow(a)google.com> Link: https://lore.kernel.org/r/20240815000431.401869-1-ivan.orlov0322@gmail.com Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- lib/overflow_kunit.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c index b8556a2e7bb1..e499e13856fb 100644 --- a/lib/overflow_kunit.c +++ b/lib/overflow_kunit.c @@ -608,7 +608,6 @@ DEFINE_TEST_ALLOC(devm_kzalloc, devm_kfree, 1, 1, 0); static void overflow_allocation_test(struct kunit *test) { - const char device_name[] = "overflow-test"; struct device *dev; int count = 0; @@ -618,7 +617,7 @@ static void overflow_allocation_test(struct kunit *test) } while (0) /* Create dummy device for devm_kmalloc()-family tests. */ - dev = root_device_register(device_name); + dev = root_device_register("overflow-test"); KUNIT_ASSERT_FALSE_MSG(test, IS_ERR(dev), "Cannot register test device\n"); -- 2.34.1

7 months

1
0
0 0

[PATCH 6.6.y] kunit/overflow: Fix UB in overflow_allocation_test

by jianqi.ren.cn＠windriver.com

From: Ivan Orlov <ivan.orlov0322(a)gmail.com> [ Upstream commit 92e9bac18124682c4b99ede9ee3bcdd68f121e92 ] The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. However, it is being used as a driver name when calling 'kunit_driver_create' from 'kunit_device_register'. It produces the kernel panic with KASAN enabled. Since this variable is used in one place only, remove it and pass the device name into kunit_device_register directly as an ascii string. Signed-off-by: Ivan Orlov <ivan.orlov0322(a)gmail.com> Reviewed-by: David Gow <davidgow(a)google.com> Link: https://lore.kernel.org/r/20240815000431.401869-1-ivan.orlov0322@gmail.com Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- lib/overflow_kunit.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c index 34db0b3aa502..9493a1b28b9e 100644 --- a/lib/overflow_kunit.c +++ b/lib/overflow_kunit.c @@ -608,7 +608,6 @@ DEFINE_TEST_ALLOC(devm_kzalloc, devm_kfree, 1, 1, 0); static void overflow_allocation_test(struct kunit *test) { - const char device_name[] = "overflow-test"; struct device *dev; int count = 0; @@ -618,7 +617,7 @@ static void overflow_allocation_test(struct kunit *test) } while (0) /* Create dummy device for devm_kmalloc()-family tests. */ - dev = root_device_register(device_name); + dev = root_device_register("overflow-test"); KUNIT_ASSERT_FALSE_MSG(test, IS_ERR(dev), "Cannot register test device\n"); -- 2.34.1

7 months

1
0
0 0

[PATCH v5] KEYS: Add a list for unreferenced keys

by Jarkko Sakkinen

From: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> Add an isolated list of unreferenced keys to be queued for deletion, and try to pin the keys in the garbage collector before processing anything. Skip unpinnable keys. Use this list for blocking the reaping process during the teardown: 1. First off, the keys added to `keys_graveyard` are snapshotted, and the list is flushed. This the very last step in `key_put()`. 2. `key_put()` reaches zero. This will mark key as busy for the garbage collector. 3. `key_garbage_collector()` will try to increase refcount, which won't go above zero. Whenever this happens, the key will be skipped. Cc: stable(a)vger.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> --- v5: - Rebased on top of v6.15-rc - Updated commit message to explain how spin lock and refcount isolate the time window in key_put(). v4: - Pin the key while processing key type teardown. Skip dead keys. - Revert key_gc_graveyard back key_gc_unused_keys. - Rewrote the commit message. - "unsigned long flags" declaration somehow did make to the previous patch (sorry). v3: - Using spin_lock() fails since key_put() is executed inside IRQs. Using spin_lock_irqsave() would neither work given the lock is acquired for /proc/keys. Therefore, separate the lock for graveyard and key_graveyard before reaping key_serial_tree. v2: - Rename key_gc_unused_keys as key_gc_graveyard, and re-document the function. --- include/linux/key.h | 7 ++----- security/keys/gc.c | 21 +++++++++++++++++++++ security/keys/internal.h | 2 ++ security/keys/key.c | 11 ++++------- 4 files changed, 29 insertions(+), 12 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index ba05de8579ec..c50659184bdf 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -195,10 +195,8 @@ enum key_state { struct key { refcount_t usage; /* number of references */ key_serial_t serial; /* key serial number */ - union { - struct list_head graveyard_link; - struct rb_node serial_node; - }; + struct list_head graveyard_link; /* key->usage == 0 */ + struct rb_node serial_node; #ifdef CONFIG_KEY_NOTIFICATIONS struct watch_list *watchers; /* Entities watching this key for changes */ #endif @@ -236,7 +234,6 @@ struct key { #define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */ #define KEY_FLAG_KEEP 8 /* set if key should not be removed */ #define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */ -#define KEY_FLAG_FINAL_PUT 10 /* set if final put has happened on key */ /* the key type and key description string * - the desc is used to match a key against search criteria diff --git a/security/keys/gc.c b/security/keys/gc.c index 4a7f32a1208b..e32534027494 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -193,6 +193,7 @@ static void key_garbage_collector(struct work_struct *work) struct rb_node *cursor; struct key *key; time64_t new_timer, limit, expiry; + unsigned long flags; kenter("[%lx,%x]", key_gc_flags, gc_state); @@ -210,17 +211,36 @@ static void key_garbage_collector(struct work_struct *work) new_timer = TIME64_MAX; + spin_lock_irqsave(&key_graveyard_lock, flags); + list_splice_init(&key_graveyard, &graveyard); + spin_unlock_irqrestore(&key_graveyard_lock, flags); + + list_for_each_entry(key, &graveyard, graveyard_link) { + spin_lock(&key_serial_lock); + kdebug("unrefd key %d", key->serial); + rb_erase(&key->serial_node, &key_serial_tree); + spin_unlock(&key_serial_lock); + } + /* As only this function is permitted to remove things from the key * serial tree, if cursor is non-NULL then it will always point to a * valid node in the tree - even if lock got dropped. */ spin_lock(&key_serial_lock); + key = NULL; cursor = rb_first(&key_serial_tree); continue_scanning: + key_put(key); while (cursor) { key = rb_entry(cursor, struct key, serial_node); cursor = rb_next(cursor); + /* key_get(), unless zero: */ + if (!refcount_inc_not_zero(&key->usage)) { + key = NULL; + gc_state |= KEY_GC_REAP_AGAIN; + goto skip_dead_key; + } if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) { if (key->type == key_gc_dead_keytype) { @@ -273,6 +293,7 @@ static void key_garbage_collector(struct work_struct *work) spin_lock(&key_serial_lock); goto continue_scanning; } + key_put(key); /* We've completed the pass. Set the timer if we need to and queue a * new cycle if necessary. We keep executing cycles until we find one diff --git a/security/keys/internal.h b/security/keys/internal.h index 676d4ce8b431..4e3d9b322390 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -69,6 +69,8 @@ extern spinlock_t key_graveyard_lock; extern struct rb_root key_user_tree; extern spinlock_t key_user_lock; extern struct key_user root_key_user; +extern struct list_head key_graveyard; +extern spinlock_t key_graveyard_lock; extern struct key_user *key_user_lookup(kuid_t uid); extern void key_user_put(struct key_user *user); diff --git a/security/keys/key.c b/security/keys/key.c index 23cfa62f9c7e..7511f2017b6b 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -22,6 +22,8 @@ DEFINE_SPINLOCK(key_serial_lock); struct rb_root key_user_tree; /* tree of quota records indexed by UID */ DEFINE_SPINLOCK(key_user_lock); +LIST_HEAD(key_graveyard); +DEFINE_SPINLOCK(key_graveyard_lock); unsigned int key_quota_root_maxkeys = 1000000; /* root's key count quota */ unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */ @@ -658,14 +660,9 @@ void key_put(struct key *key) key->user->qnbytes -= key->quotalen; spin_unlock_irqrestore(&key->user->lock, flags); } - smp_mb(); /* key->user before FINAL_PUT set. */ - set_bit(KEY_FLAG_FINAL_PUT, &key->flags); - spin_lock(&key_serial_lock); - rb_erase(&key->serial_node, &key_serial_tree); - spin_unlock(&key_serial_lock); - spin_lock(&key_graveyard_lock); + spin_lock_irqsave(&key_graveyard_lock, flags); list_add_tail(&key->graveyard_link, &key_graveyard); - spin_unlock(&key_graveyard_lock); + spin_unlock_irqrestore(&key_graveyard_lock, flags); schedule_work(&key_gc_work); } } -- 2.39.5

7 months

1
1
0 0

[PATCH v6] KEYS: Add a list for unreferenced keys

by Jarkko Sakkinen

From: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> Add an isolated list of unreferenced keys to be queued for deletion, and try to pin the keys in the garbage collector before processing anything. Skip unpinnable keys. Use this list for blocking the reaping process during the teardown: 1. First off, the keys added to `keys_graveyard` are snapshotted, and the list is flushed. This the very last step in `key_put()`. 2. `key_put()` reaches zero. This will mark key as busy for the garbage collector. 3. `key_garbage_collector()` will try to increase refcount, which won't go above zero. Whenever this happens, the key will be skipped. Cc: stable(a)vger.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> --- v6: - Rebase went wrong in v5. v5: - Rebased on top of v6.15-rc - Updated commit message to explain how spin lock and refcount isolate the time window in key_put(). v4: - Pin the key while processing key type teardown. Skip dead keys. - Revert key_gc_graveyard back key_gc_unused_keys. - Rewrote the commit message. - "unsigned long flags" declaration somehow did make to the previous patch (sorry). v3: - Using spin_lock() fails since key_put() is executed inside IRQs. Using spin_lock_irqsave() would neither work given the lock is acquired for /proc/keys. Therefore, separate the lock for graveyard and key_graveyard before reaping key_serial_tree. v2: - Rename key_gc_unused_keys as key_gc_graveyard, and re-document the function. --- include/linux/key.h | 7 ++----- security/keys/gc.c | 44 +++++++++++++++++++++++++--------------- security/keys/internal.h | 5 +++++ security/keys/key.c | 7 +++++-- 4 files changed, 40 insertions(+), 23 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index ba05de8579ec..c50659184bdf 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -195,10 +195,8 @@ enum key_state { struct key { refcount_t usage; /* number of references */ key_serial_t serial; /* key serial number */ - union { - struct list_head graveyard_link; - struct rb_node serial_node; - }; + struct list_head graveyard_link; /* key->usage == 0 */ + struct rb_node serial_node; #ifdef CONFIG_KEY_NOTIFICATIONS struct watch_list *watchers; /* Entities watching this key for changes */ #endif @@ -236,7 +234,6 @@ struct key { #define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */ #define KEY_FLAG_KEEP 8 /* set if key should not be removed */ #define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */ -#define KEY_FLAG_FINAL_PUT 10 /* set if final put has happened on key */ /* the key type and key description string * - the desc is used to match a key against search criteria diff --git a/security/keys/gc.c b/security/keys/gc.c index f27223ea4578..e32534027494 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -10,6 +10,10 @@ #include <keys/keyring-type.h> #include "internal.h" +LIST_HEAD(key_graveyard); +DEFINE_SPINLOCK(key_graveyard_lock); + + /* * Delay between key revocation/expiry in seconds */ @@ -189,6 +193,7 @@ static void key_garbage_collector(struct work_struct *work) struct rb_node *cursor; struct key *key; time64_t new_timer, limit, expiry; + unsigned long flags; kenter("[%lx,%x]", key_gc_flags, gc_state); @@ -206,21 +211,35 @@ static void key_garbage_collector(struct work_struct *work) new_timer = TIME64_MAX; + spin_lock_irqsave(&key_graveyard_lock, flags); + list_splice_init(&key_graveyard, &graveyard); + spin_unlock_irqrestore(&key_graveyard_lock, flags); + + list_for_each_entry(key, &graveyard, graveyard_link) { + spin_lock(&key_serial_lock); + kdebug("unrefd key %d", key->serial); + rb_erase(&key->serial_node, &key_serial_tree); + spin_unlock(&key_serial_lock); + } + /* As only this function is permitted to remove things from the key * serial tree, if cursor is non-NULL then it will always point to a * valid node in the tree - even if lock got dropped. */ spin_lock(&key_serial_lock); + key = NULL; cursor = rb_first(&key_serial_tree); continue_scanning: + key_put(key); while (cursor) { key = rb_entry(cursor, struct key, serial_node); cursor = rb_next(cursor); - - if (test_bit(KEY_FLAG_FINAL_PUT, &key->flags)) { - smp_mb(); /* Clobber key->user after FINAL_PUT seen. */ - goto found_unreferenced_key; + /* key_get(), unless zero: */ + if (!refcount_inc_not_zero(&key->usage)) { + key = NULL; + gc_state |= KEY_GC_REAP_AGAIN; + goto skip_dead_key; } if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) { @@ -274,6 +293,7 @@ static void key_garbage_collector(struct work_struct *work) spin_lock(&key_serial_lock); goto continue_scanning; } + key_put(key); /* We've completed the pass. Set the timer if we need to and queue a * new cycle if necessary. We keep executing cycles until we find one @@ -286,6 +306,10 @@ static void key_garbage_collector(struct work_struct *work) key_schedule_gc(new_timer); } + spin_lock(&key_graveyard_lock); + list_splice_init(&key_graveyard, &graveyard); + spin_unlock(&key_graveyard_lock); + if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2) || !list_empty(&graveyard)) { /* Make sure that all pending keyring payload destructions are @@ -328,18 +352,6 @@ static void key_garbage_collector(struct work_struct *work) kleave(" [end %x]", gc_state); return; - /* We found an unreferenced key - once we've removed it from the tree, - * we can safely drop the lock. - */ -found_unreferenced_key: - kdebug("unrefd key %d", key->serial); - rb_erase(&key->serial_node, &key_serial_tree); - spin_unlock(&key_serial_lock); - - list_add_tail(&key->graveyard_link, &graveyard); - gc_state |= KEY_GC_REAP_AGAIN; - goto maybe_resched; - /* We found a restricted keyring and need to update the restriction if * it is associated with the dead key type. */ diff --git a/security/keys/internal.h b/security/keys/internal.h index 2cffa6dc8255..4e3d9b322390 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -63,9 +63,14 @@ struct key_user { int qnbytes; /* number of bytes allocated to this user */ }; +extern struct list_head key_graveyard; +extern spinlock_t key_graveyard_lock; + extern struct rb_root key_user_tree; extern spinlock_t key_user_lock; extern struct key_user root_key_user; +extern struct list_head key_graveyard; +extern spinlock_t key_graveyard_lock; extern struct key_user *key_user_lookup(kuid_t uid); extern void key_user_put(struct key_user *user); diff --git a/security/keys/key.c b/security/keys/key.c index 7198cd2ac3a3..7511f2017b6b 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -22,6 +22,8 @@ DEFINE_SPINLOCK(key_serial_lock); struct rb_root key_user_tree; /* tree of quota records indexed by UID */ DEFINE_SPINLOCK(key_user_lock); +LIST_HEAD(key_graveyard); +DEFINE_SPINLOCK(key_graveyard_lock); unsigned int key_quota_root_maxkeys = 1000000; /* root's key count quota */ unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */ @@ -658,8 +660,9 @@ void key_put(struct key *key) key->user->qnbytes -= key->quotalen; spin_unlock_irqrestore(&key->user->lock, flags); } - smp_mb(); /* key->user before FINAL_PUT set. */ - set_bit(KEY_FLAG_FINAL_PUT, &key->flags); + spin_lock_irqsave(&key_graveyard_lock, flags); + list_add_tail(&key->graveyard_link, &key_graveyard); + spin_unlock_irqrestore(&key_graveyard_lock, flags); schedule_work(&key_gc_work); } } -- 2.39.5

7 months

1
0
0 0

[RFC PATCH net-next v2 01/11] net: phylink: fix possible circular locking dep with config in-band

by Christian Marangi

Debug lock detection revealed a possible circular locking dependency between phylink_major_config() and phylink_bringup_phy(). This was introduced by the addition of phy_config_inband(), which acquires the phydev lock. This made the locking order in phylink_bringup_phy() inconsistent, as it acquires the phydev lock before phylink's state_mutex. A deadlock can occur when phylink_major_config() is called from phylink_resolve(), where the state_mutex is taken first and then the phydev lock. This is the reverse of the order used in phylink_bringup_phy(). To avoid this circular dependency, change the locking order in phylink_bringup_phy() to match the pattern used in phylink_resolve(): take state_mutex first, then the phydev lock. A sample lockdep warning is included below for reference: [ 147.749178] [ 147.750682] ====================================================== [ 147.756850] WARNING: possible circular locking dependency detected [ 147.763019] 6.14.0-next-20250404+ #0 Tainted: G O [ 147.769189] ------------------------------------------------------ [ 147.775356] kworker/u16:0/12 is trying to acquire lock: [ 147.780571] ffffff80ce9bcf08 (&dev->lock#2){+.+.}-{4:4}, at: phy_config_inband+0x44/0x90 [ 147.788672] [ 147.788672] but task is already holding lock: [ 147.794492] ffffff80c0dfbda0 (&pl->state_mutex){+.+.}-{4:4}, at: phylink_resolve+0x2c/0x6a8 [ 147.802840] [ 147.802840] which lock already depends on the new lock. [ 147.802840] [ 147.811002] [ 147.811002] the existing dependency chain (in reverse order) is: [ 147.818472] [ 147.818472] -> #1 (&pl->state_mutex){+.+.}-{4:4}: [ 147.824647] __mutex_lock+0x90/0x924 [ 147.828738] mutex_lock_nested+0x20/0x28 [ 147.833173] phylink_bringup_phy+0x210/0x700 [ 147.837954] phylink_fwnode_phy_connect+0xe0/0x124 [ 147.843256] phylink_of_phy_connect+0x18/0x20 [ 147.848124] dsa_user_create+0x210/0x414 [ 147.852561] dsa_port_setup+0xd4/0x14c [ 147.856823] dsa_register_switch+0xbb0/0xe40 [ 147.861605] mt7988_probe+0xf8/0x140 [ 147.865694] platform_probe+0x64/0xbc [ 147.869869] really_probe+0xbc/0x388 [ 147.873955] __driver_probe_device+0x78/0x154 [ 147.878823] driver_probe_device+0x3c/0xd4 [ 147.883430] __device_attach_driver+0xb0/0x144 [ 147.888383] bus_for_each_drv+0x6c/0xb0 [ 147.892732] __device_attach+0x9c/0x19c [ 147.897078] device_initial_probe+0x10/0x18 [ 147.901771] bus_probe_device+0xa8/0xac [ 147.906118] deferred_probe_work_func+0xb8/0x118 [ 147.911245] process_one_work+0x224/0x610 [ 147.915769] worker_thread+0x1b8/0x35c [ 147.920029] kthread+0x11c/0x1e8 [ 147.923769] ret_from_fork+0x10/0x20 [ 147.927857] [ 147.927857] -> #0 (&dev->lock#2){+.+.}-{4:4}: [ 147.933686] __lock_acquire+0x12b8/0x1ff0 [ 147.938209] lock_acquire+0xf4/0x2d8 [ 147.942295] __mutex_lock+0x90/0x924 [ 147.946383] mutex_lock_nested+0x20/0x28 [ 147.950817] phy_config_inband+0x44/0x90 [ 147.955252] phylink_major_config+0x684/0xa64 [ 147.960120] phylink_resolve+0x24c/0x6a8 [ 147.964554] process_one_work+0x224/0x610 [ 147.969075] worker_thread+0x1b8/0x35c [ 147.973335] kthread+0x11c/0x1e8 [ 147.977075] ret_from_fork+0x10/0x20 [ 147.981162] [ 147.981162] other info that might help us debug this: [ 147.981162] [ 147.989150] Possible unsafe locking scenario: [ 147.989150] [ 147.995056] CPU0 CPU1 [ 147.999575] ---- ---- [ 148.004094] lock(&pl->state_mutex); [ 148.007748] lock(&dev->lock#2); [ 148.013572] lock(&pl->state_mutex); [ 148.019742] lock(&dev->lock#2); [ 148.023051] [ 148.023051] *** DEADLOCK *** [ 148.023051] [ 148.028958] 3 locks held by kworker/u16:0/12: [ 148.033304] #0: ffffff80c0011d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1a8/0x610 [ 148.044082] #1: ffffffc081ca3dd8 ((work_completion)(&pl->resolve)){+.+.}-{0:0}, at: process_one_work+0x1d0/0x610 [ 148.054338] #2: ffffff80c0dfbda0 (&pl->state_mutex){+.+.}-{4:4}, at: phylink_resolve+0x2c/0x6a8 [ 148.063119] [ 148.063119] stack backtrace: [ 148.067465] CPU: 3 UID: 0 PID: 12 Comm: kworker/u16:0 Tainted: G O 6.14.0-next-20250404+ #0 NONE [ 148.067472] Tainted: [O]=OOT_MODULE [ 148.067474] Hardware name: Bananapi BPI-R4 2.5GE PoE (DT) [ 148.067476] Workqueue: events_power_efficient phylink_resolve [ 148.067482] Call trace: [ 148.067484] show_stack+0x14/0x1c (C) [ 148.067492] dump_stack_lvl+0x84/0xc0 [ 148.067497] dump_stack+0x14/0x1c [ 148.067500] print_circular_bug+0x330/0x43c [ 148.067505] check_noncircular+0x124/0x134 [ 148.067508] __lock_acquire+0x12b8/0x1ff0 [ 148.067512] lock_acquire+0xf4/0x2d8 [ 148.067516] __mutex_lock+0x90/0x924 [ 148.067521] mutex_lock_nested+0x20/0x28 [ 148.067527] phy_config_inband+0x44/0x90 [ 148.067531] phylink_major_config+0x684/0xa64 [ 148.067535] phylink_resolve+0x24c/0x6a8 [ 148.067539] process_one_work+0x224/0x610 [ 148.067544] worker_thread+0x1b8/0x35c [ 148.067548] kthread+0x11c/0x1e8 [ 148.067552] ret_from_fork+0x10/0x20 Cc: stable(a)vger.kernel.org Fixes: 5fd0f1a02e75 ("net: phylink: add negotiation of in-band capabilities") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/net/phy/phylink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c index 69ca765485db..4a1edf19dfad 100644 --- a/drivers/net/phy/phylink.c +++ b/drivers/net/phy/phylink.c @@ -2072,8 +2072,8 @@ static int phylink_bringup_phy(struct phylink *pl, struct phy_device *phy, dev_name(&phy->mdio.dev), phy->drv->name, irq_str); kfree(irq_str); - mutex_lock(&phy->lock); mutex_lock(&pl->state_mutex); + mutex_lock(&phy->lock); pl->phydev = phy; pl->phy_state.interface = interface; pl->phy_state.pause = MLO_PAUSE_NONE; @@ -2115,8 +2115,8 @@ static int phylink_bringup_phy(struct phylink *pl, struct phy_device *phy, phy_disable_eee(phy); } - mutex_unlock(&pl->state_mutex); mutex_unlock(&phy->lock); + mutex_unlock(&pl->state_mutex); phylink_dbg(pl, "phy: %s setting supported %*pb advertising %*pb\n", -- 2.48.1

7 months

1
0
0 0

[PATCH] media: dst_ca: Add error handling for dst_comm_init()

by Wentao Liang

The function dst_ci_command() calls the function dst_comm_init() but does not handle the error if the init fails. A proper implementation can be found in dst_command() in /source/drivers/media/pci/bt8xx/dst.c. Add error handling to the dst_comm_init(). Print an error message via dprintk(), and jump to the 'error' label if the function fails. Fixes: 50b215a05878 ("[PATCH] dvb: DST: reorganize Twinhan DST driver to support CI") Cc: stable(a)vger.kernel.org # v2.6+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/media/pci/bt8xx/dst_ca.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/media/pci/bt8xx/dst_ca.c b/drivers/media/pci/bt8xx/dst_ca.c index a9cc6e7a57f9..a743f7653fdd 100644 --- a/drivers/media/pci/bt8xx/dst_ca.c +++ b/drivers/media/pci/bt8xx/dst_ca.c @@ -66,7 +66,10 @@ static int dst_ci_command(struct dst_state* state, u8 * data, u8 *ca_string, u8 u8 reply; mutex_lock(&state->dst_mutex); - dst_comm_init(state); + if (dst_comm_init(state) < 0) { + dprintk(verbose, DST_CA_ERROR, 1, "DST initialization failed."); + goto error; + } msleep(65); if (write_dst(state, data, len)) { -- 2.42.0.windows.2

7 months

1
0
0 0

[PATCH v4] staging: rtl8723bs: Add error handling for sd_read()

by Wentao Liang

The sdio_read32() calls sd_read(), but does not handle the error if sd_read() fails. This could lead to subsequent operations processing invalid data. A proper implementation can be found in sdio_readN(). Add error handling for the sd_read() to free tmpbuf and return error code if sd_read() fails. This ensure that the memcpy() is only performed when the read operation is successful. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v4: Add change log and fix error code v3: Add Cc flag v2: Change code to initialize val drivers/staging/rtl8723bs/hal/sdio_ops.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c b/drivers/staging/rtl8723bs/hal/sdio_ops.c index 21e9f1858745..045153991986 100644 --- a/drivers/staging/rtl8723bs/hal/sdio_ops.c +++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c @@ -185,7 +185,12 @@ static u32 sdio_read32(struct intf_hdl *intfhdl, u32 addr) return SDIO_ERR_VAL32; ftaddr &= ~(u16)0x3; - sd_read(intfhdl, ftaddr, 8, tmpbuf); + err = sd_read(intfhdl, ftaddr, 8, tmpbuf); + if (err) { + kfree(tmpbuf) + return SDIO_ERR_VAL32; + } + memcpy(&le_tmp, tmpbuf + shift, 4); val = le32_to_cpu(le_tmp); -- 2.42.0.windows.2

7 months

3
2
0 0

[PATCH 5.15.y] cifs: Fix UAF in cifs_demultiplex_thread()

by He Zhe

From: Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> commit d527f51331cace562393a8038d870b3e9916686f upstream. There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45 ... Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report+0x171/0x472 kasan_report+0xad/0x130 kasan_check_range+0x145/0x1a0 smb2_is_network_name_deleted+0x27/0x160 cifs_demultiplex_thread.cold+0x172/0x5a4 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 923: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_slab_alloc+0x54/0x60 kmem_cache_alloc+0x147/0x320 mempool_alloc+0xe1/0x260 cifs_small_buf_get+0x24/0x60 allocate_buffers+0xa1/0x1c0 cifs_demultiplex_thread+0x199/0x10d0 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 Freed by task 921: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x40 ____kasan_slab_free+0x143/0x1b0 kmem_cache_free+0xe3/0x4d0 cifs_small_buf_release+0x29/0x90 SMB2_negotiate+0x8b7/0x1c60 smb2_negotiate+0x51/0x70 cifs_negotiate_protocol+0xf0/0x160 cifs_get_smb_ses+0x5fa/0x13c0 mount_get_conns+0x7a/0x750 cifs_mount+0x103/0xd00 cifs_smb3_do_mount+0x1dd/0xcb0 smb3_get_tree+0x1d5/0x300 vfs_get_tree+0x41/0xf0 path_mount+0x9b3/0xdd0 __x64_sys_mount+0x190/0x1d0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The UAF is because: mount(pid: 921) | cifsd(pid: 923) -------------------------------|------------------------------- | cifs_demultiplex_thread SMB2_negotiate | cifs_send_recv | compound_send_recv | smb_send_rqst | wait_for_response | wait_event_state [1] | | standard_receive3 | cifs_handle_standard | handle_mid | mid->resp_buf = buf; [2] | dequeue_mid [3] KILL the process [4] | resp_iov[i].iov_base = buf | free_rsp_buf [5] | | is_network_name_deleted [6] | callback 1. After send request to server, wait the response until mid->mid_state != SUBMITTED; 2. Receive response from server, and set it to mid; 3. Set the mid state to RECEIVED; 4. Kill the process, the mid state already RECEIVED, get 0; 5. Handle and release the negotiate response; 6. UAF. It can be easily reproduce with add some delay in [3] - [6]. Only sync call has the problem since async call's callback is executed in cifsd process. Add an extra state to mark the mid state to READY before wakeup the waitter, then it can get the resp safely. Fixes: ec637e3ffb6b ("[CIFS] Avoid extra large buffer allocation (and memcpy) in cifs_readpages") Reviewed-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [fs/cifs was moved to fs/smb/client since 38c8a9a52082 ("smb: move client and server files to common directory fs/smb"). We apply the patch to fs/cifs with some minor context changes.] Signed-off-by: He Zhe <zhe.he(a)windriver.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- Build test passed. --- fs/cifs/cifsglob.h | 1 + fs/cifs/transport.c | 34 +++++++++++++++++++++++----------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 2ee67a27020d..8bd5d528244e 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -1719,6 +1719,7 @@ static inline bool is_retryable_error(int error) #define MID_RETRY_NEEDED 8 /* session closed while this request out */ #define MID_RESPONSE_MALFORMED 0x10 #define MID_SHUTDOWN 0x20 +#define MID_RESPONSE_READY 0x40 /* ready for other process handle the rsp */ /* Flags */ #define MID_WAIT_CANCELLED 1 /* Cancelled while waiting for response */ diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 49b7edbe3497..8cf12c106afa 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -34,6 +34,8 @@ void cifs_wake_up_task(struct mid_q_entry *mid) { + if (mid->mid_state == MID_RESPONSE_RECEIVED) + mid->mid_state = MID_RESPONSE_READY; wake_up_process(mid->callback_data); } @@ -86,7 +88,8 @@ static void _cifs_mid_q_entry_release(struct kref *refcount) struct TCP_Server_Info *server = midEntry->server; if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) && - midEntry->mid_state == MID_RESPONSE_RECEIVED && + (midEntry->mid_state == MID_RESPONSE_RECEIVED || + midEntry->mid_state == MID_RESPONSE_READY) && server->ops->handle_cancelled_mid) server->ops->handle_cancelled_mid(midEntry, server); @@ -762,7 +765,8 @@ wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) int error; error = wait_event_freezekillable_unsafe(server->response_q, - midQ->mid_state != MID_REQUEST_SUBMITTED); + midQ->mid_state != MID_REQUEST_SUBMITTED && + midQ->mid_state != MID_RESPONSE_RECEIVED); if (error < 0) return -ERESTARTSYS; @@ -914,7 +918,7 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) spin_lock(&GlobalMid_Lock); switch (mid->mid_state) { - case MID_RESPONSE_RECEIVED: + case MID_RESPONSE_READY: spin_unlock(&GlobalMid_Lock); return rc; case MID_RETRY_NEEDED: @@ -1013,6 +1017,9 @@ cifs_compound_callback(struct mid_q_entry *mid) credits.instance = server->reconnect_instance; add_credits(server, &credits, mid->optype); + + if (mid->mid_state == MID_RESPONSE_RECEIVED) + mid->mid_state = MID_RESPONSE_READY; } static void @@ -1204,7 +1211,8 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses, send_cancel(server, &rqst[i], midQ[i]); spin_lock(&GlobalMid_Lock); midQ[i]->mid_flags |= MID_WAIT_CANCELLED; - if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED) { + if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED || + midQ[i]->mid_state == MID_RESPONSE_RECEIVED) { midQ[i]->callback = cifs_cancelled_callback; cancelled_mid[i] = true; credits[i].value = 0; @@ -1225,7 +1233,7 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses, } if (!midQ[i]->resp_buf || - midQ[i]->mid_state != MID_RESPONSE_RECEIVED) { + midQ[i]->mid_state != MID_RESPONSE_READY) { rc = -EIO; cifs_dbg(FYI, "Bad MID state?\n"); goto out; @@ -1404,7 +1412,8 @@ SendReceive(const unsigned int xid, struct cifs_ses *ses, if (rc != 0) { send_cancel(server, &rqst, midQ); spin_lock(&GlobalMid_Lock); - if (midQ->mid_state == MID_REQUEST_SUBMITTED) { + if (midQ->mid_state == MID_REQUEST_SUBMITTED || + midQ->mid_state == MID_RESPONSE_RECEIVED) { /* no longer considered to be "in-flight" */ midQ->callback = DeleteMidQEntry; spin_unlock(&GlobalMid_Lock); @@ -1421,7 +1430,7 @@ SendReceive(const unsigned int xid, struct cifs_ses *ses, } if (!midQ->resp_buf || !out_buf || - midQ->mid_state != MID_RESPONSE_RECEIVED) { + midQ->mid_state != MID_RESPONSE_READY) { rc = -EIO; cifs_server_dbg(VFS, "Bad MID state?\n"); goto out; @@ -1541,13 +1550,15 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, /* Wait for a reply - allow signals to interrupt. */ rc = wait_event_interruptible(server->response_q, - (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) || + (!(midQ->mid_state == MID_REQUEST_SUBMITTED || + midQ->mid_state == MID_RESPONSE_RECEIVED)) || ((server->tcpStatus != CifsGood) && (server->tcpStatus != CifsNew))); /* Were we interrupted by a signal ? */ if ((rc == -ERESTARTSYS) && - (midQ->mid_state == MID_REQUEST_SUBMITTED) && + (midQ->mid_state == MID_REQUEST_SUBMITTED || + midQ->mid_state == MID_RESPONSE_RECEIVED) && ((server->tcpStatus == CifsGood) || (server->tcpStatus == CifsNew))) { @@ -1577,7 +1588,8 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, if (rc) { send_cancel(server, &rqst, midQ); spin_lock(&GlobalMid_Lock); - if (midQ->mid_state == MID_REQUEST_SUBMITTED) { + if (midQ->mid_state == MID_REQUEST_SUBMITTED || + midQ->mid_state == MID_RESPONSE_RECEIVED) { /* no longer considered to be "in-flight" */ midQ->callback = DeleteMidQEntry; spin_unlock(&GlobalMid_Lock); @@ -1595,7 +1607,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, return rc; /* rcvd frame is ok */ - if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) { + if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) { rc = -EIO; cifs_tcon_dbg(VFS, "Bad MID state?\n"); goto out; -- 2.34.1

7 months

2
1
0 0

[PATCH 6.1] Revert "fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super"

by Fedor Pchelkin

This reverts commit f9c572d02fcced59c68f0287680fef9a5e0f5c9a which is commit 91a4b1ee78cb100b19b70f077c247f211110348f upstream. The backported version of the fix does a lot of things which it shouldn't do and which the upstream commit doesn't touch as well. Various auto-formatting changes and duplicate assignments made by the ported version are not a big deal on its own, but what is more important, it just drops 'sbi->zone_max' initialization for an unknown reason. Original commit doesn't ever intend to do anything with that. Better revert this commit from the stable branch for now. Found by Linux Verification Center (linuxtesting.org). Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- FWIW there exists another variant of this backport patch [1] which at a quick glance looks more appropriate and was posted nearly a year ago. I've added Roman - author of [1] - to Cc. Maybe he would be interested in resending this so that it'd appear in your queue again. Anyway, it's up to you to decide whether to take Roman's patch or just ignore it... [1]: https://lore.kernel.org/stable/20240424101114.192681-2-r.smirnov@omp.ru/ fs/ntfs3/ntfs_fs.h | 2 -- fs/ntfs3/super.c | 68 +++++++++++++++------------------------------- 2 files changed, 22 insertions(+), 48 deletions(-) diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h index f2f32e304b3d..05d9abd66b37 100644 --- a/fs/ntfs3/ntfs_fs.h +++ b/fs/ntfs3/ntfs_fs.h @@ -42,11 +42,9 @@ enum utf16_endian; #define MINUS_ONE_T ((size_t)(-1)) /* Biggest MFT / smallest cluster */ #define MAXIMUM_BYTES_PER_MFT 4096 -#define MAXIMUM_SHIFT_BYTES_PER_MFT 12 #define NTFS_BLOCKS_PER_MFT_RECORD (MAXIMUM_BYTES_PER_MFT / 512) #define MAXIMUM_BYTES_PER_INDEX 4096 -#define MAXIMUM_SHIFT_BYTES_PER_INDEX 12 #define NTFS_BLOCKS_PER_INODE (MAXIMUM_BYTES_PER_INDEX / 512) /* NTFS specific error code when fixup failed. */ diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index 674a16c0c66b..eee54214f4a3 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -680,7 +680,7 @@ static u32 true_sectors_per_clst(const struct NTFS_BOOT *boot) * ntfs_init_from_boot - Init internal info from on-disk boot sector. */ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, - u64 dev_size) + u64 dev_size) { struct ntfs_sb_info *sbi = sb->s_fs_info; int err; @@ -705,12 +705,12 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, /* 0x55AA is not mandaroty. Thanks Maxim Suhanov*/ /*if (0x55 != boot->boot_magic[0] || 0xAA != boot->boot_magic[1]) - * goto out; + * goto out; */ boot_sector_size = (u32)boot->bytes_per_sector[1] << 8; if (boot->bytes_per_sector[0] || boot_sector_size < SECTOR_SIZE || - !is_power_of_2(boot_sector_size)) { + !is_power_of_2(boot_sector_size)) { goto out; } @@ -733,49 +733,15 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, /* Check MFT record size. */ if ((boot->record_size < 0 && - SECTOR_SIZE > (2U << (-boot->record_size))) || - (boot->record_size >= 0 && !is_power_of_2(boot->record_size))) { - goto out; - } - - /* Calculate cluster size */ - sbi->cluster_size = boot_sector_size * sct_per_clst; - sbi->cluster_bits = blksize_bits(sbi->cluster_size); - - if (boot->record_size >= 0) { - record_size = (u32)boot->record_size << sbi->cluster_bits; - } else if (-boot->record_size <= MAXIMUM_SHIFT_BYTES_PER_MFT) { - record_size = 1u << (-boot->record_size); - } else { - ntfs_err(sb, "%s: invalid record size %d.", "NTFS", - boot->record_size); - goto out; - } - - sbi->record_size = record_size; - sbi->record_bits = blksize_bits(record_size); - sbi->attr_size_tr = (5 * record_size >> 4); // ~320 bytes - - if (record_size > MAXIMUM_BYTES_PER_MFT) { - ntfs_err(sb, "Unsupported bytes per MFT record %u.", - record_size); - goto out; - } - - if (boot->index_size >= 0) { - sbi->index_size = (u32)boot->index_size << sbi->cluster_bits; - } else if (-boot->index_size <= MAXIMUM_SHIFT_BYTES_PER_INDEX) { - sbi->index_size = 1u << (-boot->index_size); - } else { - ntfs_err(sb, "%s: invalid index size %d.", "NTFS", - boot->index_size); + SECTOR_SIZE > (2U << (-boot->record_size))) || + (boot->record_size >= 0 && !is_power_of_2(boot->record_size))) { goto out; } /* Check index record size. */ if ((boot->index_size < 0 && - SECTOR_SIZE > (2U << (-boot->index_size))) || - (boot->index_size >= 0 && !is_power_of_2(boot->index_size))) { + SECTOR_SIZE > (2U << (-boot->index_size))) || + (boot->index_size >= 0 && !is_power_of_2(boot->index_size))) { goto out; } @@ -796,6 +762,9 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, dev_size += sector_size - 1; } + sbi->cluster_size = boot_sector_size * sct_per_clst; + sbi->cluster_bits = blksize_bits(sbi->cluster_size); + sbi->mft.lbo = mlcn << sbi->cluster_bits; sbi->mft.lbo2 = mlcn2 << sbi->cluster_bits; @@ -816,9 +785,9 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, sbi->cluster_mask = sbi->cluster_size - 1; sbi->cluster_mask_inv = ~(u64)sbi->cluster_mask; sbi->record_size = record_size = boot->record_size < 0 - ? 1 << (-boot->record_size) - : (u32)boot->record_size - << sbi->cluster_bits; + ? 1 << (-boot->record_size) + : (u32)boot->record_size + << sbi->cluster_bits; if (record_size > MAXIMUM_BYTES_PER_MFT || record_size < SECTOR_SIZE) goto out; @@ -832,8 +801,8 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, ALIGN(sizeof(enum ATTR_TYPE), 8); sbi->index_size = boot->index_size < 0 - ? 1u << (-boot->index_size) - : (u32)boot->index_size << sbi->cluster_bits; + ? 1u << (-boot->index_size) + : (u32)boot->index_size << sbi->cluster_bits; sbi->volume.ser_num = le64_to_cpu(boot->serial_num); @@ -902,6 +871,13 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, sb->s_maxbytes = 0xFFFFFFFFull << sbi->cluster_bits; #endif + /* + * Compute the MFT zone at two steps. + * It would be nice if we are able to allocate 1/8 of + * total clusters for MFT but not more then 512 MB. + */ + sbi->zone_max = min_t(CLST, 0x20000000 >> sbi->cluster_bits, clusters >> 3); + err = 0; out: -- 2.49.0

7 months

1
0
0 0

RE: ISC West 2025 Attendee Contact List to Enhance Your B2B Lead Generation

by Jessica Garcia

Hi , Checking if you've had a chance to read the email I sent previously. If you need further information, I'd be happy to go over the figures and pricing. Regards Jessica Marketing Manager Campaign Data Leads., Please reply with REMOVE if you don't wish to receive further emails -----Original Message----- From: Jessica Garcia To: Subject: ISC West 2025 Attendee Contact List to Enhance Your B2B Lead Generation Hi , Planning to get the ICS West 2025 attendee list? Expo Name: International Security Conference & Exposition West 2025 Total Number of records: 23,000 records List includes: Company Name, Contact Name, Job Title, Mailing Address, Phone, Emails, etc. Interested in moving forward with these leads? Let me know, and I'll share the price. Can't wait for your reply Regards Jessica Marketing Manager Campaign Data Leads., Please reply with REMOVE if you don't wish to receive further emails

7 months

1
0
0 0

[PATCH v3] staging: rtl8723bs: Add error handling for sd_read().

by Wentao Liang

The sdio_read32() calls sd_read(), but does not handle the error if sd_read() fails. This could lead to subsequent operations processing invalid data. A proper implementation can be found in sdio_readN(). Add error handling to the sd_read(), ensuring that the memcpy() is only performed when the read operation is successful. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/staging/rtl8723bs/hal/sdio_ops.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c b/drivers/staging/rtl8723bs/hal/sdio_ops.c index 21e9f1858745..b21fd087c9a0 100644 --- a/drivers/staging/rtl8723bs/hal/sdio_ops.c +++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c @@ -185,9 +185,11 @@ static u32 sdio_read32(struct intf_hdl *intfhdl, u32 addr) return SDIO_ERR_VAL32; ftaddr &= ~(u16)0x3; - sd_read(intfhdl, ftaddr, 8, tmpbuf); - memcpy(&le_tmp, tmpbuf + shift, 4); - val = le32_to_cpu(le_tmp); + val = sd_read(intfhdl, ftaddr, 8, tmpbuf); + if (!val) { + memcpy(&le_tmp, tmpbuf + shift, 4); + val = le32_to_cpu(le_tmp); + } kfree(tmpbuf); } -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH] serial: sifive: lock port in startup()/shutdown() callbacks

by Ryo Takakura

startup()/shutdown() callbacks access SIFIVE_SERIAL_IE_OFFS. The register is also accessed from write() callback. If console were printing and startup()/shutdown() callback gets called, its access to the register could be overwritten. Add port->lock to startup()/shutdown() callbacks to make sure their access to SIFIVE_SERIAL_IE_OFFS is synchronized against write() callback. Fixes: 45c054d0815b ("tty: serial: add driver for the SiFive UART") Signed-off-by: Ryo Takakura <ryotkkr98(a)gmail.com> Cc: stable(a)vger.kernel.org --- This patch used be part of a series for converting sifive driver to nbcon[0]. It's now sent seperatly as the rest of the series does not need be applied to the stable branch. Sincerely, Ryo Takakura [0] https://lore.kernel.org/all/20250405043833.397020-1-ryotkkr98@gmail.com/ --- drivers/tty/serial/sifive.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c index 5904a2d4c..054a8e630 100644 --- a/drivers/tty/serial/sifive.c +++ b/drivers/tty/serial/sifive.c @@ -563,8 +563,11 @@ static void sifive_serial_break_ctl(struct uart_port *port, int break_state) static int sifive_serial_startup(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_enable_rxwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); return 0; } @@ -572,9 +575,12 @@ static int sifive_serial_startup(struct uart_port *port) static void sifive_serial_shutdown(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_disable_rxwm(ssp); __ssp_disable_txwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); } /** -- 2.34.1

7 months

2
2
0 0

[6.1 PATCH RESEND 00/12] KVM: arm64: Backport of SVE fixes to v6.1

by Mark Brown

This series backports some recent fixes for SVE/KVM interactions from Mark Rutland to v6.1. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- Fuad Tabba (1): KVM: arm64: Calculate cptr_el2 traps on activating traps Mark Brown (4): KVM: arm64: Discard any SVE state when entering KVM guests arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE arm64/fpsimd: Have KVM explicitly say which FP registers to save arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM Mark Rutland (7): KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state KVM: arm64: Remove host FPSIMD saving for non-protected KVM KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN KVM: arm64: Refactor exit handlers KVM: arm64: Mark some header functions as inline KVM: arm64: Eagerly switch ZCR_EL{1,2} arch/arm64/include/asm/fpsimd.h | 4 +- arch/arm64/include/asm/kvm_host.h | 19 +++--- arch/arm64/include/asm/kvm_hyp.h | 1 + arch/arm64/include/asm/processor.h | 7 +++ arch/arm64/kernel/fpsimd.c | 69 +++++++++++++++------ arch/arm64/kernel/process.c | 2 + arch/arm64/kernel/ptrace.c | 3 + arch/arm64/kernel/signal.c | 7 ++- arch/arm64/kvm/arm.c | 1 - arch/arm64/kvm/fpsimd.c | 92 ++++++++------------------- arch/arm64/kvm/hyp/entry.S | 5 ++ arch/arm64/kvm/hyp/include/hyp/switch.h | 106 +++++++++++++++++++++----------- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 +-- arch/arm64/kvm/hyp/nvhe/pkvm.c | 17 +---- arch/arm64/kvm/hyp/nvhe/switch.c | 91 +++++++++++++++++---------- arch/arm64/kvm/hyp/vhe/switch.c | 12 ++-- arch/arm64/kvm/reset.c | 3 + 17 files changed, 259 insertions(+), 188 deletions(-) --- base-commit: 344a09659766c83c42cdd4943318deabde89a9c3 change-id: 20250227-stable-sve-6-1-075c1295b363 Best regards, -- Mark Brown <broonie(a)kernel.org>

7 months

2
24
0 0

[PATCH Linux-6.12.y 1/1] idpf: Don't hard code napi_struct size

by Yifei Liu

From: Joe Damato <jdamato(a)fastly.com> commit 49717ef01ce1b6dbe4cd12bee0fc25e086c555df upstream. The sizeof(struct napi_struct) can change. Don't hardcode the size to 400 bytes and instead use "sizeof(struct napi_struct)". Suggested-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> Signed-off-by: Joe Damato <jdamato(a)fastly.com> Acked-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> Link: https://patch.msgid.link/20241004105407.73585-1-jdamato@fastly.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> (cherry picked from commit 49717ef01ce1b6dbe4cd12bee0fc25e086c555df) [Yifei: In Linux-6.12.y, it still hard code the size of napi_struct, adding a member will lead the entire build failed] Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com> --- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.h b/drivers/net/ethernet/intel/idpf/idpf_txrx.h index f0537826f840..9c1fe84108ed 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.h +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h @@ -438,7 +438,8 @@ struct idpf_q_vector { __cacheline_group_end_aligned(cold); }; libeth_cacheline_set_assert(struct idpf_q_vector, 112, - 424 + 2 * sizeof(struct dim), + 24 + sizeof(struct napi_struct) + + 2 * sizeof(struct dim), 8 + sizeof(cpumask_var_t)); struct idpf_rx_queue_stats { -- 2.46.0

7 months

2
1
0 0

[PATCH 5.10.y] kernel/resource: fix kfree() of bootmem memory again

by David Sauerwein

From: Miaohe Lin <linmiaohe(a)huawei.com> [ Upstream commit 0cbcc92917c5de80f15c24d033566539ad696892 ] Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case. Link: https://lkml.kernel.org/r/20220217083619.19305-1-linmiaohe@huawei.com Fixes: ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: David Sauerwein <dssauerw(a)amazon.de> --- kernel/resource.c | 41 ++++++++--------------------------------- 1 file changed, 8 insertions(+), 33 deletions(-) diff --git a/kernel/resource.c b/kernel/resource.c index 1087f33d70c4..ea4d7a02b8e8 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -53,14 +53,6 @@ struct resource_constraint { static DEFINE_RWLOCK(resource_lock); -/* - * For memory hotplug, there is no way to free resource entries allocated - * by boot mem after the system is up. So for reusing the resource entry - * we need to remember the resource. - */ -static struct resource *bootmem_resource_free; -static DEFINE_SPINLOCK(bootmem_resource_lock); - static struct resource *next_resource(struct resource *p, bool sibling_only) { /* Caller wants to traverse through siblings only */ @@ -149,36 +141,19 @@ __initcall(ioresources_init); static void free_resource(struct resource *res) { - if (!res) - return; - - if (!PageSlab(virt_to_head_page(res))) { - spin_lock(&bootmem_resource_lock); - res->sibling = bootmem_resource_free; - bootmem_resource_free = res; - spin_unlock(&bootmem_resource_lock); - } else { + /** + * If the resource was allocated using memblock early during boot + * we'll leak it here: we can only return full pages back to the + * buddy and trying to be smart and reusing them eventually in + * alloc_resource() overcomplicates resource handling. + */ + if (res && PageSlab(virt_to_head_page(res))) kfree(res); - } } static struct resource *alloc_resource(gfp_t flags) { - struct resource *res = NULL; - - spin_lock(&bootmem_resource_lock); - if (bootmem_resource_free) { - res = bootmem_resource_free; - bootmem_resource_free = res->sibling; - } - spin_unlock(&bootmem_resource_lock); - - if (res) - memset(res, 0, sizeof(struct resource)); - else - res = kzalloc(sizeof(struct resource), flags); - - return res; + return kzalloc(sizeof(struct resource), flags); } /* Return the conflict entry if you can't request it */ -- 2.47.1

7 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror