- Linux-stable-mirror - lists.linaro.org

[PATCH 6.1.y] spi-rockchip: Fix register out of bounds access

by Vasiliy Kovalev

From: Luis de Arquer <luis.dearquer(a)inertim.com> commit 7a874e8b54ea21094f7fd2d428b164394c6cb316 upstream. Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense. Fixes: 736b81e07517 ("spi: rockchip: Support SPI_CS_HIGH") Signed-off-by: Luis de Arquer <luis.dearquer(a)inertim.com> Link: https://patch.msgid.link/365ccddfba110549202b3520f4401a6a936e82a8.camel@gma… Signed-off-by: Mark Brown <broonie(a)kernel.org> [ kovalev: bp to fix CVE-2025-38081; added Fixes tag ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/spi/spi-rockchip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/spi/spi-rockchip.c b/drivers/spi/spi-rockchip.c index dbefc7e77313..cba858a7b4f9 100644 --- a/drivers/spi/spi-rockchip.c +++ b/drivers/spi/spi-rockchip.c @@ -540,8 +540,8 @@ static int rockchip_spi_config(struct rockchip_spi *rs, cr0 |= (spi->mode & 0x3U) << CR0_SCPH_OFFSET; if (spi->mode & SPI_LSB_FIRST) cr0 |= CR0_FBM_LSB << CR0_FBM_OFFSET; - if (spi->mode & SPI_CS_HIGH) - cr0 |= BIT(spi->chip_select) << CR0_SOI_OFFSET; + if ((spi->mode & SPI_CS_HIGH) && !(spi_get_csgpiod(spi, 0))) + cr0 |= BIT(spi_get_chipselect(spi, 0)) << CR0_SOI_OFFSET; if (xfer->rx_buf && xfer->tx_buf) cr0 |= CR0_XFM_TR << CR0_XFM_OFFSET; -- 2.50.1

2 weeks, 6 days

1
0
0 0

Security alert for linux-stable-mirror@lists.linaro.org

by Cpanel Adminlists.linaro.org

2 weeks, 6 days

1
0
0 0

+ mm-swap-do-not-perform-synchronous-discard-during-allocation.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm, swap: do not perform synchronous discard during allocation has been added to the -mm mm-new branch. Its filename is mm-swap-do-not-perform-synchronous-discard-during-allocation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm, swap: do not perform synchronous discard during allocation Date: Fri, 24 Oct 2025 02:34:11 +0800 Patch series "mm, swap: misc cleanup and bugfix", v2. A few cleanups and a bugfix that are either suitable after the swap table phase I or found during code review. Patch 1 is a bugfix and needs to be included in the stable branch, the rest have no behavioral change. This patch (of 5): Since commit 1b7e90020eb77 ("mm, swap: use percpu cluster as allocation fast path"), swap allocation is protected by a local lock, which means we can't do any sleeping calls during allocation. However, the discard routine is not taken well care of. When the swap allocator failed to find any usable cluster, it would look at the pending discard cluster and try to issue some blocking discards. It may not necessarily sleep, but the cond_resched at the bio layer indicates this is wrong when combined with a local lock. And the bio GFP flag used for discard bio is also wrong (not atomic). It's arguable whether this synchronous discard is helpful at all. In most cases, the async discard is good enough. And the swap allocator is doing very differently at organizing the clusters since the recent change, so it is very rare to see discard clusters piling up. So far, no issues have been observed or reported with typical SSD setups under months of high pressure. This issue was found during my code review. But by hacking the kernel a bit: adding a mdelay(500) in the async discard path, this issue will be observable with WARNING triggered by the wrong GFP and cond_resched in the bio layer for debug builds. So now let's apply a hotfix for this issue: remove the synchronous discard in the swap allocation path. And when order 0 is failing with all cluster list drained on all swap devices, try to do a discard following the swap device priority list. If any discards released some cluster, try the allocation again. This way, we can still avoid OOM due to swap failure if the hardware is very slow and memory pressure is extremely high. This may cause more fragmentation issues if the discarding hardware is really slow. Ideally, we want to discard pending clusters before continuing to iterate the fragment cluster lists. This can be implemented in a cleaner way if we clean up the device list iteration part first. Link: https://lkml.kernel.org/r/20251024-swap-clean-after-swap-table-p1-v2-0-a709… Link: https://lkml.kernel.org/r/20251024-swap-clean-after-swap-table-p1-v2-1-c5b0… Fixes: 1b7e90020eb77 ("mm, swap: use percpu cluster as allocation fast path") Signed-off-by: Kairui Song <kasong(a)tencent.com> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)linux.alibaba.com> Cc: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) --- a/mm/swapfile.c~mm-swap-do-not-perform-synchronous-discard-during-allocation +++ a/mm/swapfile.c @@ -1101,13 +1101,6 @@ new_cluster: goto done; } - /* - * We don't have free cluster but have some clusters in discarding, - * do discard now and reclaim them. - */ - if ((si->flags & SWP_PAGE_DISCARD) && swap_do_scheduled_discard(si)) - goto new_cluster; - if (order) goto done; @@ -1394,6 +1387,33 @@ start_over: return false; } +/* + * Discard pending clusters in a synchronized way when under high pressure. + * Return: true if any cluster is discarded. + */ +static bool swap_sync_discard(void) +{ + bool ret = false; + int nid = numa_node_id(); + struct swap_info_struct *si, *next; + + spin_lock(&swap_avail_lock); + plist_for_each_entry_safe(si, next, &swap_avail_heads[nid], avail_lists[nid]) { + spin_unlock(&swap_avail_lock); + if (get_swap_device_info(si)) { + if (si->flags & SWP_PAGE_DISCARD) + ret = swap_do_scheduled_discard(si); + put_swap_device(si); + } + if (ret) + return true; + spin_lock(&swap_avail_lock); + } + spin_unlock(&swap_avail_lock); + + return false; +} + /** * folio_alloc_swap - allocate swap space for a folio * @folio: folio we want to move to swap @@ -1432,11 +1452,17 @@ int folio_alloc_swap(struct folio *folio } } +again: local_lock(&percpu_swap_cluster.lock); if (!swap_alloc_fast(&entry, order)) swap_alloc_slow(&entry, order); local_unlock(&percpu_swap_cluster.lock); + if (unlikely(!order && !entry.val)) { + if (swap_sync_discard()) + goto again; + } + /* Need to call this even if allocation failed, for MEMCG_SWAP_FAIL. */ if (mem_cgroup_try_charge_swap(folio, entry)) goto out_free; _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-fix-thp-allocation-and-fallback-loop.patch mm-swap-do-not-perform-synchronous-discard-during-allocation.patch mm-swap-rename-helper-for-setup-bad-slots.patch mm-swap-cleanup-swap-entry-allocation-parameter.patch mm-migrate-swap-drop-usage-of-folio_index.patch mm-swap-remove-redundant-argument-for-isolating-a-cluster.patch

2 weeks, 6 days

1
0
0 0

[PATCH v3] ACPI: video: Fix use-after-free in acpi_video_switch_brightness()

by Yuhao Jiang

The switch_brightness_work delayed work accesses device->brightness and device->backlight, which are freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. Fixes: 8ab58e8e7e097 ("ACPI / video: Fix backlight taking 2 steps on a brightness up/down keypress") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- Changes in v3: - Move cancel_delayed_work_sync() to acpi_video_bus_remove_notify_handler() instead of acpi_video_bus_unregister_backlight() for better logic placement - Link to v2: https://lore.kernel.org/all/20251022042514.2167599-1-danisjiang@gmail.com/ --- drivers/acpi/acpi_video.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c index 103f29661576..be8e7e18abca 100644 --- a/drivers/acpi/acpi_video.c +++ b/drivers/acpi/acpi_video.c @@ -1959,8 +1959,10 @@ static void acpi_video_bus_remove_notify_handler(struct acpi_video_bus *video) struct acpi_video_device *dev; mutex_lock(&video->device_list_lock); - list_for_each_entry(dev, &video->video_device_list, entry) + list_for_each_entry(dev, &video->video_device_list, entry) { acpi_video_dev_remove_notify_handler(dev); + cancel_delayed_work_sync(&dev->switch_brightness_work); + } mutex_unlock(&video->device_list_lock); acpi_video_bus_stop_devices(video); -- 2.34.1

2 weeks, 6 days

3
2
0 0

[PATCH v1] riscv: dts: microchip: remove BeagleV Fire fabric.dtsi

by Conor Dooley

From: Conor Dooley <conor.dooley(a)microchip.com> At the time of adding the fabric.dtsi for the BeagleV Fire, we thought that the fabric nodes in the Beagle supplied images were stable. They are not, which has lead to nodes present in the devicetree that are not in the programmed FPGA images. This is obviously problematic, and these nodes must be removed. CC: stable(a)vger.kernel.org Fixes: 3f41368fbfe1 ("riscv: dts: microchip: add an initial devicetree for the BeagleV Fire") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> -- CC: Valentina.FernandezAlanis(a)microchip.com CC: Cyril.Jean(a)microchip.com CC: Conor Dooley <conor(a)kernel.org> CC: Daire McNamara <daire.mcnamara(a)microchip.com> CC: Rob Herring <robh(a)kernel.org> CC: Krzysztof Kozlowski <krzk+dt(a)kernel.org> CC: Paul Walmsley <paul.walmsley(a)sifive.com> CC: Jamie Gibbons <jamie.gibbons(a)microchip.com> CC: linux-riscv(a)lists.infradead.org CC: devicetree(a)vger.kernel.org CC: linux-kernel(a)vger.kernel.org --- .../microchip/mpfs-beaglev-fire-fabric.dtsi | 82 ------------------- .../boot/dts/microchip/mpfs-beaglev-fire.dts | 5 -- 2 files changed, 87 deletions(-) delete mode 100644 arch/riscv/boot/dts/microchip/mpfs-beaglev-fire-fabric.dtsi diff --git a/arch/riscv/boot/dts/microchip/mpfs-beaglev-fire-fabric.dtsi b/arch/riscv/boot/dts/microchip/mpfs-beaglev-fire-fabric.dtsi deleted file mode 100644 index e153eaf9b90e..000000000000 --- a/arch/riscv/boot/dts/microchip/mpfs-beaglev-fire-fabric.dtsi +++ /dev/null @@ -1,82 +0,0 @@ -// SPDX-License-Identifier: (GPL-2.0 OR MIT) - -/ { - fabric_clk3: fabric-clk3 { - compatible = "fixed-clock"; - #clock-cells = <0>; - clock-frequency = <50000000>; - }; - - fabric_clk1: fabric-clk1 { - compatible = "fixed-clock"; - #clock-cells = <0>; - clock-frequency = <125000000>; - }; - - fabric-bus@40000000 { - compatible = "simple-bus"; - #address-cells = <2>; - #size-cells = <2>; - ranges = <0x0 0x40000000 0x0 0x40000000 0x0 0x20000000>, /* FIC3-FAB */ - <0x0 0x60000000 0x0 0x60000000 0x0 0x20000000>, /* FIC0, LO */ - <0x0 0xe0000000 0x0 0xe0000000 0x0 0x20000000>, /* FIC1, LO */ - <0x20 0x0 0x20 0x0 0x10 0x0>, /* FIC0,HI */ - <0x30 0x0 0x30 0x0 0x10 0x0>; /* FIC1,HI */ - - cape_gpios_p8: gpio@41100000 { - compatible = "microchip,coregpio-rtl-v3"; - reg = <0x0 0x41100000 0x0 0x1000>; - clocks = <&fabric_clk3>; - gpio-controller; - #gpio-cells = <2>; - ngpios = <16>; - gpio-line-names = "P8_PIN31", "P8_PIN32", "P8_PIN33", "P8_PIN34", - "P8_PIN35", "P8_PIN36", "P8_PIN37", "P8_PIN38", - "P8_PIN39", "P8_PIN40", "P8_PIN41", "P8_PIN42", - "P8_PIN43", "P8_PIN44", "P8_PIN45", "P8_PIN46"; - }; - - cape_gpios_p9: gpio@41200000 { - compatible = "microchip,coregpio-rtl-v3"; - reg = <0x0 0x41200000 0x0 0x1000>; - clocks = <&fabric_clk3>; - gpio-controller; - #gpio-cells = <2>; - ngpios = <20>; - gpio-line-names = "P9_PIN11", "P9_PIN12", "P9_PIN13", "P9_PIN14", - "P9_PIN15", "P9_PIN16", "P9_PIN17", "P9_PIN18", - "P9_PIN21", "P9_PIN22", "P9_PIN23", "P9_PIN24", - "P9_PIN25", "P9_PIN26", "P9_PIN27", "P9_PIN28", - "P9_PIN29", "P9_PIN31", "P9_PIN41", "P9_PIN42"; - }; - - hsi_gpios: gpio@44000000 { - compatible = "microchip,coregpio-rtl-v3"; - reg = <0x0 0x44000000 0x0 0x1000>; - clocks = <&fabric_clk3>; - gpio-controller; - #gpio-cells = <2>; - ngpios = <20>; - gpio-line-names = "B0_HSIO70N", "B0_HSIO71N", "B0_HSIO83N", - "B0_HSIO73N_C2P_CLKN", "B0_HSIO70P", "B0_HSIO71P", - "B0_HSIO83P", "B0_HSIO73N_C2P_CLKP", "XCVR1_RX_VALID", - "XCVR1_LOCK", "XCVR1_ERROR", "XCVR2_RX_VALID", - "XCVR2_LOCK", "XCVR2_ERROR", "XCVR3_RX_VALID", - "XCVR3_LOCK", "XCVR3_ERROR", "XCVR_0B_REF_CLK_PLL_LOCK", - "XCVR_0C_REF_CLK_PLL_LOCK", "B0_HSIO81N"; - }; - }; - - refclk_ccc: cccrefclk { - compatible = "fixed-clock"; - #clock-cells = <0>; - }; -}; - -&ccc_nw { - clocks = <&refclk_ccc>, <&refclk_ccc>, <&refclk_ccc>, <&refclk_ccc>, - <&refclk_ccc>, <&refclk_ccc>; - clock-names = "pll0_ref0", "pll0_ref1", "pll1_ref0", "pll1_ref1", - "dll0_ref", "dll1_ref"; - status = "okay"; -}; diff --git a/arch/riscv/boot/dts/microchip/mpfs-beaglev-fire.dts b/arch/riscv/boot/dts/microchip/mpfs-beaglev-fire.dts index 47cf693beb68..aae239d79162 100644 --- a/arch/riscv/boot/dts/microchip/mpfs-beaglev-fire.dts +++ b/arch/riscv/boot/dts/microchip/mpfs-beaglev-fire.dts @@ -5,7 +5,6 @@ #include <dt-bindings/gpio/gpio.h> #include "mpfs.dtsi" -#include "mpfs-beaglev-fire-fabric.dtsi" /* Clock frequency (in Hz) of MTIMER */ #define MTIMER_FREQ 1000000 @@ -183,10 +182,6 @@ &refclk { clock-frequency = <125000000>; }; -&refclk_ccc { - clock-frequency = <50000000>; -}; - &rtc { status = "okay"; }; -- 2.51.0

2 weeks, 6 days

1
1
0 0

[PATCH 1/2] mmc: core sd: Simplify current limit logic for 200mA default

by Avri Altman

The SD current limit logic is updated to avoid explicitly setting the current limit when the maximum power is 200mA (0.72W) or less, as this is already the default value. The code now only issues a current limit switch if a higher limit is required, and the unused SD_SET_CURRENT_NO_CHANGE constant is removed. This reduces unnecessary commands and simplifies the logic. Fixes: 0aa6770000ba ("mmc: sdhci: only set 200mA support for 1.8v if 200mA is available") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 7 ++----- include/linux/mmc/card.h | 1 - 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index ec02067f03c5..cf92c5b2059a 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -554,7 +554,7 @@ static u32 sd_get_host_max_current(struct mmc_host *host) static int sd_set_current_limit(struct mmc_card *card, u8 *status) { - int current_limit = SD_SET_CURRENT_NO_CHANGE; + int current_limit = SD_SET_CURRENT_LIMIT_200; int err; u32 max_current; @@ -598,11 +598,8 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) else if (max_current >= 400 && card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) current_limit = SD_SET_CURRENT_LIMIT_400; - else if (max_current >= 200 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_200) - current_limit = SD_SET_CURRENT_LIMIT_200; - if (current_limit != SD_SET_CURRENT_NO_CHANGE) { + if (current_limit != SD_SET_CURRENT_LIMIT_200) { err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index ddcdf23d731c..e9e964c20e53 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -182,7 +182,6 @@ struct sd_switch_caps { #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_SET_CURRENT_NO_CHANGE (-1) #define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) #define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -- 2.25.1

2 weeks, 6 days

3
4
0 0

Custom Packaging Boxes and Labels

by Micah Robert

Hi, We provide custom packaging boxes and labels. We make boxes in different materials and styles such as Vape Boxe, Cigarette Boxes, Cartridge Boxes, Cardboard boxes, Rigid Boxes and Mailer boxes, etc. Our benefits include quick turnaround time, free shipping and design support. Just send over your box or label specifications and quantity so I can give you an estimate on that. Let me know if you have any questions. Thanks Best Regards Micah Robert My Packaging Pro

2 weeks, 6 days

1
0
0 0

[PATCH] PCI/PM: Ensure power-up succeeded before restoring MMIO state

by Brian Norris

From: Brian Norris <briannorris(a)google.com> As the comments in pci_pm_thaw_noirq() suggest, pci_restore_state() may need to restore MSI-X state in MMIO space. This is only possible if we reach D0; if we failed to power up, this might produce a fatal error when touching memory space. Check for errors (as the "verify" in "pci_pm_power_up_and_verify_state" implies), and skip restoring if it fails. This mitigates errors seen during resume_noirq, for example, when the platform did not resume the link properly. Cc: stable(a)vger.kernel.org Signed-off-by: Brian Norris <briannorris(a)google.com> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- drivers/pci/pci-driver.c | 12 +++++++++--- drivers/pci/pci.c | 13 +++++++++++-- drivers/pci/pci.h | 2 +- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index 302d61783f6c..d66d95bd0ca2 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -557,7 +557,13 @@ static void pci_pm_default_resume(struct pci_dev *pci_dev) static void pci_pm_default_resume_early(struct pci_dev *pci_dev) { - pci_pm_power_up_and_verify_state(pci_dev); + /* + * If we failed to reach D0, we'd better not touch MSI-X state in MMIO + * space. + */ + if (pci_pm_power_up_and_verify_state(pci_dev)) + return; + pci_restore_state(pci_dev); pci_pme_restore(pci_dev); } @@ -1101,8 +1107,8 @@ static int pci_pm_thaw_noirq(struct device *dev) * in case the driver's "freeze" callbacks put it into a low-power * state. */ - pci_pm_power_up_and_verify_state(pci_dev); - pci_restore_state(pci_dev); + if (!pci_pm_power_up_and_verify_state(pci_dev)) + pci_restore_state(pci_dev); if (pci_has_legacy_pm_support(pci_dev)) return 0; diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index e698278229f2..c75fec3b094f 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -3144,10 +3144,19 @@ void pci_d3cold_disable(struct pci_dev *dev) } EXPORT_SYMBOL_GPL(pci_d3cold_disable); -void pci_pm_power_up_and_verify_state(struct pci_dev *pci_dev) +int pci_pm_power_up_and_verify_state(struct pci_dev *pci_dev) { - pci_power_up(pci_dev); + int ret; + + ret = pci_power_up(pci_dev); pci_update_current_state(pci_dev, PCI_D0); + + if (ret < 0 && pci_dev->current_state == PCI_D3cold) { + dev_err(&pci_dev->dev, "Failed to power up device: %d\n", ret); + return ret; + } + + return 0; } /** diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h index 1c48bc447f58..87ad201417d5 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -233,7 +233,7 @@ void pci_dev_adjust_pme(struct pci_dev *dev); void pci_dev_complete_resume(struct pci_dev *pci_dev); void pci_config_pm_runtime_get(struct pci_dev *dev); void pci_config_pm_runtime_put(struct pci_dev *dev); -void pci_pm_power_up_and_verify_state(struct pci_dev *pci_dev); +int pci_pm_power_up_and_verify_state(struct pci_dev *pci_dev); void pci_pm_init(struct pci_dev *dev); void pci_ea_init(struct pci_dev *dev); void pci_msi_init(struct pci_dev *dev); -- 2.51.0.rc1.193.gad69d77794-goog

2 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102051-foe-trunks-268f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

2 weeks, 6 days

3
2
0 0

, conoce mejor a tu candidato antes de contratar

by Valeria Pérez

Evaluaciones Psicométricas para RR.HH. body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Mejora tus procesos de selección con evaluaciones psicométricas fáciles y confiables. Hola, , Sabemos que encontrar al candidato ideal va más allá del currículum. Por eso quiero contarte brevemente sobre PsicoSmart, una plataforma que ayuda a equipos de RR.HH. a evaluar talento con pruebas psicométricas rápidas, confiables y fáciles de aplicar. Con PsicoSmart puedes: Aplicar evaluaciones psicométricas 100% en línea. Elegir entre más de 31 pruebas psicométricas Generar reportes automáticos, visuales y fáciles de interpretar. Comparar resultados entre candidatos en segundos. Ahorrar horas valiosas del proceso de selección. Si estás buscando mejorar tus contrataciones, te lo recomiendo muchísimo. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, ----------------------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewispptseup">click aquí</a>

2 weeks, 6 days

1
0
0 0

[PATCH 6.17 000/563] 6.17.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.3 release. There are 563 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 15 Oct 2025 14:42:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.3-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.3-rc1 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu/vcn: Fix double-free of vcn dump buffer Marek Szyprowski <m.szyprowski(a)samsung.com> scsi: ufs: core: Fix PM QoS mutex initialization Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: qcm2290: Disable USB SS bus instances in park mode Sven Peter <sven(a)kernel.org> usb: typec: tipd: Clear interrupts first Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Dominique Martinet <asmadeus(a)codewreck.org> net/9p: Fix buffer overflow in USB transport layer Salah Triki <salah.triki(a)gmail.com> bus: fsl-mc: Check return value of platform_get_resource() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: check the return value of pinmux_ops::get_function_name() Jens Wiklander <jens.wiklander(a)linaro.org> tee: fix register_shm_helper() Duoming Zhou <duoming(a)zju.edu.cn> thunderbolt: Fix use-after-free in tb_dp_dprx_work Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release Zhen Ni <zhen.ni(a)easystack.cn> remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() Breno Leitao <leitao(a)debian.org> PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() Lei Lu <llfamsec(a)gmail.com> sunrpc: fix null pointer dereference on zero-length checksum Zhen Ni <zhen.ni(a)easystack.cn> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Marek Vasut <marek.vasut(a)mailbox.org> Input: atmel_mxt_ts - allow reset GPIO to sleep Ling Xu <quic_lxu5(a)quicinc.com> misc: fastrpc: Skip reference for DMA handles Ling Xu <quic_lxu5(a)quicinc.com> misc: fastrpc: fix possible map leak in fastrpc_put_args Ling Xu <quic_lxu5(a)quicinc.com> misc: fastrpc: Fix fastrpc_map_lookup operation Ling Xu <quic_lxu5(a)quicinc.com> misc: fastrpc: Save actual DMA size in fastrpc_map structure Guangshuo Li <lgs201920130244(a)gmail.com> nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() Lance Yang <lance.yang(a)linux.dev> selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled Yang Shi <yang(a)os.amperecomputing.com> mm: hugetlb: avoid soft lockup when mprotect to large memory area Janne Grunau <j(a)jannau.net> fbdev: simplefb: Fix use after free in simplefb_detach_genpds() Sean Christopherson <seanjc(a)google.com> KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Jan Kara <jack(a)suse.cz> ext4: fix checks for orphan inodes Baokun Li <libaokun1(a)huawei.com> ext4: fix potential null deref in ext4_mb_init() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add max ip connections parameter Matvey Kovalev <matvey.kovalev(a)ispras.ru> ksmbd: fix error code overwriting in smb2_get_info_filesystem() Yunseong Kim <ysk(a)kzalloc.com> ksmbd: Fix race condition in RPC handle list access Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Huacai Chen <chenhuacai(a)kernel.org> LoongArch: BPF: Fix uninitialized symbol 'retval_off' Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Remove duplicated flags check Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: No text_poke() for kernel text Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Remove duplicated bpf_flush_icache() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Make error handling robust in arch_prepare_bpf_trampoline() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Make trampoline size stable Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Don't align trampoline size Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: No support of struct argument in trampoline programs Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Sign-extend struct ops return values properly Xi Ruoyao <xry111(a)xry111.site> pwm: loongson: Fix LOONGSON_PWM_FREQ_DEFAULT Youling Tang <tangyouling(a)kylinos.cn> LoongArch: Automatically disable kaslr if boot from kexec_file Zheng Qixing <zhengqixing(a)huawei.com> dm: fix NULL pointer dereference in __dm_suspend() Zheng Qixing <zhengqixing(a)huawei.com> dm: fix queue start/stop imbalance under suspend/load/resume races Steven Rostedt <rostedt(a)goodmis.org> tracing: Stop fortify-string from warning in tracing_mark_raw_write() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix tracing_mark_raw_write() to use buf and not ubuf Steven Rostedt <rostedt(a)goodmis.org> tracing: Have trace_marker use per-cpu data to read user space Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix irqoff tracers on failure of acquiring calltime Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix wakeup tracers on failure of acquiring calltime Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Sasha Levin <sashal(a)kernel.org> tracing: Fix lock imbalance in s_start() memory allocation failure path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Cosmin Tanislav <cosmin-gabriel.tanislav.xa(a)renesas.com> mfd: rz-mtu3: Fix MTU5 NFCR register offset Deepak Sharma <deepak.sharma.472935(a)gmail.com> net: nfc: nci: Add parameter validation for packet data Larshin Sergey <Sergey.Larshin(a)kaspersky.com> fs: udf: fix OOB read in lengthAllocDescs handling Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: codecs: wcd937x: make stub functions inline Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: codecs: wcd937x: set the comp soundwire port correctly Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down Ma Ke <make24(a)iscas.ac.cn> ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix overshooting recv limit Jens Axboe <axboe(a)kernel.dk> io_uring/waitid: always prune wait queue entry in io_waitid_wait() Miaoqian Lin <linmq006(a)gmail.com> hisi_acc_vfio_pci: Fix reference leak in hisi_acc_vfio_debug_init Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Let userspace take care of interrupt mask Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix uninit-value in squashfs_get_parent Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for HP Spectre 14t-ea100 Steven 'Steve' Kendall <skend(a)chromium.org> ALSA: hda/hdmi: Add pin fix for HP ProDesk model Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Disable TPM2_TCG_HMAC by default Yazhou Tang <tangyazhou518(a)outlook.com> bpf: Reject negative offsets for ALU ops Brahmajit Das <listout(a)listout.xyz> bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer Jiri Olsa <jolsa(a)kernel.org> selftests/bpf: Fix realloc size in bpf_get_addrs Menglong Dong <menglong8.dong(a)gmail.com> selftests/bpf: move get_ksyms and get_addrs to trace_helpers.c Shubham Sharma <slopixelz(a)gmail.com> selftests/bpf: Fix typos and grammar in test sources zhang jiao <zhangjiao2(a)cmss.chinamobile.com> vhost: vringh: Modify the return value check Bo Sun <bo(a)mboxify.com> octeontx2-pf: fix bitmap leak Bo Sun <bo(a)mboxify.com> octeontx2-vf: fix bitmap leak Mike Snitzer <snitzer(a)kernel.org> nfs/localio: avoid issuing misaligned IO using O_DIRECT Mike Snitzer <snitzer(a)kernel.org> NFSD: filecache: add STATX_DIOALIGN and STATX_DIO_READ_ALIGN support Jakub Kicinski <kuba(a)kernel.org> Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Guixin Liu <kanie(a)linux.alibaba.com> iommufd: Register iommufd mock devices with fwspec Wei Fang <wei.fang(a)nxp.com> net: enetc: initialize SW PIR and CIR based HW PIR and CIR values Hangbin Liu <liuhangbin(a)gmail.com> bonding: fix xfrm offload feature setup on active-backup mode Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix crypto buffers in non-linear memory Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: fw reset, add reset timeout work Shay Drory <shayd(a)nvidia.com> net/mlx5: pagealloc: Fix reclaim race during command interface teardown Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Stop polling for command response if interface goes down Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle copy_thresh allocation failure Kohei Enju <enjuk(a)amazon.com> net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Kohei Enju <enjuk(a)amazon.com> nfp: fix RSS hash key size when RSS is not supported Eric Dumazet <edumazet(a)google.com> tcp: use skb->len instead of skb->truesize in tcp_can_ingest() Alok Tiwari <alok.a.tiwari(a)oracle.com> idpf: fix mismatched free function for dma_alloc_coherent Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: j721e: Fix incorrect error message in probe() Erick Karanja <karanja99erick(a)gmail.com> mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands Chao Yu <chao(a)kernel.org> f2fs: fix UAF issue in f2fs_merge_page_bio() Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: fix double free in register_one_node() Dan Carpenter <dan.carpenter(a)linaro.org> ocfs2: fix double free in user_cluster_connect() Alistair Popple <apopple(a)nvidia.com> cramfs: fix incorrect physical page address calculation Nishanth Menon <nm(a)ti.com> hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fan Wu <wufan(a)kernel.org> KEYS: X.509: Fix Basic Constraints CA flag parsing Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements Pauli Virtanen <pav(a)iki.fi> Bluetooth: ISO: don't leak skb in ISO_CONT RX Pauli Virtanen <pav(a)iki.fi> Bluetooth: ISO: free rx_skb if not consumed Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix possible UAF on iso_conn_free Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Refactor Device Coredump Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: single dma_alloc_coherent() for DMA descriptors Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: move ring size computation to functions Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: remove illusion about TBQPH/RBQPH being per-queue Michael S. Tsirkin <mst(a)redhat.com> vhost: vringh: Fix copy_to_iter return value check I Viswanath <viswanathiyyappan(a)gmail.com> ptp: Add a upper bound on max_vclocks I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Claudiu Manoil <claudiu.manoil(a)nxp.com> net: enetc: Fix probing error message typo for the ENETCv4 PF driver Bernard Metzler <bernard.metzler(a)linux.dev> RDMA/siw: Always report immediate post SQ errors Alessandro Zanni <alessandro.zanni87(a)gmail.com> iommu/selftest: prevent use of uninitialized variable Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Disallow dirty tracking if incoherent page walk Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ASoC: qcom: sc8280xp: use sa8775p/ subdir for QCS9100 / QCS9075 Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-gen4: Fix inverted break condition in PHY initialization Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-gen4: Assure reset occurs before DBI access Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> usb: vhci-hcd: Prevent suspending virtually attached devices Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Zhongqiu Han <zhongqiu.han(a)oss.qualcomm.com> scsi: ufs: core: Fix data race in CPU latency PM QoS request handling Eric Dumazet <edumazet(a)google.com> netfilter: nf_conntrack: do not skip entries in /proc/net/nf_conntrack Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nfnetlink: reset nlh pointer during batch replay Slavin Liu <slavin452(a)gmail.com> ipvs: Defer ip_vs_ftp unregister during netns cleanup Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net: ethtool: tsconfig: set command must provide a reply Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix backchannel max_resp_sz verification check Lin Yujun <linyujun809(a)h-partners.com> coresight: Fix incorrect handling for return value of devm_kzalloc Jie Gan <jie.gan(a)oss.qualcomm.com> coresight: tpda: fix the logic to setup the element size Leo Yan <leo.yan(a)arm.com> coresight: trbe: Return NULL pointer for allocation failures Leo Yan <leo.yan(a)arm.com> coresight: Avoid enable programming clock duplicately Leo Yan <leo.yan(a)arm.com> coresight: Appropriately disable trace bus clocks Leo Yan <leo.yan(a)arm.com> coresight: Appropriately disable programming clocks Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Support atclk Leo Yan <leo.yan(a)arm.com> coresight: catu: Support atclk Leo Yan <leo.yan(a)arm.com> coresight: tmc: Support atclk Yuanfang Zhang <yuanfang.zhang(a)oss.qualcomm.com> coresight-etm4x: Conditionally access register TRCEXTINSELR Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: fix indentation error in cscfg_remove_owned_csdev_configs() Ivan Abramov <i.abramov(a)mt-integration.ru> dm vdo: return error on corrupted metadata in start_restoring_volume functions Ryder Lee <ryder.lee(a)mediatek.com> wifi: cfg80211: fix width unit in cfg80211_radio_chandef_valid() Nithyanantham Paramasivam <nithyanantham.paramasivam(a)oss.qualcomm.com> wifi: ath12k: Fix flush cache failure during RX queue update Nithyanantham Paramasivam <nithyanantham.paramasivam(a)oss.qualcomm.com> wifi: ath12k: Refactor RX TID deletion handling into helper function Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice Nagarjuna Kristam <nkristam(a)nvidia.com> PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: avoid circular locking dependency in ser_state_run() Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: fix leak in rtw89_core_send_nullfunc() Chunyu Hu <chuhu(a)redhat.com> selftests/mm: fix va_high_addr_switch.sh failure on x86_64 Gui-Dong Han <hanguidong02(a)gmail.com> RDMA/rxe: Fix race in do_task() when draining Dmitry Baryshkov <lumag(a)kernel.org> remoteproc: qcom_q6v5_mss: support loading MBN file on msm8974 Barnabás Czémán <barnabas.czeman(a)mainlining.org> rpmsg: qcom_smd: Fix fallback to qcom,ipc parse Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: ath12k: Fix peer lookup in ath12k_dp_mon_rx_deliver_msdu() Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs Dan Moulding <dan(a)danm.net> crypto: comp - Use same definition of context alloc and free ops Zilin Guan <zilin(a)seu.edu.cn> vfio/pds: replace bitmap_free with vfree Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_to_user for Niagara 4 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: mac80211: fix Rx packet handling when pubsta information is not available Vineeth Pillai (Google) <vineeth(a)bitbyteword.org> iommu/vt-d: debugfs: Fix legacy mode page table dump logic Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath10k: avoid unnecessary wait for service ready message Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath12k: fix wrong logging ID used for CE Sriram R <quic_srirrama(a)quicinc.com> wifi: ath12k: Add fallback for invalid channel number in PHY metadata Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath12k: fix the fetching of combined rssi Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath12k: fix HAL_PHYRX_COMMON_USER_INFO handling in monitor mode Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath12k: fix signal in radiotap for WCN7850 Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix overflow warning on num_pwr_levels Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath12k: initialize eirp_power before use Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: SOF: ipc4-pcm: Fix incorrect comparison with number of tdm_slots Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/sa: Fix sa_local_svc_timeout_ms read race Parav Pandit <parav(a)nvidia.com> RDMA/core: Resolve MAC of next-hop device without ARP support Michal Pecio <michal.pecio(a)gmail.com> Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Call dst_release() in mptcp_active_enable(). Kuniyuki Iwashima <kuniyu(a)google.com> tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Kuniyuki Iwashima <kuniyu(a)google.com> smc: Use __sk_dst_get() and dst_dev_rcu() in smc_vlan_by_tcpsk(). Kuniyuki Iwashima <kuniyu(a)google.com> smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). Kuniyuki Iwashima <kuniyu(a)google.com> smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). Kuniyuki Iwashima <kuniyu(a)google.com> smc: Fix use-after-free in __pnet_find_base_ndev(). wangzijie <wangzijie1(a)honor.com> f2fs: fix zero-sized extent for precache extents Benjamin Tissoires <bentiss(a)kernel.org> HID: hidraw: tighten ioctl command parsing Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: qla2xxx: edif: Fix incorrect sign of error code Colin Ian King <colin.i.king(a)gmail.com> ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT Fangyu Yu <fangyu.yu(a)linux.alibaba.com> RISC-V: KVM: Write hgatp register with valid mode bits Chao Yu <chao(a)kernel.org> f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid migrating empty section Chao Yu <chao(a)kernel.org> f2fs: fix to truncate first page in error path of f2fs_truncate() Chao Yu <chao(a)kernel.org> f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Fix allocating extra dwords for rings (v2) Zqiang <qiang.zhang(a)linux.dev> srcu/tiny: Remove preempt_disable/enable() in srcu_gp_start_if_needed() Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: hda-sdw-bpt: set persistent_buffer false Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: remove redundant per-phy mac80211 calls during restart Zhi-Jun You <hujy652(a)gmail.com> wifi: mt76: mt7915: fix mt7981 pre-calibration Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Fix RX packets configuration for primary WED device Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Fix tx-queues initialization for second phy on mt7996 Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Use proper link_id in link_sta_rc_update callback Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: mt76: fix potential memory leak in mt76_wmac_probe() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Fix mt7996_mcu_bss_mld_tlv routine Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Fix mt7996_mcu_sta_ba wcid configuration Håkon Bugge <haakon.bugge(a)oracle.com> RDMA/cm: Rate limit destroy CM ID timeout error message Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: handle error properly in register_one_node() Niklas Cassel <cassel(a)kernel.org> PCI: endpoint: pci-epf-test: Fix doorbell test support Christophe Leroy <christophe.leroy(a)csgroup.eu> watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Guenter Roeck <linux(a)roeck-us.net> watchdog: intel_oc_wdt: Do not try to write into const memory Jiri Kosina <jikos(a)kernel.org> HID: steelseries: Fix STEELSERIES_SRWS1 handling in steelseries_remove() Zhang Tengfei <zhtfdev(a)gmail.com> ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable Zhen Ni <zhen.ni(a)easystack.cn> netfilter: ipset: Remove unused htable_bits in macro ahash_region Edward Srouji <edwards(a)nvidia.com> RDMA/mlx5: Fix page size bitmap calculation for KSM mode Matthieu Baerts (NGI0) <matttbe(a)kernel.org> tools: ynl: fix undefined variable name Kuan-Wei Chiu <visitorckw(a)gmail.com> mm/slub: Fix cmp_loc_by_count() to return 0 when counts are equal Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix offset handling in iio_convert_raw_to_processed() Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() Moon Hee Lee <moonhee.lee.ca(a)gmail.com> fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Vitaly Grigoryev <Vitaly.Grigoryev(a)kaspersky.com> fs: ntfs3: Fix integer overflow in run_unpack() Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: mac80211: fix reporting of all valid links in sta_set_sinfo() Qianfeng Rong <rongqianfeng(a)vivo.com> drm/msm/dpu: fix incorrect type for ret Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm: Fix bootup splat with separate_gpu_drm modparam Eric Dumazet <edumazet(a)google.com> ipv6: snmp: do not track per idev ICMP6_MIB_RATELIMITHOST Eric Dumazet <edumazet(a)google.com> ipv6: snmp: do not use SNMP_MIB_SENTINEL anymore Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping Alexander Lobakin <aleksander.lobakin(a)intel.com> idpf: fix Rx descriptor ready check barrier in splitq Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm: stop supporting no-IOMMU configuration Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/mdp4: stop supporting no-IOMMU configuration Liao Yuanhong <liaoyuanhong(a)vivo.com> wifi: iwlwifi: Remove redundant header files Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Fix missing VM_BIND offset/range validation Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Fix obj leak in VM_BIND error path Wang Liang <wangliang74(a)huawei.com> pps: fix warning in pps_register_cdev when register device fail Colin Ian King <colin.i.king(a)gmail.com> misc: genwqe: Fix incorrect cmd field being reported in error Seppo Takalo <seppo.takalo(a)nordicsemi.no> tty: n_gsm: Don't block input queue by waiting MSC William Wu <william.wu(a)rock-chips.com> usb: gadget: configfs: Correctly set use_os_string at bind Xichao Zhao <zhao.xichao(a)vivo.com> usb: phy: twl6030: Fix incorrect type for ret Qianfeng Rong <rongqianfeng(a)vivo.com> drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() Anderson Nascimento <anderson(a)allelesecurity.com> fanotify: Validate the return value of mnt_ns_from_dentry() before dereferencing Eric Dumazet <edumazet(a)google.com> tcp: fix __tcp_close() to only send RST when required Ziyue Zhang <ziyue.zhang(a)oss.qualcomm.com> PCI: qcom: Add equalization settings for 8.0 GT/s and 32.0 GT/s Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: mac80211: consider links for validating SCAN_FLAG_AP in scan request during MLO Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation Jun Nie <jun.nie(a)linaro.org> drm/msm: Do not validate SSPP when it is not ready Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix 43752 SDIO FWVID incorrectly labelled as Cypress (CYW) Stefan Kerkmann <s.kerkmann(a)pengutronix.de> wifi: mwifiex: send world regulatory domain to driver Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mac80211: Make CONNECTION_MONITOR optional for MLO sta Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Adjust si_upload_smc_data register programming (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Fix si_upload_smc_data (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable ULV even if unsupported (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Power up UVD 3 for FW validation (v2) Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight: Only register perf symlink for sinks with alloc_buffer James Clark <james.clark(a)linaro.org> coresight: Fix missing include for FIELD_GET James Clark <james.clark(a)linaro.org> coresight: trbe: Add ISB after TRBLIMITR write Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation Eric Dumazet <edumazet(a)google.com> inet: ping: check sock_net() in ping_get_port() and ping_lookup() Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - request reserved interrupt for virtual function Zhushuai Yin <yinzhushuai(a)huawei.com> crypto: hisilicon/qm - check whether the input function and PF are on the same device Weili Qian <qianweili(a)huawei.com> crypto: hisilicon - check the sva module status while enabling or disabling address prefetch Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon - re-enable address prefetch after device resuming Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations Eric Dumazet <edumazet(a)google.com> ipv4: start using dst_dev_rcu() Eric Dumazet <edumazet(a)google.com> tcp_metrics: use dst_dev_net_rcu() Eric Dumazet <edumazet(a)google.com> net: use dst_dev_rcu() in sk_setup_caps() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU in ip6_xmit() Eric Dumazet <edumazet(a)google.com> ipv6: start using dst_dev_rcu() Yue Haibing <yuehaibing(a)huawei.com> ipv6: mcast: Add ip6_mc_find_idev() helper Eric Dumazet <edumazet(a)google.com> net: dst: introduce dst->dev_rcu Geert Uytterhoeven <geert+renesas(a)glider.be> efi: Explain OVMF acronym in OVMF_DEBUG_LOG help text Qianfeng Rong <rongqianfeng(a)vivo.com> accel/amdxdna: Use int instead of u32 to store error codes Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Check vcn state before profile switch Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/vcn: Hold pg_lock before vcn power off Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/vcn: Add regdump helper functions Arnd Bergmann <arnd(a)arndb.de> media: st-delta: avoid excessive stack usage Qianfeng Rong <rongqianfeng(a)vivo.com> ALSA: lx_core: use int type to store negative error codes Dan Carpenter <dan.carpenter(a)linaro.org> HID: i2c-hid: Fix test in i2c_hid_core_register_panel_follower() Nirmoy Das <nirmoyd(a)nvidia.com> PCI/ACPI: Fix pci_acpi_preserve_config() memory leak Nipun Gupta <nipun.gupta(a)amd.com> cdx: don't select CONFIG_GENERIC_MSI_IRQ Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> PCI: qcom: Restrict port parsing only to PCIe bridge child nodes Joanne Koong <joannelkoong(a)gmail.com> fuse: remove unneeded offset assignment when filling write pages Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> PCI: rcar-host: Pass proper IRQ domain to generic_handle_domain_irq() Christian Marangi <ansuelsmth(a)gmail.com> net: phy: as21xxx: better handle PHY HW reset on soft-reboot Christian Marangi <ansuelsmth(a)gmail.com> net: phy: introduce phy_id_compare_vendor() PHY ID helper Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Use led->brightness_set_blocking for PCI too Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback forcing for MPV device Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count Pin-yen Lin <treapking(a)chromium.org> HID: i2c-hid: Make elan touch controllers power on after panel is enabled Pin-yen Lin <treapking(a)chromium.org> drm/panel: Allow powering on panel follower after panel is enabled Benjamin Mugnier <benjamin.mugnier(a)foss.st.com> media: i2c: vd55g1: Fix duster register address Bingbu Cao <bingbu.cao(a)intel.com> media: staging/ipu7: cleanup the MMU correctly in IPU7 driver release Bingbu Cao <bingbu.cao(a)intel.com> media: staging/ipu7: Don't set name for IPU7 PCI device Bingbu Cao <bingbu.cao(a)intel.com> media: staging/ipu7: convert to use pci_alloc_irq_vectors() API Zhang Shurong <zhang_shurong(a)foxmail.com> media: rj54n1cb0c: Fix memleak in rj54n1_probe() Xaver Hugl <xaver.hugl(a)kde.org> drm: re-allow no-op changes on non-primary planes in async flips Thorsten Blum <thorsten.blum(a)linux.dev> crypto: octeontx2 - Call strscpy() with correct size argument Val Packett <val(a)packett.cool> drm/dp: drm_edp_backlight_set_level: do not always send 3-byte commands Chao Yu <chao(a)kernel.org> f2fs: fix to allow removing qf_name Chao Yu <chao(a)kernel.org> f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency() Chao Yu <chao(a)kernel.org> f2fs: fix to clear unusable_cap for checkpoint=enable Thomas Fourier <fourier.thomas(a)gmail.com> scsi: myrs: Fix dma_alloc_coherent() error check Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Fix up subflow's memcg when CONFIG_SOCK_CGROUP_DATA=n. Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix pm8001_abort_task() for chip_8006 when using an expander Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Add helper function to get the local phy id Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Use dev_parent_is_expander() helper Niklas Cassel <cassel(a)kernel.org> scsi: libsas: Add dev_parent_is_expander() helper Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Restore support for expanders Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> fwctl/mlx5: Fix memory alloc/free in mlx5ctl_fw_rpc() Jorge Marques <jorge.marques(a)analog.com> docs: iio: ad3552r: Fix malformed code-block directive Arnd Bergmann <arnd(a)arndb.de> hwrng: nomadik - add ARM_AMBA dependency Thomas Fourier <fourier.thomas(a)gmail.com> crypto: keembay - Add missing check after sg_nents_for_len() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL pointer checks in dc_stream cursor attribute functions Liao Yuanhong <liaoyuanhong(a)vivo.com> drm/amd/display: Remove redundant semicolons Dan Carpenter <dan.carpenter(a)linaro.org> serial: max310x: Add error checking in probe() Dan Carpenter <dan.carpenter(a)linaro.org> misc: pci_endpoint_test: Fix array underflow in pci_endpoint_test_ioctl() Geert Uytterhoeven <geert+renesas(a)glider.be> PCI/pwrctrl: Fix double cleanup on devm_add_action_or_reset() failure Komal Bajaj <komal.bajaj(a)oss.qualcomm.com> usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls Dan Carpenter <dan.carpenter(a)linaro.org> usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup Aradhya Bhatia <aradhya.bhatia(a)linux.dev> drm/bridge: cdns-dsi: Fix the _atomic_check() Jonas Karlman <jonas(a)kwiboo.se> phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: zoran: Remove zoran_fh structure Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo Jeongjun Park <aha310510(a)gmail.com> HID: steelseries: refactor probe() and remove() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Lock rtwdev->mutex before setting the LED Chia-I Wu <olvaffe(a)gmail.com> drm/bridge: it6505: select REGMAP_I2C Chao Yu <chao(a)kernel.org> f2fs: fix to zero data after EOF for compressed file correctly Chao Yu <chao(a)kernel.org> f2fs: fix to avoid overflow while left shift operation Chao Yu <chao(a)kernel.org> f2fs: fix condition in __allow_reserved_blocks() Brahmajit Das <listout(a)listout.xyz> drm/radeon/r600_cs: clean up of dead code in r600_cs Dan Carpenter <dan.carpenter(a)linaro.org> PCI: xgene-msi: Return negative -EINVAL in xgene_msi_handler_setup() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: pci-ep-msi: Fix NULL vs IS_ERR() check in pci_epf_write_msi_msg() Xiang Liu <xiang.liu(a)amd.com> drm/amdgpu: Fix vcn v4.0.3 poison irq call trace on sriov guest Xiang Liu <xiang.liu(a)amd.com> drm/amdgpu: Fix jpeg v4.0.3 poison irq call trace on sriov guest Arnd Bergmann <arnd(a)arndb.de> drm/amdgpu: fix link error for !PM_SLEEP Brigham Campbell <me(a)brighamcampbell.com> drm/panel: novatek-nt35560: Fix invalid return value Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Reduce Stack Usage by moving 'audio_output' into 'stream_res' v4 Colin Ian King <colin.i.king(a)gmail.com> drm/vmwgfx: fix missing assignment to ts Langyan Ye <yelangyan(a)huaqin.corp-partner.google.com> drm/panel-edp: Add 50ms disable delay for four panels Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/display: bridge-connector: correct CEC bridge pointers in drm_bridge_connector_init Langyan Ye <yelangyan(a)huaqin.corp-partner.google.com> drm/panel-edp: Add disable to 100ms for MNB601LS1-4 Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix a race in DRM_GPU_SCHED_STAT_NO_HANG test Dzmitry Sankouski <dsankouski(a)gmail.com> mfd: max77705: Setup the core driver as an interrupt controller Arnd Bergmann <arnd(a)arndb.de> i3c: fix big-endian FIFO transfers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Enforce expected_attach_type for tailcall compatibility D. Wythe <alibuda(a)linux.alibaba.com> libbpf: Fix error when st-prefix_ops and ops from differ btf Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Add disabling clocks when probe fails Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Fix clock issue when PM is disabled Troy Mitchell <troy.mitchell(a)linux.spacemit.com> i2c: spacemit: ensure SDA is released after bus reset Troy Mitchell <troy.mitchell(a)linux.spacemit.com> i2c: spacemit: check SDA instead of SCL after bus reset Troy Mitchell <troy.mitchell(a)linux.spacemit.com> i2c: spacemit: disable SDA glitch fix to avoid restart delay Troy Mitchell <troy.mitchell(a)linux.spacemit.com> i2c: spacemit: remove stop function to avoid bus error Troy Mitchell <troy.mitchell(a)linux.spacemit.com> i2c: spacemit: ensure bus release check runs when wait_bus_idle() fails Leilk.Liu <leilk.liu(a)mediatek.com> i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> thermal/drivers/qcom/lmh: Add missing IRQ includes Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> thermal/drivers/qcom: Make LMH select QCOM_SCM André Almeida <andrealmeid(a)igalia.com> tools/nolibc: add stdbool.h to nolibc includes Vadim Pasternak <vadimp(a)nvidia.com> hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems Qi Xi <xiqi2(a)huawei.com> once: fix race by moving DO_ONCE to separate section Andrea Righi <arighi(a)nvidia.com> bpf: Mark kfuncs as __noclone Arnd Bergmann <arnd(a)arndb.de> clocksource/drivers/tegra186: Avoid 64-bit division Guenter Roeck <linux(a)roeck-us.net> clocksource/drivers/timer-tegra186: Avoid 64-bit divide operation Jonas Gorski <jonas.gorski(a)gmail.com> spi: fix return code when spi device has too many chipselects Zhouyi Zhou <zhouzhouyi(a)gmail.com> tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers Dzmitry Sankouski <dsankouski(a)gmail.com> power: supply: max77705_charger: rework interrupts Dzmitry Sankouski <dsankouski(a)gmail.com> power: supply: max77705_charger: use regfields for config registers Dzmitry Sankouski <dsankouski(a)gmail.com> power: supply: max77705_charger: refactoring: rename charger to chg Dzmitry Sankouski <dsankouski(a)gmail.com> mfd: max77705: max77705_charger: move active discharge setting to mfd parent Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> smp: Fix up and expand the smp_call_function_many() kerneldoc Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: always install UAPI headers to the correct directory Janne Grunau <j(a)jannau.net> arm64: dts: apple: Add ethernet0 alias for J375 template Hector Martin <marcan(a)marcan.st> arm64: dts: apple: t600x: Add bluetooth device nodes Hector Martin <marcan(a)marcan.st> arm64: dts: apple: t600x: Add missing WiFi properties Hengqi Chen <hengqi.chen(a)gmail.com> bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() Eduard Zingerman <eddyz87(a)gmail.com> bpf: dont report verifier bug for missing bpf_scc_visit on speculative path Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> selftest/futex: Compile also with libnuma < 2.0.16 André Almeida <andrealmeid(a)igalia.com> selftest/futex: Make the error check more precise for futex_numa_mpol Dan Carpenter <dan.carpenter(a)linaro.org> selftests/futex: Fix futex_wait() for 32bit ARM Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: select REGMAP_MMIO with MMC_LOONGSON2 Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Explicitly check accesses to bpf_sock_addr Yu Kuai <yukuai3(a)huawei.com> blk-throttle: fix throtl_data leak during disk release Yi Lai <yi1.lai(a)intel.com> selftests/kselftest_harness: Add harness-selftest.expected to TEST_FILES Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported John Garry <john.g.garry(a)oracle.com> block: fix stacking of atomic writes when atomics are not supported John Garry <john.g.garry(a)oracle.com> block: update validation of atomic writes boundary for stacked devices Stanley Chu <stanley.chuys(a)gmail.com> i3c: master: svc: Recycle unused IBI slot Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use manual response for IBI events Martin George <martinus.gpy(a)gmail.com> nvme-tcp: send only permitted commands for secure concat Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: call done callback even when remote port is gone Daniel Wagner <wagi(a)kernel.org> nvmet-fc: move lsop put work to nvmet_fc_ls_req_op Martin George <martinus.gpy(a)gmail.com> nvme-auth: update bi_directional flag Hengqi Chen <hengqi.chen(a)gmail.com> riscv, bpf: Sign extend struct ops return values properly Dmitry Antipov <dmantipov(a)yandex.ru> ACPICA: Fix largest possible resource descriptor index Ahmed Salem <x0rw3ll(a)gmail.com> ACPICA: Apply ACPI_NONSTRING Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix corner case in clock divisor calculation Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Make code comment in .free() more useful Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Don't drop runtime PM reference in .free() Chen-Yu Tsai <wens(a)csie.org> arm64: dts: allwinner: t527: orangepi-4a: hook up external 32k crystal Chen-Yu Tsai <wens(a)csie.org> arm64: dts: allwinner: t527: avaota-a1: hook up external 32k crystal Chen-Yu Tsai <wens(a)csie.org> arm64: dts: allwinner: a527: cubie-a5e: Drop external 32.768 KHz crystal Chen-Yu Tsai <wens(a)csie.org> arm64: dts: allwinner: a527: cubie-a5e: Add LEDs AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt7986a: Fix PCI-Express T-PHY node address AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value Bean Huo <beanhuo(a)micron.com> mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt6331: Fix pmic, regulators, rtc, keys node names Biju Das <biju.das.jz(a)bp.renesas.com> arm64: dts: renesas: r9a09g047e57-smarc: Fix gpio key's pin control node Akashdeep Kaur <a-kaur(a)ti.com> arm64: dts: ti: k3-pinctrl: Fix the bug in existing macros Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8188: Change efuse fallback compatible to mt8186 Beleswar Padhi <b-padhi(a)ti.com> Revert "arm64: dts: ti: k3-j721e-beagleboneai64: Fix reversed C6x carveout locations" Beleswar Padhi <b-padhi(a)ti.com> Revert "arm64: dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations" Beleswar Padhi <b-padhi(a)ti.com> arm64: dts: ti: k3: Rename rproc reserved-mem nodes to 'memory@addr' Beleswar Padhi <b-padhi(a)ti.com> arm64: dts: ti: k3-j742s2-mcu-wakeup: Override firmware-name for MCU R5F cores Sebastian Reichel <sebastian.reichel(a)collabora.com> arm64: dts: rockchip: Fix network on rk3576 evb1 board Alexey Charkov <alchark(a)gmail.com> arm64: dts: rockchip: Add WiFi on rk3576-evb1-v10 Alexey Charkov <alchark(a)gmail.com> arm64: dts: rockchip: Add RTC on rk3576-evb1-v10 Chen-Yu Tsai <wens(a)csie.org> arm64: dts: allwinner: t527: avaota-a1: Add ethernet PHY reset setting Chen-Yu Tsai <wens(a)csie.org> arm64: dts: allwinner: a527: cubie-a5e: Add ethernet PHY reset setting Yu Kuai <yukuai3(a)huawei.com> blk-mq: fix potential deadlock while nr_requests grown Yu Kuai <yukuai3(a)huawei.com> blk-mq-sched: add new parameter nr_requests in blk_mq_alloc_sched_tags() Yu Kuai <yukuai3(a)huawei.com> blk-mq: split bitmap grow and resize case in blk_mq_update_nr_requests() Yu Kuai <yukuai3(a)huawei.com> blk-mq: cleanup shared tags case in blk_mq_update_nr_requests() Yu Kuai <yukuai3(a)huawei.com> blk-mq: convert to serialize updating nr_requests with update_nr_hwq_lock Yu Kuai <yukuai3(a)huawei.com> blk-mq: check invalid nr_requests in queue_requests_store() Yu Kuai <yukuai3(a)huawei.com> blk-mq: remove useless checkings in blk_mq_update_nr_requests() Yu Kuai <yukuai3(a)huawei.com> block: fix ordering of recursive split IO Yu Kuai <yukuai3(a)huawei.com> block: skip unnecessary checks for split bio Yu Kuai <yukuai3(a)huawei.com> block: factor out a helper bio_submit_split_bioset() Yu Kuai <yukuai3(a)huawei.com> block: initialize bio issue time in blk_mq_submit_bio() Yu Kuai <yukuai3(a)huawei.com> block: cleanup bio_issue Johan Hovold <johan(a)kernel.org> cpuidle: qcom-spm: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure Johan Hovold <johan(a)kernel.org> soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure Xianwei Zhao <xianwei.zhao(a)amlogic.com> dts: arm: amlogic: fix pwm node for c3 Johan Hovold <johan(a)kernel.org> firmware: firmware: meson-sm: fix compile-test default Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> PM / devfreq: rockchip-dfi: double count on RK3588 Eric Dumazet <edumazet(a)google.com> nbd: restrict sockets to TCP and UDP Rob Herring (Arm) <robh(a)kernel.org> arm64: dts: mediatek: mt8183: Fix out of range pull values Guoqing Jiang <guoqing.jiang(a)canonical.com> arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie0 Bibo Mao <maobibo(a)loongson.cn> tick: Do not set device to detached state in tick_shutdown() Dan Carpenter <dan.carpenter(a)linaro.org> irqchip/gic-v5: Fix error handling in gicv5_its_irq_domain_alloc() Dan Carpenter <dan.carpenter(a)linaro.org> irqchip/gic-v5: Fix loop in gicv5_its_create_itt_two_level() cleanup path Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: vDSO: vdso_test_abi: Correctly skip whole test with missing vDSO Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: vDSO: Fix -Wunitialized in powerpc VDSO_CALL() wrapper Han Guangjiang <hanguangjiang(a)lixiang.com> blk-throttle: fix access race during throttle policy activation Genjian Zhang <zhanggenjian(a)kylinos.cn> null_blk: Fix the description of the cache_size module argument Yulin Lu <luyulin(a)eswincomputing.com> pinctrl: eswin: Fix regulator error check and Kconfig dependency Qianfeng Rong <rongqianfeng(a)vivo.com> pinctrl: renesas: Use int type to store negative error codes Eugene Shalygin <eugene.shalygin(a)gmail.com> hwmon: (asus-ec-sensors) Narrow lock for X870E-CREATOR WIFI Andy Yan <andyshrk(a)163.com> power: supply: cw2015: Fix a alignment coding style issue Dan Carpenter <dan.carpenter(a)linaro.org> PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: ti: omap: omap3-devkit8000-lcd: Fix ti,keep-vref-on property to use correct boolean syntax in DTS Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: ti: omap: am335x-baltos: Fix ti,en-ck32k-xtal property in DTS to use correct boolean syntax Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> vdso: Add struct __kernel_old_timeval forward declaration to gettime.h Yu Kuai <yukuai3(a)huawei.com> blk-mq: fix elevator depth_updated method Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Clear power.must_resume in noirq suspend error path Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> vdso/datastore: Gate time data behind CONFIG_GENERIC_GETTIMEOFDAY Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix count write in testapp_xdp_metadata_copy() Brian Norris <briannorris(a)chromium.org> genirq/test: Ensure CPU 1 is online for hotplug test Brian Norris <briannorris(a)chromium.org> genirq/test: Drop CONFIG_GENERIC_IRQ_MIGRATION assumptions Brian Norris <briannorris(a)chromium.org> genirq/test: Depend on SPARSE_IRQ Brian Norris <briannorris(a)chromium.org> genirq/test: Select IRQ_DOMAIN David Gow <davidgow(a)google.com> genirq/test: Fix depth tests on architectures with NOREQUEST by default. Rob Herring (Arm) <robh(a)kernel.org> dt-bindings: vendor-prefixes: Add undocumented vendor prefixes Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: stm32: stm32mp151c-plyaqm: Use correct dai-format property Qianfeng Rong <rongqianfeng(a)vivo.com> block: use int to store blk_stack_limits() return value Inochi Amaoto <inochiama(a)gmail.com> PCI/MSI: Check MSI_FLAG_PCI_MSI_MASK_PARENT in cond_[startup|shutdown]_parent() Andrei Lalaev <andrei.lalaev(a)anton-paar.com> leds: leds-lp55xx: Use correct address for memory programming Benjamin Berg <benjamin.berg(a)intel.com> selftests/nolibc: fix EXPECT_NZ macro Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/nolibc: avoid error in dup2() if old fd equals new fd Waiman Long <longman(a)redhat.com> selftests/futex: Fix some futex_numa_mpol subtests Qianfeng Rong <rongqianfeng(a)vivo.com> regulator: scmi: Use int type to store negative error codes Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: fix MCKx restore routine Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> selftests/futex: Remove the -g parameter from futex_priv_hash Li Nan <linan122(a)huawei.com> blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Da Xue <da(a)libre.computer> pinctrl: meson-gxl: add missing i2c_d pinmux Sneh Mankad <sneh.mankad(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Vlastimil Babka <vbabka(a)suse.cz> scripts/misc-check: update export checks for EXPORT_SYMBOL_FOR_MODULES() Inochi Amaoto <inochiama(a)gmail.com> irqchip/sg2042-msi: Fix broken affinity setting Inochi Amaoto <inochiama(a)gmail.com> PCI/MSI: Add startup/shutdown for per device domains Inochi Amaoto <inochiama(a)gmail.com> genirq: Add irq_chip_(startup/shutdown)_parent() Huisong Li <lihuisong(a)huawei.com> ACPI: processor: idle: Fix memory leak when register cpuidle device failed Tao Chen <chen.dylane(a)linux.dev> bpf: Remove preempt_disable in bpf_try_get_buffers Joy Zou <joy.zou(a)nxp.com> arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid Frieder Schrempf <frieder.schrempf(a)kontron.de> arm64: dts: imx93-kontron: Fix USB port assignment Annette Kobou <annette.kobou(a)kontron.de> arm64: dts: imx93-kontron: Fix GPIO for panel regulator Junnan Wu <junnan01.wu(a)samsung.com> firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver Mykyta Yatsenko <yatsenko(a)meta.com> libbpf: Export bpf_object__prepare symbol Marek Vasut <marek.vasut+renesas(a)mailbox.org> arm64: dts: renesas: sparrow-hawk: Set VDDQ18_25_AVB voltage on EVTB1 Marek Vasut <marek.vasut+renesas(a)mailbox.org> arm64: dts: renesas: sparrow-hawk: Invert microSD voltage selector on EVTB1 Florian Fainelli <florian.fainelli(a)broadcom.com> cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Do not write tail call counter into helper and kfunc frames Fenglin Wu <fenglin.wu(a)oss.qualcomm.com> leds: flash: leds-qcom-flash: Update torch current clamp setting Len Bao <len.bao(a)gmx.us> leds: max77705: Function return instead of variable assignment Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: renesas: porter: Fix CAN pin group Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/nolibc: fix error return value of clock_nanosleep() Yureka Lilian <yuka(a)yuka.dev> libbpf: Fix reuse of DEVMAP Tao Chen <chen.dylane(a)linux.dev> bpf: Remove migrate_disable in kprobe_multi_link_prog_run Matt Bobrowski <mattbobrowski(a)google.com> bpf/selftests: Fix test_tcpnotify_user Baptiste Lepers <baptiste.lepers(a)gmail.com> rust: cpumask: Mark CpumaskVar as transparent Amery Hung <ameryhung(a)gmail.com> selftests/bpf: Copy test_kmods when installing selftest Geert Uytterhoeven <geert+renesas(a)glider.be> regmap: Remove superfluous check for !config in __regmap_init() Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Tidy verifier bug message Biju Das <biju.das.jz(a)bp.renesas.com> arm64: dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() Qu Wenruo <wqu(a)suse.com> btrfs: fix symbolic link reading when bs > ps Qu Wenruo <wqu(a)suse.com> btrfs: return any hit error from extent_writepage_io() Chen Ridong <chenridong(a)huawei.com> cpuset: fix failure to enable isolated partition when containing isolcpus Randy Dunlap <rdunlap(a)infradead.org> lsm: CONFIG_LSM can depend on CONFIG_SECURITY Peter Zijlstra <peterz(a)infradead.org> sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() Michal Koutný <mkoutny(a)suse.com> selftests: cgroup: Make test_pids backwards compatible Uros Bizjak <ubizjak(a)gmail.com> x86/vdso: Fix output operand size of RDPID Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Use early_initcall() to hook bts_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller Stefan Metzmacher <metze(a)samba.org> smb: server: fix IRD/ORD negotiation with the client Stefan Metzmacher <metze(a)samba.org> smb: client: fix sending the iwrap custom IRD/ORD negotiation messages Gao Xiang <xiang(a)kernel.org> erofs: avoid reading more for fragment maps Leo Yan <leo.yan(a)arm.com> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Leo Yan <leo.yan(a)arm.com> coresight: trbe: Prevent overflow in PERF_IDX2OFF() Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> raid6: riscv: Clean up unused header file inclusion Jeremy Linton <jeremy.linton(a)arm.com> uprobes: uprobe_warn should use passed task Joe Lawrence <joe.lawrence(a)redhat.com> powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs Joe Lawrence <joe.lawrence(a)redhat.com> powerpc/ftrace: ensure ftrace record ops are always set for NOPs Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/603: Really copy kernel PGD entries into all PGDIRs Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Add proper lockspace locking Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: do_xmote cleanup Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Get rid of GLF_INVALIDATE_IN_PROGRESS Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove duplicate check in do_xmote Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix LM_FLAG_TRY* logic in add_to_queue Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Further sanitize lock_dlm.c Colin Ian King <colin.i.king(a)gmail.com> gfs2: Remove space before newline Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote Kang Chen <k.chen(a)smail.nju.edu.cn> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Thomas Weißschuh <linux(a)weissschuh.net> kselftest/arm64/gcs: Correctly check return value when disabling GCS Bala-Vignesh-Reddy <reddybalavignesh9979(a)gmail.com> selftests: arm64: Fix -Waddress warning in tpidr2 test Bala-Vignesh-Reddy <reddybalavignesh9979(a)gmail.com> selftests: arm64: Check fread return value in exec_target Kienan Stewart <kstewart(a)efficios.com> kbuild: Add missing $(objtree) prefix to powerpc crtsavres.o artifact Johannes Nixdorf <johannes(a)nixdorf.dev> seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast Linus Torvalds <torvalds(a)linux-foundation.org> Fix CC_HAS_ASM_GOTO_OUTPUT on non-x86 architectures Christian Göttsche <cgzones(a)googlemail.com> pid: use ns_capable_noaudit() when determining net sysctl permissions Geert Uytterhoeven <geert+renesas(a)glider.be> init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD Jeff Layton <jlayton(a)kernel.org> filelock: add FL_RECLAIM to show_fl_flags() macro Simon Schuster <schuster.simon(a)siemens-energy.com> arch: copy_thread: pass clone_flags as u64 ------------- Diffstat: .../devicetree/bindings/vendor-prefixes.yaml | 50 ++++ Documentation/iio/ad3552r.rst | 3 +- Documentation/trace/histogram-design.rst | 4 +- Makefile | 4 +- arch/alpha/kernel/process.c | 2 +- arch/arc/kernel/process.c | 2 +- arch/arm/boot/dts/renesas/r8a7791-porter.dts | 2 +- arch/arm/boot/dts/st/stm32mp151c-plyaqm.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-baltos.dtsi | 2 +- arch/arm/boot/dts/ti/omap/am335x-cm-t335.dts | 2 - .../dts/ti/omap/omap3-devkit8000-lcd-common.dtsi | 2 +- arch/arm/kernel/process.c | 2 +- arch/arm/mach-at91/pm_suspend.S | 4 +- .../boot/dts/allwinner/sun55i-a527-cubie-a5e.dts | 25 +- .../boot/dts/allwinner/sun55i-t527-avaota-a1.dts | 11 + .../boot/dts/allwinner/sun55i-t527-orangepi-4a.dts | 8 + arch/arm64/boot/dts/amlogic/amlogic-c3.dtsi | 2 +- arch/arm64/boot/dts/apple/t6000-j314s.dts | 8 + arch/arm64/boot/dts/apple/t6000-j316s.dts | 8 + arch/arm64/boot/dts/apple/t6001-j314c.dts | 8 + arch/arm64/boot/dts/apple/t6001-j316c.dts | 8 + arch/arm64/boot/dts/apple/t6001-j375c.dts | 8 + arch/arm64/boot/dts/apple/t6002-j375d.dts | 8 + arch/arm64/boot/dts/apple/t600x-j314-j316.dtsi | 10 + arch/arm64/boot/dts/apple/t600x-j375.dtsi | 11 + arch/arm64/boot/dts/apple/t8103-j457.dts | 12 +- .../boot/dts/freescale/imx93-kontron-bl-osm-s.dts | 32 ++- arch/arm64/boot/dts/freescale/imx95.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt6331.dtsi | 10 +- .../boot/dts/mediatek/mt6795-sony-xperia-m5.dts | 2 +- arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 12 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 14 +- arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 14 +- .../boot/dts/mediatek/mt8186-corsola-krabby.dtsi | 8 +- .../mt8186-corsola-tentacruel-sku262144.dts | 4 + arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 3 - .../dts/mediatek/mt8395-kontron-3-5-sbc-i1200.dts | 16 +- arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 +- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 1 + .../boot/dts/renesas/r8a779g3-sparrow-hawk.dts | 6 +- arch/arm64/boot/dts/renesas/r9a09g047e57-smarc.dts | 6 +- arch/arm64/boot/dts/renesas/rzg2lc-smarc.dtsi | 5 +- arch/arm64/boot/dts/rockchip/rk3576-evb1-v10.dts | 118 ++++++++- arch/arm64/boot/dts/ti/k3-am62-phycore-som.dtsi | 10 +- arch/arm64/boot/dts/ti/k3-am62-pocketbeagle2.dts | 6 +- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2 +- arch/arm64/boot/dts/ti/k3-am62a-phycore-som.dtsi | 12 +- arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 12 +- arch/arm64/boot/dts/ti/k3-am62d2-evm.dts | 14 +- arch/arm64/boot/dts/ti/k3-am62p-verdin.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 8 +- arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 8 +- arch/arm64/boot/dts/ti/k3-am64-phycore-som.dtsi | 22 +- arch/arm64/boot/dts/ti/k3-am642-evm.dts | 22 +- arch/arm64/boot/dts/ti/k3-am642-sk.dts | 22 +- arch/arm64/boot/dts/ti/k3-am642-sr-som.dtsi | 16 +- arch/arm64/boot/dts/ti/k3-am642-tqma64xxl.dtsi | 18 +- arch/arm64/boot/dts/ti/k3-am65-iot2050-common.dtsi | 10 +- arch/arm64/boot/dts/ti/k3-am654-base-board.dts | 10 +- arch/arm64/boot/dts/ti/k3-am67a-beagley-ai.dts | 22 +- arch/arm64/boot/dts/ti/k3-am68-phycore-som.dtsi | 34 +-- arch/arm64/boot/dts/ti/k3-am68-sk-som.dtsi | 34 +-- arch/arm64/boot/dts/ti/k3-am69-sk.dts | 48 ++-- arch/arm64/boot/dts/ti/k3-j7200-som-p0.dtsi | 18 +- arch/arm64/boot/dts/ti/k3-j721e-beagleboneai64.dts | 40 +-- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 40 +-- arch/arm64/boot/dts/ti/k3-j721e-som-p0.dtsi | 38 +-- arch/arm64/boot/dts/ti/k3-j721s2-som-p0.dtsi | 34 +-- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 22 +- arch/arm64/boot/dts/ti/k3-j742s2-mcu-wakeup.dtsi | 17 ++ arch/arm64/boot/dts/ti/k3-j742s2.dtsi | 1 + arch/arm64/boot/dts/ti/k3-j784s4-evm.dts | 4 +- .../boot/dts/ti/k3-j784s4-j742s2-evm-common.dtsi | 44 ++-- arch/arm64/boot/dts/ti/k3-pinctrl.h | 4 +- arch/arm64/kernel/process.c | 2 +- arch/arm64/net/bpf_jit_comp.c | 3 +- arch/csky/kernel/process.c | 2 +- arch/hexagon/kernel/process.c | 2 +- arch/loongarch/kernel/process.c | 2 +- arch/loongarch/kernel/relocate.c | 4 + arch/loongarch/net/bpf_jit.c | 80 ++++-- arch/m68k/kernel/process.c | 2 +- arch/microblaze/kernel/process.c | 2 +- arch/mips/kernel/process.c | 2 +- arch/nios2/kernel/process.c | 2 +- arch/openrisc/kernel/process.c | 2 +- arch/parisc/kernel/process.c | 2 +- arch/powerpc/Kconfig | 4 + arch/powerpc/Makefile | 2 +- arch/powerpc/include/asm/book3s/32/pgalloc.h | 10 +- arch/powerpc/include/asm/nohash/pgalloc.h | 2 +- arch/powerpc/include/asm/topology.h | 2 + arch/powerpc/kernel/head_8xx.S | 9 +- arch/powerpc/kernel/module_64.c | 2 +- arch/powerpc/kernel/process.c | 2 +- arch/powerpc/kernel/smp.c | 27 +- arch/powerpc/kernel/trace/ftrace.c | 10 +- arch/riscv/kernel/process.c | 2 +- arch/riscv/kvm/vmid.c | 3 +- arch/riscv/net/bpf_jit_comp64.c | 42 +++- arch/s390/kernel/process.c | 2 +- arch/s390/kernel/topology.c | 20 +- arch/s390/net/bpf_jit_comp.c | 42 +++- arch/sh/kernel/process_32.c | 2 +- arch/sparc/kernel/process_32.c | 2 +- arch/sparc/kernel/process_64.c | 2 +- arch/sparc/lib/M7memcpy.S | 20 +- arch/sparc/lib/Memcpy_utils.S | 9 + arch/sparc/lib/NG4memcpy.S | 2 +- arch/sparc/lib/NGmemcpy.S | 29 ++- arch/sparc/lib/U1memcpy.S | 19 +- arch/sparc/lib/U3memcpy.S | 2 +- arch/um/kernel/process.c | 2 +- arch/x86/events/intel/bts.c | 2 +- arch/x86/events/intel/core.c | 3 +- arch/x86/include/asm/fpu/sched.h | 2 +- arch/x86/include/asm/segment.h | 8 +- arch/x86/include/asm/shstk.h | 4 +- arch/x86/kernel/fpu/core.c | 2 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/shstk.c | 2 +- arch/x86/kernel/smpboot.c | 8 +- arch/x86/kvm/svm/svm.c | 12 +- arch/xtensa/kernel/process.c | 2 +- block/bfq-iosched.c | 22 +- block/bio.c | 2 +- block/blk-cgroup.c | 6 - block/blk-cgroup.h | 12 +- block/blk-core.c | 19 +- block/blk-iolatency.c | 14 +- block/blk-merge.c | 64 +++-- block/blk-mq-sched.c | 14 +- block/blk-mq-sched.h | 13 +- block/blk-mq-sysfs.c | 6 +- block/blk-mq-tag.c | 23 +- block/blk-mq.c | 84 ++++--- block/blk-mq.h | 18 +- block/blk-settings.c | 44 ++-- block/blk-sysfs.c | 57 ++++- block/blk-throttle.c | 15 +- block/blk-throttle.h | 18 +- block/blk.h | 45 +--- block/elevator.c | 3 +- block/elevator.h | 2 +- block/kyber-iosched.c | 19 +- block/mq-deadline.c | 16 +- crypto/842.c | 6 +- crypto/asymmetric_keys/x509_cert_parser.c | 16 +- crypto/lz4.c | 6 +- crypto/lz4hc.c | 6 +- crypto/lzo-rle.c | 6 +- crypto/lzo.c | 6 +- drivers/accel/amdxdna/aie2_ctx.c | 6 +- drivers/acpi/acpica/aclocal.h | 2 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 3 + drivers/base/node.c | 4 + drivers/base/power/main.c | 14 +- drivers/base/regmap/regmap.c | 2 +- drivers/block/nbd.c | 8 + drivers/block/null_blk/main.c | 2 +- drivers/bluetooth/btintel_pcie.c | 218 ++++++---------- drivers/bluetooth/btintel_pcie.h | 2 + drivers/bus/fsl-mc/fsl-mc-bus.c | 3 + drivers/cdx/Kconfig | 1 - drivers/cdx/cdx.c | 4 +- drivers/cdx/controller/Kconfig | 1 - drivers/cdx/controller/cdx_controller.c | 3 +- drivers/char/hw_random/Kconfig | 1 + drivers/char/hw_random/ks-sa-rng.c | 4 + drivers/char/tpm/Kconfig | 2 +- drivers/clocksource/timer-tegra186.c | 4 +- drivers/cpufreq/scmi-cpufreq.c | 10 + drivers/cpuidle/cpuidle-qcom-spm.c | 7 +- drivers/crypto/hisilicon/debugfs.c | 1 + drivers/crypto/hisilicon/hpre/hpre_main.c | 86 +++++-- drivers/crypto/hisilicon/qm.c | 45 +++- drivers/crypto/hisilicon/sec2/sec_main.c | 126 +++++++--- drivers/crypto/hisilicon/zip/zip_main.c | 102 +++++--- .../crypto/intel/keembay/keembay-ocs-hcu-core.c | 5 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 2 +- drivers/crypto/nx/nx-common-powernv.c | 6 +- drivers/crypto/nx/nx-common-pseries.c | 6 +- drivers/devfreq/event/rockchip-dfi.c | 7 +- drivers/devfreq/mtk-cci-devfreq.c | 3 +- drivers/edac/i10nm_base.c | 14 ++ drivers/firmware/arm_scmi/transports/virtio.c | 3 + drivers/firmware/efi/Kconfig | 7 +- drivers/firmware/meson/Kconfig | 2 +- drivers/fwctl/mlx5/main.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 170 ++++++++++--- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 11 + drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 2 +- drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 ++- drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 27 +- drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 1 - drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 4 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 2 - drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 8 +- .../display/dc/dml/dcn32/display_rq_dlg_calc_32.c | 1 - .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 32 ++- drivers/gpu/drm/amd/display/dc/inc/core_types.h | 5 +- .../amd/display/dc/link/accessories/link_dp_cts.c | 12 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 5 +- .../amd/display/dc/resource/dcn31/dcn31_resource.h | 3 +- drivers/gpu/drm/amd/pm/amdgpu_dpm_internal.c | 7 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 92 +++++-- drivers/gpu/drm/bridge/Kconfig | 1 + drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 4 +- drivers/gpu/drm/display/drm_bridge_connector.c | 4 + drivers/gpu/drm/display/drm_dp_helper.c | 4 +- drivers/gpu/drm/drm_atomic_uapi.c | 23 +- drivers/gpu/drm/drm_panel.c | 73 +++++- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 4 + drivers/gpu/drm/msm/disp/mdp4/mdp4_kms.c | 6 +- drivers/gpu/drm/msm/msm_drv.c | 1 + drivers/gpu/drm/msm/msm_gem_vma.c | 31 ++- drivers/gpu/drm/msm/msm_kms.c | 5 +- drivers/gpu/drm/panel/panel-edp.c | 20 +- drivers/gpu/drm/panel/panel-novatek-nt35560.c | 2 +- drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/scheduler/tests/mock_scheduler.c | 2 +- drivers/gpu/drm/scheduler/tests/sched_tests.h | 7 +- drivers/gpu/drm/scheduler/tests/tests_basic.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/hid/hid-ids.h | 2 + drivers/hid/hid-quirks.c | 2 + drivers/hid/hid-steelseries.c | 108 +++----- drivers/hid/hidraw.c | 262 ++++++++++--------- drivers/hid/i2c-hid/i2c-hid-core.c | 46 ++-- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 11 +- drivers/hwmon/asus-ec-sensors.c | 2 +- drivers/hwmon/mlxreg-fan.c | 24 +- drivers/hwtracing/coresight/coresight-catu.c | 31 ++- drivers/hwtracing/coresight/coresight-catu.h | 1 + drivers/hwtracing/coresight/coresight-core.c | 6 +- drivers/hwtracing/coresight/coresight-cpu-debug.c | 6 +- drivers/hwtracing/coresight/coresight-ctcu-core.c | 10 +- drivers/hwtracing/coresight/coresight-etb10.c | 10 +- drivers/hwtracing/coresight/coresight-etm3x-core.c | 9 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 41 +-- .../hwtracing/coresight/coresight-etm4x-sysfs.c | 1 + drivers/hwtracing/coresight/coresight-etm4x.h | 6 +- drivers/hwtracing/coresight/coresight-funnel.c | 42 +--- drivers/hwtracing/coresight/coresight-replicator.c | 40 +-- drivers/hwtracing/coresight/coresight-stm.c | 13 +- drivers/hwtracing/coresight/coresight-syscfg.c | 2 +- drivers/hwtracing/coresight/coresight-tmc-core.c | 26 +- drivers/hwtracing/coresight/coresight-tmc.h | 2 + drivers/hwtracing/coresight/coresight-tpda.c | 3 + drivers/hwtracing/coresight/coresight-tpiu.c | 14 +- drivers/hwtracing/coresight/coresight-trbe.c | 12 +- drivers/hwtracing/coresight/ultrasoc-smb.h | 1 + drivers/i2c/busses/i2c-designware-platdrv.c | 5 +- drivers/i2c/busses/i2c-k1.c | 71 ++++-- drivers/i2c/busses/i2c-mt65xx.c | 17 +- drivers/i3c/internals.h | 12 +- drivers/i3c/master/svc-i3c-master.c | 31 ++- drivers/iio/inkern.c | 30 +-- drivers/infiniband/core/addr.c | 10 +- drivers/infiniband/core/cm.c | 4 +- drivers/infiniband/core/sa_query.c | 6 +- drivers/infiniband/hw/mlx5/main.c | 67 ++++- drivers/infiniband/hw/mlx5/mlx5_ib.h | 5 + drivers/infiniband/sw/rxe/rxe_task.c | 8 +- drivers/infiniband/sw/siw/siw_verbs.c | 25 +- drivers/input/misc/uinput.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 2 +- drivers/iommu/intel/debugfs.c | 17 +- drivers/iommu/intel/iommu.h | 3 +- drivers/iommu/iommu-priv.h | 2 + drivers/iommu/iommu.c | 26 ++ drivers/iommu/iommufd/selftest.c | 2 +- drivers/irqchip/irq-gic-v5-its.c | 24 +- drivers/irqchip/irq-sg2042-msi.c | 18 +- drivers/leds/flash/leds-qcom-flash.c | 62 +++-- drivers/leds/leds-lp55xx-common.c | 2 +- drivers/leds/leds-max77705.c | 2 +- drivers/md/dm-core.h | 1 + drivers/md/dm-vdo/indexer/volume-index.c | 4 +- drivers/md/dm.c | 13 +- drivers/media/i2c/rj54n1cb0c.c | 9 +- drivers/media/i2c/vd55g1.c | 2 +- drivers/media/pci/zoran/zoran.h | 6 - drivers/media/pci/zoran/zoran_driver.c | 3 +- .../media/platform/st/sti/delta/delta-mjpeg-dec.c | 20 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 2 + drivers/mfd/max77705.c | 38 ++- drivers/mfd/rz-mtu3.c | 2 +- drivers/mfd/vexpress-sysreg.c | 6 +- drivers/misc/fastrpc.c | 89 ++++--- drivers/misc/genwqe/card_ddcb.c | 2 +- drivers/misc/pci_endpoint_test.c | 2 +- drivers/mmc/core/block.c | 6 +- drivers/mmc/host/Kconfig | 1 + drivers/mtd/nand/raw/atmel/nand-controller.c | 4 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/bonding/bond_netlink.c | 16 +- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 +- drivers/net/ethernet/cadence/macb.h | 4 - drivers/net/ethernet/cadence/macb_main.c | 134 +++++----- drivers/net/ethernet/dlink/dl2k.c | 7 +- drivers/net/ethernet/freescale/enetc/enetc4_pf.c | 2 +- drivers/net/ethernet/freescale/enetc/ntmp.c | 15 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 8 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 6 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 1 + .../net/ethernet/marvell/octeontx2/nic/otx2_vf.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 24 ++ .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 7 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +- drivers/net/phy/as21xxx.c | 7 +- drivers/net/usb/asix_devices.c | 29 +++ drivers/net/usb/rtl8150.c | 2 - drivers/net/wireless/ath/ath10k/wmi.c | 39 ++- drivers/net/wireless/ath/ath12k/ce.c | 2 +- drivers/net/wireless/ath/ath12k/debug.h | 1 + drivers/net/wireless/ath/ath12k/dp_mon.c | 56 +++-- drivers/net/wireless/ath/ath12k/dp_rx.c | 45 +++- drivers/net/wireless/ath/ath12k/hal_rx.h | 12 +- drivers/net/wireless/ath/ath12k/mac.c | 16 +- .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/chip.c | 4 +- .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 8 +- .../broadcom/brcm80211/include/brcm_hw_ids.h | 1 - drivers/net/wireless/intel/iwlwifi/fw/regulatory.h | 1 - drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 +- drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/eeprom.h | 6 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 29 +-- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 29 ++- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 137 +++------- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 106 ++++++-- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 38 ++- drivers/net/wireless/mediatek/mt76/mt7996/mcu.h | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 22 +- drivers/net/wireless/mediatek/mt76/mt7996/pci.c | 2 +- drivers/net/wireless/realtek/rtw88/led.c | 13 +- drivers/net/wireless/realtek/rtw89/core.c | 1 + drivers/net/wireless/realtek/rtw89/ser.c | 3 +- drivers/nvme/host/auth.c | 5 +- drivers/nvme/host/tcp.c | 3 + drivers/nvme/target/fc.c | 19 +- drivers/nvme/target/fcloop.c | 8 +- drivers/pci/controller/cadence/pci-j721e.c | 2 +- drivers/pci/controller/dwc/pcie-designware.h | 1 - drivers/pci/controller/dwc/pcie-qcom-common.c | 58 +++-- drivers/pci/controller/dwc/pcie-qcom-common.h | 2 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 +- drivers/pci/controller/dwc/pcie-qcom.c | 8 +- drivers/pci/controller/dwc/pcie-rcar-gen4.c | 26 +- drivers/pci/controller/dwc/pcie-tegra194.c | 4 +- drivers/pci/controller/pci-tegra.c | 2 +- drivers/pci/controller/pci-xgene-msi.c | 2 +- drivers/pci/controller/pcie-rcar-host.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 31 ++- drivers/pci/endpoint/pci-ep-msi.c | 2 +- drivers/pci/msi/irqdomain.c | 57 +++++ drivers/pci/pci-acpi.c | 6 +- drivers/pci/pcie/aer.c | 3 + drivers/pci/pwrctrl/slot.c | 12 +- drivers/perf/arm_spe_pmu.c | 3 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 12 + drivers/pinctrl/Kconfig | 2 + drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 + drivers/pinctrl/pinctrl-eic7700.c | 2 +- drivers/pinctrl/pinmux.c | 2 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/renesas/pinctrl.c | 3 +- drivers/power/supply/cw2015_battery.c | 3 +- drivers/power/supply/max77705_charger.c | 198 +++++++-------- drivers/pps/kapi.c | 5 +- drivers/pps/pps.c | 5 +- drivers/ptp/ptp_private.h | 1 + drivers/ptp/ptp_sysfs.c | 2 +- drivers/pwm/pwm-loongson.c | 2 +- drivers/pwm/pwm-tiehrpwm.c | 154 +++++------- drivers/regulator/scmi-regulator.c | 3 +- drivers/remoteproc/pru_rproc.c | 3 +- drivers/remoteproc/qcom_q6v5.c | 3 - drivers/remoteproc/qcom_q6v5_mss.c | 11 +- drivers/remoteproc/qcom_q6v5_pas.c | 6 + drivers/rpmsg/qcom_smd.c | 2 +- drivers/scsi/libsas/sas_expander.c | 5 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 +- drivers/scsi/myrs.c | 8 +- drivers/scsi/pm8001/pm8001_hwi.c | 11 +- drivers/scsi/pm8001/pm8001_sas.c | 31 ++- drivers/scsi/pm8001/pm8001_sas.h | 1 + drivers/scsi/pm8001/pm80xx_hwi.c | 10 +- drivers/scsi/qla2xxx/qla_edif.c | 4 +- drivers/scsi/qla2xxx/qla_init.c | 4 +- drivers/scsi/qla2xxx/qla_nvme.c | 2 +- drivers/soc/mediatek/mtk-svs.c | 23 ++ drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/spi/spi.c | 2 +- drivers/staging/media/ipu7/ipu7.c | 28 +-- drivers/tee/tee_shm.c | 8 + drivers/thermal/qcom/Kconfig | 3 +- drivers/thermal/qcom/lmh.c | 2 + drivers/thunderbolt/tunnel.c | 5 +- drivers/tty/n_gsm.c | 25 +- drivers/tty/serial/max310x.c | 2 + drivers/ufs/core/ufs-sysfs.c | 2 + drivers/ufs/core/ufshcd.c | 9 + drivers/uio/uio_hv_generic.c | 7 +- drivers/usb/cdns3/cdnsp-pci.c | 5 +- drivers/usb/gadget/configfs.c | 2 + drivers/usb/host/max3421-hcd.c | 2 +- drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/misc/Kconfig | 1 + drivers/usb/misc/qcom_eud.c | 33 ++- drivers/usb/phy/phy-twl6030-usb.c | 3 +- drivers/usb/typec/tipd/core.c | 24 +- drivers/usb/usbip/vhci_hcd.c | 22 ++ drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 6 +- drivers/vfio/pci/pds/dirty.c | 2 +- drivers/vhost/vringh.c | 14 +- drivers/video/fbdev/simplefb.c | 31 ++- drivers/watchdog/intel_oc_wdt.c | 8 +- drivers/watchdog/mpc8xxx_wdt.c | 2 + fs/btrfs/extent_io.c | 9 +- fs/btrfs/inode.c | 2 +- fs/cramfs/inode.c | 2 +- fs/erofs/zdata.c | 4 +- fs/ext4/ext4.h | 10 + fs/ext4/file.c | 2 +- fs/ext4/inode.c | 2 +- fs/ext4/mballoc.c | 10 + fs/ext4/orphan.c | 6 +- fs/ext4/super.c | 4 +- fs/f2fs/compress.c | 25 +- fs/f2fs/data.c | 11 +- fs/f2fs/f2fs.h | 4 +- fs/f2fs/file.c | 49 ++-- fs/f2fs/gc.c | 16 +- fs/f2fs/super.c | 10 +- fs/fuse/file.c | 1 - fs/gfs2/file.c | 23 +- fs/gfs2/glock.c | 121 ++++----- fs/gfs2/glock.h | 4 + fs/gfs2/incore.h | 3 +- fs/gfs2/lock_dlm.c | 72 ++++-- fs/gfs2/trace_gfs2.h | 1 - fs/hfsplus/dir.c | 2 +- fs/hfsplus/hfsplus_fs.h | 8 +- fs/hfsplus/unicode.c | 24 +- fs/hfsplus/xattr.c | 6 +- fs/nfs/localio.c | 65 ++++- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/filecache.c | 34 +++ fs/nfsd/filecache.h | 4 + fs/nfsd/localio.c | 11 + fs/nfsd/trace.h | 27 ++ fs/nfsd/vfs.h | 4 + fs/notify/fanotify/fanotify_user.c | 3 + fs/ntfs3/index.c | 10 + fs/ntfs3/run.c | 12 +- fs/ocfs2/stack_user.c | 1 + fs/smb/client/smb2ops.c | 17 +- fs/smb/client/smbdirect.c | 110 +++++++- fs/smb/client/smbdirect.h | 4 +- fs/smb/server/ksmbd_netlink.h | 5 +- fs/smb/server/mgmt/user_session.c | 26 +- fs/smb/server/server.h | 1 + fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 3 + fs/smb/server/transport_rdma.c | 97 ++++++- fs/smb/server/transport_tcp.c | 27 +- fs/squashfs/inode.c | 7 + fs/squashfs/squashfs_fs_i.h | 2 +- fs/udf/inode.c | 3 + include/acpi/actbl.h | 2 +- include/asm-generic/vmlinux.lds.h | 1 + include/crypto/internal/scompress.h | 11 +- include/drm/drm_panel.h | 14 ++ include/linux/blk_types.h | 7 +- include/linux/blkdev.h | 2 + include/linux/bpf.h | 1 + include/linux/bpf_verifier.h | 12 +- include/linux/btf.h | 2 +- include/linux/coresight.h | 25 +- include/linux/dmaengine.h | 2 +- include/linux/hid.h | 2 + include/linux/irq.h | 2 + include/linux/memcontrol.h | 6 + include/linux/mm.h | 2 +- include/linux/mmc/sdio_ids.h | 2 +- include/linux/msi.h | 2 + include/linux/nfslocalio.h | 2 + include/linux/once.h | 4 +- include/linux/phy.h | 23 +- include/linux/power/max77705_charger.h | 102 ++++---- include/linux/sched/topology.h | 28 ++- include/linux/topology.h | 2 +- include/net/bonding.h | 1 + include/net/dst.h | 16 +- include/net/ip.h | 30 ++- include/net/ip6_route.h | 2 +- include/net/route.h | 2 +- include/scsi/libsas.h | 8 + include/trace/events/filelock.h | 3 +- include/trace/misc/fs.h | 22 ++ include/uapi/linux/hidraw.h | 2 + include/ufs/ufshcd.h | 3 + include/vdso/gettime.h | 1 + init/Kconfig | 3 +- io_uring/waitid.c | 3 +- io_uring/zcrx.c | 4 + kernel/bpf/core.c | 5 + kernel/bpf/helpers.c | 3 - kernel/bpf/verifier.c | 28 ++- kernel/cgroup/cpuset.c | 2 +- kernel/events/uprobes.c | 2 +- kernel/irq/Kconfig | 2 + kernel/irq/chip.c | 37 +++ kernel/irq/irq_test.c | 18 +- kernel/pid.c | 2 +- kernel/rcu/srcutiny.c | 4 +- kernel/sched/topology.c | 28 +-- kernel/seccomp.c | 12 +- kernel/smp.c | 11 +- kernel/time/clockevents.c | 2 +- kernel/time/tick-common.c | 16 +- kernel/time/tick-internal.h | 2 +- kernel/trace/bpf_trace.c | 9 +- kernel/trace/trace.c | 278 +++++++++++++++++---- kernel/trace/trace_events.c | 3 +- kernel/trace/trace_fprobe.c | 10 +- kernel/trace/trace_irqsoff.c | 23 +- kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_sched_wakeup.c | 16 +- kernel/trace/trace_uprobe.c | 12 +- lib/raid6/recov_rvv.c | 2 - lib/raid6/rvv.c | 3 - lib/vdso/datastore.c | 6 +- mm/hugetlb.c | 2 + mm/memcontrol.c | 13 + mm/slub.c | 5 +- net/9p/trans_usbg.c | 16 +- net/bluetooth/hci_sync.c | 10 +- net/bluetooth/iso.c | 11 +- net/bluetooth/mgmt.c | 10 +- net/core/dst.c | 2 +- net/core/filter.c | 16 +- net/core/sock.c | 16 +- net/ethtool/tsconfig.c | 12 +- net/ipv4/icmp.c | 6 +- net/ipv4/ip_fragment.c | 6 +- net/ipv4/ipmr.c | 6 +- net/ipv4/ping.c | 14 +- net/ipv4/route.c | 8 +- net/ipv4/tcp.c | 9 +- net/ipv4/tcp_input.c | 15 +- net/ipv4/tcp_metrics.c | 6 +- net/ipv6/anycast.c | 2 +- net/ipv6/icmp.c | 9 +- net/ipv6/ip6_output.c | 64 ++--- net/ipv6/mcast.c | 67 +++-- net/ipv6/ndisc.c | 2 +- net/ipv6/output_core.c | 8 +- net/ipv6/proc.c | 47 ++-- net/ipv6/route.c | 7 +- net/mac80211/cfg.c | 21 +- net/mac80211/main.c | 3 - net/mac80211/rx.c | 28 ++- net/mac80211/sta_info.c | 10 +- net/mptcp/ctrl.c | 9 +- net/mptcp/subflow.c | 11 +- net/netfilter/ipset/ip_set_hash_gen.h | 8 +- net/netfilter/ipvs/ip_vs_conn.c | 4 +- net/netfilter/ipvs/ip_vs_core.c | 11 +- net/netfilter/ipvs/ip_vs_ctl.c | 6 +- net/netfilter/ipvs/ip_vs_est.c | 16 +- net/netfilter/ipvs/ip_vs_ftp.c | 4 +- net/netfilter/nf_conntrack_standalone.c | 3 + net/netfilter/nfnetlink.c | 2 + net/nfc/nci/ntf.c | 135 +++++++--- net/smc/smc_clc.c | 67 ++--- net/smc/smc_core.c | 27 +- net/smc/smc_pnet.c | 43 ++-- net/sunrpc/auth_gss/svcauth_gss.c | 2 +- net/tls/tls_device.c | 18 +- net/wireless/util.c | 2 +- rust/bindings/bindings_helper.h | 1 + rust/kernel/cpumask.rs | 1 + scripts/misc-check | 4 +- security/Kconfig | 1 + sound/core/pcm_native.c | 21 +- sound/hda/codecs/hdmi/hdmi.c | 1 + sound/hda/codecs/realtek/alc269.c | 1 + sound/pci/lx6464es/lx_core.c | 4 +- sound/soc/codecs/wcd934x.c | 17 +- sound/soc/codecs/wcd937x.c | 4 +- sound/soc/codecs/wcd937x.h | 6 +- sound/soc/intel/boards/bytcht_es8316.c | 20 +- sound/soc/intel/boards/bytcr_rt5640.c | 7 +- sound/soc/intel/boards/bytcr_rt5651.c | 26 +- sound/soc/intel/boards/sof_sdw.c | 2 +- sound/soc/qcom/sc8280xp.c | 4 +- sound/soc/sof/intel/hda-sdw-bpt.c | 2 +- sound/soc/sof/ipc3-topology.c | 10 +- sound/soc/sof/ipc4-pcm.c | 101 ++++++-- sound/soc/sof/ipc4-topology.c | 1 - sound/soc/sof/ipc4-topology.h | 2 + tools/include/nolibc/nolibc.h | 1 + tools/include/nolibc/std.h | 2 +- tools/include/nolibc/sys.h | 13 + tools/include/nolibc/time.h | 5 +- tools/lib/bpf/libbpf.c | 46 ++-- tools/lib/bpf/libbpf.h | 2 +- tools/net/ynl/pyynl/lib/ynl.py | 2 +- .../acpi/os_specific/service_layers/oslinuxtbl.c | 4 +- tools/testing/nvdimm/test/ndtest.c | 13 +- tools/testing/selftests/arm64/abi/tpidr2.c | 8 +- tools/testing/selftests/arm64/gcs/basic-gcs.c | 2 +- tools/testing/selftests/arm64/pauth/exec_target.c | 7 +- tools/testing/selftests/bpf/Makefile | 4 +- tools/testing/selftests/bpf/bench.c | 2 +- tools/testing/selftests/bpf/prog_tests/btf_dump.c | 2 +- tools/testing/selftests/bpf/prog_tests/fd_array.c | 2 +- .../selftests/bpf/prog_tests/kprobe_multi_test.c | 220 +--------------- .../selftests/bpf/prog_tests/module_attach.c | 2 +- .../testing/selftests/bpf/prog_tests/reg_bounds.c | 4 +- .../selftests/bpf/prog_tests/stacktrace_build_id.c | 2 +- .../bpf/prog_tests/stacktrace_build_id_nmi.c | 2 +- .../selftests/bpf/prog_tests/stacktrace_map.c | 2 +- .../bpf/prog_tests/stacktrace_map_raw_tp.c | 2 +- .../selftests/bpf/prog_tests/stacktrace_map_skip.c | 2 +- tools/testing/selftests/bpf/progs/bpf_cc_cubic.c | 2 +- tools/testing/selftests/bpf/progs/bpf_dctcp.c | 2 +- .../selftests/bpf/progs/freplace_connect_v4_prog.c | 2 +- .../selftests/bpf/progs/iters_state_safety.c | 2 +- tools/testing/selftests/bpf/progs/rbtree_search.c | 2 +- .../selftests/bpf/progs/struct_ops_kptr_return.c | 2 +- .../selftests/bpf/progs/struct_ops_refcounted.c | 2 +- .../selftests/bpf/progs/test_cls_redirect.c | 2 +- .../selftests/bpf/progs/test_cls_redirect_dynptr.c | 2 +- .../selftests/bpf/progs/test_tcpnotify_kern.c | 1 - .../testing/selftests/bpf/progs/uretprobe_stack.c | 4 +- .../selftests/bpf/progs/verifier_scalar_ids.c | 2 +- .../testing/selftests/bpf/progs/verifier_var_off.c | 6 +- tools/testing/selftests/bpf/test_sockmap.c | 2 +- tools/testing/selftests/bpf/test_tcpnotify_user.c | 20 +- tools/testing/selftests/bpf/trace_helpers.c | 214 ++++++++++++++++ tools/testing/selftests/bpf/trace_helpers.h | 3 + tools/testing/selftests/bpf/verifier/calls.c | 8 +- tools/testing/selftests/bpf/xdping.c | 2 +- tools/testing/selftests/bpf/xsk.h | 4 +- tools/testing/selftests/bpf/xskxceiver.c | 14 +- tools/testing/selftests/cgroup/lib/cgroup_util.c | 12 + .../selftests/cgroup/lib/include/cgroup_util.h | 1 + tools/testing/selftests/cgroup/test_pids.c | 3 + tools/testing/selftests/futex/functional/Makefile | 5 +- .../selftests/futex/functional/futex_numa_mpol.c | 59 ++--- .../selftests/futex/functional/futex_priv_hash.c | 1 - tools/testing/selftests/futex/functional/run.sh | 1 - tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/iommu/iommufd_utils.h | 8 +- tools/testing/selftests/kselftest_harness/Makefile | 1 + tools/testing/selftests/lib.mk | 5 +- tools/testing/selftests/mm/madv_populate.c | 21 +- tools/testing/selftests/mm/soft-dirty.c | 5 +- tools/testing/selftests/mm/va_high_addr_switch.c | 4 +- tools/testing/selftests/mm/vm_util.c | 17 ++ tools/testing/selftests/mm/vm_util.h | 1 + tools/testing/selftests/nolibc/nolibc-test.c | 5 +- tools/testing/selftests/vDSO/vdso_call.h | 7 +- tools/testing/selftests/vDSO/vdso_test_abi.c | 9 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 684 files changed, 6525 insertions(+), 3960 deletions(-)

2 weeks, 6 days

22
590
0 0

Re: Patch "binfmt_elf: preserve original ELF e_flags for core dumps" has been added to the 6.12-stable tree

by Kees Cook

On Thu, Oct 23, 2025 at 11:25:53AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > binfmt_elf: preserve original ELF e_flags for core dumps > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > binfmt_elf-preserve-original-elf-e_flags-for-core-du.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. No, please don't. I already asked that this not be auto-backported: https://lore.kernel.org/all/202510020856.736F028D@keescook/ -- Kees Cook

2 weeks, 6 days

1
0
0 0

[PATCH net v4] virtio-net: fix received length check in big packets

by Bui Quang Minh

Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on negotiated MTU. The number of allocated frags for big packets is stored in vi->big_packets_num_skbfrags. Because the host announced buffer length can be malicious (e.g. the host vhost_net driver's get_rx_bufs is modified to announce incorrect length), we need a check in virtio_net receive path. Currently, the check is not adapted to the new change which can lead to NULL page pointer dereference in the below while loop when receiving length that is larger than the allocated one. This commit fixes the received length check corresponding to the new change. Fixes: 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets") Cc: stable(a)vger.kernel.org Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- Changes in v4: - Remove unrelated changes, add more comments Changes in v3: - Convert BUG_ON to WARN_ON_ONCE Changes in v2: - Remove incorrect give_pages call --- drivers/net/virtio_net.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index a757cbcab87f..0ffe78b3fd8d 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -852,7 +852,7 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, { struct sk_buff *skb; struct virtio_net_common_hdr *hdr; - unsigned int copy, hdr_len, hdr_padded_len; + unsigned int copy, hdr_len, hdr_padded_len, max_remaining_len; struct page *page_to_free = NULL; int tailroom, shinfo_size; char *p, *hdr_p, *buf; @@ -915,13 +915,23 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, * This is here to handle cases when the device erroneously * tries to receive more than is possible. This is usually * the case of a broken device. + * + * The number of allocated pages for big packet is + * vi->big_packets_num_skbfrags + 1, the start of first page is + * for virtio header, the remaining is for data. We need to ensure + * the remaining len does not go out of the allocated pages. + * Please refer to add_recvbuf_big for more details on big packet + * buffer allocation. */ - if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) { + BUG_ON(offset >= PAGE_SIZE); + max_remaining_len = (unsigned int)PAGE_SIZE - offset; + max_remaining_len += vi->big_packets_num_skbfrags * PAGE_SIZE; + if (unlikely(len > max_remaining_len)) { net_dbg_ratelimited("%s: too much data\n", skb->dev->name); dev_kfree_skb(skb); return NULL; } - BUG_ON(offset >= PAGE_SIZE); + while (len) { unsigned int frag_size = min((unsigned)PAGE_SIZE - offset, len); skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page, offset, -- 2.43.0

2 weeks, 6 days

3
4
0 0

Linux 6.17.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.5 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Documentation/sphinx/kernel_feat.py | 4 Documentation/sphinx/kernel_include.py | 6 Documentation/sphinx/maintainers_include.py | 4 Makefile | 2 arch/Kconfig | 1 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/sysreg.h | 11 arch/arm64/kernel/cpu_errata.c | 1 arch/arm64/kernel/entry-common.c | 8 arch/arm64/kvm/arm.c | 6 arch/powerpc/kernel/fadump.c | 3 arch/riscv/kernel/probes/kprobes.c | 13 arch/x86/kernel/cpu/amd.c | 16 arch/x86/kernel/cpu/resctrl/monitor.c | 44 + arch/x86/mm/tlb.c | 24 - block/blk-cgroup.c | 13 block/blk-mq-sched.c | 2 block/blk-mq-tag.c | 5 block/blk-mq.c | 2 block/blk-mq.h | 3 drivers/accel/qaic/qaic.h | 2 drivers/accel/qaic/qaic_control.c | 2 drivers/accel/qaic/qaic_data.c | 12 drivers/accel/qaic/qaic_debugfs.c | 5 drivers/accel/qaic/qaic_drv.c | 3 drivers/ata/libata-core.c | 11 drivers/cxl/acpi.c | 2 drivers/cxl/core/features.c | 3 drivers/cxl/core/region.c | 7 drivers/cxl/core/trace.h | 2 drivers/dpll/zl3073x/core.c | 228 ++++++---- drivers/dpll/zl3073x/core.h | 3 drivers/dpll/zl3073x/devlink.c | 18 drivers/dpll/zl3073x/regs.h | 3 drivers/gpu/drm/amd/amdgpu/Makefile | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 54 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 2 drivers/gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 ++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 drivers/gpu/drm/amd/amdgpu/nv.h | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/drm_draw.c | 2 drivers/gpu/drm/drm_draw_internal.h | 2 drivers/gpu/drm/i915/display/intel_fb.c | 38 - drivers/gpu/drm/i915/display/intel_frontbuffer.c | 10 drivers/gpu/drm/i915/gem/i915_gem_object_frontbuffer.h | 2 drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/panthor/panthor_fw.c | 1 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 drivers/gpu/drm/xe/display/xe_plane_initial.c | 3 drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 drivers/gpu/drm/xe/xe_assert.h | 4 drivers/gpu/drm/xe/xe_bo.c | 1 drivers/gpu/drm/xe/xe_bo.h | 4 drivers/gpu/drm/xe/xe_bo_evict.c | 8 drivers/gpu/drm/xe/xe_bo_types.h | 1 drivers/gpu/drm/xe/xe_device.c | 22 drivers/gpu/drm/xe/xe_device_types.h | 62 -- drivers/gpu/drm/xe/xe_gt_idle.c | 8 drivers/gpu/drm/xe/xe_gt_pagefault.c | 13 drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 3 drivers/gpu/drm/xe/xe_guc_submit.c | 13 drivers/gpu/drm/xe/xe_migrate.c | 25 - drivers/gpu/drm/xe/xe_pci.c | 8 drivers/gpu/drm/xe/xe_query.c | 5 drivers/gpu/drm/xe/xe_svm.c | 63 +- drivers/gpu/drm/xe/xe_tile.c | 58 +- drivers/gpu/drm/xe/xe_tile.h | 14 drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 10 drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 22 drivers/gpu/drm/xe/xe_ttm_vram_mgr.h | 3 drivers/gpu/drm/xe/xe_vm.c | 32 + drivers/gpu/drm/xe/xe_vm_types.h | 2 drivers/gpu/drm/xe/xe_vram.c | 243 +++++++---- drivers/gpu/drm/xe/xe_vram.h | 12 drivers/gpu/drm/xe/xe_vram_types.h | 85 +++ drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 - drivers/hid/intel-thc-hid/intel-quickspi/quickspi-protocol.c | 3 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 226 ++++------ drivers/net/can/m_can/m_can.c | 62 +- drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/airoha/airoha_eth.c | 16 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 - drivers/net/ethernet/google/gve/gve.h | 2 drivers/net/ethernet/google/gve/gve_desc_dqo.h | 3 drivers/net/ethernet/google/gve/gve_rx_dqo.c | 18 drivers/net/ethernet/intel/idpf/idpf_ptp.c | 3 drivers/net/ethernet/intel/idpf/idpf_virtchnl_ptp.c | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 drivers/net/ethernet/intel/ixgbevf/defines.h | 1 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 + drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 182 ++++++-- drivers/net/ethernet/intel/ixgbevf/vf.h | 1 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 1 drivers/net/ethernet/mediatek/mtk_wed.c | 8 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/netdevsim/netdev.c | 7 drivers/net/phy/broadcom.c | 20 drivers/net/phy/realtek/realtek_main.c | 23 - drivers/net/usb/lan78xx.c | 19 drivers/net/usb/r8152.c | 7 drivers/net/usb/usbnet.c | 2 drivers/nvme/host/auth.c | 6 drivers/nvme/host/multipath.c | 6 drivers/nvme/host/tcp.c | 3 drivers/pci/controller/vmd.c | 13 drivers/phy/cadence/cdns-dphy.c | 131 ++++- drivers/usb/gadget/function/f_acm.c | 42 - drivers/usb/gadget/function/f_ecm.c | 48 -- drivers/usb/gadget/function/f_ncm.c | 78 +-- drivers/usb/gadget/function/f_rndis.c | 85 +-- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 fs/btrfs/ioctl.c | 2 fs/btrfs/relocation.c | 13 fs/btrfs/super.c | 3 fs/btrfs/zoned.c | 2 fs/coredump.c | 2 fs/dax.c | 2 fs/dcache.c | 2 fs/exec.c | 2 fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/f2fs/data.c | 2 fs/file_attr.c | 12 fs/fuse/ioctl.c | 4 fs/hfsplus/unicode.c | 24 + fs/jbd2/transaction.c | 13 fs/nfsd/blocklayout.c | 25 - fs/nfsd/blocklayoutxdr.c | 86 ++- fs/nfsd/blocklayoutxdr.h | 4 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 36 - fs/nfsd/nfs4xdr.c | 25 - fs/nfsd/pnfs.h | 1 fs/nfsd/xdr4.h | 39 + fs/overlayfs/copy_up.c | 2 fs/overlayfs/inode.c | 5 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 fs/smb/client/smb2ops.c | 8 fs/smb/server/mgmt/user_session.c | 7 fs/smb/server/smb2pdu.c | 9 fs/smb/server/transport_ipc.c | 12 fs/xfs/libxfs/xfs_log_format.h | 30 + fs/xfs/libxfs/xfs_ondisk.h | 2 fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 + include/linux/brcmphy.h | 1 include/linux/libata.h | 6 include/linux/suspend.h | 6 include/linux/usb/gadget.h | 25 + include/net/ip_tunnels.h | 15 include/uapi/drm/amdgpu_drm.h | 21 io_uring/register.c | 1 io_uring/rw.c | 2 kernel/events/core.c | 8 kernel/power/hibernate.c | 11 kernel/sched/core.c | 2 kernel/sched/deadline.c | 3 kernel/sched/fair.c | 26 - mm/slub.c | 9 net/can/j1939/main.c | 2 net/core/dev.c | 40 + net/ipv4/ip_tunnel.c | 14 net/ipv4/tcp_output.c | 19 net/ipv6/ip6_tunnel.c | 3 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 31 + rust/kernel/cpufreq.rs | 3 sound/firewire/amdtp-stream.h | 2 sound/hda/codecs/realtek/alc269.c | 1 sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 sound/hda/codecs/side-codecs/hda_component.c | 4 sound/hda/controllers/intel.c | 1 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/codecs/idt821034.c | 12 sound/soc/codecs/nau8821.c | 111 +++-- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 tools/testing/selftests/net/rtnetlink.sh | 2 tools/testing/selftests/net/vlan_bridge_binding.sh | 2 209 files changed, 2368 insertions(+), 1221 deletions(-) Ada Couprie Diaz (1): arm64: debug: always unmask interrupts in el0_softstp() Adrian Hunter (3): perf/core: Fix address filter match with backing files perf/core: Fix MMAP event path names with backing files perf/core: Fix MMAP2 event device with backing files Alex Deucher (6): drm/amdgpu: add ip offset support for cyan skillfish drm/amdgpu: add support for cyan skillfish without IP discovery drm/amdgpu: fix handling of harvesting for ip_discovery firmware drm/amdgpu: handle wrap around in reemit handling drm/amdgpu: set an error on all fences from a bad context drm/amdgpu: drop unused structures in amdgpu_drm.h Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alison Schofield (1): cxl/trace: Subtract to find an hpa_alias0 in cxl_poison events Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrey Albershteyn (1): Revert "fs: make vfs_fileattr_[get|set] return -EOPNOTSUPP" Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Babu Moger (2): x86/resctrl: Refactor resctrl_arch_rmid_read() x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Bhanu Seshu Kumar Valluri (1): net: usb: lan78xx: Fix lost EEPROM write timeout error(-ETIMEDOUT) in lan78xx_write_raw_eeprom Boris Burkov (1): btrfs: fix incorrect readahead expansion length Breno Leitao (1): netdevsim: set the carrier when the device goes up Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christian Brauner (1): coredump: fix core_pattern input validation Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Conor Dooley (1): rust: cfi: only 64-bit arm and x86 support CFI_CLANG Cristian Ciocaltea (4): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Consistently clear interrupts before unmasking ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Damien Le Moal (1): ata: libata-core: relax checks in ata_read_log_directory() Dan Carpenter (1): drm/xe: Fix an IS_ERR() vs NULL bug in xe_tile_alloc_vram() Dave Jiang (3): cxl/acpi: Fix setup of memory resource in cxl_acpi_set_cache_size() cxl/features: Add check for no entries in cxl_feature_info cxl: Fix match_region_by_range() to use region_res_match_cxl_range() Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Denis Arefev (2): ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() ALSA: hda: Fix missing pointer check in hda_component_manager_init function Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Even Xu (1): HID: intel-thc-hid: Intel-quickspi: switch first interrupt from level to edge detection Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Florian Westphal (1): net: core: fix lockdep splat on device unregister Francesco Valla (1): drm/draw: fix color truncation in drm_draw_fill24 Greg Kroah-Hartman (1): Linux 6.17.5 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Hao Ge (1): slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Harshit Mogalapalli (1): Octeontx2-af: Fix missing error code in cgx_probe() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): x86/mm: Fix SMP ordering in switch_mm_irqs_off() Inochi Amaoto (1): PCI: vmd: Override irq_startup()/irq_shutdown() in vmd_init_dev_msi_info() Ivan Vecera (2): dpll: zl3073x: Refactor DPLL initialization dpll: zl3073x: Handle missing or corrupted flash configuration Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jeff Hugo (1): accel/qaic: Fix bootlog initialization ordering Jens Axboe (1): Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Jonathan Corbet (1): docs: kdoc: handle the obsolescensce of docutils.ErrorString() Jonathan Kim (1): drm/amdgpu: fix gfx12 mes packet status return check Kamil Horák - 2N (1): net: phy: bcm54811: Fix GMII/MII/MII-Lite selection Kenneth Graunke (1): drm/xe: Increase global invalidation timeout to 1000us Ketil Johnsen (1): drm/panthor: Ensure MCU is disabled on suspend Koichiro Den (1): ixgbe: fix too early devlink_free() in ixgbe_remove() Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_rndis: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_ncm: Refactor bind path to use __free() Li Qiang (1): ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Lorenzo Bianconi (1): net: airoha: Take into account out-of-order tx completions in airoha_dev_xmit() Lorenzo Pieralisi (1): arm64/sysreg: Fix GIC CDEOI instruction encoding Lucas De Marchi (1): drm/xe: Move rebar to be done earlier Marc Kleine-Budde (4): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active can: m_can: m_can_chip_config(): bring up interface in correct state can: m_can: fix CAN state in system PM Marek Vasut (2): net: phy: realtek: Avoid PHYCR2 access if PHYCR2 not present drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Mario Limonciello (AMD) (2): PM: hibernate: Add pm_hibernation_mode_is_suspend() drm/amd: Fix hybrid sleep Marios Makassikis (1): ksmbd: fix recursive locking in RPC handle list access Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Martin George (1): nvme-auth: update sc_c in host response Matthew Auld (1): drm/xe/evict: drop bogus assert Matthew Brost (1): drm/xe: Don't allow evicting of BOs in same VM in array of VM binds Matthew Schwartz (1): Revert "drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume" Miguel Ojeda (1): rust: cpufreq: fix formatting Milena Olech (1): idpf: cleanup remaining SKBs in PTP flows Ming Lei (1): block: Remove elevator_lock usage from blkg_conf frozen operations Miquel Sabaté Solà (2): btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Nicolas Dichtel (1): doc: fix seg6_flowlabel path Oliver Upton (1): KVM: arm64: Prevent access to vCPU events before init Pavel Begunkov (1): io_uring: protect mem region deregistration Peter Zijlstra (Intel) (1): sched/deadline: Stop dl_server before CPU goes offline Piotr Piórkowski (4): drm/xe: Use devm_ioremap_wc for VRAM mapping and drop manual unmap drm/xe: Use dynamic allocation for tile and device VRAM region structures drm/xe: Move struct xe_vram_region to a dedicated header drm/xe: Unify the initialization of VRAM regions Pranjal Ramajor Asha Kanojiya (1): accel/qaic: Synchronize access to DBC request queue head & tail pointer Qu Wenruo (1): btrfs: only set the device specific options after devices are opened Rafael J. Wysocki (1): PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Rex Lu (1): net: mtk: wed: add dma mask limitation and GFP_DMA32 for device with more than 4GB DRAM Rong Zhang (1): x86/CPU/AMD: Prevent reset reasons from being retained across reboot Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sergey Bashirov (4): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Implement large extent array support in pNFS NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Shuicheng Lin (1): drm/xe/guc: Check GuC running state before deregistering exec queue Sourabh Jain (1): powerpc/fadump: skip parameter area allocation when fadump is disabled Stuart Hayhurst (1): ALSA: hda/intel: Add MSI X870E Tomahawk to denylist Takashi Iwai (1): ALSA: hda/realtek: Add quirk entry for HP ZBook 17 G6 Tetsuo Handa (1): can: j1939: add missing calls in NETDEV_UNREGISTER notification handler Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Tim Hostetler (1): gve: Check valid ts bit on RX descriptor before hw timestamping Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Ville Syrjälä (2): drm/i915/frontbuffer: Move bo refcounting intel_frontbuffer_{get,release}() drm/i915/fb: Fix the set_tiling vs. addfb race, again Vinay Belgaumkar (1): drm/xe: Enable media sampler power gating Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Wang Liang (1): selftests: net: check jq command is supported Wilfred Mallawa (1): nvme/tcp: handle tls partially sent records in write_space() Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yu Kuai (1): blk-mq: fix stale tag depth for shared sched tags in blk_mq_update_nr_requests() Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress Zqiang (1): usbnet: Fix using smp_processor_id() in preemptible code warnings

2 weeks, 6 days

1
1
0 0

Linux 6.12.55

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.55 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/Kconfig | 1 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/kernel/cpu_errata.c | 1 arch/riscv/kernel/probes/kprobes.c | 13 - arch/x86/kernel/cpu/resctrl/monitor.c | 44 ++- drivers/accel/qaic/qaic.h | 2 drivers/accel/qaic/qaic_control.c | 2 drivers/accel/qaic/qaic_data.c | 12 - drivers/accel/qaic/qaic_debugfs.c | 5 drivers/accel/qaic/qaic_drv.c | 3 drivers/base/power/runtime.c | 44 +++ drivers/cdx/cdx_msi.c | 5 drivers/cpufreq/cppc_cpufreq.c | 14 + drivers/dma/idxd/init.c | 2 drivers/gpu/drm/amd/amdgpu/Makefile | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 ++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 drivers/gpu/drm/amd/amdgpu/nv.h | 1 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/drm_draw.c | 2 drivers/gpu/drm/drm_draw_internal.h | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++------ drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 28 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 drivers/gpu/drm/panthor/panthor_fw.c | 1 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 - drivers/gpu/drm/xe/xe_guc_submit.c | 13 + drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +- drivers/md/md-linear.c | 1 drivers/md/raid0.c | 16 + drivers/md/raid1.c | 37 ++- drivers/md/raid10.c | 55 ++++ drivers/md/raid5.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++------------ drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 drivers/net/can/m_can/m_can.c | 84 ++++--- drivers/net/can/m_can/m_can.h | 1 drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 + drivers/net/ethernet/intel/ixgbevf/defines.h | 6 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 +++ drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/netdevsim/netdev.c | 7 drivers/net/usb/lan78xx.c | 38 ++- drivers/net/usb/r8152.c | 7 drivers/net/wireless/realtek/rtw89/core.c | 39 +-- drivers/net/wireless/realtek/rtw89/core.h | 6 drivers/net/wireless/realtek/rtw89/mac80211.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 2 drivers/nvme/host/multipath.c | 6 drivers/nvme/host/tcp.c | 3 drivers/phy/cadence/cdns-dphy.c | 131 ++++++++--- drivers/usb/gadget/function/f_acm.c | 42 +-- drivers/usb/gadget/function/f_ecm.c | 48 +--- drivers/usb/gadget/function/f_ncm.c | 78 ++---- drivers/usb/gadget/function/f_rndis.c | 85 ++----- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 - fs/btrfs/ioctl.c | 2 fs/btrfs/relocation.c | 13 - fs/btrfs/zoned.c | 2 fs/dax.c | 2 fs/dcache.c | 12 - fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/f2fs/data.c | 2 fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 - fs/nfsd/blocklayout.c | 33 +- fs/nfsd/blocklayoutxdr.c | 171 ++++++++------ fs/nfsd/blocklayoutxdr.h | 8 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 36 +-- fs/nfsd/nfs4xdr.c | 25 -- fs/nfsd/nfsd.h | 1 fs/nfsd/pnfs.h | 1 fs/nfsd/xdr4.h | 39 +++ fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 + fs/smb/client/smb2ops.c | 8 fs/smb/server/mgmt/user_session.c | 7 fs/smb/server/smb2pdu.c | 9 fs/smb/server/transport_ipc.c | 12 + fs/xfs/libxfs/xfs_log_format.h | 30 ++ fs/xfs/libxfs/xfs_ondisk.h | 2 fs/xfs/scrub/reap.c | 9 fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 ++ include/linux/mm.h | 2 include/linux/pci.h | 14 + include/linux/pm_runtime.h | 4 include/linux/usb/gadget.h | 25 ++ include/net/dst.h | 32 ++ include/net/inet6_hashtables.h | 2 include/net/inet_connection_sock.h | 3 include/net/inet_hashtables.h | 2 include/net/ip.h | 11 include/net/ip_tunnels.h | 15 + include/net/route.h | 2 io_uring/rw.c | 2 kernel/events/core.c | 8 kernel/padata.c | 6 kernel/sched/fair.c | 26 +- mm/slub.c | 9 net/core/dst.c | 4 net/core/sock.c | 14 - net/ipv4/icmp.c | 24 +- net/ipv4/igmp.c | 2 net/ipv4/ip_fragment.c | 2 net/ipv4/ip_output.c | 19 + net/ipv4/ip_tunnel.c | 14 - net/ipv4/ip_vti.c | 4 net/ipv4/netfilter.c | 4 net/ipv4/route.c | 8 net/ipv4/tcp_fastopen.c | 4 net/ipv4/tcp_input.c | 3 net/ipv4/tcp_ipv4.c | 12 - net/ipv4/tcp_metrics.c | 8 net/ipv4/tcp_output.c | 19 + net/ipv4/xfrm4_output.c | 2 net/ipv6/ip6_tunnel.c | 3 net/ipv6/tcp_ipv6.c | 22 - net/mptcp/ctrl.c | 9 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 31 ++ rust/bindings/bindings_helper.h | 1 sound/firewire/amdtp-stream.h | 2 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/codecs/idt821034.c | 12 - sound/soc/codecs/nau8821.c | 53 +++- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 - 161 files changed, 1901 insertions(+), 955 deletions(-) Adrian Hunter (3): perf/core: Fix address filter match with backing files perf/core: Fix MMAP event path names with backing files perf/core: Fix MMAP2 event device with backing files Akhil P Oommen (1): drm/msm/a6xx: Fix PDC sleep sequence Al Viro (1): d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier Alex Deucher (3): drm/amdgpu: add ip offset support for cyan skillfish drm/amdgpu: add support for cyan skillfish without IP discovery drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Babu Moger (2): x86/resctrl: Refactor resctrl_arch_rmid_read() x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Boris Burkov (1): btrfs: fix incorrect readahead expansion length Breno Leitao (1): netdevsim: set the carrier when the device goes up Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Conor Dooley (1): rust: cfi: only 64-bit arm and x86 support CFI_CLANG Cristian Ciocaltea (3): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Darrick J. Wong (1): xfs: use deferred intent items for reaping crosslinked blocks Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (5): tcp: fix tcp_tso_should_defer() vs large RTT tcp: convert to dev_net_rcu() tcp: cache RTAX_QUICKACK metric in a hot cache line net: dst: add four helpers to annotate data-races around dst->dev ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Fabian Vogt (1): riscv: kprobes: Fix probe address validation Fedor Pchelkin (1): wifi: rtw89: avoid possible TX wait initialization race Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Francesco Valla (1): drm/draw: fix color truncation in drm_draw_fill24 Greg Kroah-Hartman (1): Linux 6.12.55 Guenter Roeck (1): dmaengine: Add missing cleanup on module unload Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Hao Ge (1): slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jeffrey Hugo (1): accel/qaic: Fix bootlog initialization ordering Jens Axboe (1): Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Jiri Slaby (SUSE) (1): irqdomain: cdx: Switch to of_fwnode_handle() John Garry (3): md/raid0: Handle bio_split() errors md/raid1: Handle bio_split() errors md/raid10: Handle bio_split() errors Jonathan Kim (1): drm/amdgpu: fix gfx12 mes packet status return check Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Ketil Johnsen (1): drm/panthor: Ensure MCU is disabled on suspend Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_rndis: Refactor bind path to use __free() Kuniyuki Iwashima (2): mptcp: Call dst_release() in mptcp_active_enable(). mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). Laurent Pinchart (1): media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Li Qiang (1): ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Marc Kleine-Budde (4): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active can: m_can: m_can_chip_config(): bring up interface in correct state can: m_can: fix CAN state in system PM Marek Vasut (1): drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Marios Makassikis (1): ksmbd: fix recursive locking in RPC handle list access Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Matthieu Baerts (NGI0) (1): mptcp: reset blackhole on success with non-loopback ifaces Miaoqian Lin (1): cdx: Fix device node reference leak in cdx_msi_domain_init Miquel Sabaté Solà (2): btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Nicolas Dichtel (1): doc: fix seg6_flowlabel path Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Piotr Kwapulinski (2): PCI: Add PCI_VDEVICE_SUB helper macro ixgbevf: Add support for Intel(R) E610 device Pranjal Ramajor Asha Kanojiya (1): accel/qaic: Synchronize access to DBC request queue head & tail pointer Rafael J. Wysocki (1): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sean Nyekjaer (4): can: m_can: add deinit callback can: m_can: call deinit/init callback when going into suspend/resume iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sergey Bashirov (6): nfsd: Use correct error code when decoding extents nfsd: Drop dprintk in blocklayout xdr functions NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Implement large extent array support in pNFS NFSD: Fix last write offset handling in layoutcommit Sharath Chandra Vurukala (1): net: Add locking to protect skb->dev access in ip_output Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Shuicheng Lin (1): drm/xe/guc: Check GuC running state before deregistering exec queue Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Wilfred Mallawa (1): nvme/tcp: handle tls partially sent records in write_space() Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yu Kuai (1): md: fix mssing blktrace bio split events Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress

2 weeks, 6 days

1
1
0 0

Linux 6.6.114

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.114 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/kernel/cpu_errata.c | 1 arch/riscv/kernel/probes/kprobes.c | 13 - block/bdev.c | 17 + block/blk-zoned.c | 5 block/fops.c | 16 + block/ioctl.c | 6 drivers/accel/qaic/qaic_control.c | 2 drivers/base/power/runtime.c | 44 +++ drivers/bluetooth/btusb.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++------ drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 38 +-- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 10 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 - drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++------------ drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 + drivers/net/ethernet/intel/ixgbevf/defines.h | 6 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 +++ drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/usb/lan78xx.c | 38 ++- drivers/net/usb/r8152.c | 7 drivers/nvme/host/multipath.c | 6 drivers/pci/controller/cadence/pci-j721e.c | 64 +++++ drivers/pci/controller/dwc/pcie-tegra194.c | 10 drivers/pci/pci-sysfs.c | 10 drivers/phy/cadence/cdns-dphy.c | 131 ++++++++--- drivers/usb/gadget/function/f_acm.c | 42 +-- drivers/usb/gadget/function/f_ecm.c | 48 +--- drivers/usb/gadget/function/f_ncm.c | 78 ++---- drivers/usb/gadget/function/f_rndis.c | 85 ++----- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 - fs/btrfs/relocation.c | 13 - fs/dax.c | 2 fs/dcache.c | 2 fs/eventpoll.c | 145 ++---------- fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/ext4/super.c | 17 - fs/f2fs/data.c | 2 fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 - fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 fs/nfsd/export.c | 60 ++++- fs/nfsd/export.h | 2 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 +- fs/nfsd/nfs4xdr.c | 14 - fs/nfsd/nfsfh.c | 12 - fs/nfsd/xdr4.h | 36 ++- fs/nilfs2/the_nilfs.c | 3 fs/ocfs2/super.c | 6 fs/quota/dquot.c | 13 - fs/quota/quota_v1.c | 3 fs/quota/quota_v2.c | 9 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 + fs/smb/client/smb2ops.c | 8 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/server.h | 1 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_ipc.c | 1 fs/smb/server/transport_tcp.c | 69 ++--- fs/smb/server/transport_tcp.h | 1 fs/xfs/libxfs/xfs_log_format.h | 30 ++ fs/xfs/scrub/reap.c | 19 + fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 ++ fs/xfs/xfs_ondisk.h | 2 include/linux/cpufreq.h | 3 include/linux/mm.h | 2 include/linux/pci.h | 14 + include/linux/pm_runtime.h | 4 include/linux/quota.h | 2 include/linux/usb/gadget.h | 25 ++ include/net/ip_tunnels.h | 15 + kernel/padata.c | 6 kernel/sched/fair.c | 38 +-- mm/shmem.c | 7 net/ipv4/ip_tunnel.c | 14 - net/ipv4/tcp_output.c | 19 + net/ipv6/ip6_tunnel.c | 3 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 33 ++ rust/bindings/bindings_helper.h | 2 rust/bindings/lib.rs | 1 sound/firewire/amdtp-stream.h | 2 sound/soc/codecs/idt821034.c | 12 - sound/soc/codecs/nau8821.c | 53 +++- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 - 127 files changed, 1542 insertions(+), 923 deletions(-) Akhil P Oommen (1): drm/msm/a6xx: Fix PDC sleep sequence Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Boris Burkov (1): btrfs: fix incorrect readahead expansion length Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Cristian Ciocaltea (3): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Darrick J. Wong (2): block: fix race between set_blocksize and read paths xfs: use deferred intent items for reaping crosslinked blocks Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Greg Kroah-Hartman (1): Linux 6.6.114 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Huang Xiaojia (1): epoll: Remove ep_scan_ready_list() in comments I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: reorganize DMA aligned buffers in structure Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kemeng Shi (1): quota: remove unneeded return value of register_quota_format Konrad Dybcio (1): drm/msm/adreno: De-spaghettify the use of memory barriers Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_rndis: Refactor bind path to use __free() Laurent Pinchart (1): media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Marc Kleine-Budde (1): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Marek Vasut (1): drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Nam Cao (1): eventpoll: Replace rwlock with spinlock Namjae Jeon (1): ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Piotr Kwapulinski (2): PCI: Add PCI_VDEVICE_SUB helper macro ixgbevf: Add support for Intel(R) E610 device Rafael J. Wysocki (1): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Ryusuke Konishi (1): nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Scott Mayhew (1): nfsd: decouple the xprtsec policy check from check_nfsd_access() Sean Nyekjaer (2): iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shashank A P (1): fs: quota: create dedicated workqueue for quota_release_work Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zenm Chen (1): Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress

2 weeks, 6 days

1
1
0 0

[PATCH net V2] virtio-net: zero unused hash fields

by Jason Wang

When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may leak information to another side. Fixing this by zeroing the unused hash fields. Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Fixes: a2fb4bc4e2a6a ("net: implement virtio helpers to handle UDP GSO tunneling") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- include/linux/virtio_net.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 20e0584db1dd..4d1780848d0e 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -401,6 +401,10 @@ virtio_net_hdr_tnl_from_skb(const struct sk_buff *skb, if (!tnl_hdr_negotiated) return -EINVAL; + vhdr->hash_hdr.hash_value = 0; + vhdr->hash_hdr.hash_report = 0; + vhdr->hash_hdr.padding = 0; + /* Let the basic parsing deal with plain GSO features. */ skb_shinfo(skb)->gso_type &= ~tnl_gso_type; ret = virtio_net_hdr_from_skb(skb, hdr, true, false, vlan_hlen); -- 2.42.0

2 weeks, 6 days

3
2
0 0

[PATCH v4] media: videobuf2: forbid remove_bufs when legacy fileio is active

by Marek Szyprowski

vb2_ioctl_remove_bufs() call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Forbid that ioctl when fileio is active to protect internal queue state between subsequent read/write calls. CC: stable(a)vger.kernel.org Fixes: a3293a85381e ("media: v4l2: Add REMOVE_BUFS ioctl") Reported-by: Shuangpeng Bai <SJB7183(a)psu.edu> Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v4: - got back to simple vb2_fileio_is_active() check as in v1, as relying on vb2_verify_memory_type() misses some corner cases important to v4l2 compliance v3: https://lore.kernel.org/all/20251023113052.1303082-1-m.szyprowski@samsung.c… - moved vb2_verify_memory_type() check after (d->count == 0) check to pass v4l2 compliance v2: https://lore.kernel.org/all/20251020160121.1985354-1-m.szyprowski@samsung.c… - dropped a change to vb2_ioctl_create_bufs(), as it is already handled by the vb2_verify_memory_type() call - replaced queue->type check in vb2_ioctl_remove_bufs() by a call to vb2_verify_memory_type() which covers all cases v1: https://lore.kernel.org/all/20251016111154.993949-1-m.szyprowski@samsung.co… --- drivers/media/common/videobuf2/videobuf2-v4l2.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c index d911021c1bb0..83862d57b126 100644 --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c @@ -1010,6 +1010,11 @@ int vb2_ioctl_remove_bufs(struct file *file, void *priv, if (vb2_queue_is_busy(vdev->queue, file)) return -EBUSY; + if (vb2_fileio_is_active(vdev->queue)) { + dprintk(vdev->queue, 1, "file io in progress\n"); + return -EBUSY; + } + return vb2_core_remove_bufs(vdev->queue, d->index, d->count); } EXPORT_SYMBOL_GPL(vb2_ioctl_remove_bufs); -- 2.34.1

2 weeks, 6 days

1
0
0 0

[PATCH net] vsock: fix lock inversion in vsock_assign_transport()

by Stefano Garzarella

From: Stefano Garzarella <sgarzare(a)redhat.com> Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduced by commit 687aa0c5581b ("vsock: Fix transport_* TOCTOU") which added vsock_register_mutex locking in vsock_assign_transport() around the transport->release() call, that can call vsock_linger(). vsock_assign_transport() can be called with sk_lock held. vsock_linger() calls sk_wait_event() that temporarily releases and re-acquires sk_lock. During this window, if another thread hold vsock_register_mutex while trying to acquire sk_lock, a circular dependency is created. Fix this by releasing vsock_register_mutex before calling transport->release() and vsock_deassign_transport(). This is safe because we don't need to hold vsock_register_mutex while releasing the old transport, and we ensure the new transport won't disappear by obtaining a module reference first via try_module_get(). Reported-by: syzbot+10e35716f8e4929681fa(a)syzkaller.appspotmail.com Tested-by: syzbot+10e35716f8e4929681fa(a)syzkaller.appspotmail.com Fixes: 687aa0c5581b ("vsock: Fix transport_* TOCTOU") Cc: mhal(a)rbox.co Cc: stable(a)vger.kernel.org Signed-off-by: Stefano Garzarella <sgarzare(a)redhat.com> --- net/vmw_vsock/af_vsock.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 4c2db6cca557..76763247a377 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -487,12 +487,26 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) goto err; } - if (vsk->transport) { - if (vsk->transport == new_transport) { - ret = 0; - goto err; - } + if (vsk->transport && vsk->transport == new_transport) { + ret = 0; + goto err; + } + /* We increase the module refcnt to prevent the transport unloading + * while there are open sockets assigned to it. + */ + if (!new_transport || !try_module_get(new_transport->module)) { + ret = -ENODEV; + goto err; + } + + /* It's safe to release the mutex after a successful try_module_get(). + * Whichever transport `new_transport` points at, it won't go away until + * the last module_put() below or in vsock_deassign_transport(). + */ + mutex_unlock(&vsock_register_mutex); + + if (vsk->transport) { /* transport->release() must be called with sock lock acquired. * This path can only be taken during vsock_connect(), where we * have already held the sock lock. In the other cases, this @@ -512,20 +526,6 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) vsk->peer_shutdown = 0; } - /* We increase the module refcnt to prevent the transport unloading - * while there are open sockets assigned to it. - */ - if (!new_transport || !try_module_get(new_transport->module)) { - ret = -ENODEV; - goto err; - } - - /* It's safe to release the mutex after a successful try_module_get(). - * Whichever transport `new_transport` points at, it won't go away until - * the last module_put() below or in vsock_deassign_transport(). - */ - mutex_unlock(&vsock_register_mutex); - if (sk->sk_type == SOCK_SEQPACKET) { if (!new_transport->seqpacket_allow || !new_transport->seqpacket_allow(remote_cid)) { -- 2.51.0

2 weeks, 6 days

2
1
0 0

[PATCH 6.1.y] wifi: iwlwifi: fix debug actions order

by Vasiliy Kovalev

From: Johannes Berg <johannes.berg(a)intel.com> commit eb29b4ffafb20281624dcd2cbb768d6f30edf600 upstream. The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order. Fixes: 1a5daead217c ("iwlwifi: yoyo: support for ROM usniffer") Fixes: f21baf244112 ("iwlwifi: yoyo: fw debug config from context info and preset") Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> Link: https://patch.msgid.link/20250308231427.6de7fa8e63ed.I40632c48e2a67a8aca05d… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> [ kovalev: bp to fix CVE-2025-38045; added Fixes tags ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c index ab80c79e35bc..d6d9f60839db 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause /* - * Copyright (C) 2018-2022 Intel Corporation + * Copyright (C) 2018-2025 Intel Corporation */ #include <linux/firmware.h> #include "iwl-drv.h" @@ -1363,15 +1363,15 @@ void _iwl_dbg_tlv_time_point(struct iwl_fw_runtime *fwrt, switch (tp_id) { case IWL_FW_INI_TIME_POINT_EARLY: iwl_dbg_tlv_init_cfg(fwrt); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_update_drams(fwrt); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; case IWL_FW_INI_TIME_POINT_AFTER_ALIVE: iwl_dbg_tlv_apply_buffers(fwrt); iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; case IWL_FW_INI_TIME_POINT_PERIODIC: iwl_dbg_tlv_set_periodic_trigs(fwrt); @@ -1381,14 +1381,14 @@ void _iwl_dbg_tlv_time_point(struct iwl_fw_runtime *fwrt, case IWL_FW_INI_TIME_POINT_MISSED_BEACONS: case IWL_FW_INI_TIME_POINT_FW_DHC_NOTIFICATION: iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, iwl_dbg_tlv_check_fw_pkt); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; default: iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; } } -- 2.50.1

2 weeks, 6 days

1
0
0 0

[PATCH 1/2] dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups

by Krzysztof Kozlowski

The "groups" property can hold multiple entries (e.g. toshiba/tmpv7708-rm-mbrc.dts file), so allow that by dropping incorrect type (pinmux-node.yaml schema already defines that as string-array) and adding constraints for items. This fixes dtbs_check warnings like: toshiba/tmpv7708-rm-mbrc.dtb: pinctrl@24190000 (toshiba,tmpv7708-pinctrl): pwm-pins:groups: ['pwm0_gpio16_grp', 'pwm1_gpio17_grp', 'pwm2_gpio18_grp', 'pwm3_gpio19_grp'] is too long Fixes: 1825c1fe0057 ("pinctrl: Add DT bindings for Toshiba Visconti TMPV7700 SoC") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- .../pinctrl/toshiba,visconti-pinctrl.yaml | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml b/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml index 19d47fd414bc..ce04d2eadec9 100644 --- a/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml +++ b/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml @@ -50,18 +50,20 @@ patternProperties: groups: description: Name of the pin group to use for the functions. - $ref: /schemas/types.yaml#/definitions/string - enum: [i2c0_grp, i2c1_grp, i2c2_grp, i2c3_grp, i2c4_grp, - i2c5_grp, i2c6_grp, i2c7_grp, i2c8_grp, - spi0_grp, spi0_cs0_grp, spi0_cs1_grp, spi0_cs2_grp, - spi1_grp, spi2_grp, spi3_grp, spi4_grp, spi5_grp, spi6_grp, - uart0_grp, uart1_grp, uart2_grp, uart3_grp, - pwm0_gpio4_grp, pwm0_gpio8_grp, pwm0_gpio12_grp, - pwm0_gpio16_grp, pwm1_gpio5_grp, pwm1_gpio9_grp, - pwm1_gpio13_grp, pwm1_gpio17_grp, pwm2_gpio6_grp, - pwm2_gpio10_grp, pwm2_gpio14_grp, pwm2_gpio18_grp, - pwm3_gpio7_grp, pwm3_gpio11_grp, pwm3_gpio15_grp, - pwm3_gpio19_grp, pcmif_out_grp, pcmif_in_grp] + items: + enum: [i2c0_grp, i2c1_grp, i2c2_grp, i2c3_grp, i2c4_grp, + i2c5_grp, i2c6_grp, i2c7_grp, i2c8_grp, + spi0_grp, spi0_cs0_grp, spi0_cs1_grp, spi0_cs2_grp, + spi1_grp, spi2_grp, spi3_grp, spi4_grp, spi5_grp, spi6_grp, + uart0_grp, uart1_grp, uart2_grp, uart3_grp, + pwm0_gpio4_grp, pwm0_gpio8_grp, pwm0_gpio12_grp, + pwm0_gpio16_grp, pwm1_gpio5_grp, pwm1_gpio9_grp, + pwm1_gpio13_grp, pwm1_gpio17_grp, pwm2_gpio6_grp, + pwm2_gpio10_grp, pwm2_gpio14_grp, pwm2_gpio18_grp, + pwm3_gpio7_grp, pwm3_gpio11_grp, pwm3_gpio15_grp, + pwm3_gpio19_grp, pcmif_out_grp, pcmif_in_grp] + minItems: 1 + maxItems: 8 drive-strength: enum: [2, 4, 6, 8, 16, 24, 32] -- 2.48.1

2 weeks, 6 days

3
2
0 0

[PATCH] leds: leds-lp50xx: allow LED 0 to be added to module bank

by Christian Hitz

From: Christian Hitz <christian.hitz(a)bbv.ch> led_banks contains LED module number(s) that should be grouped into the module bank. led_banks is 0-initialized. By checking the led_banks entries for 0, un-set entries are detected. But a 0-entry also indicates that LED module 0 should be grouped into the module bank. By only iterating over the available entries no check for unused entries is required and LED module 0 can be added to bank. Signed-off-by: Christian Hitz <christian.hitz(a)bbv.ch> Cc: stable(a)vger.kernel.org --- drivers/leds/leds-lp50xx.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/leds/leds-lp50xx.c b/drivers/leds/leds-lp50xx.c index 94f8ef6b482c..d50c7f3e8f99 100644 --- a/drivers/leds/leds-lp50xx.c +++ b/drivers/leds/leds-lp50xx.c @@ -341,17 +341,15 @@ static int lp50xx_brightness_set(struct led_classdev *cdev, return ret; } -static int lp50xx_set_banks(struct lp50xx *priv, u32 led_banks[]) +static int lp50xx_set_banks(struct lp50xx *priv, u32 led_banks[], int num_leds) { u8 led_config_lo, led_config_hi; u32 bank_enable_mask = 0; int ret; int i; - for (i = 0; i < priv->chip_info->max_modules; i++) { - if (led_banks[i]) - bank_enable_mask |= (1 << led_banks[i]); - } + for (i = 0; i < num_leds; i++) + bank_enable_mask |= (1 << led_banks[i]); led_config_lo = bank_enable_mask; led_config_hi = bank_enable_mask >> 8; @@ -405,7 +403,7 @@ static int lp50xx_probe_leds(struct fwnode_handle *child, struct lp50xx *priv, return ret; } - ret = lp50xx_set_banks(priv, led_banks); + ret = lp50xx_set_banks(priv, led_banks, num_leds); if (ret) { dev_err(priv->dev, "Cannot setup banked LEDs\n"); return ret; -- 2.51.0

2 weeks, 6 days

3
4
0 0

FAILED: patch "[PATCH] s390/cio: Update purge function to unregister the unused" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9daa5a8795865f9a3c93d8d1066785b07ded6073 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101905-removal-wistful-dd49@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9daa5a8795865f9a3c93d8d1066785b07ded6073 Mon Sep 17 00:00:00 2001 From: Vineeth Vijayan <vneethv(a)linux.ibm.com> Date: Wed, 1 Oct 2025 15:38:17 +0200 Subject: [PATCH] s390/cio: Update purge function to unregister the unused subchannels Starting with 'commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers")', cio no longer unregisters subchannels when the attached device is invalid or unavailable. As an unintended side-effect, the cio_ignore purge function no longer removes subchannels for devices on the cio_ignore list if no CCW device is attached. This situation occurs when a CCW device is non-operational or unavailable To ensure the same outcome of the purge function as when the current cio_ignore list had been active during boot, update the purge function to remove I/O subchannels without working CCW devices if the associated device number is found on the cio_ignore list. Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") Suggested-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Signed-off-by: Vineeth Vijayan <vneethv(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c index fb2c07cb4d3d..4b2dae6eb376 100644 --- a/drivers/s390/cio/device.c +++ b/drivers/s390/cio/device.c @@ -1316,23 +1316,34 @@ void ccw_device_schedule_recovery(void) spin_unlock_irqrestore(&recovery_lock, flags); } -static int purge_fn(struct device *dev, void *data) +static int purge_fn(struct subchannel *sch, void *data) { - struct ccw_device *cdev = to_ccwdev(dev); - struct ccw_dev_id *id = &cdev->private->dev_id; - struct subchannel *sch = to_subchannel(cdev->dev.parent); + struct ccw_device *cdev; - spin_lock_irq(cdev->ccwlock); - if (is_blacklisted(id->ssid, id->devno) && - (cdev->private->state == DEV_STATE_OFFLINE) && - (atomic_cmpxchg(&cdev->private->onoff, 0, 1) == 0)) { - CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x\n", id->ssid, - id->devno); + spin_lock_irq(&sch->lock); + if (sch->st != SUBCHANNEL_TYPE_IO || !sch->schib.pmcw.dnv) + goto unlock; + + if (!is_blacklisted(sch->schid.ssid, sch->schib.pmcw.dev)) + goto unlock; + + cdev = sch_get_cdev(sch); + if (cdev) { + if (cdev->private->state != DEV_STATE_OFFLINE) + goto unlock; + + if (atomic_cmpxchg(&cdev->private->onoff, 0, 1) != 0) + goto unlock; ccw_device_sched_todo(cdev, CDEV_TODO_UNREG); - css_sched_sch_todo(sch, SCH_TODO_UNREG); atomic_set(&cdev->private->onoff, 0); } - spin_unlock_irq(cdev->ccwlock); + + css_sched_sch_todo(sch, SCH_TODO_UNREG); + CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x%s\n", sch->schid.ssid, + sch->schib.pmcw.dev, cdev ? "" : " (no cdev)"); + +unlock: + spin_unlock_irq(&sch->lock); /* Abort loop in case of pending signal. */ if (signal_pending(current)) return -EINTR; @@ -1348,7 +1359,7 @@ static int purge_fn(struct device *dev, void *data) int ccw_purge_blacklisted(void) { CIO_MSG_EVENT(2, "ccw: purging blacklisted devices\n"); - bus_for_each_dev(&ccw_bus_type, NULL, NULL, purge_fn); + for_each_subchannel_staged(purge_fn, NULL, NULL); return 0; }

2 weeks, 6 days

2
1
0 0

[PATCH v3] media: videobuf2: forbid remove_bufs when legacy fileio is active

by Marek Szyprowski

vb2_ioctl_remove_bufs() call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Add a vb2_verify_memory_type() check symmetrical to vb2_ioctl_create_bufs() to forbid that ioctl when fileio is active to protect internal queue state between subsequent read/write calls. CC: stable(a)vger.kernel.org Fixes: a3293a85381e ("media: v4l2: Add REMOVE_BUFS ioctl") Reported-by: Shuangpeng Bai<SJB7183(a)psu.edu> Suggested-by: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/media/common/videobuf2/videobuf2-v4l2.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c index d911021c1bb0..a8a5b42a42d0 100644 --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c @@ -1000,13 +1000,15 @@ int vb2_ioctl_remove_bufs(struct file *file, void *priv, struct v4l2_remove_buffers *d) { struct video_device *vdev = video_devdata(file); - - if (vdev->queue->type != d->type) - return -EINVAL; + int res; if (d->count == 0) return 0; + res = vb2_verify_memory_type(vdev->queue, vdev->queue->memory, d->type); + if (res) + return res; + if (vb2_queue_is_busy(vdev->queue, file)) return -EBUSY; -- 2.34.1

2 weeks, 6 days

2
4
0 0

FAILED: patch "[PATCH] s390/cio: Update purge function to unregister the unused" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9daa5a8795865f9a3c93d8d1066785b07ded6073 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101905-depress-banjo-bc7e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9daa5a8795865f9a3c93d8d1066785b07ded6073 Mon Sep 17 00:00:00 2001 From: Vineeth Vijayan <vneethv(a)linux.ibm.com> Date: Wed, 1 Oct 2025 15:38:17 +0200 Subject: [PATCH] s390/cio: Update purge function to unregister the unused subchannels Starting with 'commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers")', cio no longer unregisters subchannels when the attached device is invalid or unavailable. As an unintended side-effect, the cio_ignore purge function no longer removes subchannels for devices on the cio_ignore list if no CCW device is attached. This situation occurs when a CCW device is non-operational or unavailable To ensure the same outcome of the purge function as when the current cio_ignore list had been active during boot, update the purge function to remove I/O subchannels without working CCW devices if the associated device number is found on the cio_ignore list. Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") Suggested-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Signed-off-by: Vineeth Vijayan <vneethv(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c index fb2c07cb4d3d..4b2dae6eb376 100644 --- a/drivers/s390/cio/device.c +++ b/drivers/s390/cio/device.c @@ -1316,23 +1316,34 @@ void ccw_device_schedule_recovery(void) spin_unlock_irqrestore(&recovery_lock, flags); } -static int purge_fn(struct device *dev, void *data) +static int purge_fn(struct subchannel *sch, void *data) { - struct ccw_device *cdev = to_ccwdev(dev); - struct ccw_dev_id *id = &cdev->private->dev_id; - struct subchannel *sch = to_subchannel(cdev->dev.parent); + struct ccw_device *cdev; - spin_lock_irq(cdev->ccwlock); - if (is_blacklisted(id->ssid, id->devno) && - (cdev->private->state == DEV_STATE_OFFLINE) && - (atomic_cmpxchg(&cdev->private->onoff, 0, 1) == 0)) { - CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x\n", id->ssid, - id->devno); + spin_lock_irq(&sch->lock); + if (sch->st != SUBCHANNEL_TYPE_IO || !sch->schib.pmcw.dnv) + goto unlock; + + if (!is_blacklisted(sch->schid.ssid, sch->schib.pmcw.dev)) + goto unlock; + + cdev = sch_get_cdev(sch); + if (cdev) { + if (cdev->private->state != DEV_STATE_OFFLINE) + goto unlock; + + if (atomic_cmpxchg(&cdev->private->onoff, 0, 1) != 0) + goto unlock; ccw_device_sched_todo(cdev, CDEV_TODO_UNREG); - css_sched_sch_todo(sch, SCH_TODO_UNREG); atomic_set(&cdev->private->onoff, 0); } - spin_unlock_irq(cdev->ccwlock); + + css_sched_sch_todo(sch, SCH_TODO_UNREG); + CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x%s\n", sch->schid.ssid, + sch->schib.pmcw.dev, cdev ? "" : " (no cdev)"); + +unlock: + spin_unlock_irq(&sch->lock); /* Abort loop in case of pending signal. */ if (signal_pending(current)) return -EINTR; @@ -1348,7 +1359,7 @@ static int purge_fn(struct device *dev, void *data) int ccw_purge_blacklisted(void) { CIO_MSG_EVENT(2, "ccw: purging blacklisted devices\n"); - bus_for_each_dev(&ccw_bus_type, NULL, NULL, purge_fn); + for_each_subchannel_staged(purge_fn, NULL, NULL); return 0; }

2 weeks, 6 days

2
1
0 0

[PATCH] Bluetooth: rfcomm: fix modem control handling

by Johan Hovold

The RFCOMM driver confuses the local and remote modem control signals, which specifically means that the reported DTR and RTS state will instead reflect the remote end (i.e. DSR and CTS). This issue dates back to the original driver (and a follow-on update) merged in 2002, which resulted in a non-standard implementation of TIOCMSET that allowed controlling also the TS07.10 IC and DV signals by mapping them to the RI and DCD input flags, while TIOCMGET failed to return the actual state of DTR and RTS. Note that the bogus control of input signals in tiocmset() is just dead code as those flags will have been masked out by the tty layer since 2003. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- net/bluetooth/rfcomm/tty.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index 376ce6de84be..f20f043cc9b5 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -643,8 +643,8 @@ static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) tty_port_tty_hangup(&dev->port, true); dev->modem_status = - ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | - ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | + ((v24_sig & RFCOMM_V24_RTC) ? TIOCM_DSR : 0) | + ((v24_sig & RFCOMM_V24_RTR) ? TIOCM_CTS : 0) | ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); } @@ -1055,10 +1055,13 @@ static void rfcomm_tty_hangup(struct tty_struct *tty) static int rfcomm_tty_tiocmget(struct tty_struct *tty) { struct rfcomm_dev *dev = tty->driver_data; + u8 v24_sig; BT_DBG("tty %p dev %p", tty, dev); - return dev->modem_status; + rfcomm_dlc_get_modem_status(dlc, &v24_sig); + + return (v24_sig & (TIOCM_DTR | TIOCM_RTS)) | dev->modem_status; } static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) @@ -1071,23 +1074,15 @@ static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigne rfcomm_dlc_get_modem_status(dlc, &v24_sig); - if (set & TIOCM_DSR || set & TIOCM_DTR) + if (set & TIOCM_DTR) v24_sig |= RFCOMM_V24_RTC; - if (set & TIOCM_RTS || set & TIOCM_CTS) + if (set & TIOCM_RTS) v24_sig |= RFCOMM_V24_RTR; - if (set & TIOCM_RI) - v24_sig |= RFCOMM_V24_IC; - if (set & TIOCM_CD) - v24_sig |= RFCOMM_V24_DV; - if (clear & TIOCM_DSR || clear & TIOCM_DTR) + if (clear & TIOCM_DTR) v24_sig &= ~RFCOMM_V24_RTC; - if (clear & TIOCM_RTS || clear & TIOCM_CTS) + if (clear & TIOCM_RTS) v24_sig &= ~RFCOMM_V24_RTR; - if (clear & TIOCM_RI) - v24_sig &= ~RFCOMM_V24_IC; - if (clear & TIOCM_CD) - v24_sig &= ~RFCOMM_V24_DV; rfcomm_dlc_set_modem_status(dlc, v24_sig); -- 2.49.1

2 weeks, 6 days

1
0
0 0

FAILED: patch "[PATCH] s390/cio: Update purge function to unregister the unused" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9daa5a8795865f9a3c93d8d1066785b07ded6073 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101904-seltzer-landslide-60b6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9daa5a8795865f9a3c93d8d1066785b07ded6073 Mon Sep 17 00:00:00 2001 From: Vineeth Vijayan <vneethv(a)linux.ibm.com> Date: Wed, 1 Oct 2025 15:38:17 +0200 Subject: [PATCH] s390/cio: Update purge function to unregister the unused subchannels Starting with 'commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers")', cio no longer unregisters subchannels when the attached device is invalid or unavailable. As an unintended side-effect, the cio_ignore purge function no longer removes subchannels for devices on the cio_ignore list if no CCW device is attached. This situation occurs when a CCW device is non-operational or unavailable To ensure the same outcome of the purge function as when the current cio_ignore list had been active during boot, update the purge function to remove I/O subchannels without working CCW devices if the associated device number is found on the cio_ignore list. Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") Suggested-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Signed-off-by: Vineeth Vijayan <vneethv(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c index fb2c07cb4d3d..4b2dae6eb376 100644 --- a/drivers/s390/cio/device.c +++ b/drivers/s390/cio/device.c @@ -1316,23 +1316,34 @@ void ccw_device_schedule_recovery(void) spin_unlock_irqrestore(&recovery_lock, flags); } -static int purge_fn(struct device *dev, void *data) +static int purge_fn(struct subchannel *sch, void *data) { - struct ccw_device *cdev = to_ccwdev(dev); - struct ccw_dev_id *id = &cdev->private->dev_id; - struct subchannel *sch = to_subchannel(cdev->dev.parent); + struct ccw_device *cdev; - spin_lock_irq(cdev->ccwlock); - if (is_blacklisted(id->ssid, id->devno) && - (cdev->private->state == DEV_STATE_OFFLINE) && - (atomic_cmpxchg(&cdev->private->onoff, 0, 1) == 0)) { - CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x\n", id->ssid, - id->devno); + spin_lock_irq(&sch->lock); + if (sch->st != SUBCHANNEL_TYPE_IO || !sch->schib.pmcw.dnv) + goto unlock; + + if (!is_blacklisted(sch->schid.ssid, sch->schib.pmcw.dev)) + goto unlock; + + cdev = sch_get_cdev(sch); + if (cdev) { + if (cdev->private->state != DEV_STATE_OFFLINE) + goto unlock; + + if (atomic_cmpxchg(&cdev->private->onoff, 0, 1) != 0) + goto unlock; ccw_device_sched_todo(cdev, CDEV_TODO_UNREG); - css_sched_sch_todo(sch, SCH_TODO_UNREG); atomic_set(&cdev->private->onoff, 0); } - spin_unlock_irq(cdev->ccwlock); + + css_sched_sch_todo(sch, SCH_TODO_UNREG); + CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x%s\n", sch->schid.ssid, + sch->schib.pmcw.dev, cdev ? "" : " (no cdev)"); + +unlock: + spin_unlock_irq(&sch->lock); /* Abort loop in case of pending signal. */ if (signal_pending(current)) return -EINTR; @@ -1348,7 +1359,7 @@ static int purge_fn(struct device *dev, void *data) int ccw_purge_blacklisted(void) { CIO_MSG_EVENT(2, "ccw: purging blacklisted devices\n"); - bus_for_each_dev(&ccw_bus_type, NULL, NULL, purge_fn); + for_each_subchannel_staged(purge_fn, NULL, NULL); return 0; }

2 weeks, 6 days

2
1
0 0

Spirit Airlines 24-Hour Cancellation: How to Cancel Your Ticket Hassle-Free

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Spirit Airlines flight, do not worry — the process is fairly straightforward! You can call Spirit Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Spirit Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Spirit Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Spirit Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Spirit Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Spirit Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Spirit Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

2 weeks, 6 days

1
0
0 0

Aeromexico Airlines Ticket Cancellation: What You Need to Know

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Aeromexico Airlines flight, do not worry — the process is fairly straightforward! You can call Aeromexico Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Aeromexico Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Aeromexico Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Aeromexico Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Aeromexico Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Aeromexico Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Aeromexico Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

2 weeks, 6 days

1
0
0 0

How to Cancel Avelo Airlines Tickets in the First 24 Hours: A Quick Guide

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Avelo Airlines flight, do not worry — the process is fairly straightforward! You can call Avelo Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Avelo Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Avelo Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Avelo Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Avelo Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Avelo Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Avelo Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

2 weeks, 6 days

1
0
0 0

Contour Airlines Flight Cancellation: A Quick and Simple Guide

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Contour Airlines flight, do not worry — the process is fairly straightforward! You can call Contour Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Contour Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Contour Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Contour Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Contour Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Contour Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Contour Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

2 weeks, 6 days

1
0
0 0

Condor Airlines Ticket Cancellation: What You Need to Know

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Condor Airlines flight, do not worry — the process is fairly straightforward! You can call Condor Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Condor Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Condor Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Condor Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Condor Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Condor Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Condor Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

2 weeks, 6 days

1
0
0 0

Can You Cancel Frontier Airlines Tickets Within 24 Hours? Here’s What You Need to Know

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Frontier Airlines flight, do not worry — the process is fairly straightforward! You can call Frontier Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Frontier Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Frontier Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Frontier Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Frontier Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Frontier Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Frontier Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

2 weeks, 6 days

1
0
0 0

[PATCH v2 0/3] Fixes/improvements for SM6350 UFS

by Luca Weiss

Fix the order of the freq-table-hz property, then convert to OPP tables and add interconnect support for UFS for the SM6350 SoC. Signed-off-by: Luca Weiss <luca.weiss(a)fairphone.com> --- Changes in v2: - Resend, pick up tags - Link to v1: https://lore.kernel.org/r/20250314-sm6350-ufs-things-v1-0-3600362cc52c@fair… --- Luca Weiss (3): arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS arm64: dts: qcom: sm6350: Add OPP table support to UFSHC arm64: dts: qcom: sm6350: Add interconnect support to UFS arch/arm64/boot/dts/qcom/sm6350.dtsi | 49 ++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 10 deletions(-) --- base-commit: a92c761bcac3d5042559107fa7679470727a4bcb change-id: 20250314-sm6350-ufs-things-53c5de9fec5e Best regards, -- Luca Weiss <luca.weiss(a)fairphone.com>

2 weeks, 6 days

1
1
0 0

[PATCH net] net: bonding: fix possible peer notify event loss or dup issue

by Tonghao Zhang

If the send_peer_notif counter and the peer event notify are not synchronized. It may cause problems such as the loss or dup of peer notify event. Before this patch: - If should_notify_peers is true and the lock for send_peer_notif-- fails, peer event may be sent again in next mii_monitor loop, because should_notify_peers is still true. - If should_notify_peers is true and the lock for send_peer_notif-- succeeded, but the lock for peer event fails, the peer event will be lost. This patch locks the RTNL for send_peer_notif, events, and commit simultaneously. Fixes: 07a4ddec3ce9 ("bonding: add an option to specify a delay between peer notifications") Cc: Jay Vosburgh <jv(a)jvosburgh.net> Cc: Andrew Lunn <andrew+netdev(a)lunn.ch> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Hangbin Liu <liuhangbin(a)gmail.com> Cc: Nikolay Aleksandrov <razor(a)blackwall.org> Cc: Vincent Bernat <vincent(a)bernat.ch> Cc: <stable(a)vger.kernel.org> Signed-off-by: Tonghao Zhang <tonghao(a)bamaicloud.com> --- drivers/net/bonding/bond_main.c | 40 +++++++++++++++------------------ 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 5791c3e39baa..52b7ac8ddfbc 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -2971,7 +2971,7 @@ static void bond_mii_monitor(struct work_struct *work) { struct bonding *bond = container_of(work, struct bonding, mii_work.work); - bool should_notify_peers = false; + bool should_notify_peers; bool commit; unsigned long delay; struct slave *slave; @@ -2983,30 +2983,33 @@ static void bond_mii_monitor(struct work_struct *work) goto re_arm; rcu_read_lock(); + should_notify_peers = bond_should_notify_peers(bond); commit = !!bond_miimon_inspect(bond); - if (bond->send_peer_notif) { - rcu_read_unlock(); - if (rtnl_trylock()) { - bond->send_peer_notif--; - rtnl_unlock(); - } - } else { - rcu_read_unlock(); - } - if (commit) { + rcu_read_unlock(); + + if (commit || bond->send_peer_notif) { /* Race avoidance with bond_close cancel of workqueue */ if (!rtnl_trylock()) { delay = 1; - should_notify_peers = false; goto re_arm; } - bond_for_each_slave(bond, slave, iter) { - bond_commit_link_state(slave, BOND_SLAVE_NOTIFY_LATER); + if (commit) { + bond_for_each_slave(bond, slave, iter) { + bond_commit_link_state(slave, + BOND_SLAVE_NOTIFY_LATER); + } + bond_miimon_commit(bond); + } + + if (bond->send_peer_notif) { + bond->send_peer_notif--; + if (should_notify_peers) + call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, + bond->dev); } - bond_miimon_commit(bond); rtnl_unlock(); /* might sleep, hold no other locks */ } @@ -3014,13 +3017,6 @@ static void bond_mii_monitor(struct work_struct *work) re_arm: if (bond->params.miimon) queue_delayed_work(bond->wq, &bond->mii_work, delay); - - if (should_notify_peers) { - if (!rtnl_trylock()) - return; - call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, bond->dev); - rtnl_unlock(); - } } static int bond_upper_dev_walk(struct net_device *upper, -- 2.34.1

2 weeks, 6 days

3
2
0 0

[PATCH v3] i2c: fix reference leak in MP2 PCI device

by Ma Ke

In i2c_amd_probe(), amd_mp2_find_device() utilizes driver_find_next_device() which internally calls driver_find_device() to locate the matching device. driver_find_device() increments the reference count of the found device by calling get_device(), but amd_mp2_find_device() fails to call put_device() to decrement the reference count before returning. This results in a reference count leak of the PCI device each time i2c_amd_probe() is executed, which may prevent the device from being properly released and cause a memory leak. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 529766e0a011 ("i2c: Add drivers for the AMD PCIe MP2 I2C controller") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - kept the temporary variable to store pci_get_drvdata() result before releasing the device reference; Changes in v2: - modified the missing initialization in the patch. Sorry for the omission. --- drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-amd-mp2-pci.c b/drivers/i2c/busses/i2c-amd-mp2-pci.c index ef7370d3dbea..60edbabc2986 100644 --- a/drivers/i2c/busses/i2c-amd-mp2-pci.c +++ b/drivers/i2c/busses/i2c-amd-mp2-pci.c @@ -458,13 +458,16 @@ struct amd_mp2_dev *amd_mp2_find_device(void) { struct device *dev; struct pci_dev *pci_dev; + struct amd_mp2_dev *mp2_dev; dev = driver_find_next_device(&amd_mp2_pci_driver.driver, NULL); if (!dev) return NULL; pci_dev = to_pci_dev(dev); - return (struct amd_mp2_dev *)pci_get_drvdata(pci_dev); + mp2_dev = (struct amd_mp2_dev *)pci_get_drvdata(pci_dev); + put_device(dev); + return mp2_dev; } EXPORT_SYMBOL_GPL(amd_mp2_find_device); -- 2.17.1

2 weeks, 6 days

2
1
0 0

[PATCH v2] media: videobuf2: forbid remove_bufs when legacy fileio is active

by Marek Szyprowski

vb2_ioctl_remove_bufs() call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Add a vb2_verify_memory_type() check symmetrical to vb2_ioctl_create_bufs() to forbid that ioctl when fileio is active to protect internal queue state between subsequent read/write calls. CC: stable(a)vger.kernel.org Fixes: a3293a85381e ("media: v4l2: Add REMOVE_BUFS ioctl") Reported-by: Shuangpeng Bai<SJB7183(a)psu.edu> Suggested-by: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v2: - dropped a change to vb2_ioctl_create_bufs(), as it is already handled by the vb2_verify_memory_type() call - replaced queue->type check in vb2_ioctl_remove_bufs() by a call to vb2_verify_memory_type() which covers all cases v1: https://lore.kernel.org/all/20251016111154.993949-1-m.szyprowski@samsung.co… --- drivers/media/common/videobuf2/videobuf2-v4l2.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c index d911021c1bb0..0de7490292fe 100644 --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c @@ -1000,9 +1000,11 @@ int vb2_ioctl_remove_bufs(struct file *file, void *priv, struct v4l2_remove_buffers *d) { struct video_device *vdev = video_devdata(file); + int res; - if (vdev->queue->type != d->type) - return -EINVAL; + res = vb2_verify_memory_type(vdev->queue, vdev->queue->memory, d->type); + if (res) + return res; if (d->count == 0) return 0; -- 2.34.1

2 weeks, 6 days

3
4
0 0

[PATCH v2 2/4] net: ravb: Allocate correct number of queues based on SoC support

by Prabhakar

From: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> On SoCs that only support the best-effort queue and not the network control queue, calling alloc_etherdev_mqs() with fixed values for TX/RX queues is not appropriate. Use the nc_queues flag from the per-SoC match data to determine whether the network control queue is available, and fall back to a single TX/RX queue when it is not. This ensures correct queue allocation across all supported SoCs. Fixes: a92f4f0662bf ("ravb: Add nc_queue to struct ravb_hw_info") Cc: stable(a)vger.kernel.org Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> --- v1->v2: - Added Reviewed-by tag from Niklas. --- drivers/net/ethernet/renesas/ravb_main.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c index 69d382e8757d..a200e205825a 100644 --- a/drivers/net/ethernet/renesas/ravb_main.c +++ b/drivers/net/ethernet/renesas/ravb_main.c @@ -2926,13 +2926,14 @@ static int ravb_probe(struct platform_device *pdev) return dev_err_probe(&pdev->dev, PTR_ERR(rstc), "failed to get cpg reset\n"); + info = of_device_get_match_data(&pdev->dev); + ndev = alloc_etherdev_mqs(sizeof(struct ravb_private), - NUM_TX_QUEUE, NUM_RX_QUEUE); + info->nc_queues ? NUM_TX_QUEUE : 1, + info->nc_queues ? NUM_RX_QUEUE : 1); if (!ndev) return -ENOMEM; - info = of_device_get_match_data(&pdev->dev); - ndev->features = info->net_features; ndev->hw_features = info->net_hw_features; ndev->vlan_features = info->vlan_features; -- 2.43.0

2 weeks, 6 days

3
2
0 0

[PATCH v2 1/4] net: ravb: Make DBAT entry count configurable per-SoC

by Prabhakar

From: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> The number of CDARq (Current Descriptor Address Register) registers is not fixed to 22 across all SoC variants. For example, the GBETH implementation uses only two entries. Hardcoding the value leads to incorrect resource allocation on such platforms. Pass the DBAT entry count through the per-SoC hardware info struct and use it during probe instead of relying on a fixed constant. This ensures correct descriptor table sizing and initialization across different SoCs. Fixes: feab85c7ccea ("ravb: Add support for RZ/G2L SoC") Cc: stable(a)vger.kernel.org Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> --- v1->v2: - Added Reviewed-by tag from Niklas. --- drivers/net/ethernet/renesas/ravb.h | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/renesas/ravb.h b/drivers/net/ethernet/renesas/ravb.h index 7b48060c250b..d65cd83ddd16 100644 --- a/drivers/net/ethernet/renesas/ravb.h +++ b/drivers/net/ethernet/renesas/ravb.h @@ -1017,7 +1017,6 @@ enum CSR2_BIT { #define CSR2_CSUM_ENABLE (CSR2_RTCP4 | CSR2_RUDP4 | CSR2_RICMP4 | \ CSR2_RTCP6 | CSR2_RUDP6 | CSR2_RICMP6) -#define DBAT_ENTRY_NUM 22 #define RX_QUEUE_OFFSET 4 #define NUM_RX_QUEUE 2 #define NUM_TX_QUEUE 2 @@ -1062,6 +1061,7 @@ struct ravb_hw_info { u32 rx_max_frame_size; u32 rx_buffer_size; u32 rx_desc_size; + u32 dbat_entry_num; unsigned aligned_tx: 1; unsigned coalesce_irqs:1; /* Needs software IRQ coalescing */ diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c index 9d3bd65b85ff..69d382e8757d 100644 --- a/drivers/net/ethernet/renesas/ravb_main.c +++ b/drivers/net/ethernet/renesas/ravb_main.c @@ -2694,6 +2694,7 @@ static const struct ravb_hw_info ravb_gen2_hw_info = { .rx_buffer_size = SZ_2K + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)), .rx_desc_size = sizeof(struct ravb_ex_rx_desc), + .dbat_entry_num = 22, .aligned_tx = 1, .gptp = 1, .nc_queues = 1, @@ -2717,6 +2718,7 @@ static const struct ravb_hw_info ravb_gen3_hw_info = { .rx_buffer_size = SZ_2K + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)), .rx_desc_size = sizeof(struct ravb_ex_rx_desc), + .dbat_entry_num = 22, .internal_delay = 1, .tx_counters = 1, .multi_irqs = 1, @@ -2743,6 +2745,7 @@ static const struct ravb_hw_info ravb_gen4_hw_info = { .rx_buffer_size = SZ_2K + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)), .rx_desc_size = sizeof(struct ravb_ex_rx_desc), + .dbat_entry_num = 22, .internal_delay = 1, .tx_counters = 1, .multi_irqs = 1, @@ -2769,6 +2772,7 @@ static const struct ravb_hw_info ravb_rzv2m_hw_info = { .rx_buffer_size = SZ_2K + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)), .rx_desc_size = sizeof(struct ravb_ex_rx_desc), + .dbat_entry_num = 22, .multi_irqs = 1, .err_mgmt_irqs = 1, .gptp = 1, @@ -2794,6 +2798,7 @@ static const struct ravb_hw_info gbeth_hw_info = { .rx_max_frame_size = SZ_8K, .rx_buffer_size = SZ_2K, .rx_desc_size = sizeof(struct ravb_rx_desc), + .dbat_entry_num = 2, .aligned_tx = 1, .coalesce_irqs = 1, .tx_counters = 1, @@ -3025,7 +3030,7 @@ static int ravb_probe(struct platform_device *pdev) ravb_parse_delay_mode(np, ndev); /* Allocate descriptor base address table */ - priv->desc_bat_size = sizeof(struct ravb_desc) * DBAT_ENTRY_NUM; + priv->desc_bat_size = sizeof(struct ravb_desc) * info->dbat_entry_num; priv->desc_bat = dma_alloc_coherent(ndev->dev.parent, priv->desc_bat_size, &priv->desc_bat_dma, GFP_KERNEL); if (!priv->desc_bat) { @@ -3035,7 +3040,7 @@ static int ravb_probe(struct platform_device *pdev) error = -ENOMEM; goto out_rpm_put; } - for (q = RAVB_BE; q < DBAT_ENTRY_NUM; q++) + for (q = RAVB_BE; q < info->dbat_entry_num; q++) priv->desc_bat[q].die_dt = DT_EOS; /* Initialise HW timestamp list */ -- 2.43.0

2 weeks, 6 days

3
2
0 0

1_855-219-0007 Round-the-Clock Qu!ckB00ks® Enterprise™ Help Line Numbers

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 Qu!ckB00ks® Enterprise™ Supp0rt Helpline Directory – Always Open

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 24/7 Qu!ckB00ks® Enterprise™ Customer Supp0rt Numbers – Full Directory

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 Complete Qu!ckB00ks® Enterprise™ Helpline Directory (24/7 Supp0rt)

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 24/7 Qu!ckB00ks® Enterprise™ Supp0rt Directory – Live Help Numbers

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 Real-Time Supp0rt Directory for Qu!ckB00ks® Enterprise™ (Live Help 24/7)

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 How to Reach Qu!ckB00ks® Enterprise™ Live Supp0rt Anytime (24/7 Directory)

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 Directory of Live Qu!ckB00ks® Enterprise™ Helplines (24/7 Assistance)

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 Speak to a Live Agent: 24/7 Qu!ckB00ks® Enterprise™ Supp0rt Directory

by penelopemorrison＠xutin.org

📞 Call 24/7 QuickBooks® Enterprise™ Support: 1-855-219-0007 Are you facing issues with QuickBooks® Enterprise™ and need immediate assistance? Do not worry--help is just a phone call away! Our 24/7 QuickBooks® Enterprise™ Support is available at 1-855-219-0007, ready to help you resolve any accounting or technical issues around the clock. Whether it is late at night, early morning, or during a holiday, our expert team is standing by to provide fast, friendly support. Why Call 24/7 QuickBooks® Enterprise™ Support? 📈 QuickBooks® Enterprise™ is a powerful accounting solution used by thousands of businesses across the U.S. But even the most robust software can run into occasional hiccups--and when it does, you need help fast. ✅ Real-time support ✅ Certified QuickBooks experts ✅ 100% U.S.-based support ✅ No waiting--live agents on call Just call 1-855-219-0007 anytime--our agents are trained to assist with setup, installation, payroll, multi-user issues, and any technical errors that may arise. Common Issues We Can Help With 🔧 When you are stuck, time is money. Our QuickBooks® Enterprise™ specialists can walk you through even the most complex problems. Call us now at 1-855-219-0007 for help with: 🛠️ Error codes like H202, 6000 series, or 6177 🧾 Company file not opening or loading 🔄 Data sync and backup issues 👥 Multi-user mode configuration problems 💰 Payroll setup or tax form errors 📊 Custom reports or chart of accounts Whether it is a small bug or a major crash, just call 1-855-219-0007 and get back to business quickly. Available 24/7 – Even on Weekends and Holidays 🕒 Many business owners work after hours or need help outside of 9 to 5. That is why our QuickBooks® Enterprise™ Support Line (1-855-219-0007) never closes. We are open 24 hours a day, 7 days a week--including weekends and holidays! 🌙 Working late? Call us. 🎄 It is a holiday? We are still here. 🚨 Emergency? We will pick up. It is like having your own IT department, just a phone call away--1-855-219-0007. Live Help from Certified Experts 👨‍💻👩‍💻 Not all support is created equal. When you call 1-855-219-0007, you are speaking with professionals who are: ✔️ Intuit Certified ProAdvisors ✔️ Highly trained in QuickBooks® Enterprise™ ✔️ Experienced in handling business accounting for all industries ✔️ Friendly, patient, and clear communicators We do not read from scripts. We solve real problems with real people--fast. Remote Assistance Available 🔐 Some problems need hands-on troubleshooting. We offer secure remote support--with your permission--so our experts can access your system and fix the issue in real time. All you need to do is call 1-855-219-0007, and we will guide you step-by-step. Your data is safe and confidential--always protected under strict security protocols. 🔒 Get Help Now – Do not Wait! 🚀 When QuickBooks® Enterprise™ stops working, your workflow stalls. That is why you should not wait hours or search forums for answers. Get direct access to our support team now by calling: 📞 1-855-219-0007 Do not let technical issues slow you down. Our friendly agents are available day or night to get you back on track--usually within minutes. Who Can Call This Support Line? 📣 This support service is perfect for: ✅ Small to mid-size businesses ✅ Accountants and bookkeepers ✅ Enterprise-level organizations ✅ First-time QuickBooks users ✅ Long-time users with new errors If you are using QuickBooks® Enterprise™, this number is for you: 1-855-219-0007. Do not Risk Losing Data or Time – Call Now! ⏳ Even minor issues in QuickBooks can lead to hours of lost time or incorrect financials. Whether you are experiencing performance lags, crashing software, or user access issues, do not try to fix it alone. Instead, call the experts at 1-855-219-0007--your trusted QuickBooks® Enterprise™ Support directory. We will diagnose and resolve the problem, often on the first call. 📞 Call Now: 1-855-219-0007 – QuickBooks® Enterprise™ Support You Can Trust! Let us handle the stress while you focus on growing your business. Fast. Friendly. 24/7. Qu!ckB00ks helpline Qu!ckB00ks support contact Qu!ckB00ks customer care Qu!ckB00ks phone support Qu!ckB00ks support email Qu!ckB00ks live chat Qu!ckB00ks help desk Qu!ckB00ks contact support Qu!ckB00ks support team Qu!ckB00ks customer assistance Qu!ckB00ks service hotline Qu!ckB00ks technical support Qu!ckB00ks issue resolution Qu!ckB00ks account help Qu!ckB00ks payment support Qu!ckB00ks withdrawal issues Qu!ckB00ks login help Qu!ckB00ks verification support Qu!ckB00ks account recovery Qu!ckB00ks lost access Qu!ckB00ks security issues Qu!ckB00ks fraud support Qu!ckB00ks billing support Qu!ckB00ks transaction problems Qu!ckB00ks support Qu!ckB00ks wallet issues Qu!ckB00ks mobile app support Qu!ckB00ks crypto transfer help Qu!ckB00ks error fixing Qu!ckB00ks support login Qu!ckB00ks problem resolution Qu!ckB00ks feedback contact Qu!ckB00ks account suspension help Qu!ckB00ks withdrawal delay Qu!ckB00ks deposit issues Qu!ckB00ks crypto conversion help Qu!ckB00ks order status Qu!ckB00ks refund support Qu!ckB00ks tax document support Qu!ckB00ks international support Qu!ckB00ks 24/7 support Qu!ckB00ks account settings help Qu!ckB00ks password reset Qu!ckB00ks two-factor authentication help Qu!ckB00ks customer inquiry Qu!ckB00ks support number USA Qu!ckB00ks help center phone number

2 weeks, 6 days

1
0
0 0

1_855-219-0007 𝓛𝓲𝓿𝓮 𝓠𝓾!𝓬𝓴𝓑00𝓴𝓼® 𝓔𝓷𝓽𝓮𝓻𝓹𝓻𝓲𝓼𝓮™ 𝓢𝓾𝓹𝓹0𝓻𝓽 – 𝓕𝓾𝓵𝓵 24/7 𝓗𝓮𝓵𝓹𝓵𝓲𝓷𝓮 𝓓𝓲𝓻𝓮𝓬𝓽𝓸𝓻𝔂

by penelopemorrison＠xutin.org

📞 𝖢𝖺𝗅𝗅 24/7 𝖰𝗎𝗂𝖼𝗄𝖡𝗈𝗈𝗄𝗌® 𝖤𝗇𝗍𝖾𝗋𝗉𝗋𝗂𝗌𝖾™ 𝖲𝗎𝗉𝗉𝗈𝗋𝗍: 1-855-219-0007 𝖠𝗋𝖾 𝗒𝗈𝗎 𝖿𝖺𝖼𝗂𝗇𝗀 𝗂𝗌𝗌𝗎𝖾𝗌 𝗐𝗂𝗍𝗁 𝖰𝗎𝗂𝖼𝗄𝖡𝗈𝗈𝗄𝗌® 𝖤𝗇𝗍𝖾𝗋𝗉𝗋𝗂𝗌𝖾™ 𝖺𝗇𝖽 𝗇𝖾𝖾𝖽 𝗂𝗆𝗆𝖾𝖽𝗂𝖺𝗍𝖾 𝖺𝗌𝗌𝗂𝗌𝗍𝖺𝗇𝖼𝖾? 𝖣𝗈 𝗇𝗈𝗍 𝗐𝗈𝗋𝗋𝗒--𝗁𝖾𝗅𝗉 𝗂𝗌 𝗃𝗎𝗌𝗍 𝖺 𝗉𝗁𝗈𝗇𝖾 𝖼𝖺𝗅𝗅 𝖺𝗐𝖺𝗒! 𝖮𝗎𝗋 24/7 𝖰𝗎𝗂𝖼𝗄𝖡𝗈𝗈𝗄𝗌® 𝖤𝗇𝗍𝖾𝗋𝗉𝗋𝗂𝗌𝖾™ 𝖲𝗎𝗉𝗉𝗈𝗋𝗍 𝗂𝗌 𝖺𝗏𝖺𝗂𝗅𝖺𝖻𝗅𝖾 𝖺𝗍 1-855-219-0007, 𝗋𝖾𝖺𝖽𝗒 𝗍𝗈 𝗁𝖾𝗅𝗉 𝗒𝗈𝗎 𝗋𝖾𝗌𝗈𝗅𝗏𝖾 𝖺𝗇𝗒 𝖺𝖼𝖼𝗈𝗎𝗇𝗍𝗂𝗇𝗀 𝗈𝗋 𝗍𝖾𝖼𝗁𝗇𝗂𝖼𝖺𝗅 𝗂𝗌𝗌𝗎𝖾𝗌 𝖺𝗋𝗈𝗎𝗇𝖽 𝗍𝗁𝖾 𝖼𝗅𝗈𝖼𝗄. 𝖶𝗁𝖾𝗍𝗁𝖾𝗋 𝗂𝗍 𝗂𝗌 𝗅𝖺𝗍𝖾 𝖺𝗍 𝗇𝗂𝗀𝗁𝗍, 𝖾𝖺𝗋𝗅𝗒 𝗆𝗈𝗋𝗇𝗂𝗇𝗀, 𝗈𝗋 𝖽𝗎𝗋𝗂𝗇𝗀 𝖺 𝗁𝗈𝗅𝗂𝖽𝖺𝗒, 𝗈𝗎𝗋 𝖾𝗑𝗉𝖾𝗋𝗍 𝗍𝖾𝖺𝗆 𝗂𝗌 𝗌𝗍𝖺𝗇𝖽𝗂𝗇𝗀 𝖻𝗒 𝗍𝗈 𝗉𝗋𝗈𝗏𝗂𝖽𝖾 𝖿𝖺𝗌𝗍, 𝖿𝗋𝗂𝖾𝗇𝖽𝗅𝗒 𝗌𝗎𝗉𝗉𝗈𝗋𝗍. 𝖶𝗁𝗒 𝖢𝖺𝗅𝗅 24/7 𝖰𝗎𝗂𝖼𝗄𝖡𝗈𝗈𝗄𝗌® 𝖤𝗇𝗍𝖾𝗋𝗉𝗋𝗂𝗌𝖾™ 𝖲𝗎𝗉𝗉𝗈𝗋𝗍? 📈 𝖰𝗎𝗂𝖼𝗄𝖡𝗈𝗈𝗄𝗌® 𝖤𝗇𝗍𝖾𝗋𝗉𝗋𝗂𝗌𝖾™ 𝗂𝗌 𝖺 𝗉𝗈𝗐𝖾𝗋𝖿𝗎𝗅 𝖺𝖼𝖼𝗈𝗎𝗇𝗍𝗂𝗇𝗀 𝗌𝗈𝗅𝗎𝗍𝗂𝗈𝗇 𝗎𝗌𝖾𝖽 𝖻𝗒 𝗍𝗁𝗈𝗎𝗌𝖺𝗇𝖽𝗌 𝗈𝖿 𝖻𝗎𝗌𝗂𝗇𝖾𝗌𝗌𝖾𝗌 𝖺𝖼𝗋𝗈𝗌𝗌 𝗍𝗁𝖾 𝖴.𝖲. 𝖡𝗎𝗍 𝖾𝗏𝖾𝗇 𝗍𝗁𝖾 𝗆𝗈𝗌𝗍 𝗋𝗈𝖻𝗎𝗌𝗍 𝗌𝗈𝖿𝗍𝗐𝖺𝗋𝖾 𝖼𝖺𝗇 𝗋𝗎𝗇 𝗂𝗇𝗍𝗈 𝗈𝖼𝖼𝖺𝗌𝗂𝗈𝗇𝖺𝗅 𝗁𝗂𝖼𝖼𝗎𝗉𝗌--𝖺𝗇𝖽 𝗐𝗁𝖾𝗇 𝗂𝗍 𝖽𝗈𝖾𝗌, 𝗒𝗈𝗎 𝗇𝖾𝖾𝖽 𝗁𝖾𝗅𝗉 𝖿𝖺𝗌𝗍. ✅ 𝖱𝖾𝖺𝗅-𝗍𝗂𝗆𝖾 𝗌𝗎𝗉𝗉𝗈𝗋𝗍 ✅ 𝖢𝖾𝗋𝗍𝗂𝖿𝗂𝖾𝖽 𝖰𝗎𝗂𝖼𝗄𝖡𝗈𝗈𝗄𝗌 𝖾𝗑𝗉𝖾𝗋𝗍𝗌 ✅ 100% 𝖴.𝖲.-𝖻𝖺𝗌𝖾𝖽 𝗌𝗎𝗉𝗉𝗈𝗋𝗍 ✅ 𝖭𝗈 𝗐𝖺𝗂𝗍𝗂𝗇𝗀--𝗅𝗂𝗏𝖾 𝖺𝗀𝖾𝗇𝗍𝗌 𝗈𝗇 𝖼𝖺𝗅𝗅 𝖩𝗎𝗌𝗍 𝖼𝖺𝗅𝗅 1-855-219-0007 𝖺𝗇𝗒𝗍𝗂𝗆𝖾--𝗈𝗎𝗋 𝖺𝗀𝖾𝗇𝗍𝗌 𝖺𝗋𝖾 𝗍𝗋𝖺𝗂𝗇𝖾𝖽 𝗍𝗈 𝖺𝗌𝗌𝗂𝗌𝗍 𝗐𝗂𝗍𝗁 𝗌𝖾𝗍𝗎𝗉, 𝗂𝗇𝗌𝗍𝖺𝗅𝗅𝖺𝗍𝗂𝗈𝗇, 𝗉𝖺𝗒𝗋𝗈𝗅𝗅, 𝗆𝗎𝗅𝗍𝗂-𝗎𝗌𝖾𝗋 𝗂𝗌𝗌𝗎𝖾𝗌, 𝖺𝗇𝖽 𝖺𝗇𝗒 𝗍𝖾𝖼𝗁𝗇𝗂𝖼𝖺𝗅 𝖾𝗋𝗋𝗈𝗋𝗌 𝗍𝗁𝖺𝗍 𝗆𝖺𝗒 𝖺𝗋𝗂𝗌𝖾.

2 weeks, 6 days

1
0
0 0

[PATCH v2 04/20] ASoC: qcom: q6asm-dai: perform correct state check before closing

by Srinivas Kandagatla

Do not stop a q6asm stream if its not started, this can result in unnecessary dsp command which will timeout anyway something like below: q6asm-dai ab00000.remoteproc:glink-edge:apr:service@7:dais: CMD 10bcd timeout Fix this by correctly checking the state. Fixes: 2a9e92d371db ("ASoC: qdsp6: q6asm: Add q6asm dai driver") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> Tested-by: Alexey Klimov <alexey.klimov(a)linaro.org> # RB5, RB3 --- sound/soc/qcom/qdsp6/q6asm-dai.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/qcom/qdsp6/q6asm-dai.c b/sound/soc/qcom/qdsp6/q6asm-dai.c index e8129510a734..0eae8c6e42b8 100644 --- a/sound/soc/qcom/qdsp6/q6asm-dai.c +++ b/sound/soc/qcom/qdsp6/q6asm-dai.c @@ -233,13 +233,14 @@ static int q6asm_dai_prepare(struct snd_soc_component *component, prtd->pcm_count = snd_pcm_lib_period_bytes(substream); prtd->pcm_irq_pos = 0; /* rate and channels are sent to audio driver */ - if (prtd->state) { + if (prtd->state == Q6ASM_STREAM_RUNNING) { /* clear the previous setup if any */ q6asm_cmd(prtd->audio_client, prtd->stream_id, CMD_CLOSE); q6asm_unmap_memory_regions(substream->stream, prtd->audio_client); q6routing_stream_close(soc_prtd->dai_link->id, substream->stream); + prtd->state = Q6ASM_STREAM_STOPPED; } ret = q6asm_map_memory_regions(substream->stream, prtd->audio_client, -- 2.51.0

2 weeks, 6 days

1
0
0 0

[PATCH v2 03/20] ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment.

by Srinivas Kandagatla

DSP expects the periods to be aligned to fragment sizes, currently setting up to hw constriants on periods bytes is not going to work correctly as we can endup with periods sizes aligned to 32 bytes however not aligned to fragment size. Update the constriants to use fragment size, and also set at step of 10ms for period size to accommodate DSP requirements of 10ms latency. Fixes: 2a9e92d371db ("ASoC: qdsp6: q6asm: Add q6asm dai driver") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> Tested-by: Alexey Klimov <alexey.klimov(a)linaro.org> # RB5, RB3 --- sound/soc/qcom/qdsp6/q6asm-dai.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/qcom/qdsp6/q6asm-dai.c b/sound/soc/qcom/qdsp6/q6asm-dai.c index b616ce316d2f..e8129510a734 100644 --- a/sound/soc/qcom/qdsp6/q6asm-dai.c +++ b/sound/soc/qcom/qdsp6/q6asm-dai.c @@ -403,13 +403,13 @@ static int q6asm_dai_open(struct snd_soc_component *component, } ret = snd_pcm_hw_constraint_step(runtime, 0, - SNDRV_PCM_HW_PARAM_PERIOD_BYTES, 32); + SNDRV_PCM_HW_PARAM_PERIOD_SIZE, 480); if (ret < 0) { dev_err(dev, "constraint for period bytes step ret = %d\n", ret); } ret = snd_pcm_hw_constraint_step(runtime, 0, - SNDRV_PCM_HW_PARAM_BUFFER_BYTES, 32); + SNDRV_PCM_HW_PARAM_BUFFER_SIZE, 480); if (ret < 0) { dev_err(dev, "constraint for buffer bytes step ret = %d\n", ret); -- 2.51.0

2 weeks, 6 days

1
0
0 0

[PATCH v2 02/20] ASoC: qcom: q6adm: the the copp device only during last instance

by Srinivas Kandagatla

A matching Common object post processing instance is normally resused across multiple streams. However currently we close this on DSP even though there is a refcount on this copp object, this can result in below error. q6routing ab00000.remoteproc:glink-edge:apr:service@8:routing: Found Matching Copp 0x0 qcom-q6adm aprsvc:service:4:8: cmd = 0x10325 return error = 0x2 q6routing ab00000.remoteproc:glink-edge:apr:service@8:routing: DSP returned error[2] q6routing ab00000.remoteproc:glink-edge:apr:service@8:routing: Found Matching Copp 0x0 qcom-q6adm aprsvc:service:4:8: cmd = 0x10325 return error = 0x2 q6routing ab00000.remoteproc:glink-edge:apr:service@8:routing: DSP returned error[2] qcom-q6adm aprsvc:service:4:8: cmd = 0x10327 return error = 0x2 qcom-q6adm aprsvc:service:4:8: DSP returned error[2] qcom-q6adm aprsvc:service:4:8: Failed to close copp -22 qcom-q6adm aprsvc:service:4:8: cmd = 0x10327 return error = 0x2 qcom-q6adm aprsvc:service:4:8: DSP returned error[2] qcom-q6adm aprsvc:service:4:8: Failed to close copp -22 Fix this by addressing moving the adm_close to copp_kref destructor callback. Fixes: 7b20b2be51e1 ("ASoC: qdsp6: q6adm: Add q6adm driver") Cc: <Stable(a)vger.kernel.org> Reported-by: Martino Facchin <m.facchin(a)arduino.cc> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> Tested-by: Alexey Klimov <alexey.klimov(a)linaro.org> # RB5, RB3 --- sound/soc/qcom/qdsp6/q6adm.c | 146 +++++++++++++++++------------------ 1 file changed, 71 insertions(+), 75 deletions(-) diff --git a/sound/soc/qcom/qdsp6/q6adm.c b/sound/soc/qcom/qdsp6/q6adm.c index 1530e98df165..75a029a696ac 100644 --- a/sound/soc/qcom/qdsp6/q6adm.c +++ b/sound/soc/qcom/qdsp6/q6adm.c @@ -109,11 +109,75 @@ static struct q6copp *q6adm_find_copp(struct q6adm *adm, int port_idx, } +static int q6adm_apr_send_copp_pkt(struct q6adm *adm, struct q6copp *copp, + struct apr_pkt *pkt, uint32_t rsp_opcode) +{ + struct device *dev = adm->dev; + uint32_t opcode = pkt->hdr.opcode; + int ret; + + mutex_lock(&adm->lock); + copp->result.opcode = 0; + copp->result.status = 0; + ret = apr_send_pkt(adm->apr, pkt); + if (ret < 0) { + dev_err(dev, "Failed to send APR packet\n"); + ret = -EINVAL; + goto err; + } + + /* Wait for the callback with copp id */ + if (rsp_opcode) + ret = wait_event_timeout(copp->wait, + (copp->result.opcode == opcode) || + (copp->result.opcode == rsp_opcode), + msecs_to_jiffies(TIMEOUT_MS)); + else + ret = wait_event_timeout(copp->wait, + (copp->result.opcode == opcode), + msecs_to_jiffies(TIMEOUT_MS)); + + if (!ret) { + dev_err(dev, "ADM copp cmd timedout\n"); + ret = -ETIMEDOUT; + } else if (copp->result.status > 0) { + dev_err(dev, "DSP returned error[%d]\n", + copp->result.status); + ret = -EINVAL; + } + +err: + mutex_unlock(&adm->lock); + return ret; +} + +static int q6adm_device_close(struct q6adm *adm, struct q6copp *copp, + int port_id, int copp_idx) +{ + struct apr_pkt close; + + close.hdr.hdr_field = APR_HDR_FIELD(APR_MSG_TYPE_SEQ_CMD, + APR_HDR_LEN(APR_HDR_SIZE), + APR_PKT_VER); + close.hdr.pkt_size = sizeof(close); + close.hdr.src_port = port_id; + close.hdr.dest_port = copp->id; + close.hdr.token = port_id << 16 | copp_idx; + close.hdr.opcode = ADM_CMD_DEVICE_CLOSE_V5; + + return q6adm_apr_send_copp_pkt(adm, copp, &close, 0); +} + static void q6adm_free_copp(struct kref *ref) { struct q6copp *c = container_of(ref, struct q6copp, refcount); struct q6adm *adm = c->adm; unsigned long flags; + int ret; + + ret = q6adm_device_close(adm, c, c->afe_port, c->copp_idx); + if (ret < 0) + dev_err(adm->dev, "Failed to close copp %d\n", ret); spin_lock_irqsave(&adm->copps_list_lock, flags); clear_bit(c->copp_idx, &adm->copp_bitmap[c->afe_port]); @@ -155,13 +219,13 @@ static int q6adm_callback(struct apr_device *adev, struct apr_resp_pkt *data) switch (result->opcode) { case ADM_CMD_DEVICE_OPEN_V5: case ADM_CMD_DEVICE_CLOSE_V5: - copp = q6adm_find_copp(adm, port_idx, copp_idx); - if (!copp) - return 0; - - copp->result = *result; - wake_up(&copp->wait); - kref_put(&copp->refcount, q6adm_free_copp); + list_for_each_entry(copp, &adm->copps_list, node) { + if ((port_idx == copp->afe_port) && (copp_idx == copp->copp_idx)) { + copp->result = *result; + wake_up(&copp->wait); + break; + } + } break; case ADM_CMD_MATRIX_MAP_ROUTINGS_V5: adm->result = *result; @@ -234,65 +298,6 @@ static struct q6copp *q6adm_alloc_copp(struct q6adm *adm, int port_idx) return c; } -static int q6adm_apr_send_copp_pkt(struct q6adm *adm, struct q6copp *copp, - struct apr_pkt *pkt, uint32_t rsp_opcode) -{ - struct device *dev = adm->dev; - uint32_t opcode = pkt->hdr.opcode; - int ret; - - mutex_lock(&adm->lock); - copp->result.opcode = 0; - copp->result.status = 0; - ret = apr_send_pkt(adm->apr, pkt); - if (ret < 0) { - dev_err(dev, "Failed to send APR packet\n"); - ret = -EINVAL; - goto err; - } - - /* Wait for the callback with copp id */ - if (rsp_opcode) - ret = wait_event_timeout(copp->wait, - (copp->result.opcode == opcode) || - (copp->result.opcode == rsp_opcode), - msecs_to_jiffies(TIMEOUT_MS)); - else - ret = wait_event_timeout(copp->wait, - (copp->result.opcode == opcode), - msecs_to_jiffies(TIMEOUT_MS)); - - if (!ret) { - dev_err(dev, "ADM copp cmd timedout\n"); - ret = -ETIMEDOUT; - } else if (copp->result.status > 0) { - dev_err(dev, "DSP returned error[%d]\n", - copp->result.status); - ret = -EINVAL; - } - -err: - mutex_unlock(&adm->lock); - return ret; -} - -static int q6adm_device_close(struct q6adm *adm, struct q6copp *copp, - int port_id, int copp_idx) -{ - struct apr_pkt close; - - close.hdr.hdr_field = APR_HDR_FIELD(APR_MSG_TYPE_SEQ_CMD, - APR_HDR_LEN(APR_HDR_SIZE), - APR_PKT_VER); - close.hdr.pkt_size = sizeof(close); - close.hdr.src_port = port_id; - close.hdr.dest_port = copp->id; - close.hdr.token = port_id << 16 | copp_idx; - close.hdr.opcode = ADM_CMD_DEVICE_CLOSE_V5; - - return q6adm_apr_send_copp_pkt(adm, copp, &close, 0); -} - static struct q6copp *q6adm_find_matching_copp(struct q6adm *adm, int port_id, int topology, int mode, int rate, @@ -567,15 +572,6 @@ EXPORT_SYMBOL_GPL(q6adm_matrix_map); */ int q6adm_close(struct device *dev, struct q6copp *copp) { - struct q6adm *adm = dev_get_drvdata(dev->parent); - int ret = 0; - - ret = q6adm_device_close(adm, copp, copp->afe_port, copp->copp_idx); - if (ret < 0) { - dev_err(adm->dev, "Failed to close copp %d\n", ret); - return ret; - } - kref_put(&copp->refcount, q6adm_free_copp); return 0; -- 2.51.0

2 weeks, 6 days

1
0
0 0

[PATCH v2 01/20] ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr

by Srinivas Kandagatla

Driver does not expect the appl_ptr to move backward and requires explict sync. Make sure that the userspace does not do appl_ptr rewinds by specifying the correct flags in pcm_info. Without this patch, the result could be a forever loop as current logic assumes that appl_ptr can only move forward. Fixes: 3d4a4411aa8b ("ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> Tested-by: Alexey Klimov <alexey.klimov(a)linaro.org> # RB5, RB3 --- sound/soc/qcom/qdsp6/q6apm-dai.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/soc/qcom/qdsp6/q6apm-dai.c b/sound/soc/qcom/qdsp6/q6apm-dai.c index 4ecaff45c518..786ab3222515 100644 --- a/sound/soc/qcom/qdsp6/q6apm-dai.c +++ b/sound/soc/qcom/qdsp6/q6apm-dai.c @@ -86,6 +86,7 @@ static const struct snd_pcm_hardware q6apm_dai_hardware_capture = { .info = (SNDRV_PCM_INFO_MMAP | SNDRV_PCM_INFO_BLOCK_TRANSFER | SNDRV_PCM_INFO_MMAP_VALID | SNDRV_PCM_INFO_INTERLEAVED | SNDRV_PCM_INFO_PAUSE | SNDRV_PCM_INFO_RESUME | + SNDRV_PCM_INFO_NO_REWINDS | SNDRV_PCM_INFO_SYNC_APPLPTR | SNDRV_PCM_INFO_BATCH), .formats = (SNDRV_PCM_FMTBIT_S16_LE | SNDRV_PCM_FMTBIT_S24_LE), .rates = SNDRV_PCM_RATE_8000_48000, @@ -105,6 +106,7 @@ static const struct snd_pcm_hardware q6apm_dai_hardware_playback = { .info = (SNDRV_PCM_INFO_MMAP | SNDRV_PCM_INFO_BLOCK_TRANSFER | SNDRV_PCM_INFO_MMAP_VALID | SNDRV_PCM_INFO_INTERLEAVED | SNDRV_PCM_INFO_PAUSE | SNDRV_PCM_INFO_RESUME | + SNDRV_PCM_INFO_NO_REWINDS | SNDRV_PCM_INFO_SYNC_APPLPTR | SNDRV_PCM_INFO_BATCH), .formats = (SNDRV_PCM_FMTBIT_S16_LE | SNDRV_PCM_FMTBIT_S24_LE), .rates = SNDRV_PCM_RATE_8000_192000, -- 2.51.0

2 weeks, 6 days

1
0
0 0

[PATCH RFC 0/2] ASoC: codecs: pm4125: Two minor fixes for potential issues

by Krzysztof Kozlowski

I marked these as fixes, but the issue is not likely to trigger in normal conditions. Not tested on hardware, please kindly provide tested-by, the best with some probe bind/unbind cycle. Best regards, Krzysztof --- Krzysztof Kozlowski (2): ASoC: codecs: pm4125: Fix potential conflict when probing two devices ASoC: codecs: pm4125: Remove irq_chip on component unbind sound/soc/codecs/pm4125.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) --- base-commit: d22122bd89bc5ce7b3e057d99679ca50a72a8245 change-id: 20251023-asoc-regmap-irq-chip-bb2053c32168 Best regards, -- Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>

2 weeks, 6 days

1
3
0 0

FAILED: patch "[PATCH] dm: fix NULL pointer dereference in __dm_suspend()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8d33a030c566e1f105cd5bf27f37940b6367f3be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101316-favored-pulsate-a811@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8d33a030c566e1f105cd5bf27f37940b6367f3be Mon Sep 17 00:00:00 2001 From: Zheng Qixing <zhengqixing(a)huawei.com> Date: Tue, 26 Aug 2025 15:42:04 +0800 Subject: [PATCH] dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG: kernel NULL pointer dereference, address: 0000000000000054 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:blk_mq_wait_quiesce_done+0x0/0x50 Call Trace: <TASK> blk_mq_quiesce_queue+0x2c/0x50 dm_stop_queue+0xd/0x20 __dm_suspend+0x130/0x330 dm_suspend+0x11a/0x180 dev_suspend+0x27e/0x560 ctl_ioctl+0x4cf/0x850 dm_ctl_ioctl+0xd/0x20 vfs_ioctl+0x1d/0x50 __se_sys_ioctl+0x9b/0xc0 __x64_sys_ioctl+0x19/0x30 x64_sys_call+0x2c4a/0x4620 do_syscall_64+0x9e/0x1b0 The issue can be triggered as below: T1 T2 dm_suspend table_load __dm_suspend dm_setup_md_queue dm_mq_init_request_queue blk_mq_init_allocated_queue => q->mq_ops = set->ops; (1) dm_stop_queue / dm_wait_for_completion => q->tag_set NULL pointer! (2) => q->tag_set = set; (3) Fix this by checking if a valid table (map) exists before performing request-based suspend and waiting for target I/O. When map is NULL, skip these table-dependent suspend steps. Even when map is NULL, no I/O can reach any target because there is no table loaded; I/O submitted in this state will fail early in the DM layer. Skipping the table-dependent suspend logic in this case is safe and avoids NULL pointer dereferences. Fixes: c4576aed8d85 ("dm: fix request-based dm's use of dm_wait_for_completion") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Qixing <zhengqixing(a)huawei.com> Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 7222f20c1a83..66dd5f6ce778 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2908,7 +2908,7 @@ static int __dm_suspend(struct mapped_device *md, struct dm_table *map, { bool do_lockfs = suspend_flags & DM_SUSPEND_LOCKFS_FLAG; bool noflush = suspend_flags & DM_SUSPEND_NOFLUSH_FLAG; - int r; + int r = 0; lockdep_assert_held(&md->suspend_lock); @@ -2960,7 +2960,7 @@ static int __dm_suspend(struct mapped_device *md, struct dm_table *map, * Stop md->queue before flushing md->wq in case request-based * dm defers requests to md->wq from md->queue. */ - if (dm_request_based(md)) { + if (map && dm_request_based(md)) { dm_stop_queue(md->queue); set_bit(DMF_QUEUE_STOPPED, &md->flags); } @@ -2972,7 +2972,8 @@ static int __dm_suspend(struct mapped_device *md, struct dm_table *map, * We call dm_wait_for_completion to wait for all existing requests * to finish. */ - r = dm_wait_for_completion(md, task_state); + if (map) + r = dm_wait_for_completion(md, task_state); if (!r) set_bit(dmf_suspended_flag, &md->flags);

2 weeks, 6 days

5
12
0 0

[PATCH] usb: renesas_usbhs: Fix synchronous external abort on unbind

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f_ecm modprobe libcomposite modprobe configfs cd /sys/kernel/config/usb_gadget mkdir -p g1 cd g1 echo "0x1d6b" > idVendor echo "0x0104" > idProduct mkdir -p strings/0x409 echo "0123456789" > strings/0x409/serialnumber echo "Renesas." > strings/0x409/manufacturer echo "Ethernet Gadget" > strings/0x409/product mkdir -p functions/ecm.usb0 mkdir -p configs/c.1 mkdir -p configs/c.1/strings/0x409 echo "ECM" > configs/c.1/strings/0x409/configuration if [ ! -L configs/c.1/ecm.usb0 ]; then ln -s functions/ecm.usb0 configs/c.1 fi echo 11e20000.usb > UDC echo 11e20000.usb > /sys/bus/platform/drivers/renesas_usbhs/unbind The displayed trace is as follows: Internal error: synchronous external abort: 0000000096000010 [#1] SMP CPU: 0 UID: 0 PID: 188 Comm: sh Tainted: G M 6.17.0-rc7-next-20250922-00010-g41050493b2bd #55 PREEMPT Tainted: [M]=MACHINE_CHECK Hardware name: Renesas SMARC EVK version 2 based on r9a08g045s33 (DT) pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usbhs_sys_function_pullup+0x10/0x40 [renesas_usbhs] lr : usbhsg_update_pullup+0x3c/0x68 [renesas_usbhs] sp : ffff8000838b3920 x29: ffff8000838b3920 x28: ffff00000d585780 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: ffff00000c3e3810 x23: ffff00000d5e5c80 x22: ffff00000d5e5d40 x21: 0000000000000000 x20: 0000000000000000 x19: ffff00000d5e5c80 x18: 0000000000000020 x17: 2e30303230316531 x16: 312d7968703a7968 x15: 3d454d414e5f4344 x14: 000000000000002c x13: 0000000000000000 x12: 0000000000000000 x11: ffff00000f358f38 x10: ffff00000f358db0 x9 : ffff00000b41f418 x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d x5 : 8080808000000000 x4 : 000000004b5ccb9d x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff800083790000 x0 : ffff00000d5e5c80 Call trace: usbhs_sys_function_pullup+0x10/0x40 [renesas_usbhs] (P) usbhsg_pullup+0x4c/0x7c [renesas_usbhs] usb_gadget_disconnect_locked+0x48/0xd4 gadget_unbind_driver+0x44/0x114 device_remove+0x4c/0x80 device_release_driver_internal+0x1c8/0x224 device_release_driver+0x18/0x24 bus_remove_device+0xcc/0x10c device_del+0x14c/0x404 usb_del_gadget+0x88/0xc0 usb_del_gadget_udc+0x18/0x30 usbhs_mod_gadget_remove+0x24/0x44 [renesas_usbhs] usbhs_mod_remove+0x20/0x30 [renesas_usbhs] usbhs_remove+0x98/0xdc [renesas_usbhs] platform_remove+0x20/0x30 device_remove+0x4c/0x80 device_release_driver_internal+0x1c8/0x224 device_driver_detach+0x18/0x24 unbind_store+0xb4/0xb8 drv_attr_store+0x24/0x38 sysfs_kf_write+0x7c/0x94 kernfs_fop_write_iter+0x128/0x1b8 vfs_write+0x2ac/0x350 ksys_write+0x68/0xfc __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xf0 el0t_64_sync_handler+0xa0/0xe4 el0t_64_sync+0x198/0x19c Code: 7100003f 1a9f07e1 531c6c22 f9400001 (79400021) ---[ end trace 0000000000000000 ]--- note: sh[188] exited with irqs disabled note: sh[188] exited with preempt_count 1 The issue occurs because usbhs_sys_function_pullup(), which accesses the IP registers, is executed after the USBHS clocks have been disabled. The problem is reproducible on the Renesas RZ/G3S SoC starting with the addition of module stop in the clock enable/disable APIs. With module stop functionality enabled, a bus error is expected if a master accesses a module whose clock has been stopped and module stop activated. Disable the IP clocks at the end of remove. Cc: stable(a)vger.kernel.org Fixes: f1407d5c6624 ("usb: renesas_usbhs: Add Renesas USBHS common code") Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Patch was tested with continuous unbind/bind and the configuration sequence described above on the devices with the following device trees: - r8a774a1-hihope-rzg2m-ex.dts - r8a774b1-hihope-rzg2n-ex.dts - r8a774e1-hihope-rzg2h-ex.dts - r9a07g043u11-smarc.dts - r9a07g044c2-smarc.dts - r9a07g044l2-smarc.dts - r9a07g054l2-smarc.dts drivers/usb/renesas_usbhs/common.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 8f536f2c500f..b8b55d08ac52 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -813,18 +813,18 @@ static void usbhs_remove(struct platform_device *pdev) flush_delayed_work(&priv->notify_hotplug_work); - /* power off */ - if (!usbhs_get_dparam(priv, runtime_pwctrl)) - usbhsc_power_ctrl(priv, 0); - - pm_runtime_disable(&pdev->dev); - usbhs_platform_call(priv, hardware_exit, pdev); usbhsc_clk_put(priv); reset_control_assert(priv->rsts); usbhs_mod_remove(priv); usbhs_fifo_remove(priv); usbhs_pipe_remove(priv); + + /* power off */ + if (!usbhs_get_dparam(priv, runtime_pwctrl)) + usbhsc_power_ctrl(priv, 0); + + pm_runtime_disable(&pdev->dev); } static int usbhsc_suspend(struct device *dev) -- 2.43.0

2 weeks, 6 days

3
2
0 0

[PATCH 5.15 000/276] 5.15.195-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.195 release. There are 276 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 19 Oct 2025 14:50:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.195-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.195-rc1 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate C-flag + def limit Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: usable client side with C-flag Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: pci/ivtv: switch from 'pci_' to 'dma_' API Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not flag the zero page as PG_mte_tagged Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: switch from 'pci_' to 'dma_' API Jan Kara <jack(a)suse.cz> writeback: Avoid excessively long inode switching times Jan Kara <jack(a)suse.cz> writeback: Avoid softlockup when switching many inodes Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options Oleg Nesterov <oleg(a)redhat.com> pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk David Laight <David.Laight(a)ACULAB.COM> minmax.h: remove some #defines that are only expanded once David Laight <David.Laight(a)ACULAB.COM> minmax.h: simplify the variants of clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: move all the clamp() definitions after the min/max() ones David Laight <David.Laight(a)ACULAB.COM> minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: reduce the #define expansion of min(), max() and clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: update some comments David Laight <David.Laight(a)ACULAB.COM> minmax.h: add whitespace around operators and after commas Linus Torvalds <torvalds(a)linux-foundation.org> minmax: fix up min3() and max3() too Linus Torvalds <torvalds(a)linux-foundation.org> minmax: improve macro expansion and type checking Linus Torvalds <torvalds(a)linux-foundation.org> minmax: simplify min()/max()/clamp() implementation Linus Torvalds <torvalds(a)linux-foundation.org> minmax: don't use max() in situations that want a C constant expression Linus Torvalds <torvalds(a)linux-foundation.org> minmax: make generic MIN() and MAX() macros available everywhere Linus Torvalds <torvalds(a)linux-foundation.org> minmax: simplify and clarify min_t()/max_t() implementation Linus Torvalds <torvalds(a)linux-foundation.org> minmax: add a few more MIN_T/MAX_T users Linus Torvalds <torvalds(a)linux-foundation.org> minmax: avoid overly complicated constant expressions in VM code David Laight <David.Laight(a)ACULAB.COM> minmax: fix indentation of __cmp_once() and __clamp_once() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: deduplicate __unconst_integer_typeof() Herve Codina <herve.codina(a)bootlin.com> minmax: Introduce {min,max}_array() Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Qu Wenruo <wqu(a)suse.com> btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Aleksa Sarai <cyphar(a)cyphar.com> fscontext: do not consume log entries when returning -EMSGSIZE Peter Zijlstra <peterz(a)infradead.org> locking: Introduce __cleanup() based infrastructure Zheng Qixing <zhengqixing(a)huawei.com> dm: fix NULL pointer dereference in __dm_suspend() Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Matvey Kovalev <matvey.kovalev(a)ispras.ru> ksmbd: fix error code overwriting in smb2_get_info_filesystem() Oleksij Rempel <linux(a)rempel-privat.de> net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Ma Ke <make24(a)iscas.ac.cn> ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd934x: Simplify with dev_err_probe Sean Christopherson <seanjc(a)google.com> KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Nathan Chancellor <nathan(a)kernel.org> lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Jan Kara <jack(a)suse.cz> ext4: free orphan info with kvfree Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Jan Kara <jack(a)suse.cz> ext4: verify orphan file size is not too big Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Thorsten Blum <thorsten.blum(a)linux.dev> NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Lukas Wunner <lukas(a)wunner.de> PCI/AER: Support errors introduced by PCIe r6.0 Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Lukas Wunner <lukas(a)wunner.de> PCI/ERR: Fix uevent on failure to recover Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Nam Cao <namcao(a)linutronix.de> powerpc/pseries/msi: Fix potential underflow and leak issue Nam Cao <namcao(a)linutronix.de> powerpc/powernv/pci: Fix underflow and leak issue Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Askar Safin <safinaskar(a)zohomail.com> openat2: don't trigger automounts with RESOLVE_NO_XDEV Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: PRS isn't usable if PDS isn't supported Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Huacai Chen <chenhuacai(a)kernel.org> init: handle bootloader identifier in kernel parameters Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Haoxiang Li <haoxiang_li2024(a)163.com> fs/ntfs3: Fix a resource leak bug in wnd_extend() Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Simon Schuster <schuster.simon(a)siemens-energy.com> copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Adam Xue <zxue(a)semtech.com> bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Miaoqian Lin <linmq006(a)gmail.com> ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT KaFai Wan <kafai.wan(a)linux.dev> bpf: Avoid RCU context warning when unpinning htab with internal structs Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: mark the GPIO controller as sleeping Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Eric Woudstra <ericwouds(a)gmail.com> bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly disable scaling on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add additional DCE6 SCL registers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Thomas Zimmermann <tzimmermann(a)suse.de> drm/vmwgfx: Copy DRM hash-table code into driver Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: unregister the subchannel while purging Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue John Garry <john.garry(a)huawei.com> scsi: mvsas: Use sas_task_find_rq() for tagging John Garry <john.garry(a)huawei.com> scsi: mvsas: Delete mvs_tag_init() John Garry <john.garry(a)huawei.com> scsi: libsas: Add sas_task_find_rq() Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Set target frequency for all cpus in policy Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Ian Rogers <irogers(a)google.com> perf test: Don't leak workload gopipe in PERF_RECORD_* Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct memory level for remote access Leo Yan <leo.yan(a)arm.com> perf arm-spe: Rename the common data source encoding German Gomez <german.gomez(a)arm.com> perf arm-spe: Refactor arm-spe to support operation packet type Jing Zhang <renyu.zj(a)linux.alibaba.com> perf arm-spe: augment the data source type with neoverse_spe list Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct setting remote access Ali Saidi <alisaidi(a)amazon.com> perf arm-spe: Use SPE data source for neoverse cores German Gomez <german.gomez(a)arm.com> perf arm-spe: Save context ID in record Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Brian Masney <bmasney(a)redhat.com> clk: at91: peripheral: fix return value Ian Rogers <irogers(a)google.com> libperf event: Ensure tracing data is multiple of 8 sized Ian Rogers <irogers(a)google.com> perf evsel: Avoid container_of on a NULL leader Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> fs: always return zero on success from replace_fd() Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call Salah Triki <salah.triki(a)gmail.com> bus: fsl-mc: Check return value of platform_get_resource() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: check the return value of pinmux_ops::get_function_name() Zhen Ni <zhen.ni(a)easystack.cn> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Marek Vasut <marek.vasut(a)mailbox.org> Input: atmel_mxt_ts - allow reset GPIO to sleep Guangshuo Li <lgs201920130244(a)gmail.com> nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() Yang Shi <yang(a)os.amperecomputing.com> mm: hugetlb: avoid soft lockup when mprotect to large memory area Jan Kara <jack(a)suse.cz> ext4: fix checks for orphan inodes Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Deepak Sharma <deepak.sharma.472935(a)gmail.com> net: nfc: nci: Add parameter validation for packet data Larshin Sergey <Sergey.Larshin(a)kaspersky.com> fs: udf: fix OOB read in lengthAllocDescs handling Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Let userspace take care of interrupt mask Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix uninit-value in squashfs_get_parent Jakub Kicinski <kuba(a)kernel.org> Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle copy_thresh allocation failure Kohei Enju <enjuk(a)amazon.com> net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Kohei Enju <enjuk(a)amazon.com> nfp: fix RSS hash key size when RSS is not supported Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: fix double free in register_one_node() Dan Carpenter <dan.carpenter(a)linaro.org> ocfs2: fix double free in user_cluster_connect() Nishanth Menon <nm(a)ti.com> hwrng: ks-sa - fix division by zero in ks_sa_rng_init Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Bernard Metzler <bernard.metzler(a)linux.dev> RDMA/siw: Always report immediate post SQ errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> usb: vhci-hcd: Prevent suspending virtually attached devices Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Slavin Liu <slavin452(a)gmail.com> ipvs: Defer ip_vs_ftp unregister during netns cleanup Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix backchannel max_resp_sz verification check Leo Yan <leo.yan(a)arm.com> coresight: trbe: Return NULL pointer for allocation failures Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_to_user for Niagara 4 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath10k: avoid unnecessary wait for service ready message Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/sa: Fix sa_local_svc_timeout_ms read race Parav Pandit <parav(a)nvidia.com> RDMA/core: Resolve MAC of next-hop device without ARP support Michal Pecio <michal.pecio(a)gmail.com> Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: qla2xxx: edif: Fix incorrect sign of error code Colin Ian King <colin.i.king(a)gmail.com> ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: mt76: fix potential memory leak in mt76_wmac_probe() Håkon Bugge <haakon.bugge(a)oracle.com> RDMA/cm: Rate limit destroy CM ID timeout error message Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: handle error properly in register_one_node() Christophe Leroy <christophe.leroy(a)csgroup.eu> watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Zhen Ni <zhen.ni(a)easystack.cn> netfilter: ipset: Remove unused htable_bits in macro ahash_region Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix offset handling in iio_convert_raw_to_processed() Vitaly Grigoryev <Vitaly.Grigoryev(a)kaspersky.com> fs: ntfs3: Fix integer overflow in run_unpack() Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping Wang Liang <wangliang74(a)huawei.com> pps: fix warning in pps_register_cdev when register device fail Colin Ian King <colin.i.king(a)gmail.com> misc: genwqe: Fix incorrect cmd field being reported in error William Wu <william.wu(a)rock-chips.com> usb: gadget: configfs: Correctly set use_os_string at bind Xichao Zhao <zhao.xichao(a)vivo.com> usb: phy: twl6030: Fix incorrect type for ret Qianfeng Rong <rongqianfeng(a)vivo.com> drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() Eric Dumazet <edumazet(a)google.com> tcp: fix __tcp_close() to only send RST when required Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation Stefan Kerkmann <s.kerkmann(a)pengutronix.de> wifi: mwifiex: send world regulatory domain to driver Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Power up UVD 3 for FW validation (v2) Qianfeng Rong <rongqianfeng(a)vivo.com> ALSA: lx_core: use int type to store negative error codes Zhang Shurong <zhang_shurong(a)foxmail.com> media: rj54n1cb0c: Fix memleak in rj54n1_probe() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: myrs: Fix dma_alloc_coherent() error check Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Dan Carpenter <dan.carpenter(a)linaro.org> usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup Brahmajit Das <listout(a)listout.xyz> drm/radeon/r600_cs: clean up of dead code in r600_cs Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Add disabling clocks when probe fails Leilk.Liu <leilk.liu(a)mediatek.com> i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> thermal/drivers/qcom/lmh: Add missing IRQ includes Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> thermal/drivers/qcom: Make LMH select QCOM_SCM Zhouyi Zhou <zhouzhouyi(a)gmail.com> tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> smp: Fix up and expand the smp_call_function_many() kerneldoc Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Explicitly check accesses to bpf_sock_addr Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Stanley Chu <stanley.chuys(a)gmail.com> i3c: master: svc: Recycle unused IBI slot Daniel Wagner <wagi(a)kernel.org> nvmet-fc: move lsop put work to nvmet_fc_ls_req_op Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix corner case in clock divisor calculation AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible Johan Hovold <johan(a)kernel.org> firmware: firmware: meson-sm: fix compile-test default Qianfeng Rong <rongqianfeng(a)vivo.com> pinctrl: renesas: Use int type to store negative error codes Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Clear power.must_resume in noirq suspend error path Qianfeng Rong <rongqianfeng(a)vivo.com> block: use int to store blk_stack_limits() return value Qianfeng Rong <rongqianfeng(a)vivo.com> regulator: scmi: Use int type to store negative error codes Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: fix MCKx restore routine Li Nan <linan122(a)huawei.com> blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Da Xue <da(a)libre.computer> pinctrl: meson-gxl: add missing i2c_d pinmux Sneh Mankad <sneh.mankad(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Huisong Li <lihuisong(a)huawei.com> ACPI: processor: idle: Fix memory leak when register cpuidle device failed Florian Fainelli <florian.fainelli(a)broadcom.com> cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() Yureka Lilian <yuka(a)yuka.dev> libbpf: Fix reuse of DEVMAP Geert Uytterhoeven <geert+renesas(a)glider.be> regmap: Remove superfluous check for !config in __regmap_init() Uros Bizjak <ubizjak(a)gmail.com> x86/vdso: Fix output operand size of RDPID Leo Yan <leo.yan(a)arm.com> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Leo Yan <leo.yan(a)arm.com> coresight: trbe: Prevent overflow in PERF_IDX2OFF() Bala-Vignesh-Reddy <reddybalavignesh9979(a)gmail.com> selftests: arm64: Check fread return value in exec_target Jeff Layton <jlayton(a)kernel.org> filelock: add FL_RECLAIM to show_fl_flags() macro Nalivayko Sergey <Sergey.Nalivayko(a)kaspersky.com> net/9p: fix double req put in p9_fd_cancelled Matthew Wilcox (Oracle) <willy(a)infradead.org> minmax: add in_range() macro Herbert Xu <herbert(a)gondor.apana.org.au> crypto: rng - Ensure set_ent is always present Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core/PM: Set power.no_callbacks along with power.no_pm Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: flush RX FIFO on read errors Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: fix maximum TX packet length check Raphael Gallais-Pou <raphael.gallais-pou(a)foss.st.com> serial: stm32: allow selecting console when the driver is module Arnaud Lecomte <contact(a)arnaud-lcm.com> hid: fix I2C read buffer overflow in raw_event() for mcp2221 hupu <hupu.gm(a)gmail.com> perf subcmd: avoid crash in exclude_cmds when excludes is empty Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: limit MAX_TAG_SIZE to 255 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Xiaowei Li <xiaowei.li(a)simcom.com> USB: serial: option: add SIMCom 8230C compositions Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe Duoming Zhou <duoming(a)zju.edu.cn> media: tuner: xc5000: Fix use-after-free in xc5000_release Ricardo Ribalda <ribalda(a)chromium.org> media: tunner: xc5000: Refactor firmware load Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Will Deacon <will(a)kernel.org> KVM: arm64: Fix softirq masking in FPSIMD register saving sequence Larshin Sergey <Sergey.Larshin(a)kaspersky.com> media: rc: fix races with imon_disconnect() Duoming Zhou <duoming(a)zju.edu.cn> media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove Wang Haoran <haoranwangsec(a)gmail.com> scsi: target: target_core_configfs: Add length check to avoid buffer overflow Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + Documentation/gpu/todo.rst | 11 + Documentation/trace/histogram-design.rst | 4 +- Makefile | 4 +- arch/arm/mach-at91/pm_suspend.S | 4 +- arch/arm/mach-omap2/pm33xx-core.c | 6 +- arch/arm/mm/pageattr.c | 6 +- arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kernel/fpsimd.c | 8 +- arch/arm64/kernel/mte.c | 3 +- arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/powerpc/platforms/pseries/msi.c | 2 +- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/lib/M7memcpy.S | 20 +- arch/sparc/lib/Memcpy_utils.S | 9 + arch/sparc/lib/NG4memcpy.S | 2 +- arch/sparc/lib/NGmemcpy.S | 29 ++- arch/sparc/lib/U1memcpy.S | 19 +- arch/sparc/lib/U3memcpy.S | 2 +- arch/sparc/mm/hugetlbpage.c | 20 ++ arch/um/drivers/mconsole_user.c | 2 + arch/x86/include/asm/segment.h | 8 +- arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/emulate.c | 11 +- arch/x86/kvm/kvm_emulate.h | 2 +- arch/x86/kvm/x86.c | 9 +- arch/x86/mm/pgtable.c | 2 +- block/blk-mq-sysfs.c | 6 +- block/blk-settings.c | 3 +- crypto/essiv.c | 14 +- crypto/rng.c | 8 + drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 3 + drivers/base/node.c | 4 + drivers/base/power/main.c | 14 +- drivers/base/regmap/regmap.c | 2 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 3 + drivers/bus/mhi/host/init.c | 5 +- drivers/char/hw_random/ks-sa-rng.c | 4 + drivers/char/tpm/tpm_tis_core.c | 4 +- drivers/clk/at91/clk-peripheral.c | 7 +- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 +- drivers/clocksource/clps711x-timer.c | 23 +- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpufreq/scmi-cpufreq.c | 10 + drivers/cpufreq/tegra186-cpufreq.c | 8 +- drivers/crypto/atmel-tdes.c | 2 +- drivers/dma/ioat/dma.c | 12 +- drivers/edac/sb_edac.c | 4 +- drivers/edac/skx_common.h | 1 - drivers/firmware/meson/Kconfig | 2 +- drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpio/gpio-wcd934x.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 ++- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 + .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 + .../gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 + .../drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 2 + drivers/gpu/drm/arm/display/include/malidp_utils.h | 2 +- .../drm/arm/display/komeda/komeda_pipeline_state.c | 24 +- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 - drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/radeon/evergreen_cs.c | 2 + drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/vmwgfx/Makefile | 2 +- drivers/gpu/drm/vmwgfx/ttm_object.c | 52 ++-- drivers/gpu/drm/vmwgfx/ttm_object.h | 3 +- drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c | 24 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 6 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_hashtab.c | 199 ++++++++++++++++ drivers/gpu/drm/vmwgfx/vmwgfx_hashtab.h | 83 +++++++ drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 26 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.h | 7 +- drivers/hid/hid-mcp2221.c | 4 + drivers/hwmon/adt7475.c | 24 +- drivers/hwtracing/coresight/coresight-trbe.c | 9 +- drivers/i2c/busses/i2c-designware-platdrv.c | 1 + drivers/i2c/busses/i2c-mt65xx.c | 17 +- drivers/i3c/master/svc-i3c-master.c | 1 + drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 4 - drivers/iio/inkern.c | 2 +- drivers/infiniband/core/addr.c | 10 +- drivers/infiniband/core/cm.c | 4 +- drivers/infiniband/core/sa_query.c | 6 +- drivers/infiniband/sw/siw/siw_verbs.c | 25 +- drivers/input/misc/uinput.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 2 +- drivers/input/touchscreen/cyttsp4_core.c | 2 +- drivers/iommu/amd/iommu.c | 3 +- drivers/iommu/intel/iommu.c | 2 +- drivers/irqchip/irq-sun6i-r.c | 2 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 7 +- drivers/md/dm-integrity.c | 6 +- drivers/md/dm.c | 7 +- drivers/media/dvb-frontends/stv0367_priv.h | 3 + drivers/media/i2c/mt9v111.c | 2 +- drivers/media/i2c/rj54n1cb0c.c | 9 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/pci/b2c2/flexcop-pci.c | 2 +- drivers/media/pci/cobalt/cobalt-driver.c | 4 +- drivers/media/pci/cx18/cx18-driver.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 20 +- drivers/media/pci/cx18/cx18-streams.c | 16 +- drivers/media/pci/ddbridge/ddbridge-main.c | 4 +- drivers/media/pci/intel/ipu3/ipu3-cio2-main.c | 2 +- drivers/media/pci/ivtv/ivtv-driver.c | 2 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-queue.c | 18 +- drivers/media/pci/ivtv/ivtv-streams.c | 22 +- drivers/media/pci/ivtv/ivtv-udma.c | 27 ++- drivers/media/pci/ivtv/ivtv-yuv.c | 24 +- drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/pci/netup_unidvb/netup_unidvb_core.c | 2 +- drivers/media/pci/pluto2/pluto2.c | 20 +- drivers/media/pci/pt1/pt1.c | 2 +- drivers/media/pci/tw5864/tw5864-core.c | 2 +- drivers/media/rc/imon.c | 27 ++- drivers/media/tuners/xc5000.c | 41 ++-- drivers/memory/samsung/exynos-srom.c | 10 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/mfd/vexpress-sysreg.c | 6 +- drivers/misc/genwqe/card_ddcb.c | 2 +- drivers/mmc/core/sdio.c | 6 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 +- drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 +- drivers/net/ethernet/dlink/dl2k.c | 7 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/fjes/fjes_main.c | 4 +- drivers/net/usb/asix_devices.c | 35 ++- drivers/net/usb/rtl8150.c | 2 - drivers/net/wireless/ath/ath10k/wmi.c | 39 ++- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 +- drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 - drivers/nfc/pn544/i2c.c | 2 - drivers/nvme/host/pci.c | 2 + drivers/nvme/target/fc.c | 19 +- drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/dwc/pcie-tegra194.c | 4 +- drivers/pci/controller/pci-tegra.c | 2 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/pci/pci-sysfs.c | 20 +- drivers/pci/pcie/aer.c | 12 +- drivers/pci/pcie/err.c | 8 +- drivers/perf/arm_spe_pmu.c | 3 +- drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 + drivers/pinctrl/pinmux.c | 2 +- drivers/pinctrl/renesas/pinctrl.c | 3 +- drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/sony-laptop.c | 1 - drivers/pps/kapi.c | 5 +- drivers/pps/pps.c | 5 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/pwm/pwm-tiehrpwm.c | 4 +- drivers/regulator/scmi-regulator.c | 3 +- drivers/remoteproc/qcom_q6v5.c | 3 - drivers/rtc/interface.c | 27 +++ drivers/rtc/rtc-x1205.c | 2 +- drivers/s390/cio/device.c | 35 ++- drivers/scsi/hpsa.c | 21 +- drivers/scsi/isci/init.c | 6 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 +- drivers/scsi/mvsas/mv_defs.h | 1 + drivers/scsi/mvsas/mv_init.c | 13 +- drivers/scsi/mvsas/mv_sas.c | 42 ++-- drivers/scsi/mvsas/mv_sas.h | 8 +- drivers/scsi/myrs.c | 8 +- drivers/scsi/pm8001/pm8001_sas.c | 9 +- drivers/scsi/qla2xxx/qla_edif.c | 4 +- drivers/scsi/qla2xxx/qla_init.c | 4 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/spi/spi-cadence-quadspi.c | 5 + drivers/staging/axis-fifo/axis-fifo.c | 32 ++- .../pci/hive_isp_css_include/math_support.h | 5 - drivers/target/target_core_configfs.c | 2 +- drivers/thermal/qcom/Kconfig | 3 +- drivers/thermal/qcom/lmh.c | 2 + drivers/tty/serial/Kconfig | 2 +- drivers/uio/uio_hv_generic.c | 7 +- drivers/usb/cdns3/cdnsp-pci.c | 5 +- drivers/usb/gadget/configfs.c | 2 + drivers/usb/host/max3421-hcd.c | 2 +- drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/phy/phy-twl6030-usb.c | 3 +- drivers/usb/serial/option.c | 6 + drivers/usb/usbip/vhci_hcd.c | 22 ++ drivers/virt/acrn/ioreq.c | 4 +- drivers/watchdog/mpc8xxx_wdt.c | 2 + drivers/xen/events/events_base.c | 20 +- drivers/xen/manage.c | 3 +- fs/btrfs/export.c | 8 +- fs/btrfs/extent_io.c | 14 +- fs/btrfs/misc.h | 2 - fs/btrfs/tree-checker.c | 2 +- fs/cramfs/inode.c | 11 +- fs/erofs/zdata.h | 2 +- fs/ext2/balloc.c | 2 - fs/ext4/ext4.h | 12 +- fs/ext4/file.c | 2 +- fs/ext4/fsmap.c | 14 +- fs/ext4/inode.c | 12 +- fs/ext4/orphan.c | 23 +- fs/ext4/super.c | 4 +- fs/ext4/xattr.c | 15 +- fs/file.c | 5 +- fs/fs-writeback.c | 32 ++- fs/fsopen.c | 70 +++--- fs/ksmbd/smb2pdu.c | 3 +- fs/minix/inode.c | 8 +- fs/namei.c | 8 + fs/namespace.c | 11 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/lockd.c | 15 ++ fs/nfsd/nfs4proc.c | 2 +- fs/ntfs3/bitmap.c | 1 + fs/ntfs3/run.c | 12 +- fs/ocfs2/stack_user.c | 1 + fs/squashfs/inode.c | 31 ++- fs/squashfs/squashfs_fs_i.h | 2 +- fs/udf/inode.c | 3 + fs/ufs/util.h | 6 - include/linux/cleanup.h | 171 +++++++++++++ include/linux/compiler-clang.h | 9 + include/linux/compiler.h | 9 + include/linux/compiler_attributes.h | 6 + include/linux/device.h | 10 + include/linux/file.h | 6 + include/linux/iio/frequency/adf4350.h | 2 +- include/linux/irqflags.h | 7 + include/linux/minmax.h | 264 +++++++++++++++------ include/linux/mutex.h | 4 + include/linux/percpu.h | 4 + include/linux/preempt.h | 47 ++++ include/linux/rcupdate.h | 3 + include/linux/rwsem.h | 8 + include/linux/sched/task.h | 2 + include/linux/slab.h | 3 + include/linux/spinlock.h | 32 +++ include/linux/srcu.h | 5 + include/scsi/libsas.h | 18 ++ include/trace/events/filelock.h | 3 +- init/main.c | 14 ++ kernel/bpf/inode.c | 4 +- kernel/fork.c | 2 +- kernel/pid.c | 5 +- kernel/smp.c | 11 +- kernel/trace/preemptirq_delay_test.c | 2 - kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 12 +- lib/btree.c | 1 - lib/crypto/Makefile | 4 + lib/decompress_unlzma.c | 2 + lib/genalloc.c | 5 +- lib/logic_pio.c | 3 - lib/vsprintf.c | 2 +- lib/zstd/zstd_internal.h | 2 - mm/hugetlb.c | 2 + mm/page_alloc.c | 2 +- mm/zsmalloc.c | 1 - net/9p/trans_fd.c | 8 +- net/bluetooth/mgmt.c | 10 +- net/bridge/br_vlan.c | 2 +- net/core/filter.c | 18 +- net/ipv4/proc.c | 2 +- net/ipv4/tcp.c | 9 +- net/ipv4/tcp_input.c | 1 - net/ipv4/udp.c | 16 +- net/ipv6/proc.c | 2 +- net/mptcp/pm.c | 7 +- net/mptcp/pm_netlink.c | 49 +++- net/mptcp/protocol.h | 8 + net/netfilter/ipset/ip_set_hash_gen.h | 8 +- net/netfilter/ipvs/ip_vs_ftp.c | 4 +- net/netfilter/nf_nat_core.c | 6 +- net/nfc/nci/ntf.c | 135 ++++++++--- net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- net/tipc/core.h | 2 +- net/tipc/link.c | 10 +- scripts/checkpatch.pl | 2 +- security/keys/trusted-keys/trusted_tpm1.c | 7 +- sound/pci/lx6464es/lx_core.c | 4 +- sound/soc/codecs/wcd934x.c | 30 ++- sound/soc/intel/boards/bytcht_es8316.c | 20 +- sound/soc/intel/boards/bytcr_rt5640.c | 7 +- sound/soc/intel/boards/bytcr_rt5651.c | 26 +- tools/build/feature/Makefile | 4 +- tools/include/nolibc/std.h | 2 +- tools/lib/bpf/libbpf.c | 10 + tools/lib/perf/include/perf/event.h | 1 + tools/lib/subcmd/help.c | 3 + tools/perf/tests/perf-record.c | 4 + tools/perf/util/arm-spe-decoder/arm-spe-decoder.c | 33 ++- tools/perf/util/arm-spe-decoder/arm-spe-decoder.h | 60 ++++- tools/perf/util/arm-spe.c | 146 ++++++++++-- tools/perf/util/evsel.c | 2 + tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/zlib.c | 2 +- tools/testing/nvdimm/test/ndtest.c | 13 +- tools/testing/selftests/arm64/pauth/exec_target.c | 7 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 10 + tools/testing/selftests/rseq/rseq.c | 8 +- tools/testing/selftests/vm/mremap_test.c | 2 + tools/testing/selftests/watchdog/watchdog-test.c | 6 + 333 files changed, 2761 insertions(+), 1057 deletions(-)

2 weeks, 6 days

7
287
0 0

[PATCH 5.15.y] Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*"

by niko.mauno＠vaisala.com

From: Niko Mauno <niko.mauno(a)vaisala.com> This reverts commit b7e5c59f3b0971f56ebbceb9d42cc45e9ac1cd94. Commit in question broke building perf followingly with v5.15.195: | ld: perf-in.o: in function `test__PERF_RECORD': | tools/perf/tests/perf-record.c:142: undefined reference to `evlist__cancel_workload' The 'evlist__cancel_workload' seems to be introduced in commit e880a70f8046 ("perf stat: Close cork_fd when create_perf_stat_counter() failed") which is currently not included in the 5.15 stable series. Fixes: b7e5c59f3b09 ("perf test: Don't leak workload gopipe in PERF_RECORD_*") Cc: stable(a)vger.kernel.org # 5.15 Signed-off-by: Niko Mauno <niko.mauno(a)vaisala.com> --- tools/perf/tests/perf-record.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tools/perf/tests/perf-record.c b/tools/perf/tests/perf-record.c index b215e89b65f7..0df471bf1590 100644 --- a/tools/perf/tests/perf-record.c +++ b/tools/perf/tests/perf-record.c @@ -115,7 +115,6 @@ int test__PERF_RECORD(struct test *test __maybe_unused, int subtest __maybe_unus if (err < 0) { pr_debug("sched__get_first_possible_cpu: %s\n", str_error_r(errno, sbuf, sizeof(sbuf))); - evlist__cancel_workload(evlist); goto out_delete_evlist; } @@ -127,7 +126,6 @@ int test__PERF_RECORD(struct test *test __maybe_unused, int subtest __maybe_unus if (sched_setaffinity(evlist->workload.pid, cpu_mask_size, &cpu_mask) < 0) { pr_debug("sched_setaffinity: %s\n", str_error_r(errno, sbuf, sizeof(sbuf))); - evlist__cancel_workload(evlist); goto out_delete_evlist; } @@ -139,7 +137,6 @@ int test__PERF_RECORD(struct test *test __maybe_unused, int subtest __maybe_unus if (err < 0) { pr_debug("perf_evlist__open: %s\n", str_error_r(errno, sbuf, sizeof(sbuf))); - evlist__cancel_workload(evlist); goto out_delete_evlist; } @@ -152,7 +149,6 @@ int test__PERF_RECORD(struct test *test __maybe_unused, int subtest __maybe_unus if (err < 0) { pr_debug("evlist__mmap: %s\n", str_error_r(errno, sbuf, sizeof(sbuf))); - evlist__cancel_workload(evlist); goto out_delete_evlist; } -- 2.39.5

2 weeks, 6 days

1
0
0 0

[PATCH 6.12 000/135] 6.12.55-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.55 release. There are 135 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 24 Oct 2025 06:01:25 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.55-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.55-rc2 Guenter Roeck <linux(a)roeck-us.net> dmaengine: Add missing cleanup on module unload Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset blackhole on success with non-loopback ifaces Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Call dst_release() in mptcp_active_enable(). Sharath Chandra Vurukala <quic_sharathv(a)quicinc.com> net: Add locking to protect skb->dev access in ip_output Eric Dumazet <edumazet(a)google.com> ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] Eric Dumazet <edumazet(a)google.com> net: dst: add four helpers to annotate data-races around dst->dev Eric Dumazet <edumazet(a)google.com> tcp: cache RTAX_QUICKACK metric in a hot cache line Eric Dumazet <edumazet(a)google.com> tcp: convert to dev_net_rcu() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix mailbox API compatibility by negotiating supported features Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix getting link speed data for E610 devices Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> ixgbevf: Add support for Intel(R) E610 device Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> PCI: Add PCI_VDEVICE_SUB helper macro Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Al Viro <viro(a)zeniv.linux.org.uk> d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Babu Moger <babu.moger(a)amd.com> x86/resctrl: Refactor resctrl_arch_rmid_read() Yu Kuai <yukuai3(a)huawei.com> md: fix mssing blktrace bio split events John Garry <john.g.garry(a)oracle.com> md/raid10: Handle bio_split() errors John Garry <john.g.garry(a)oracle.com> md/raid1: Handle bio_split() errors John Garry <john.g.garry(a)oracle.com> md/raid0: Handle bio_split() errors Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Darrick J. Wong <djwong(a)kernel.org> xfs: use deferred intent items for reaping crosslinked blocks Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: avoid possible TX wait initialization race Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Implement large extent array support in pNFS Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Sergey Bashirov <sergeybashirov(a)gmail.com> nfsd: Drop dprintk in blocklayout xdr functions Sergey Bashirov <sergeybashirov(a)gmail.com> nfsd: Use correct error code when decoding extents Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> phy: cdns-dphy: Store hs_clk_rate and return it Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Wilfred Mallawa <wilfred.mallawa(a)wdc.com> nvme/tcp: handle tls partially sent records in write_space() Xing Guo <higuoxing(a)gmail.com> selftests: arg_parsing: Ensure data is flushed to disk before reading. Li Qiang <liqiang01(a)kylinos.cn> ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> HID: multitouch: fix name of Stylus input devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: hid-input: only ignore 0 battery events for digitizers Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: make arg_parsing.c more robust to crashes Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Synchronize access to DBC request queue head & tail pointer Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Jeffrey Hugo <quic_jhugo(a)quicinc.com> accel/qaic: Fix bootlog initialization ordering Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/rockchip: vop2: use correct destination rectangle height check Francesco Valla <francesco(a)valla.it> drm/draw: fix color truncation in drm_draw_fill24 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish without IP discovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add ip offset support for cyan skillfish Zhanjun Dong <zhanjun.dong(a)intel.com> drm/i915/guc: Skip communication warning on reset in progress Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Generalize helper to clear IRQ status Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Cancel jdet_work before handling jack ejection Christophe Leroy <christophe.leroy(a)csgroup.eu> ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Marek Vasut <marek.vasut(a)mailbox.org> drm/bridge: lt9211: Drop check for last nibble of version register Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation Amit Chaudhary <achaudhary(a)purestorage.com> nvme-multipath: Skip nr_active increments in RETRY disposition Ketil Johnsen <ketil.johnsen(a)arm.com> drm/panthor: Ensure MCU is disabled on suspend I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Breno Leitao <leitao(a)debian.org> netdevsim: set the carrier when the device goes up Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for pending async decryptions if tls_strp_msg_hold fails Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: trim encrypted message to match the plaintext on short splice Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in RPC handle list access Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: fix CAN state in system PM Sean Nyekjaer <sean(a)geanix.com> can: m_can: call deinit/init callback when going into suspend/resume Sean Nyekjaer <sean(a)geanix.com> can: m_can: add deinit callback Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_chip_config(): bring up interface in correct state Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Jens Axboe <axboe(a)kernel.dk> Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_rndis: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ecm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Guoniu Zhou <guoniu.zhou(a)nxp.com> media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix PDC sleep sequence Miaoqian Lin <linmq006(a)gmail.com> cdx: Fix device node reference leak in cdx_msi_domain_init Jiri Slaby (SUSE) <jirislaby(a)kernel.org> irqdomain: cdx: Switch to of_fwnode_handle() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Check whether secure display TA loaded successfully Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP2 event device with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP event path names with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix address filter match with backing files Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gfx12 mes packet status return check Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Eugene Korenevsky <ekorenevsky(a)aliyun.com> cifs: parse_dfs_referrals: prevent oob on malformed input Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: gs_make_candev(): populate net_device->dev_port Filipe Manana <fdmanana(a)suse.com> btrfs: do not assert we found block group item when creating free space tree Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Boris Burkov <boris(a)bur.io> btrfs: fix incorrect readahead expansion length Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> ext4: wait for ongoing I/O to complete before freeing blocks Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Prevent access to vCPU events before init Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init Hao Ge <gehao(a)kylinos.cn> slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Shuhao Fu <sfual(a)cse.ust.hk> smb: client: Fix refcount leak for cifs_sb_tlink Conor Dooley <conor.dooley(a)microchip.com> rust: cfi: only 64-bit arm and x86 support CFI_CLANG Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/guc: Check GuC running state before deregistering exec queue ------------- Diffstat: Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Makefile | 4 +- arch/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kvm/arm.c | 6 + arch/riscv/kernel/probes/kprobes.c | 13 +- arch/x86/kernel/cpu/resctrl/monitor.c | 46 +++-- drivers/accel/qaic/qaic.h | 2 + drivers/accel/qaic/qaic_control.c | 2 +- drivers/accel/qaic/qaic_data.c | 12 +- drivers/accel/qaic/qaic_debugfs.c | 5 +- drivers/accel/qaic/qaic_drv.c | 3 + drivers/base/power/runtime.c | 44 ++++ drivers/cdx/cdx_msi.c | 5 +- drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/dma/idxd/init.c | 2 + drivers/gpu/drm/amd/amdgpu/Makefile | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- .../gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 +++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/nv.h | 1 + .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/bridge/lontium-lt9211.c | 3 +- drivers/gpu/drm/drm_draw.c | 2 +- drivers/gpu/drm/drm_draw_internal.h | 2 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++++----- drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 28 ++- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 + drivers/gpu/drm/panthor/panthor_fw.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 13 +- drivers/gpu/drm/xe/xe_guc_submit.c | 13 +- drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 28 +-- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 ++-- drivers/md/md-linear.c | 1 + drivers/md/raid0.c | 16 ++ drivers/md/raid1.c | 37 +++- drivers/md/raid10.c | 55 ++++- drivers/md/raid5.c | 2 + .../media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++++------------ .../media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 +- drivers/net/can/m_can/m_can.c | 86 +++++--- drivers/net/can/m_can/m_can.h | 1 + drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/can/usb/gs_usb.c | 23 +-- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 ++- drivers/net/ethernet/intel/ixgbevf/defines.h | 6 +- drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 ++++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/netdevsim/netdev.c | 7 + drivers/net/usb/lan78xx.c | 38 +++- drivers/net/usb/r8152.c | 7 +- drivers/net/wireless/realtek/rtw89/core.c | 39 ++-- drivers/net/wireless/realtek/rtw89/core.h | 6 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw89/pci.c | 2 - drivers/nvme/host/multipath.c | 6 +- drivers/nvme/host/tcp.c | 3 + drivers/phy/cadence/cdns-dphy.c | 133 +++++++++--- drivers/usb/gadget/function/f_acm.c | 42 ++-- drivers/usb/gadget/function/f_ecm.c | 48 ++--- drivers/usb/gadget/function/f_ncm.c | 78 +++---- drivers/usb/gadget/function/f_rndis.c | 85 ++++---- drivers/usb/gadget/udc/core.c | 3 + fs/btrfs/extent_io.c | 2 +- fs/btrfs/free-space-tree.c | 15 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/relocation.c | 13 +- fs/btrfs/zoned.c | 2 +- fs/dax.c | 2 +- fs/dcache.c | 12 +- fs/ext4/ext4_jbd2.c | 11 +- fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 +- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 33 +-- fs/nfsd/blocklayoutxdr.c | 171 ++++++++++------ fs/nfsd/blocklayoutxdr.h | 8 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++-- fs/nfsd/nfs4xdr.c | 25 +-- fs/nfsd/nfsd.h | 1 + fs/nfsd/pnfs.h | 1 + fs/nfsd/xdr4.h | 39 +++- fs/smb/client/inode.c | 6 +- fs/smb/client/misc.c | 17 ++ fs/smb/client/smb2ops.c | 8 +- fs/smb/server/mgmt/user_session.c | 7 +- fs/smb/server/smb2pdu.c | 9 +- fs/smb/server/transport_ipc.c | 12 ++ fs/xfs/libxfs/xfs_log_format.h | 30 ++- fs/xfs/libxfs/xfs_ondisk.h | 2 + fs/xfs/scrub/reap.c | 9 +- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 +++- include/linux/mm.h | 2 +- include/linux/pci.h | 14 ++ include/linux/pm_runtime.h | 4 + include/linux/usb/gadget.h | 25 +++ include/net/dst.h | 32 +++ include/net/inet6_hashtables.h | 2 +- include/net/inet_connection_sock.h | 3 +- include/net/inet_hashtables.h | 2 +- include/net/ip.h | 11 +- include/net/ip_tunnels.h | 15 ++ include/net/route.h | 2 +- io_uring/rw.c | 2 +- kernel/events/core.c | 8 +- kernel/padata.c | 6 +- kernel/sched/fair.c | 26 +-- mm/slub.c | 9 +- net/core/dst.c | 4 +- net/core/sock.c | 14 +- net/ipv4/icmp.c | 24 ++- net/ipv4/igmp.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_output.c | 19 +- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/ip_vti.c | 4 +- net/ipv4/netfilter.c | 4 +- net/ipv4/route.c | 8 +- net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 3 +- net/ipv4/tcp_ipv4.c | 12 +- net/ipv4/tcp_metrics.c | 8 +- net/ipv4/tcp_output.c | 19 +- net/ipv4/xfrm4_output.c | 2 +- net/ipv6/ip6_tunnel.c | 3 +- net/ipv6/tcp_ipv6.c | 22 +- net/mptcp/ctrl.c | 9 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 31 ++- rust/bindings/bindings_helper.h | 1 + sound/firewire/amdtp-stream.h | 2 +- sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 +- sound/soc/codecs/idt821034.c | 12 +- sound/soc/codecs/nau8821.c | 53 +++-- sound/usb/card.c | 10 +- .../testing/selftests/bpf/prog_tests/arg_parsing.c | 12 +- 162 files changed, 1911 insertions(+), 959 deletions(-)

2 weeks, 6 days

11
10
0 0

[PATCH 6.17 000/160] 6.17.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.5 release. There are 160 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 24 Oct 2025 05:33:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.5-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.5-rc2 Dan Carpenter <dan.carpenter(a)linaro.org> drm/xe: Fix an IS_ERR() vs NULL bug in xe_tile_alloc_vram() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't allow evicting of BOs in same VM in array of VM binds Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Move rebar to be done earlier Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Unify the initialization of VRAM regions Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Move struct xe_vram_region to a dedicated header Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Use dynamic allocation for tile and device VRAM region structures Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Use devm_ioremap_wc for VRAM mapping and drop manual unmap Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dave Jiang <dave.jiang(a)intel.com> cxl: Fix match_region_by_range() to use region_res_match_cxl_range() Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Babu Moger <babu.moger(a)amd.com> x86/resctrl: Refactor resctrl_arch_rmid_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> phy: cdns-dphy: Store hs_clk_rate and return it Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Implement large extent array support in pNFS Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Ada Couprie Diaz <ada.coupriediaz(a)arm.com> arm64: debug: always unmask interrupts in el0_softstp() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Miguel Ojeda <ojeda(a)kernel.org> rust: cpufreq: fix formatting Wilfred Mallawa <wilfred.mallawa(a)wdc.com> nvme/tcp: handle tls partially sent records in write_space() Xing Guo <higuoxing(a)gmail.com> selftests: arg_parsing: Ensure data is flushed to disk before reading. Matthew Auld <matthew.auld(a)intel.com> drm/xe/evict: drop bogus assert Li Qiang <liqiang01(a)kylinos.cn> ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> HID: multitouch: fix name of Stylus input devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: hid-input: only ignore 0 battery events for digitizers Ming Lei <ming.lei(a)redhat.com> block: Remove elevator_lock usage from blkg_conf frozen operations Yu Kuai <yukuai3(a)huawei.com> blk-mq: fix stale tag depth for shared sched tags in blk_mq_update_nr_requests() Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: make arg_parsing.c more robust to crashes Alison Schofield <alison.schofield(a)intel.com> cxl/trace: Subtract to find an hpa_alias0 in cxl_poison events Martin George <martinus.gpy(a)gmail.com> nvme-auth: update sc_c in host response Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Synchronize access to DBC request queue head & tail pointer Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Jeff Hugo <jeff.hugo(a)oss.qualcomm.com> accel/qaic: Fix bootlog initialization ordering Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Peter Zijlstra (Intel) <peterz(a)infradead.org> sched/deadline: Stop dl_server before CPU goes offline Even Xu <even.xu(a)intel.com> HID: intel-thc-hid: Intel-quickspi: switch first interrupt from level to edge detection Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/rockchip: vop2: use correct destination rectangle height check Francesco Valla <francesco(a)valla.it> drm/draw: fix color truncation in drm_draw_fill24 Ingo Molnar <mingo(a)kernel.org> x86/mm: Fix SMP ordering in switch_mm_irqs_off() Dave Jiang <dave.jiang(a)intel.com> cxl/features: Add check for no entries in cxl_feature_info Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe: Enable media sampler power gating Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: drop unused structures in amdgpu_drm.h Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: set an error on all fences from a bad context Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: handle wrap around in reemit handling Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish without IP discovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add ip offset support for cyan skillfish Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/fb: Fix the set_tiling vs. addfb race, again Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/frontbuffer: Move bo refcounting intel_frontbuffer_{get,release}() Zhanjun Dong <zhanjun.dong(a)intel.com> drm/i915/guc: Skip communication warning on reset in progress Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Consistently clear interrupts before unmasking Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Generalize helper to clear IRQ status Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Cancel jdet_work before handling jack ejection Christophe Leroy <christophe.leroy(a)csgroup.eu> ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/fadump: skip parameter area allocation when fadump is disabled Marek Vasut <marek.vasut(a)mailbox.org> drm/bridge: lt9211: Drop check for last nibble of version register Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation Amit Chaudhary <achaudhary(a)purestorage.com> nvme-multipath: Skip nr_active increments in RETRY disposition Ketil Johnsen <ketil.johnsen(a)arm.com> drm/panthor: Ensure MCU is disabled on suspend I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Breno Leitao <leitao(a)debian.org> netdevsim: set the carrier when the device goes up Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for pending async decryptions if tls_strp_msg_hold fails Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: trim encrypted message to match the plaintext on short splice Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in RPC handle list access Florian Westphal <fw(a)strlen.de> net: core: fix lockdep splat on device unregister Wang Liang <wangliang74(a)huawei.com> selftests: net: check jq command is supported Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Take into account out-of-order tx completions in airoha_dev_xmit() Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Zqiang <qiang.zhang(a)linux.dev> usbnet: Fix using smp_processor_id() in preemptible code warnings Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Octeontx2-af: Fix missing error code in cgx_probe() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Marek Vasut <marek.vasut(a)mailbox.org> net: phy: realtek: Avoid PHYCR2 access if PHYCR2 not present Koichiro Den <den(a)valinux.co.jp> ixgbe: fix too early devlink_free() in ixgbe_remove() Milena Olech <milena.olech(a)intel.com> idpf: cleanup remaining SKBs in PTP flows Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: Fix GMII/MII/MII-Lite selection Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Ivan Vecera <ivecera(a)redhat.com> dpll: zl3073x: Handle missing or corrupted flash configuration Ivan Vecera <ivecera(a)redhat.com> dpll: zl3073x: Refactor DPLL initialization Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> can: j1939: add missing calls in NETDEV_UNREGISTER notification handler Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Rex Lu <rex.lu(a)mediatek.com> net: mtk: wed: add dma mask limitation and GFP_DMA32 for device with more than 4GB DRAM Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: fix CAN state in system PM Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_chip_config(): bring up interface in correct state Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Christian Brauner <brauner(a)kernel.org> coredump: fix core_pattern input validation Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ecm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_rndis: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Guoniu Zhou <guoniu.zhou(a)nxp.com> media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd: Fix hybrid sleep Mario Limonciello (AMD) <superm1(a)kernel.org> PM: hibernate: Add pm_hibernation_mode_is_suspend() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Check whether secure display TA loaded successfully Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP2 event device with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP event path names with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix address filter match with backing files Kenneth Graunke <kenneth(a)whitecape.org> drm/xe: Increase global invalidation timeout to 1000us Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gfx12 mes packet status return check Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Denis Arefev <arefev(a)swemel.ru> ALSA: hda: Fix missing pointer check in hda_component_manager_init function Denis Arefev <arefev(a)swemel.ru> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk entry for HP ZBook 17 G6 Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> ALSA: hda/intel: Add MSI X870E Tomahawk to denylist Dave Jiang <dave.jiang(a)intel.com> cxl/acpi: Fix setup of memory resource in cxl_acpi_set_cache_size() Eugene Korenevsky <ekorenevsky(a)aliyun.com> cifs: parse_dfs_referrals: prevent oob on malformed input Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: gs_make_candev(): populate net_device->dev_port Filipe Manana <fdmanana(a)suse.com> btrfs: do not assert we found block group item when creating free space tree Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Boris Burkov <boris(a)bur.io> btrfs: fix incorrect readahead expansion length Qu Wenruo <wqu(a)suse.com> btrfs: only set the device specific options after devices are opened Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> ext4: wait for ongoing I/O to complete before freeing blocks Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Tim Hostetler <thostet(a)google.com> gve: Check valid ts bit on RX descriptor before hw timestamping Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Prevent access to vCPU events before init Bhanu Seshu Kumar Valluri <bhanuseshukumar(a)gmail.com> net: usb: lan78xx: Fix lost EEPROM write timeout error(-ETIMEDOUT) in lan78xx_write_raw_eeprom Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init Matthew Schwartz <matthew.schwartz(a)linux.dev> Revert "drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume" Pavel Begunkov <asml.silence(a)gmail.com> io_uring: protect mem region deregistration Jens Axboe <axboe(a)kernel.dk> Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Hao Ge <gehao(a)kylinos.cn> slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Rong Zhang <i(a)rong.moe> x86/CPU/AMD: Prevent reset reasons from being retained across reboot Shuhao Fu <sfual(a)cse.ust.hk> smb: client: Fix refcount leak for cifs_sb_tlink Conor Dooley <conor.dooley(a)microchip.com> rust: cfi: only 64-bit arm and x86 support CFI_CLANG Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix mailbox API compatibility by negotiating supported features Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix getting link speed data for E610 devices Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/guc: Check GuC running state before deregistering exec queue Lorenzo Pieralisi <lpieralisi(a)kernel.org> arm64/sysreg: Fix GIC CDEOI instruction encoding Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: relax checks in ata_read_log_directory() Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Inochi Amaoto <inochiama(a)gmail.com> PCI: vmd: Override irq_startup()/irq_shutdown() in vmd_init_dev_msi_info() Andrey Albershteyn <aalbersh(a)redhat.com> Revert "fs: make vfs_fileattr_[get|set] return -EOPNOTSUPP" Jonathan Corbet <corbet(a)lwn.net> docs: kdoc: handle the obsolescensce of docutils.ErrorString() ------------- Diffstat: Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Documentation/sphinx/kernel_feat.py | 4 +- Documentation/sphinx/kernel_include.py | 6 +- Documentation/sphinx/maintainers_include.py | 4 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/sysreg.h | 11 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kernel/entry-common.c | 8 +- arch/arm64/kvm/arm.c | 6 + arch/powerpc/kernel/fadump.c | 3 + arch/riscv/kernel/probes/kprobes.c | 13 +- arch/x86/kernel/cpu/amd.c | 16 +- arch/x86/kernel/cpu/resctrl/monitor.c | 46 ++-- arch/x86/mm/tlb.c | 24 +- block/blk-cgroup.c | 13 +- block/blk-mq-sched.c | 2 +- block/blk-mq-tag.c | 5 +- block/blk-mq.c | 2 +- block/blk-mq.h | 3 +- drivers/accel/qaic/qaic.h | 2 + drivers/accel/qaic/qaic_control.c | 2 +- drivers/accel/qaic/qaic_data.c | 12 +- drivers/accel/qaic/qaic_debugfs.c | 5 +- drivers/accel/qaic/qaic_drv.c | 3 + drivers/ata/libata-core.c | 11 +- drivers/cxl/acpi.c | 2 +- drivers/cxl/core/features.c | 3 + drivers/cxl/core/region.c | 7 +- drivers/cxl/core/trace.h | 2 +- drivers/dpll/zl3073x/core.c | 280 +++++++++++++-------- drivers/dpll/zl3073x/core.h | 3 + drivers/dpll/zl3073x/devlink.c | 18 +- drivers/dpll/zl3073x/regs.h | 3 + drivers/gpu/drm/amd/amdgpu/Makefile | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 54 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 2 +- .../gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 +++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/nv.h | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 7 - .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/bridge/lontium-lt9211.c | 3 +- drivers/gpu/drm/drm_draw.c | 2 +- drivers/gpu/drm/drm_draw_internal.h | 2 +- drivers/gpu/drm/i915/display/intel_fb.c | 38 +-- drivers/gpu/drm/i915/display/intel_frontbuffer.c | 10 +- .../gpu/drm/i915/gem/i915_gem_object_frontbuffer.h | 2 - drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 +- drivers/gpu/drm/panthor/panthor_fw.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 13 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 +- drivers/gpu/drm/xe/display/xe_plane_initial.c | 3 +- drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 + drivers/gpu/drm/xe/xe_assert.h | 4 +- drivers/gpu/drm/xe/xe_bo.c | 1 + drivers/gpu/drm/xe/xe_bo.h | 4 +- drivers/gpu/drm/xe/xe_bo_evict.c | 8 - drivers/gpu/drm/xe/xe_bo_types.h | 1 + drivers/gpu/drm/xe/xe_device.c | 22 +- drivers/gpu/drm/xe/xe_device_types.h | 62 +---- drivers/gpu/drm/xe/xe_gt_idle.c | 8 + drivers/gpu/drm/xe/xe_gt_pagefault.c | 13 +- drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 3 +- drivers/gpu/drm/xe/xe_guc_submit.c | 13 +- drivers/gpu/drm/xe/xe_migrate.c | 25 +- drivers/gpu/drm/xe/xe_pci.c | 8 + drivers/gpu/drm/xe/xe_query.c | 5 +- drivers/gpu/drm/xe/xe_svm.c | 63 ++--- drivers/gpu/drm/xe/xe_tile.c | 58 +++-- drivers/gpu/drm/xe/xe_tile.h | 14 +- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 10 +- drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 22 +- drivers/gpu/drm/xe/xe_ttm_vram_mgr.h | 3 +- drivers/gpu/drm/xe/xe_vm.c | 32 ++- drivers/gpu/drm/xe/xe_vm_types.h | 2 + drivers/gpu/drm/xe/xe_vram.c | 245 +++++++++++++----- drivers/gpu/drm/xe/xe_vram.h | 14 +- drivers/gpu/drm/xe/xe_vram_types.h | 85 +++++++ drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 28 ++- .../intel-quickspi/quickspi-protocol.c | 3 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 226 +++++++---------- drivers/net/can/m_can/m_can.c | 64 +++-- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/can/usb/gs_usb.c | 23 +- drivers/net/ethernet/airoha/airoha_eth.c | 16 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 +- drivers/net/ethernet/google/gve/gve.h | 2 + drivers/net/ethernet/google/gve/gve_desc_dqo.h | 3 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 16 +- drivers/net/ethernet/intel/idpf/idpf_ptp.c | 3 + .../net/ethernet/intel/idpf/idpf_virtchnl_ptp.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +- drivers/net/ethernet/intel/ixgbevf/defines.h | 1 + drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 ++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 182 +++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 1 + drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 1 + drivers/net/ethernet/mediatek/mtk_wed.c | 8 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/netdevsim/netdev.c | 7 + drivers/net/phy/broadcom.c | 20 +- drivers/net/phy/realtek/realtek_main.c | 23 +- drivers/net/usb/lan78xx.c | 19 +- drivers/net/usb/r8152.c | 7 +- drivers/net/usb/usbnet.c | 2 + drivers/nvme/host/auth.c | 6 +- drivers/nvme/host/multipath.c | 6 +- drivers/nvme/host/tcp.c | 3 + drivers/pci/controller/vmd.c | 13 + drivers/phy/cadence/cdns-dphy.c | 133 +++++++--- drivers/usb/gadget/function/f_acm.c | 42 ++-- drivers/usb/gadget/function/f_ecm.c | 48 ++-- drivers/usb/gadget/function/f_ncm.c | 78 +++--- drivers/usb/gadget/function/f_rndis.c | 85 +++---- drivers/usb/gadget/udc/core.c | 3 + fs/btrfs/extent_io.c | 2 +- fs/btrfs/free-space-tree.c | 15 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/relocation.c | 13 +- fs/btrfs/super.c | 3 +- fs/btrfs/zoned.c | 2 +- fs/coredump.c | 2 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/exec.c | 2 +- fs/ext4/ext4_jbd2.c | 11 +- fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 +- fs/file_attr.c | 12 +- fs/fuse/ioctl.c | 4 - fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 25 +- fs/nfsd/blocklayoutxdr.c | 86 ++++--- fs/nfsd/blocklayoutxdr.h | 4 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++- fs/nfsd/nfs4xdr.c | 25 +- fs/nfsd/pnfs.h | 1 + fs/nfsd/xdr4.h | 39 ++- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/inode.c | 5 +- fs/smb/client/inode.c | 6 +- fs/smb/client/misc.c | 17 ++ fs/smb/client/smb2ops.c | 8 +- fs/smb/server/mgmt/user_session.c | 7 +- fs/smb/server/smb2pdu.c | 9 +- fs/smb/server/transport_ipc.c | 12 + fs/xfs/libxfs/xfs_log_format.h | 30 ++- fs/xfs/libxfs/xfs_ondisk.h | 2 + fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 ++- include/linux/brcmphy.h | 1 + include/linux/libata.h | 6 + include/linux/suspend.h | 6 + include/linux/usb/gadget.h | 25 ++ include/net/ip_tunnels.h | 15 ++ include/uapi/drm/amdgpu_drm.h | 21 -- io_uring/register.c | 1 + io_uring/rw.c | 2 +- kernel/events/core.c | 8 +- kernel/power/hibernate.c | 11 + kernel/sched/core.c | 2 + kernel/sched/deadline.c | 3 + kernel/sched/fair.c | 26 +- mm/slub.c | 9 +- net/can/j1939/main.c | 2 + net/core/dev.c | 40 ++- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp_output.c | 19 +- net/ipv6/ip6_tunnel.c | 3 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 31 ++- rust/kernel/cpufreq.rs | 3 +- sound/firewire/amdtp-stream.h | 2 +- sound/hda/codecs/realtek/alc269.c | 1 + sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 + sound/hda/codecs/side-codecs/hda_component.c | 4 + sound/hda/controllers/intel.c | 1 + sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 +- sound/soc/codecs/idt821034.c | 12 +- sound/soc/codecs/nau8821.c | 115 +++++---- sound/usb/card.c | 10 +- .../testing/selftests/bpf/prog_tests/arg_parsing.c | 12 +- tools/testing/selftests/net/rtnetlink.sh | 2 + tools/testing/selftests/net/vlan_bridge_binding.sh | 2 + 209 files changed, 2401 insertions(+), 1254 deletions(-)

2 weeks, 6 days

14
13
0 0

[PATCH] mtd: rawnand: cadence: fix DMA device NULL pointer dereference

by niravkumarlaxmidas.rabara＠altera.com

From: Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> The DMA device pointer `dma_dev` was being dereferenced before ensuring that `cdns_ctrl->dmac` is properly initialized. Move the assignment of `dma_dev` after successfully acquiring the DMA channel to ensure the pointer is valid before use. Fixes: d76d22b5096c ("mtd: rawnand: cadence: use dma_map_resource for sdma address") Cc: stable(a)vger.kernel.org Signed-off-by: Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> --- This patch fixes below kernel Oops: ... [ 1.469661] cadence-nand-controller 10b80000.nand-controller: IRQ: nr 21 [ 1.476591] Unable to handle kernel paging request at virtual address fffffffffffffff8 [ 1.484493] Mem abort info: [ 1.487280] ESR = 0x0000000096000004 [ 1.491019] EC = 0x25: DABT (current EL), IL = 32 bits [ 1.496318] SET = 0, FnV = 0 [ 1.499366] EA = 0, S1PTW = 0 [ 1.502499] FSC = 0x04: level 0 translation fault [ 1.507363] Data abort info: [ 1.510237] ISV = 0, ISS = 0x00000004 [ 1.514062] CM = 0, WnR = 0 [ 1.517024] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000087a0a000 [ 1.523706] [fffffffffffffff8] pgd=0000000000000000, p4d=0000000000000000 [ 1.530490] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP ... drivers/mtd/nand/raw/cadence-nand-controller.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/cadence-nand-controller.c b/drivers/mtd/nand/raw/cadence-nand-controller.c index 6667eea95597..32ed38b89394 100644 --- a/drivers/mtd/nand/raw/cadence-nand-controller.c +++ b/drivers/mtd/nand/raw/cadence-nand-controller.c @@ -2871,7 +2871,7 @@ cadence_nand_irq_cleanup(int irqnum, struct cdns_nand_ctrl *cdns_ctrl) static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl) { dma_cap_mask_t mask; - struct dma_device *dma_dev = cdns_ctrl->dmac->device; + struct dma_device *dma_dev; int ret; cdns_ctrl->cdma_desc = dma_alloc_coherent(cdns_ctrl->dev, @@ -2915,6 +2915,7 @@ static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl) } } + dma_dev = cdns_ctrl->dmac->device; cdns_ctrl->io.iova_dma = dma_map_resource(dma_dev->dev, cdns_ctrl->io.dma, cdns_ctrl->io.size, DMA_BIDIRECTIONAL, 0); -- 2.25.1

2 weeks, 6 days

2
1
0 0

[REGRESSION FIX resend 1/1] gpiolib: acpi: Make set debounce errors non fatal

by Hans de Goede

Commit 16c07342b542 ("gpiolib: acpi: Program debounce when finding GPIO") adds a gpio_set_debounce_timeout() call to acpi_find_gpio() and makes acpi_find_gpio() fail if this fails. But gpio_set_debounce_timeout() failing is a somewhat normal occurrence, since not all debounce values are supported on all GPIO/pinctrl chips. Making this an error for example break getting the card-detect GPIO for the micro-sd slot found on many Bay Trail tablets, breaking support for the micro-sd slot on these tablets. acpi_request_own_gpiod() already treats gpio_set_debounce_timeout() failures as non-fatal, just warning about them. Add a acpi_gpio_set_debounce_timeout() helper which wraps gpio_set_debounce_timeout() and warns on failures and replace both existing gpio_set_debounce_timeout() calls with the helper. Since the helper only warns on failures this fixes the card-detect issue. Fixes: 16c07342b542 ("gpiolib: acpi: Program debounce when finding GPIO") Cc: stable(a)vger.kernel.org Cc: Mario Limonciello <superm1(a)kernel.org> Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- drivers/gpio/gpiolib-acpi-core.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/drivers/gpio/gpiolib-acpi-core.c b/drivers/gpio/gpiolib-acpi-core.c index 284e762d92c4..67c4c38afb86 100644 --- a/drivers/gpio/gpiolib-acpi-core.c +++ b/drivers/gpio/gpiolib-acpi-core.c @@ -291,6 +291,19 @@ acpi_gpio_to_gpiod_flags(const struct acpi_resource_gpio *agpio, int polarity) return GPIOD_ASIS; } +static void acpi_gpio_set_debounce_timeout(struct gpio_desc *desc, + unsigned int acpi_debounce) +{ + int ret; + + /* ACPI uses hundredths of milliseconds units */ + acpi_debounce *= 10; + ret = gpio_set_debounce_timeout(desc, acpi_debounce); + if (ret) + gpiod_warn(desc, "Failed to set debounce-timeout %u: %d\n", + acpi_debounce, ret); +} + static struct gpio_desc *acpi_request_own_gpiod(struct gpio_chip *chip, struct acpi_resource_gpio *agpio, unsigned int index, @@ -300,18 +313,12 @@ static struct gpio_desc *acpi_request_own_gpiod(struct gpio_chip *chip, enum gpiod_flags flags = acpi_gpio_to_gpiod_flags(agpio, polarity); unsigned int pin = agpio->pin_table[index]; struct gpio_desc *desc; - int ret; desc = gpiochip_request_own_desc(chip, pin, label, polarity, flags); if (IS_ERR(desc)) return desc; - /* ACPI uses hundredths of milliseconds units */ - ret = gpio_set_debounce_timeout(desc, agpio->debounce_timeout * 10); - if (ret) - dev_warn(chip->parent, - "Failed to set debounce-timeout for pin 0x%04X, err %d\n", - pin, ret); + acpi_gpio_set_debounce_timeout(desc, agpio->debounce_timeout); return desc; } @@ -944,7 +951,6 @@ struct gpio_desc *acpi_find_gpio(struct fwnode_handle *fwnode, bool can_fallback = acpi_can_fallback_to_crs(adev, con_id); struct acpi_gpio_info info = {}; struct gpio_desc *desc; - int ret; desc = __acpi_find_gpio(fwnode, con_id, idx, can_fallback, &info); if (IS_ERR(desc)) @@ -959,10 +965,7 @@ struct gpio_desc *acpi_find_gpio(struct fwnode_handle *fwnode, acpi_gpio_update_gpiod_flags(dflags, &info); acpi_gpio_update_gpiod_lookup_flags(lookupflags, &info); - /* ACPI uses hundredths of milliseconds units */ - ret = gpio_set_debounce_timeout(desc, info.debounce * 10); - if (ret) - return ERR_PTR(ret); + acpi_gpio_set_debounce_timeout(desc, info.debounce); return desc; } -- 2.51.0

2 weeks, 6 days

3
2
0 0

[PATCH v2] mm/shmem: fix THP allocation and fallback loop

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The order check and fallback loop is updating the index value on every loop, this will cause the index to be aligned by a larger value while the loop shrinks the order. This may result in inserting and returning a folio of the wrong index and cause data corruption with some userspace workloads [1]. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/linux-mm/CAMgjq7DqgAmj25nDUwwu1U2cSGSn8n4-Hqpgotted… [1] Fixes: e7a2ab7b3bb5d ("mm: shmem: add mTHP support for anonymous shmem") Signed-off-by: Kairui Song <kasong(a)tencent.com> --- Changes from V1: - Link to V1: https://lore.kernel.org/linux-mm/20251021190436.81682-1-ryncsn@gmail.com/ - Remove unnecessary cleanup and simplify the commit message. mm/shmem.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index b50ce7dbc84a..7559773ebb30 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1895,10 +1895,11 @@ static struct folio *shmem_alloc_and_add_folio(struct vm_fault *vmf, order = highest_order(suitable_orders); while (suitable_orders) { pages = 1UL << order; - index = round_down(index, pages); - folio = shmem_alloc_folio(gfp, order, info, index); - if (folio) + folio = shmem_alloc_folio(gfp, order, info, round_down(index, pages)); + if (folio) { + index = round_down(index, pages); goto allocated; + } if (pages == HPAGE_PMD_NR) count_vm_event(THP_FILE_FALLBACK); -- 2.51.0

2 weeks, 6 days

2
3
0 0

[PATCH v3] usb: gadget: udc: fix use-after-free in usb_gadget_state_work

by Jimmy Hu

A race condition during gadget teardown can lead to a use-after-free in usb_gadget_state_work(), as reported by KASAN: BUG: KASAN: invalid-access in sysfs_notify+0x2c/0xd0 Workqueue: events usb_gadget_state_work The fundamental race occurs because a concurrent event (e.g., an interrupt) can call usb_gadget_set_state() and schedule gadget->work at any time during the cleanup process in usb_del_gadget(). Commit 399a45e5237c ("usb: gadget: core: flush gadget workqueue after device removal") attempted to fix this by moving flush_work() to after device_del(). However, this does not fully solve the race, as a new work item can still be scheduled *after* flush_work() completes but before the gadget's memory is freed, leading to the same use-after-free. This patch fixes the race condition robustly by introducing a 'teardown' flag and a 'state_lock' spinlock to the usb_gadget struct. The flag is set during cleanup in usb_del_gadget() *before* calling flush_work() to prevent any new work from being scheduled once cleanup has commenced. The scheduling site, usb_gadget_set_state(), now checks this flag under the lock before queueing the work, thus safely closing the race window. Fixes: 5702f75375aa9 ("usb: gadget: udc-core: move sysfs_notify() to a workqueue") Cc: stable(a)vger.kernel.org Signed-off-by: Jimmy Hu <hhhuuu(a)google.com> --- Changes in v3: - Updated patch title to more accurately describe the bug. - Moved changelog below the '---' line as requested by Greg KH. - Rebased on usb-linus branch as requested by Greg KH. Changes in v2: - Removed redundant inline comments as suggested by Alan Stern. drivers/usb/gadget/udc/core.c | 17 ++++++++++++++++- include/linux/usb/gadget.h | 5 +++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 694653761c44..8dbe79bdc0f9 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1126,8 +1126,13 @@ static void usb_gadget_state_work(struct work_struct *work) void usb_gadget_set_state(struct usb_gadget *gadget, enum usb_device_state state) { + unsigned long flags; + + spin_lock_irqsave(&gadget->state_lock, flags); gadget->state = state; - schedule_work(&gadget->work); + if (!gadget->teardown) + schedule_work(&gadget->work); + spin_unlock_irqrestore(&gadget->state_lock, flags); trace_usb_gadget_set_state(gadget, 0); } EXPORT_SYMBOL_GPL(usb_gadget_set_state); @@ -1361,6 +1366,8 @@ static void usb_udc_nop_release(struct device *dev) void usb_initialize_gadget(struct device *parent, struct usb_gadget *gadget, void (*release)(struct device *dev)) { + spin_lock_init(&gadget->state_lock); + gadget->teardown = false; INIT_WORK(&gadget->work, usb_gadget_state_work); gadget->dev.parent = parent; @@ -1535,6 +1542,7 @@ EXPORT_SYMBOL_GPL(usb_add_gadget_udc); void usb_del_gadget(struct usb_gadget *gadget) { struct usb_udc *udc = gadget->udc; + unsigned long flags; if (!udc) return; @@ -1548,6 +1556,13 @@ void usb_del_gadget(struct usb_gadget *gadget) kobject_uevent(&udc->dev.kobj, KOBJ_REMOVE); sysfs_remove_link(&udc->dev.kobj, "gadget"); device_del(&gadget->dev); + /* + * Set the teardown flag before flushing the work to prevent new work + * from being scheduled while we are cleaning up. + */ + spin_lock_irqsave(&gadget->state_lock, flags); + gadget->teardown = true; + spin_unlock_irqrestore(&gadget->state_lock, flags); flush_work(&gadget->work); ida_free(&gadget_id_numbers, gadget->id_number); cancel_work_sync(&udc->vbus_work); diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h index 3aaf19e77558..8285b19a25e0 100644 --- a/include/linux/usb/gadget.h +++ b/include/linux/usb/gadget.h @@ -376,6 +376,9 @@ struct usb_gadget_ops { * can handle. The UDC must support this and all slower speeds and lower * number of lanes. * @state: the state we are now (attached, suspended, configured, etc) + * @state_lock: Spinlock protecting the `state` and `teardown` members. + * @teardown: True if the device is undergoing teardown, used to prevent + * new work from being scheduled during cleanup. * @name: Identifies the controller hardware type. Used in diagnostics * and sometimes configuration. * @dev: Driver model state for this abstract device. @@ -451,6 +454,8 @@ struct usb_gadget { enum usb_ssp_rate max_ssp_rate; enum usb_device_state state; + spinlock_t state_lock; + bool teardown; const char *name; struct device dev; unsigned isoch_delay; -- 2.51.1.814.gb8fa24458f-goog

2 weeks, 6 days

1
0
0 0

[PATCH RESEND] drm/tegra: dc: fix reference leak in tegra_dc_couple()

by Ma Ke

driver_find_device() calls get_device() to increment the reference count once a matching device is found, but there is no put_device() to balance the reference count. To avoid reference count leakage, add put_device() to decrease the reference count. Found by code review. Cc: stable(a)vger.kernel.org Fixes: a31500fe7055 ("drm/tegra: dc: Restore coupling of display controllers") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/tegra/dc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c index 59d5c1ba145a..6c84bd69b11f 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c @@ -3148,6 +3148,7 @@ static int tegra_dc_couple(struct tegra_dc *dc) dc->client.parent = &parent->client; dev_dbg(dc->dev, "coupled to %s\n", dev_name(companion)); + put_device(companion); } return 0; -- 2.17.1

2 weeks, 6 days

2
1
0 0

[PATCH] Revert "sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks"

by Matt Fleming

From: Matt Fleming <mfleming(a)cloudflare.com> This reverts commit b7ca5743a2604156d6083b88cefacef983f3a3a6. If we dequeue a task (task B) that was sched delayed then that task is definitely no longer on the rq and not tracked in the rbtree. Unfortunately, task_on_rq_queued(B) will still return true because dequeue_task() doesn't update p->on_rq. This inconsistency can lead to tasks (task A) spinning indefinitely in wait_task_inactive(), e.g. when delivering a fatal signal to a thread group, because it thinks the task B is still queued (it's not) and waits forever for it to unschedule. Task A Task B arch_do_signal_or_restart() get_signal() do_coredump() coredump_wait() zap_threads() arch_do_signal_or_restart() wait_task_inactive() <-- SPIN get_signal() do_group_exit() do_exit() coredump_task_exit() schedule() <--- never comes back Not only will task A spin forever in wait_task_inactive(), but task B will also trigger RCU stalls: INFO: rcu_tasks detected stalls on tasks: 00000000a973a4d8: .. nvcsw: 2/2 holdout: 1 idle_cpu: -1/79 task:ffmpeg state:I stack:0 pid:665601 tgid:665155 ppid:668691 task_flags:0x400448 flags:0x00004006 Call Trace: <TASK> __schedule+0x4fb/0xbf0 ? srso_return_thunk+0x5/0x5f schedule+0x27/0xf0 do_exit+0xdd/0xaa0 ? __pfx_futex_wake_mark+0x10/0x10 do_group_exit+0x30/0x80 get_signal+0x81e/0x860 ? srso_return_thunk+0x5/0x5f ? futex_wake+0x177/0x1a0 arch_do_signal_or_restart+0x2e/0x1f0 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? __x64_sys_futex+0x10c/0x1d0 syscall_exit_to_user_mode+0xa5/0x130 do_syscall_64+0x57/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f22d05b0f16 RSP: 002b:00007f2265761cf0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 00007f22d05b0f16 RDX: 0000000000000000 RSI: 0000000000000189 RDI: 00005629e320d97c RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffffffff R10: 0000000000000000 R11: 0000000000000246 R12: 00005629e320d928 R13: 0000000000000000 R14: 0000000000000001 R15: 00005629e320d97c </TASK> Fixes: b7ca5743a260 ("sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks") Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: John Stultz <jstultz(a)google.com> Cc: Chris Arges <carges(a)cloudflare.com> Cc: stable(a)vger.kernel.org # v6.12 Signed-off-by: Matt Fleming <mfleming(a)cloudflare.com> --- kernel/sched/core.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index ccba6fc3c3fe..2dfc3977920d 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -2293,12 +2293,6 @@ unsigned long wait_task_inactive(struct task_struct *p, unsigned int match_state * just go back and repeat. */ rq = task_rq_lock(p, &rf); - /* - * If task is sched_delayed, force dequeue it, to avoid always - * hitting the tick timeout in the queued case - */ - if (p->se.sched_delayed) - dequeue_task(rq, p, DEQUEUE_SLEEP | DEQUEUE_DELAYED); trace_sched_wait_task(p); running = task_on_cpu(rq, p); queued = task_on_rq_queued(p); -- 2.34.1

2 weeks, 6 days

5
13
0 0

[PATCH 6.1.y v2] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Leon Hwang

This reverts commit a584c7734a4dd050451fcdd65c66317e15660e81 to avoid the build error: map_hugetlb.c: In function 'main': map_hugetlb.c:79:25: warning: implicit declaration of function 'default_huge_page_size' [-Wimplicit-function-declaration] 79 | hugepage_size = default_huge_page_size(); Signed-off-by: Leon Hwang <leon.hwang(a)linux.dev> --- v1 -> v2: - Revert the commit instead of fixing the build error. - https://lore.kernel.org/linux-mm/20251022055138.375042-1-leon.hwang@linux.d… tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.51.0

3 weeks

1
0
0 0

[PATCH net 1/1] octeontx2-af: CGX: fix bitmap leaks

by Bo Sun

The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap and tx_fc_pfvf_bmap) are allocated by cgx_lmac_init() but never freed in cgx_lmac_exit(). Unbinding and rebinding the driver therefore triggers kmemleak: unreferenced object (size 16): backtrace: rvu_alloc_bitmap cgx_probe Free both bitmaps during teardown. Fixes: e740003874ed ("octeontx2-af: Flow control resource management") Cc: stable(a)vger.kernel.org Signed-off-by: Bo Sun <bo(a)mboxify.com> --- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c index ec0e11c77cbf..f56e6782c4de 100644 --- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c +++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c @@ -1823,6 +1823,8 @@ static int cgx_lmac_exit(struct cgx *cgx) cgx->mac_ops->mac_pause_frm_config(cgx, lmac->lmac_id, false); cgx_configure_interrupt(cgx, lmac, lmac->lmac_id, true); kfree(lmac->mac_to_index_bmap.bmap); + kfree(lmac->rx_fc_pfvf_bmap.bmap); + kfree(lmac->tx_fc_pfvf_bmap.bmap); kfree(lmac->name); kfree(lmac); }

3 weeks

3
2
0 0

Re: [PATCH] ksmbd: transport_ipc: validate payload size before reading handle

by Namjae Jeon

On Wed, Oct 22, 2025 at 7:45 PM くさあさ <pioooooooooip(a)gmail.com> wrote: > > Hi Namjae, Steve, Hi, > > Thanks for updating the patch. I’ve reviewed the changes and they look good to me. Okay. > > Minor impact note: this patch prevents a 4-byte out-of-bounds read in ksmbd’s handle_response() when the declared Generic Netlink payload size is < 4. > If a remote client can influence ksmbd.mountd to emit a truncated payload, this could be remotely triggerable (info-leak/DoS potential). I don't understand how this is possible. Could you please explain it to me via private email? > If you consider this security-impacting, I’m happy to request a CVE via the kernel.org CNA. > > Thanks!! > Qianchang Zhao

3 weeks

1
0
0 0

[PATCH 6.1.y] net: mctp: Don't access ifa_index when missing

by Vasiliy Kovalev

From: Matt Johnston <matt(a)codeconstruct.com.au> commit f11cf946c0a92c560a890d68e4775723353599e1 upstream. In mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be comparing to uninitialised memory - reproducible in the syzkaller case from dhcpd, or busybox "ip addr show". The kernel MCTP implementation has always filtered by ifa_index, so existing userspace programs expecting to dump MCTP addresses must already be passing a valid ifa_index value (either 0 or a real index). BUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128 mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128 rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380 rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824 netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309 Fixes: 583be982d934 ("mctp: Add device handling and netlink interface") Reported-by: syzbot+e76d52dadc089b9d197f(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/68135815.050a0220.3a872c.000e.GAE@google.com/ Reported-by: syzbot+1065a199625a388fce60(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/681357d6.050a0220.14dd7d.000d.GAE@google.com/ Signed-off-by: Matt Johnston <matt(a)codeconstruct.com.au> Link: https://patch.msgid.link/20250508-mctp-addr-dump-v2-1-c8a53fd2dd66@codecons… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ kovalev: bp to fix CVE-2025-38006 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/mctp/device.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/net/mctp/device.c b/net/mctp/device.c index 85cc5f31f1e7..27aee8b04055 100644 --- a/net/mctp/device.c +++ b/net/mctp/device.c @@ -119,12 +119,19 @@ static int mctp_dump_addrinfo(struct sk_buff *skb, struct netlink_callback *cb) struct net_device *dev; struct ifaddrmsg *hdr; struct mctp_dev *mdev; - int ifindex; + int ifindex = 0; int idx = 0, rc; - hdr = nlmsg_data(cb->nlh); - // filter by ifindex if requested - ifindex = hdr->ifa_index; + /* Filter by ifindex if a header is provided */ + if (cb->nlh->nlmsg_len >= nlmsg_msg_size(sizeof(*hdr))) { + hdr = nlmsg_data(cb->nlh); + ifindex = hdr->ifa_index; + } else { + if (cb->strict_check) { + NL_SET_ERR_MSG(cb->extack, "mctp: Invalid header for addr dump request"); + return -EINVAL; + } + } rcu_read_lock(); for (; mcb->h < NETDEV_HASHENTRIES; mcb->h++, mcb->idx = 0) { -- 2.50.1

3 weeks

1
0
0 0

+ mm-shmem-fix-thp-allocation-and-fallback-loop.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/shmem: fix THP allocation and fallback loop has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-shmem-fix-thp-allocation-and-fallback-loop.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem: fix THP allocation and fallback loop Date: Wed, 22 Oct 2025 18:57:19 +0800 The order check and fallback loop is updating the index value on every loop, this will cause the index to be aligned by a larger value while the loop shrinks the order. This may result in inserting and returning a folio of the wrong index and cause data corruption with some userspace workloads [1]. Link: https://lkml.kernel.org/r/20251022105719.18321-1-ryncsn@gmail.com Link: https://lore.kernel.org/linux-mm/CAMgjq7DqgAmj25nDUwwu1U2cSGSn8n4-Hqpgotted… [1] Fixes: e7a2ab7b3bb5d ("mm: shmem: add mTHP support for anonymous shmem") Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nico Pache <npache(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/mm/shmem.c~mm-shmem-fix-thp-allocation-and-fallback-loop +++ a/mm/shmem.c @@ -1895,10 +1895,11 @@ static struct folio *shmem_alloc_and_add order = highest_order(suitable_orders); while (suitable_orders) { pages = 1UL << order; - index = round_down(index, pages); - folio = shmem_alloc_folio(gfp, order, info, index); - if (folio) + folio = shmem_alloc_folio(gfp, order, info, round_down(index, pages)); + if (folio) { + index = round_down(index, pages); goto allocated; + } if (pages == HPAGE_PMD_NR) count_vm_event(THP_FILE_FALLBACK); _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-fix-thp-allocation-and-fallback-loop.patch

3 weeks

1
0
0 0

[PATCH 5.10/5.15] cpufreq: davinci: Fix clk use after free

by Vasiliy Kovalev

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit 5d8f384a9b4fc50f6a18405f1c08e5a87a77b5b3 ] The remove function first frees the clks and only then calls cpufreq_unregister_driver(). If one of the cpufreq callbacks is called just before cpufreq_unregister_driver() is run, the freed clks might be used. Fixes: 6601b8030de3 ("davinci: add generic CPUFreq driver for DaVinci") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> (cherry picked from commit a5f024d0e6f91e05c816ad4ee8837173369dd5cb) [ kovalev: bp to fix CVE-2023-53544 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/cpufreq/davinci-cpufreq.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/cpufreq/davinci-cpufreq.c b/drivers/cpufreq/davinci-cpufreq.c index 91f477a6cbc4..62380f05aec8 100644 --- a/drivers/cpufreq/davinci-cpufreq.c +++ b/drivers/cpufreq/davinci-cpufreq.c @@ -133,12 +133,14 @@ static int __init davinci_cpufreq_probe(struct platform_device *pdev) static int __exit davinci_cpufreq_remove(struct platform_device *pdev) { + cpufreq_unregister_driver(&davinci_driver); + clk_put(cpufreq.armclk); if (cpufreq.asyncclk) clk_put(cpufreq.asyncclk); - return cpufreq_unregister_driver(&davinci_driver); + return 0; } static struct platform_driver davinci_cpufreq_driver = { -- 2.50.1

3 weeks

1
0
0 0

[PATCH v2] ACPI: video: Fix use-after-free in acpi_video_switch_brightness()

by Yuhao Jiang

The switch_brightness_work delayed work accesses device->brightness and device->backlight, which are freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work before unregistering its backlight resources. This ensures the work completes before the memory is freed. Fixes: 8ab58e8e7e097 ("ACPI / video: Fix backlight taking 2 steps on a brightness up/down keypress") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- Changes in v2: - Move cancel_delayed_work_sync() to acpi_video_bus_unregister_backlight() instead of acpi_video_bus_put_devices() for better logic clarity and to prevent potential UAF of device->brightness - Correct Fixes tag to point to 8ab58e8e7e097 which introduced the delayed work - Link to v1: https://lore.kernel.org/all/20251022040859.2102914-1-danisjiang@gmail.com --- drivers/acpi/acpi_video.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c index 103f29661576..64709658bdc4 100644 --- a/drivers/acpi/acpi_video.c +++ b/drivers/acpi/acpi_video.c @@ -1869,8 +1869,10 @@ static int acpi_video_bus_unregister_backlight(struct acpi_video_bus *video) error = unregister_pm_notifier(&video->pm_nb); mutex_lock(&video->device_list_lock); - list_for_each_entry(dev, &video->video_device_list, entry) + list_for_each_entry(dev, &video->video_device_list, entry) { + cancel_delayed_work_sync(&dev->switch_brightness_work); acpi_video_dev_unregister_backlight(dev); + } mutex_unlock(&video->device_list_lock); video->backlight_registered = false; -- 2.34.1

3 weeks

2
2
0 0

[PATCH 5.10.y] ionic: catch failure from devlink_alloc

by Vasiliy Kovalev

From: Shannon Nelson <shannon.nelson(a)amd.com> commit 4a54903ff68ddb33b6463c94b4eb37fc584ef760 upstream. Add a check for NULL on the alloc return. If devlink_alloc() fails and we try to use devlink_priv() on the NULL return, the kernel gets very unhappy and panics. With this fix, the driver load will still fail, but at least it won't panic the kernel. Fixes: df69ba43217d ("ionic: Add basic framework for IONIC Network device driver") Signed-off-by: Shannon Nelson <shannon.nelson(a)amd.com> Reviewed-by: Simon Horman <simon.horman(a)corigine.com> Reviewed-by: Jiri Pirko <jiri(a)nvidia.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [ kovalev: bp to fix CVE-2023-53470 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/net/ethernet/pensando/ionic/ionic_devlink.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/pensando/ionic/ionic_devlink.c b/drivers/net/ethernet/pensando/ionic/ionic_devlink.c index 3d94064c685d..52ebecf2521e 100644 --- a/drivers/net/ethernet/pensando/ionic/ionic_devlink.c +++ b/drivers/net/ethernet/pensando/ionic/ionic_devlink.c @@ -65,6 +65,8 @@ struct ionic *ionic_devlink_alloc(struct device *dev) struct devlink *dl; dl = devlink_alloc(&ionic_dl_ops, sizeof(struct ionic)); + if (!dl) + return NULL; return devlink_priv(dl); } -- 2.50.1

3 weeks

1
0
0 0

[PATCH v7 1/8] iommu: Disable SVA when CONFIG_X86 is set

by Lu Baolu

In the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware shares and walks the CPU's page tables. The x86 architecture maps the kernel's virtual address space into the upper portion of every process's page table. Consequently, in an SVA context, the IOMMU hardware can walk and cache kernel page table entries. The Linux kernel currently lacks a notification mechanism for kernel page table changes, specifically when page table pages are freed and reused. The IOMMU driver is only notified of changes to user virtual address mappings. This can cause the IOMMU's internal caches to retain stale entries for kernel VA. Use-After-Free (UAF) and Write-After-Free (WAF) conditions arise when kernel page table pages are freed and later reallocated. The IOMMU could misinterpret the new data as valid page table entries. The IOMMU might then walk into attacker-controlled memory, leading to arbitrary physical memory DMA access or privilege escalation. This is also a Write-After-Free issue, as the IOMMU will potentially continue to write Accessed and Dirty bits to the freed memory while attempting to walk the stale page tables. Currently, SVA contexts are unprivileged and cannot access kernel mappings. However, the IOMMU will still walk kernel-only page tables all the way down to the leaf entries, where it realizes the mapping is for the kernel and errors out. This means the IOMMU still caches these intermediate page table entries, making the described vulnerability a real concern. Disable SVA on x86 architecture until the IOMMU can receive notification to flush the paging cache before freeing the CPU kernel page table pages. Fixes: 26b25a2b98e4 ("iommu: Bind process address spaces to devices") Cc: stable(a)vger.kernel.org Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> --- drivers/iommu/iommu-sva.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iommu/iommu-sva.c b/drivers/iommu/iommu-sva.c index 1a51cfd82808..a0442faad952 100644 --- a/drivers/iommu/iommu-sva.c +++ b/drivers/iommu/iommu-sva.c @@ -77,6 +77,9 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm if (!group) return ERR_PTR(-ENODEV); + if (IS_ENABLED(CONFIG_X86)) + return ERR_PTR(-EOPNOTSUPP); + mutex_lock(&iommu_sva_lock); /* Allocate mm->pasid if necessary. */ -- 2.43.0

3 weeks

2
1
0 0

[PATCH 5.10.y] firewire: net: fix use after free in fwnet_finish_incoming_packet()

by Vasiliy Kovalev

From: Zhang Shurong <zhang_shurong(a)foxmail.com> commit 3ff256751a2853e1ffaa36958ff933ccc98c6cb5 upstream. The netif_rx() function frees the skb so we can't dereference it to save the skb->len. Signed-off-by: Zhang Shurong <zhang_shurong(a)foxmail.com> Link: https://lore.kernel.org/r/tencent_3B3D24B66ED66A6BB73CC0E63C6A14E45109@qq.c… Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> [ kovalev: bp to fix CVE-2023-53432 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/firewire/net.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/firewire/net.c b/drivers/firewire/net.c index 715e491dfbc3..8504e95ede90 100644 --- a/drivers/firewire/net.c +++ b/drivers/firewire/net.c @@ -489,7 +489,7 @@ static int fwnet_finish_incoming_packet(struct net_device *net, bool is_broadcast, u16 ether_type) { struct fwnet_device *dev; - int status; + int status, len; __be64 guid; switch (ether_type) { @@ -546,13 +546,15 @@ static int fwnet_finish_incoming_packet(struct net_device *net, } skb->protocol = protocol; } + + len = skb->len; status = netif_rx(skb); if (status == NET_RX_DROP) { net->stats.rx_errors++; net->stats.rx_dropped++; } else { net->stats.rx_packets++; - net->stats.rx_bytes += skb->len; + net->stats.rx_bytes += len; } return 0; -- 2.50.1

3 weeks

1
0
0 0

+ iommu-disable-sva-when-config_x86-is-set.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: iommu: disable SVA when CONFIG_X86 is set has been added to the -mm mm-new branch. Its filename is iommu-disable-sva-when-config_x86-is-set.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lu Baolu <baolu.lu(a)linux.intel.com> Subject: iommu: disable SVA when CONFIG_X86 is set Date: Wed, 22 Oct 2025 16:26:27 +0800 Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). In an SVA context, an IOMMU can cache kernel page table entries. When a kernel page table page is freed and reallocated for another purpose, the IOMMU might still hold stale, incorrect entries. This can be exploited to cause a use-after-free or write-after-free condition, potentially leading to privilege escalation or data corruption. This solution introduces a deferred freeing mechanism for kernel page table pages, which provides a safe window to notify the IOMMU to invalidate its caches before the page is reused. This patch (of 8): In the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware shares and walks the CPU's page tables. The x86 architecture maps the kernel's virtual address space into the upper portion of every process's page table. Consequently, in an SVA context, the IOMMU hardware can walk and cache kernel page table entries. The Linux kernel currently lacks a notification mechanism for kernel page table changes, specifically when page table pages are freed and reused. The IOMMU driver is only notified of changes to user virtual address mappings. This can cause the IOMMU's internal caches to retain stale entries for kernel VA. Use-After-Free (UAF) and Write-After-Free (WAF) conditions arise when kernel page table pages are freed and later reallocated. The IOMMU could misinterpret the new data as valid page table entries. The IOMMU might then walk into attacker-controlled memory, leading to arbitrary physical memory DMA access or privilege escalation. This is also a Write-After-Free issue, as the IOMMU will potentially continue to write Accessed and Dirty bits to the freed memory while attempting to walk the stale page tables. Currently, SVA contexts are unprivileged and cannot access kernel mappings. However, the IOMMU will still walk kernel-only page tables all the way down to the leaf entries, where it realizes the mapping is for the kernel and errors out. This means the IOMMU still caches these intermediate page table entries, making the described vulnerability a real concern. Disable SVA on x86 architecture until the IOMMU can receive notification to flush the paging cache before freeing the CPU kernel page table pages. Link: https://lkml.kernel.org/r/20251022082635.2462433-1-baolu.lu@linux.intel.com Link: https://lkml.kernel.org/r/20251022082635.2462433-2-baolu.lu@linux.intel.com Fixes: 26b25a2b98e4 ("iommu: Bind process address spaces to devices") Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jann Horn <jannh(a)google.com> Cc: Jean-Philippe Brucker <jean-philippe(a)linaro.org> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Kevin Tian <kevin.tian(a)intel.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Robin Murohy <robin.murphy(a)arm.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Vasant Hegde <vasant.hegde(a)amd.com> Cc: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Will Deacon <will(a)kernel.org> Cc: Yi Lai <yi1.lai(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/iommu/iommu-sva.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/iommu/iommu-sva.c~iommu-disable-sva-when-config_x86-is-set +++ a/drivers/iommu/iommu-sva.c @@ -77,6 +77,9 @@ struct iommu_sva *iommu_sva_bind_device( if (!group) return ERR_PTR(-ENODEV); + if (IS_ENABLED(CONFIG_X86)) + return ERR_PTR(-EOPNOTSUPP); + mutex_lock(&iommu_sva_lock); /* Allocate mm->pasid if necessary. */ _ Patches currently in -mm which might be from baolu.lu(a)linux.intel.com are iommu-disable-sva-when-config_x86-is-set.patch x86-mm-use-pagetable_free.patch iommu-sva-invalidate-stale-iotlb-entries-for-kernel-address-space.patch

3 weeks

1
0
0 0

[PATCH 5.10.y] RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device

by Vasiliy Kovalev

From: Shay Drory <shayd(a)nvidia.com> commit 38b50aa44495d5eb4218f0b82fc2da76505cec53 upstream. Currently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0), there is a special handling in order to use the correct counters, but, port_num is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur. BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 8 PID: 1382 Comm: devlink Tainted: G W 6.1.0-rc4_for_upstream_base_2022_11_10_16_12 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:_raw_spin_lock+0xc/0x20 Call Trace: <TASK> mlx5_ib_get_native_port_mdev+0x73/0xe0 [mlx5_ib] do_get_hw_stats.constprop.0+0x109/0x160 [mlx5_ib] mlx5_ib_get_hw_stats+0xad/0x180 [mlx5_ib] ib_setup_device_attrs+0xf0/0x290 [ib_core] ib_register_device+0x3bb/0x510 [ib_core] ? atomic_notifier_chain_register+0x67/0x80 __mlx5_ib_add+0x2b/0x80 [mlx5_ib] mlx5r_probe+0xb8/0x150 [mlx5_ib] ? auxiliary_match_id+0x6a/0x90 auxiliary_bus_probe+0x3c/0x70 ? driver_sysfs_add+0x6b/0x90 really_probe+0xcd/0x380 __driver_probe_device+0x80/0x170 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 ? driver_allows_async_probing+0x60/0x60 ? driver_allows_async_probing+0x60/0x60 bus_for_each_drv+0x7b/0xc0 __device_attach+0xbc/0x200 bus_probe_device+0x87/0xa0 device_add+0x404/0x940 ? dev_set_name+0x53/0x70 __auxiliary_device_add+0x43/0x60 add_adev+0x99/0xe0 [mlx5_core] mlx5_attach_device+0xc8/0x120 [mlx5_core] mlx5_load_one_devl_locked+0xb2/0xe0 [mlx5_core] devlink_reload+0x133/0x250 devlink_nl_cmd_reload+0x480/0x570 ? devlink_nl_pre_doit+0x44/0x2b0 genl_family_rcv_msg_doit.isra.0+0xc2/0x110 genl_rcv_msg+0x180/0x2b0 ? devlink_nl_cmd_region_read_dumpit+0x540/0x540 ? devlink_reload+0x250/0x250 ? devlink_put+0x50/0x50 ? genl_family_rcv_msg_doit.isra.0+0x110/0x110 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x1f6/0x2c0 netlink_sendmsg+0x237/0x490 sock_sendmsg+0x33/0x40 __sys_sendto+0x103/0x160 ? handle_mm_fault+0x10e/0x290 ? do_user_addr_fault+0x1c0/0x5f0 __x64_sys_sendto+0x25/0x30 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Fix it by setting port_num to 1 in order to get device status and remove unused variable. Fixes: aac4492ef23a ("IB/mlx5: Update counter implementation for dual port RoCE") Link: https://lore.kernel.org/r/98b82994c3cd3fa593b8a75ed3f3901e208beb0f.16722317… Signed-off-by: Shay Drory <shayd(a)nvidia.com> Reviewed-by: Patrisious Haddad <phaddad(a)nvidia.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> [ kovalev: bp to fix CVE-2023-53393 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/infiniband/hw/mlx5/counters.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/counters.c b/drivers/infiniband/hw/mlx5/counters.c index 33636268d43d..29b38cf055be 100644 --- a/drivers/infiniband/hw/mlx5/counters.c +++ b/drivers/infiniband/hw/mlx5/counters.c @@ -249,7 +249,6 @@ static int mlx5_ib_get_hw_stats(struct ib_device *ibdev, const struct mlx5_ib_counters *cnts = get_counters(dev, port_num - 1); struct mlx5_core_dev *mdev; int ret, num_counters; - u8 mdev_port_num; if (!stats) return -EINVAL; @@ -270,8 +269,9 @@ static int mlx5_ib_get_hw_stats(struct ib_device *ibdev, } if (MLX5_CAP_GEN(dev->mdev, cc_query_allowed)) { - mdev = mlx5_ib_get_native_port_mdev(dev, port_num, - &mdev_port_num); + if (!port_num) + port_num = 1; + mdev = mlx5_ib_get_native_port_mdev(dev, port_num, NULL); if (!mdev) { /* If port is not affiliated yet, its in down state * which doesn't have any counters yet, so it would be -- 2.50.1

3 weeks

1
0
0 0

[PATCH 2/2] io_uring/sqpoll: be smarter on when to update the stime usage

by Jens Axboe

The current approach is a bit naive, and hence calls the time querying way too often. Only start the "doing work" timer when there's actual work to do, and then use that information to terminate (and account) the work time once done. This greatly reduces the frequency of these calls, when they cannot have changed anyway. Running a basic random reader that is setup to use SQPOLL, a profile before this change shows these as the top cycle consumers: + 32.60% iou-sqp-1074 [kernel.kallsyms] [k] thread_group_cputime_adjusted + 19.97% iou-sqp-1074 [kernel.kallsyms] [k] thread_group_cputime + 12.20% io_uring io_uring [.] submitter_uring_fn + 4.13% iou-sqp-1074 [kernel.kallsyms] [k] getrusage + 2.45% iou-sqp-1074 [kernel.kallsyms] [k] io_submit_sqes + 2.18% iou-sqp-1074 [kernel.kallsyms] [k] __pi_memset_generic + 2.09% iou-sqp-1074 [kernel.kallsyms] [k] cputime_adjust and after this change, top of profile looks as follows: + 36.23% io_uring io_uring [.] submitter_uring_fn + 23.26% iou-sqp-819 [kernel.kallsyms] [k] io_sq_thread + 10.14% iou-sqp-819 [kernel.kallsyms] [k] io_sq_tw + 6.52% iou-sqp-819 [kernel.kallsyms] [k] tctx_task_work_run + 4.82% iou-sqp-819 [kernel.kallsyms] [k] nvme_submit_cmds.part.0 + 2.91% iou-sqp-819 [kernel.kallsyms] [k] io_submit_sqes [...] 0.02% iou-sqp-819 [kernel.kallsyms] [k] cputime_adjust where it's spending the cycles on things that actually matter. Reported-by: Fengnan Chang <changfengnan(a)bytedance.com> Cc: stable(a)vger.kernel.org Fixes: 3fcb9d17206e ("io_uring/sqpoll: statistics of the true utilization of sq threads") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/sqpoll.c | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 2b816fdb9866..e22f072c7d5f 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -170,6 +170,11 @@ static inline bool io_sqd_events_pending(struct io_sq_data *sqd) return READ_ONCE(sqd->state); } +struct io_sq_time { + bool started; + u64 usec; +}; + u64 io_sq_cpu_usec(struct task_struct *tsk) { u64 utime, stime; @@ -179,12 +184,24 @@ u64 io_sq_cpu_usec(struct task_struct *tsk) return stime; } -static void io_sq_update_worktime(struct io_sq_data *sqd, u64 usec) +static void io_sq_update_worktime(struct io_sq_data *sqd, struct io_sq_time *ist) +{ + if (!ist->started) + return; + ist->started = false; + sqd->work_time += io_sq_cpu_usec(current) - ist->usec; +} + +static void io_sq_start_worktime(struct io_sq_time *ist) { - sqd->work_time += io_sq_cpu_usec(current) - usec; + if (ist->started) + return; + ist->started = true; + ist->usec = io_sq_cpu_usec(current); } -static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) +static int __io_sq_thread(struct io_ring_ctx *ctx, struct io_sq_data *sqd, + bool cap_entries, struct io_sq_time *ist) { unsigned int to_submit; int ret = 0; @@ -197,6 +214,8 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit || !wq_list_empty(&ctx->iopoll_list)) { const struct cred *creds = NULL; + io_sq_start_worktime(ist); + if (ctx->sq_creds != current_cred()) creds = override_creds(ctx->sq_creds); @@ -278,7 +297,6 @@ static int io_sq_thread(void *data) unsigned long timeout = 0; char buf[TASK_COMM_LEN] = {}; DEFINE_WAIT(wait); - u64 start; /* offload context creation failed, just exit */ if (!current->io_uring) { @@ -313,6 +331,7 @@ static int io_sq_thread(void *data) mutex_lock(&sqd->lock); while (1) { bool cap_entries, sqt_spin = false; + struct io_sq_time ist = { }; if (io_sqd_events_pending(sqd) || signal_pending(current)) { if (io_sqd_handle_event(sqd)) @@ -321,9 +340,8 @@ static int io_sq_thread(void *data) } cap_entries = !list_is_singular(&sqd->ctx_list); - start = io_sq_cpu_usec(current); list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { - int ret = __io_sq_thread(ctx, cap_entries); + int ret = __io_sq_thread(ctx, sqd, cap_entries, &ist); if (!sqt_spin && (ret > 0 || !wq_list_empty(&ctx->iopoll_list))) sqt_spin = true; @@ -331,15 +349,18 @@ static int io_sq_thread(void *data) if (io_sq_tw(&retry_list, IORING_TW_CAP_ENTRIES_VALUE)) sqt_spin = true; - list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) - if (io_napi(ctx)) + list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { + if (io_napi(ctx)) { + io_sq_start_worktime(&ist); io_napi_sqpoll_busy_poll(ctx); + } + } + + io_sq_update_worktime(sqd, &ist); if (sqt_spin || !time_after(jiffies, timeout)) { - if (sqt_spin) { - io_sq_update_worktime(sqd, start); + if (sqt_spin) timeout = jiffies + sqd->sq_thread_idle; - } if (unlikely(need_resched())) { mutex_unlock(&sqd->lock); cond_resched(); -- 2.51.0

3 weeks

1
0
0 0

[PATCH 1/2] io_uring/sqpoll: switch away from getrusage() for CPU accounting

by Jens Axboe

getrusage() does a lot more than what the SQPOLL accounting needs, the latter only cares about (and uses) the stime. Rather than do a full RUSAGE_SELF summation, just query the used stime instead. Cc: stable(a)vger.kernel.org Fixes: 3fcb9d17206e ("io_uring/sqpoll: statistics of the true utilization of sq threads") Reviewed-by: Gabriel Krisman Bertazi <krisman(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/fdinfo.c | 8 ++++---- io_uring/sqpoll.c | 32 ++++++++++++++++++-------------- io_uring/sqpoll.h | 1 + 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/io_uring/fdinfo.c b/io_uring/fdinfo.c index ff3364531c77..294c75a8a3bd 100644 --- a/io_uring/fdinfo.c +++ b/io_uring/fdinfo.c @@ -59,7 +59,6 @@ static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m) { struct io_overflow_cqe *ocqe; struct io_rings *r = ctx->rings; - struct rusage sq_usage; unsigned int sq_mask = ctx->sq_entries - 1, cq_mask = ctx->cq_entries - 1; unsigned int sq_head = READ_ONCE(r->sq.head); unsigned int sq_tail = READ_ONCE(r->sq.tail); @@ -152,14 +151,15 @@ static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m) * thread termination. */ if (tsk) { + u64 usec; + get_task_struct(tsk); rcu_read_unlock(); - getrusage(tsk, RUSAGE_SELF, &sq_usage); + usec = io_sq_cpu_usec(tsk); put_task_struct(tsk); sq_pid = sq->task_pid; sq_cpu = sq->sq_cpu; - sq_total_time = (sq_usage.ru_stime.tv_sec * 1000000 - + sq_usage.ru_stime.tv_usec); + sq_total_time = usec; sq_work_time = sq->work_time; } else { rcu_read_unlock(); diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index a3f11349ce06..2b816fdb9866 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -11,6 +11,7 @@ #include <linux/audit.h> #include <linux/security.h> #include <linux/cpuset.h> +#include <linux/sched/cputime.h> #include <linux/io_uring.h> #include <uapi/linux/io_uring.h> @@ -169,6 +170,20 @@ static inline bool io_sqd_events_pending(struct io_sq_data *sqd) return READ_ONCE(sqd->state); } +u64 io_sq_cpu_usec(struct task_struct *tsk) +{ + u64 utime, stime; + + task_cputime_adjusted(tsk, &utime, &stime); + do_div(stime, 1000); + return stime; +} + +static void io_sq_update_worktime(struct io_sq_data *sqd, u64 usec) +{ + sqd->work_time += io_sq_cpu_usec(current) - usec; +} + static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) { unsigned int to_submit; @@ -255,26 +270,15 @@ static bool io_sq_tw_pending(struct llist_node *retry_list) return retry_list || !llist_empty(&tctx->task_list); } -static void io_sq_update_worktime(struct io_sq_data *sqd, struct rusage *start) -{ - struct rusage end; - - getrusage(current, RUSAGE_SELF, &end); - end.ru_stime.tv_sec -= start->ru_stime.tv_sec; - end.ru_stime.tv_usec -= start->ru_stime.tv_usec; - - sqd->work_time += end.ru_stime.tv_usec + end.ru_stime.tv_sec * 1000000; -} - static int io_sq_thread(void *data) { struct llist_node *retry_list = NULL; struct io_sq_data *sqd = data; struct io_ring_ctx *ctx; - struct rusage start; unsigned long timeout = 0; char buf[TASK_COMM_LEN] = {}; DEFINE_WAIT(wait); + u64 start; /* offload context creation failed, just exit */ if (!current->io_uring) { @@ -317,7 +321,7 @@ static int io_sq_thread(void *data) } cap_entries = !list_is_singular(&sqd->ctx_list); - getrusage(current, RUSAGE_SELF, &start); + start = io_sq_cpu_usec(current); list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { int ret = __io_sq_thread(ctx, cap_entries); @@ -333,7 +337,7 @@ static int io_sq_thread(void *data) if (sqt_spin || !time_after(jiffies, timeout)) { if (sqt_spin) { - io_sq_update_worktime(sqd, &start); + io_sq_update_worktime(sqd, start); timeout = jiffies + sqd->sq_thread_idle; } if (unlikely(need_resched())) { diff --git a/io_uring/sqpoll.h b/io_uring/sqpoll.h index b83dcdec9765..fd2f6f29b516 100644 --- a/io_uring/sqpoll.h +++ b/io_uring/sqpoll.h @@ -29,6 +29,7 @@ void io_sq_thread_unpark(struct io_sq_data *sqd); void io_put_sq_data(struct io_sq_data *sqd); void io_sqpoll_wait_sq(struct io_ring_ctx *ctx); int io_sqpoll_wq_cpu_affinity(struct io_ring_ctx *ctx, cpumask_var_t mask); +u64 io_sq_cpu_usec(struct task_struct *tsk); static inline struct task_struct *sqpoll_task_locked(struct io_sq_data *sqd) { -- 2.51.0

3 weeks

1
0
0 0

[PATCH 1/2] io_uring/sqpoll: switch away from getrusage() for CPU accounting

by Jens Axboe

getrusage() does a lot more than what the SQPOLL accounting needs, the latter only cares about (and uses) the stime. Rather than do a full RUSAGE_SELF summation, just query the used stime instead. Cc: stable(a)vger.kernel.org Fixes: 3fcb9d17206e ("io_uring/sqpoll: statistics of the true utilization of sq threads") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/fdinfo.c | 9 +++++---- io_uring/sqpoll.c | 34 ++++++++++++++++++++-------------- io_uring/sqpoll.h | 1 + 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/io_uring/fdinfo.c b/io_uring/fdinfo.c index ff3364531c77..966e06b078f6 100644 --- a/io_uring/fdinfo.c +++ b/io_uring/fdinfo.c @@ -59,7 +59,6 @@ static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m) { struct io_overflow_cqe *ocqe; struct io_rings *r = ctx->rings; - struct rusage sq_usage; unsigned int sq_mask = ctx->sq_entries - 1, cq_mask = ctx->cq_entries - 1; unsigned int sq_head = READ_ONCE(r->sq.head); unsigned int sq_tail = READ_ONCE(r->sq.tail); @@ -152,14 +151,16 @@ static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m) * thread termination. */ if (tsk) { + struct timespec64 ts; + get_task_struct(tsk); rcu_read_unlock(); - getrusage(tsk, RUSAGE_SELF, &sq_usage); + ts = io_sq_cpu_time(tsk); put_task_struct(tsk); sq_pid = sq->task_pid; sq_cpu = sq->sq_cpu; - sq_total_time = (sq_usage.ru_stime.tv_sec * 1000000 - + sq_usage.ru_stime.tv_usec); + sq_total_time = (ts.tv_sec * 1000000 + + ts.tv_nsec / 1000); sq_work_time = sq->work_time; } else { rcu_read_unlock(); diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index a3f11349ce06..8705b0aa82e0 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -11,6 +11,7 @@ #include <linux/audit.h> #include <linux/security.h> #include <linux/cpuset.h> +#include <linux/sched/cputime.h> #include <linux/io_uring.h> #include <uapi/linux/io_uring.h> @@ -169,6 +170,22 @@ static inline bool io_sqd_events_pending(struct io_sq_data *sqd) return READ_ONCE(sqd->state); } +struct timespec64 io_sq_cpu_time(struct task_struct *tsk) +{ + u64 utime, stime; + + task_cputime_adjusted(tsk, &utime, &stime); + return ns_to_timespec64(stime); +} + +static void io_sq_update_worktime(struct io_sq_data *sqd, struct timespec64 start) +{ + struct timespec64 ts; + + ts = timespec64_sub(io_sq_cpu_time(current), start); + sqd->work_time += ts.tv_sec * 1000000 + ts.tv_nsec / 1000; +} + static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) { unsigned int to_submit; @@ -255,23 +272,12 @@ static bool io_sq_tw_pending(struct llist_node *retry_list) return retry_list || !llist_empty(&tctx->task_list); } -static void io_sq_update_worktime(struct io_sq_data *sqd, struct rusage *start) -{ - struct rusage end; - - getrusage(current, RUSAGE_SELF, &end); - end.ru_stime.tv_sec -= start->ru_stime.tv_sec; - end.ru_stime.tv_usec -= start->ru_stime.tv_usec; - - sqd->work_time += end.ru_stime.tv_usec + end.ru_stime.tv_sec * 1000000; -} - static int io_sq_thread(void *data) { struct llist_node *retry_list = NULL; struct io_sq_data *sqd = data; struct io_ring_ctx *ctx; - struct rusage start; + struct timespec64 start; unsigned long timeout = 0; char buf[TASK_COMM_LEN] = {}; DEFINE_WAIT(wait); @@ -317,7 +323,7 @@ static int io_sq_thread(void *data) } cap_entries = !list_is_singular(&sqd->ctx_list); - getrusage(current, RUSAGE_SELF, &start); + start = io_sq_cpu_time(current); list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { int ret = __io_sq_thread(ctx, cap_entries); @@ -333,7 +339,7 @@ static int io_sq_thread(void *data) if (sqt_spin || !time_after(jiffies, timeout)) { if (sqt_spin) { - io_sq_update_worktime(sqd, &start); + io_sq_update_worktime(sqd, start); timeout = jiffies + sqd->sq_thread_idle; } if (unlikely(need_resched())) { diff --git a/io_uring/sqpoll.h b/io_uring/sqpoll.h index b83dcdec9765..84ed2b312e88 100644 --- a/io_uring/sqpoll.h +++ b/io_uring/sqpoll.h @@ -29,6 +29,7 @@ void io_sq_thread_unpark(struct io_sq_data *sqd); void io_put_sq_data(struct io_sq_data *sqd); void io_sqpoll_wait_sq(struct io_ring_ctx *ctx); int io_sqpoll_wq_cpu_affinity(struct io_ring_ctx *ctx, cpumask_var_t mask); +struct timespec64 io_sq_cpu_time(struct task_struct *tsk); static inline struct task_struct *sqpoll_task_locked(struct io_sq_data *sqd) { -- 2.51.0

3 weeks

2
2
0 0

[PATCH 6.6 000/105] 6.6.114-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.114 release. There are 105 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 23 Oct 2025 19:49:51 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.114-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.114-rc1 Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Reset BARs when running in PCIe endpoint mode Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads (part 2) Scott Mayhew <smayhew(a)redhat.com> nfsd: decouple the xprtsec policy check from check_nfsd_access() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix mailbox API compatibility by negotiating supported features Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix getting link speed data for E610 devices Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> ixgbevf: Add support for Intel(R) E610 device Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> PCI: Add PCI_VDEVICE_SUB helper macro Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Shashank A P <shashank.ap(a)samsung.com> fs: quota: create dedicated workqueue for quota_release_work Kemeng Shi <shikemeng(a)huaweicloud.com> quota: remove unneeded return value of register_quota_format Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Darrick J. Wong <djwong(a)kernel.org> xfs: use deferred intent items for reaping crosslinked blocks Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: reorganize DMA aligned buffers in structure Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> phy: cdns-dphy: Store hs_clk_rate and return it Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Darrick J. Wong <djwong(a)kernel.org> block: fix race between set_blocksize and read paths Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Xing Guo <higuoxing(a)gmail.com> selftests: arg_parsing: Ensure data is flushed to disk before reading. Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> HID: multitouch: fix name of Stylus input devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: hid-input: only ignore 0 battery events for digitizers Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: make arg_parsing.c more robust to crashes Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/rockchip: vop2: use correct destination rectangle height check Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Zhanjun Dong <zhanjun.dong(a)intel.com> drm/i915/guc: Skip communication warning on reset in progress Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Generalize helper to clear IRQ status Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Cancel jdet_work before handling jack ejection Christophe Leroy <christophe.leroy(a)csgroup.eu> ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Marek Vasut <marek.vasut(a)mailbox.org> drm/bridge: lt9211: Drop check for last nibble of version register Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation Amit Chaudhary <achaudhary(a)purestorage.com> nvme-multipath: Skip nr_active increments in RETRY disposition I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for pending async decryptions if tls_strp_msg_hold fails Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sascha Hauer <s.hauer(a)pengutronix.de> net: tls: wait for async completion on last message Sabrina Dubroca <sd(a)queasysnail.net> tls: trim encrypted message to match the plaintext on short splice Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_rndis: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ecm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Guoniu Zhou <guoniu.zhou(a)nxp.com> media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix PDC sleep sequence Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/adreno: De-spaghettify the use of memory barriers Nam Cao <namcao(a)linutronix.de> eventpoll: Replace rwlock with spinlock Huang Xiaojia <huangxiaojia2(a)huawei.com> epoll: Remove ep_scan_ready_list() in comments Zenm Chen <zenmchen(a)gmail.com> Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Check whether secure display TA loaded successfully Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Eugene Korenevsky <ekorenevsky(a)aliyun.com> cifs: parse_dfs_referrals: prevent oob on malformed input Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: gs_make_candev(): populate net_device->dev_port Filipe Manana <fdmanana(a)suse.com> btrfs: do not assert we found block group item when creating free space tree Boris Burkov <boris(a)bur.io> btrfs: fix incorrect readahead expansion length Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> ext4: wait for ongoing I/O to complete before freeing blocks Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Prevent access to vCPU events before init Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init Shuhao Fu <sfual(a)cse.ust.hk> smb: client: Fix refcount leak for cifs_sb_tlink ------------- Diffstat: Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Makefile | 4 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kvm/arm.c | 6 + arch/riscv/kernel/probes/kprobes.c | 13 +- block/bdev.c | 17 ++ block/blk-zoned.c | 5 +- block/fops.c | 16 ++ block/ioctl.c | 6 + drivers/accel/qaic/qaic_control.c | 2 +- drivers/base/power/runtime.c | 44 ++++ drivers/bluetooth/btusb.c | 2 + drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/bridge/lontium-lt9211.c | 3 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++++----- drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 38 ++-- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 + drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 10 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 13 +- drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 28 +-- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 ++-- .../media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++++------------ .../media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 +- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/can/usb/gs_usb.c | 23 +-- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 ++- drivers/net/ethernet/intel/ixgbevf/defines.h | 6 +- drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 ++++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/usb/lan78xx.c | 38 +++- drivers/net/usb/r8152.c | 7 +- drivers/nvme/host/multipath.c | 6 +- drivers/pci/controller/cadence/pci-j721e.c | 64 +++++- drivers/pci/controller/dwc/pcie-tegra194.c | 10 + drivers/pci/pci-sysfs.c | 10 +- drivers/phy/cadence/cdns-dphy.c | 133 +++++++++--- drivers/usb/gadget/function/f_acm.c | 42 ++-- drivers/usb/gadget/function/f_ecm.c | 48 ++--- drivers/usb/gadget/function/f_ncm.c | 78 +++---- drivers/usb/gadget/function/f_rndis.c | 85 ++++---- drivers/usb/gadget/udc/core.c | 3 + fs/btrfs/extent_io.c | 2 +- fs/btrfs/free-space-tree.c | 15 +- fs/btrfs/relocation.c | 13 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/eventpoll.c | 145 +++---------- fs/ext4/ext4_jbd2.c | 11 +- fs/ext4/inode.c | 8 + fs/ext4/super.c | 17 +- fs/f2fs/data.c | 2 +- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/export.c | 60 +++++- fs/nfsd/export.h | 2 + fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 34 ++-- fs/nfsd/nfs4xdr.c | 14 +- fs/nfsd/nfsfh.c | 12 +- fs/nfsd/xdr4.h | 36 +++- fs/nilfs2/the_nilfs.c | 3 - fs/ocfs2/super.c | 6 +- fs/quota/dquot.c | 13 +- fs/quota/quota_v1.c | 3 +- fs/quota/quota_v2.c | 9 +- fs/smb/client/inode.c | 6 +- fs/smb/client/misc.c | 17 ++ fs/smb/client/smb2ops.c | 8 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/server.h | 1 + fs/smb/server/smb2pdu.c | 4 + fs/smb/server/transport_ipc.c | 1 + fs/smb/server/transport_tcp.c | 67 +++--- fs/smb/server/transport_tcp.h | 1 + fs/xfs/libxfs/xfs_log_format.h | 30 ++- fs/xfs/scrub/reap.c | 19 +- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 +++- fs/xfs/xfs_ondisk.h | 2 + include/linux/cpufreq.h | 3 + include/linux/mm.h | 2 +- include/linux/pci.h | 14 ++ include/linux/pm_runtime.h | 4 + include/linux/quota.h | 2 +- include/linux/usb/gadget.h | 25 +++ include/net/ip_tunnels.h | 15 ++ kernel/padata.c | 6 +- kernel/sched/fair.c | 38 ++-- mm/shmem.c | 7 +- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp_output.c | 19 +- net/ipv6/ip6_tunnel.c | 3 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 33 ++- rust/bindings/bindings_helper.h | 2 + rust/bindings/lib.rs | 1 + sound/firewire/amdtp-stream.h | 2 +- sound/soc/codecs/idt821034.c | 12 +- sound/soc/codecs/nau8821.c | 53 +++-- sound/usb/card.c | 10 +- .../testing/selftests/bpf/prog_tests/arg_parsing.c | 12 +- 128 files changed, 1549 insertions(+), 924 deletions(-)

3 weeks

11
115
0 0

[PATCHSET] xfs: random fixes for 6.18

by Darrick J. Wong

Hi all, Random fixes for 6.18. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=xf… --- Commits in this patchset: * xfs: don't set bt_nr_sectors to a negative number * xfs: always warn about deprecated mount options * xfs: loudly complain about defunct mount options * xfs: fix locking in xchk_nlinks_collect_dir --- fs/xfs/xfs_buf.h | 1 + fs/xfs/scrub/nlinks.c | 34 +++++++++++++++++++++++++++++++--- fs/xfs/xfs_buf.c | 2 +- fs/xfs/xfs_super.c | 45 +++++++++++++++++++++++++++++++++++---------- 4 files changed, 68 insertions(+), 14 deletions(-)

3 weeks

3
9
0 0

[PATCH 6.12 000/136] 6.12.55-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.55 release. There are 136 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 23 Oct 2025 19:49:51 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.55-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.55-rc1 Guenter Roeck <linux(a)roeck-us.net> dmaengine: Add missing cleanup on module unload Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset blackhole on success with non-loopback ifaces Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Call dst_release() in mptcp_active_enable(). Sharath Chandra Vurukala <quic_sharathv(a)quicinc.com> net: Add locking to protect skb->dev access in ip_output Eric Dumazet <edumazet(a)google.com> ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] Eric Dumazet <edumazet(a)google.com> net: dst: add four helpers to annotate data-races around dst->dev Eric Dumazet <edumazet(a)google.com> tcp: cache RTAX_QUICKACK metric in a hot cache line Eric Dumazet <edumazet(a)google.com> tcp: convert to dev_net_rcu() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix mailbox API compatibility by negotiating supported features Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix getting link speed data for E610 devices Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> ixgbevf: Add support for Intel(R) E610 device Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> PCI: Add PCI_VDEVICE_SUB helper macro Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Al Viro <viro(a)zeniv.linux.org.uk> d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Babu Moger <babu.moger(a)amd.com> x86/resctrl: Refactor resctrl_arch_rmid_read() Yu Kuai <yukuai3(a)huawei.com> md: fix mssing blktrace bio split events John Garry <john.g.garry(a)oracle.com> md/raid10: Handle bio_split() errors John Garry <john.g.garry(a)oracle.com> md/raid1: Handle bio_split() errors John Garry <john.g.garry(a)oracle.com> md/raid0: Handle bio_split() errors Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Darrick J. Wong <djwong(a)kernel.org> xfs: use deferred intent items for reaping crosslinked blocks Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: avoid possible TX wait initialization race Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Implement large extent array support in pNFS Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Sergey Bashirov <sergeybashirov(a)gmail.com> nfsd: Drop dprintk in blocklayout xdr functions Sergey Bashirov <sergeybashirov(a)gmail.com> nfsd: Use correct error code when decoding extents Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> phy: cdns-dphy: Store hs_clk_rate and return it Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Wilfred Mallawa <wilfred.mallawa(a)wdc.com> nvme/tcp: handle tls partially sent records in write_space() Xing Guo <higuoxing(a)gmail.com> selftests: arg_parsing: Ensure data is flushed to disk before reading. Li Qiang <liqiang01(a)kylinos.cn> ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> HID: multitouch: fix name of Stylus input devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: hid-input: only ignore 0 battery events for digitizers Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: make arg_parsing.c more robust to crashes Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Synchronize access to DBC request queue head & tail pointer Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Jeffrey Hugo <quic_jhugo(a)quicinc.com> accel/qaic: Fix bootlog initialization ordering Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/rockchip: vop2: use correct destination rectangle height check Francesco Valla <francesco(a)valla.it> drm/draw: fix color truncation in drm_draw_fill24 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish without IP discovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add ip offset support for cyan skillfish Zhanjun Dong <zhanjun.dong(a)intel.com> drm/i915/guc: Skip communication warning on reset in progress Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Generalize helper to clear IRQ status Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Cancel jdet_work before handling jack ejection Christophe Leroy <christophe.leroy(a)csgroup.eu> ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Marek Vasut <marek.vasut(a)mailbox.org> drm/bridge: lt9211: Drop check for last nibble of version register Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation Amit Chaudhary <achaudhary(a)purestorage.com> nvme-multipath: Skip nr_active increments in RETRY disposition Ketil Johnsen <ketil.johnsen(a)arm.com> drm/panthor: Ensure MCU is disabled on suspend I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Breno Leitao <leitao(a)debian.org> netdevsim: set the carrier when the device goes up Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for pending async decryptions if tls_strp_msg_hold fails Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: trim encrypted message to match the plaintext on short splice Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in RPC handle list access Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: fix CAN state in system PM Sean Nyekjaer <sean(a)geanix.com> can: m_can: call deinit/init callback when going into suspend/resume Sean Nyekjaer <sean(a)geanix.com> can: m_can: add deinit callback Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_chip_config(): bring up interface in correct state Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Jens Axboe <axboe(a)kernel.dk> Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_rndis: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ecm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Guoniu Zhou <guoniu.zhou(a)nxp.com> media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix PDC sleep sequence Miaoqian Lin <linmq006(a)gmail.com> cdx: Fix device node reference leak in cdx_msi_domain_init Jiri Slaby (SUSE) <jirislaby(a)kernel.org> irqdomain: cdx: Switch to of_fwnode_handle() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Check whether secure display TA loaded successfully Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP2 event device with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP event path names with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix address filter match with backing files Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gfx12 mes packet status return check Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Eugene Korenevsky <ekorenevsky(a)aliyun.com> cifs: parse_dfs_referrals: prevent oob on malformed input Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: gs_make_candev(): populate net_device->dev_port Filipe Manana <fdmanana(a)suse.com> btrfs: do not assert we found block group item when creating free space tree Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Boris Burkov <boris(a)bur.io> btrfs: fix incorrect readahead expansion length Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> ext4: wait for ongoing I/O to complete before freeing blocks Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Prevent access to vCPU events before init Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init Hao Ge <gehao(a)kylinos.cn> slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Shuhao Fu <sfual(a)cse.ust.hk> smb: client: Fix refcount leak for cifs_sb_tlink Conor Dooley <conor.dooley(a)microchip.com> rust: cfi: only 64-bit arm and x86 support CFI_CLANG Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/guc: Check GuC running state before deregistering exec queue ------------- Diffstat: Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Makefile | 4 +- arch/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kvm/arm.c | 6 + arch/riscv/kernel/probes/kprobes.c | 13 +- arch/x86/kernel/cpu/resctrl/monitor.c | 46 +++-- drivers/accel/qaic/qaic.h | 2 + drivers/accel/qaic/qaic_control.c | 2 +- drivers/accel/qaic/qaic_data.c | 12 +- drivers/accel/qaic/qaic_debugfs.c | 5 +- drivers/accel/qaic/qaic_drv.c | 3 + drivers/base/power/runtime.c | 44 ++++ drivers/cdx/cdx_msi.c | 5 +- drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/dma/idxd/init.c | 2 + drivers/gpu/drm/amd/amdgpu/Makefile | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- .../gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 +++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/nv.h | 1 + .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/ast/ast_mode.c | 18 +- drivers/gpu/drm/ast/ast_reg.h | 1 + drivers/gpu/drm/bridge/lontium-lt9211.c | 3 +- drivers/gpu/drm/drm_draw.c | 2 +- drivers/gpu/drm/drm_draw_internal.h | 2 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++++----- drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 28 ++- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 + drivers/gpu/drm/panthor/panthor_fw.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 13 +- drivers/gpu/drm/xe/xe_guc_submit.c | 13 +- drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 28 +-- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 ++-- drivers/md/md-linear.c | 1 + drivers/md/raid0.c | 16 ++ drivers/md/raid1.c | 37 +++- drivers/md/raid10.c | 55 ++++- drivers/md/raid5.c | 2 + .../media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++++------------ .../media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 +- drivers/net/can/m_can/m_can.c | 86 +++++--- drivers/net/can/m_can/m_can.h | 1 + drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/can/usb/gs_usb.c | 23 +-- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 ++- drivers/net/ethernet/intel/ixgbevf/defines.h | 6 +- drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 ++++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/netdevsim/netdev.c | 7 + drivers/net/usb/lan78xx.c | 38 +++- drivers/net/usb/r8152.c | 7 +- drivers/net/wireless/realtek/rtw89/core.c | 39 ++-- drivers/net/wireless/realtek/rtw89/core.h | 6 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw89/pci.c | 2 - drivers/nvme/host/multipath.c | 6 +- drivers/nvme/host/tcp.c | 3 + drivers/phy/cadence/cdns-dphy.c | 133 +++++++++--- drivers/usb/gadget/function/f_acm.c | 42 ++-- drivers/usb/gadget/function/f_ecm.c | 48 ++--- drivers/usb/gadget/function/f_ncm.c | 78 +++---- drivers/usb/gadget/function/f_rndis.c | 85 ++++---- drivers/usb/gadget/udc/core.c | 3 + fs/btrfs/extent_io.c | 2 +- fs/btrfs/free-space-tree.c | 15 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/relocation.c | 13 +- fs/btrfs/zoned.c | 2 +- fs/dax.c | 2 +- fs/dcache.c | 12 +- fs/ext4/ext4_jbd2.c | 11 +- fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 +- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 33 +-- fs/nfsd/blocklayoutxdr.c | 171 ++++++++++------ fs/nfsd/blocklayoutxdr.h | 8 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++-- fs/nfsd/nfs4xdr.c | 25 +-- fs/nfsd/nfsd.h | 1 + fs/nfsd/pnfs.h | 1 + fs/nfsd/xdr4.h | 39 +++- fs/smb/client/inode.c | 6 +- fs/smb/client/misc.c | 17 ++ fs/smb/client/smb2ops.c | 8 +- fs/smb/server/mgmt/user_session.c | 7 +- fs/smb/server/smb2pdu.c | 9 +- fs/smb/server/transport_ipc.c | 12 ++ fs/xfs/libxfs/xfs_log_format.h | 30 ++- fs/xfs/libxfs/xfs_ondisk.h | 2 + fs/xfs/scrub/reap.c | 9 +- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 +++- include/linux/mm.h | 2 +- include/linux/pci.h | 14 ++ include/linux/pm_runtime.h | 4 + include/linux/usb/gadget.h | 25 +++ include/net/dst.h | 32 +++ include/net/inet6_hashtables.h | 2 +- include/net/inet_connection_sock.h | 3 +- include/net/inet_hashtables.h | 2 +- include/net/ip.h | 11 +- include/net/ip_tunnels.h | 15 ++ include/net/route.h | 2 +- io_uring/rw.c | 2 +- kernel/events/core.c | 8 +- kernel/padata.c | 6 +- kernel/sched/fair.c | 26 +-- mm/slub.c | 9 +- net/core/dst.c | 4 +- net/core/sock.c | 14 +- net/ipv4/icmp.c | 24 ++- net/ipv4/igmp.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_output.c | 19 +- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/ip_vti.c | 4 +- net/ipv4/netfilter.c | 4 +- net/ipv4/route.c | 8 +- net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 3 +- net/ipv4/tcp_ipv4.c | 12 +- net/ipv4/tcp_metrics.c | 8 +- net/ipv4/tcp_output.c | 19 +- net/ipv4/xfrm4_output.c | 2 +- net/ipv6/ip6_tunnel.c | 3 +- net/ipv6/tcp_ipv6.c | 22 +- net/mptcp/ctrl.c | 9 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 31 ++- rust/bindings/bindings_helper.h | 1 + sound/firewire/amdtp-stream.h | 2 +- sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 +- sound/soc/codecs/idt821034.c | 12 +- sound/soc/codecs/nau8821.c | 53 +++-- sound/usb/card.c | 10 +- .../testing/selftests/bpf/prog_tests/arg_parsing.c | 12 +- 164 files changed, 1922 insertions(+), 967 deletions(-)

3 weeks

8
146
0 0

[PATCH 6.17 000/159] 6.17.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.5 release. There are 159 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 23 Oct 2025 19:49:51 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.5-rc1 Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't allow evicting of BOs in same VM in array of VM binds Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Move rebar to be done earlier Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Unify the initialization of VRAM regions Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Move struct xe_vram_region to a dedicated header Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Use dynamic allocation for tile and device VRAM region structures Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Use devm_ioremap_wc for VRAM mapping and drop manual unmap Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dave Jiang <dave.jiang(a)intel.com> cxl: Fix match_region_by_range() to use region_res_match_cxl_range() Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Babu Moger <babu.moger(a)amd.com> x86/resctrl: Refactor resctrl_arch_rmid_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> phy: cdns-dphy: Store hs_clk_rate and return it Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Implement large extent array support in pNFS Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Ada Couprie Diaz <ada.coupriediaz(a)arm.com> arm64: debug: always unmask interrupts in el0_softstp() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Miguel Ojeda <ojeda(a)kernel.org> rust: cpufreq: fix formatting Wilfred Mallawa <wilfred.mallawa(a)wdc.com> nvme/tcp: handle tls partially sent records in write_space() Xing Guo <higuoxing(a)gmail.com> selftests: arg_parsing: Ensure data is flushed to disk before reading. Matthew Auld <matthew.auld(a)intel.com> drm/xe/evict: drop bogus assert Li Qiang <liqiang01(a)kylinos.cn> ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> HID: multitouch: fix name of Stylus input devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: hid-input: only ignore 0 battery events for digitizers Ming Lei <ming.lei(a)redhat.com> block: Remove elevator_lock usage from blkg_conf frozen operations Yu Kuai <yukuai3(a)huawei.com> blk-mq: fix stale tag depth for shared sched tags in blk_mq_update_nr_requests() Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: make arg_parsing.c more robust to crashes Alison Schofield <alison.schofield(a)intel.com> cxl/trace: Subtract to find an hpa_alias0 in cxl_poison events Martin George <martinus.gpy(a)gmail.com> nvme-auth: update sc_c in host response Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Synchronize access to DBC request queue head & tail pointer Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Jeff Hugo <jeff.hugo(a)oss.qualcomm.com> accel/qaic: Fix bootlog initialization ordering Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Peter Zijlstra (Intel) <peterz(a)infradead.org> sched/deadline: Stop dl_server before CPU goes offline Even Xu <even.xu(a)intel.com> HID: intel-thc-hid: Intel-quickspi: switch first interrupt from level to edge detection Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/rockchip: vop2: use correct destination rectangle height check Francesco Valla <francesco(a)valla.it> drm/draw: fix color truncation in drm_draw_fill24 Ingo Molnar <mingo(a)kernel.org> x86/mm: Fix SMP ordering in switch_mm_irqs_off() Dave Jiang <dave.jiang(a)intel.com> cxl/features: Add check for no entries in cxl_feature_info Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe: Enable media sampler power gating Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: drop unused structures in amdgpu_drm.h Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: set an error on all fences from a bad context Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: handle wrap around in reemit handling Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish without IP discovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add ip offset support for cyan skillfish Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/fb: Fix the set_tiling vs. addfb race, again Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/frontbuffer: Move bo refcounting intel_frontbuffer_{get,release}() Zhanjun Dong <zhanjun.dong(a)intel.com> drm/i915/guc: Skip communication warning on reset in progress Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Consistently clear interrupts before unmasking Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Generalize helper to clear IRQ status Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Cancel jdet_work before handling jack ejection Christophe Leroy <christophe.leroy(a)csgroup.eu> ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/fadump: skip parameter area allocation when fadump is disabled Marek Vasut <marek.vasut(a)mailbox.org> drm/bridge: lt9211: Drop check for last nibble of version register Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation Amit Chaudhary <achaudhary(a)purestorage.com> nvme-multipath: Skip nr_active increments in RETRY disposition Ketil Johnsen <ketil.johnsen(a)arm.com> drm/panthor: Ensure MCU is disabled on suspend I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Breno Leitao <leitao(a)debian.org> netdevsim: set the carrier when the device goes up Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for pending async decryptions if tls_strp_msg_hold fails Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: trim encrypted message to match the plaintext on short splice Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in RPC handle list access Florian Westphal <fw(a)strlen.de> net: core: fix lockdep splat on device unregister Wang Liang <wangliang74(a)huawei.com> selftests: net: check jq command is supported Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Take into account out-of-order tx completions in airoha_dev_xmit() Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Zqiang <qiang.zhang(a)linux.dev> usbnet: Fix using smp_processor_id() in preemptible code warnings Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Octeontx2-af: Fix missing error code in cgx_probe() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Marek Vasut <marek.vasut(a)mailbox.org> net: phy: realtek: Avoid PHYCR2 access if PHYCR2 not present Koichiro Den <den(a)valinux.co.jp> ixgbe: fix too early devlink_free() in ixgbe_remove() Milena Olech <milena.olech(a)intel.com> idpf: cleanup remaining SKBs in PTP flows Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: Fix GMII/MII/MII-Lite selection Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Ivan Vecera <ivecera(a)redhat.com> dpll: zl3073x: Handle missing or corrupted flash configuration Ivan Vecera <ivecera(a)redhat.com> dpll: zl3073x: Refactor DPLL initialization Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> can: j1939: add missing calls in NETDEV_UNREGISTER notification handler Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Rex Lu <rex.lu(a)mediatek.com> net: mtk: wed: add dma mask limitation and GFP_DMA32 for device with more than 4GB DRAM Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: fix CAN state in system PM Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_chip_config(): bring up interface in correct state Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Christian Brauner <brauner(a)kernel.org> coredump: fix core_pattern input validation Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ecm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_rndis: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Guoniu Zhou <guoniu.zhou(a)nxp.com> media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd: Fix hybrid sleep Mario Limonciello (AMD) <superm1(a)kernel.org> PM: hibernate: Add pm_hibernation_mode_is_suspend() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Check whether secure display TA loaded successfully Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP2 event device with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP event path names with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix address filter match with backing files Kenneth Graunke <kenneth(a)whitecape.org> drm/xe: Increase global invalidation timeout to 1000us Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gfx12 mes packet status return check Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Denis Arefev <arefev(a)swemel.ru> ALSA: hda: Fix missing pointer check in hda_component_manager_init function Denis Arefev <arefev(a)swemel.ru> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk entry for HP ZBook 17 G6 Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> ALSA: hda/intel: Add MSI X870E Tomahawk to denylist Dave Jiang <dave.jiang(a)intel.com> cxl/acpi: Fix setup of memory resource in cxl_acpi_set_cache_size() Eugene Korenevsky <ekorenevsky(a)aliyun.com> cifs: parse_dfs_referrals: prevent oob on malformed input Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: gs_make_candev(): populate net_device->dev_port Filipe Manana <fdmanana(a)suse.com> btrfs: do not assert we found block group item when creating free space tree Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Boris Burkov <boris(a)bur.io> btrfs: fix incorrect readahead expansion length Qu Wenruo <wqu(a)suse.com> btrfs: only set the device specific options after devices are opened Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> ext4: wait for ongoing I/O to complete before freeing blocks Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Tim Hostetler <thostet(a)google.com> gve: Check valid ts bit on RX descriptor before hw timestamping Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Prevent access to vCPU events before init Bhanu Seshu Kumar Valluri <bhanuseshukumar(a)gmail.com> net: usb: lan78xx: Fix lost EEPROM write timeout error(-ETIMEDOUT) in lan78xx_write_raw_eeprom Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init Matthew Schwartz <matthew.schwartz(a)linux.dev> Revert "drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume" Pavel Begunkov <asml.silence(a)gmail.com> io_uring: protect mem region deregistration Jens Axboe <axboe(a)kernel.dk> Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Hao Ge <gehao(a)kylinos.cn> slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Rong Zhang <i(a)rong.moe> x86/CPU/AMD: Prevent reset reasons from being retained across reboot Shuhao Fu <sfual(a)cse.ust.hk> smb: client: Fix refcount leak for cifs_sb_tlink Conor Dooley <conor.dooley(a)microchip.com> rust: cfi: only 64-bit arm and x86 support CFI_CLANG Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix mailbox API compatibility by negotiating supported features Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix getting link speed data for E610 devices Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/guc: Check GuC running state before deregistering exec queue Lorenzo Pieralisi <lpieralisi(a)kernel.org> arm64/sysreg: Fix GIC CDEOI instruction encoding Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: relax checks in ata_read_log_directory() Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Inochi Amaoto <inochiama(a)gmail.com> PCI: vmd: Override irq_startup()/irq_shutdown() in vmd_init_dev_msi_info() Andrey Albershteyn <aalbersh(a)redhat.com> Revert "fs: make vfs_fileattr_[get|set] return -EOPNOTSUPP" Jonathan Corbet <corbet(a)lwn.net> docs: kdoc: handle the obsolescensce of docutils.ErrorString() ------------- Diffstat: Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Documentation/sphinx/kernel_feat.py | 4 +- Documentation/sphinx/kernel_include.py | 6 +- Documentation/sphinx/maintainers_include.py | 4 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/sysreg.h | 11 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kernel/entry-common.c | 8 +- arch/arm64/kvm/arm.c | 6 + arch/powerpc/kernel/fadump.c | 3 + arch/riscv/kernel/probes/kprobes.c | 13 +- arch/x86/kernel/cpu/amd.c | 16 +- arch/x86/kernel/cpu/resctrl/monitor.c | 46 ++-- arch/x86/mm/tlb.c | 24 +- block/blk-cgroup.c | 13 +- block/blk-mq-sched.c | 2 +- block/blk-mq-tag.c | 5 +- block/blk-mq.c | 2 +- block/blk-mq.h | 3 +- drivers/accel/qaic/qaic.h | 2 + drivers/accel/qaic/qaic_control.c | 2 +- drivers/accel/qaic/qaic_data.c | 12 +- drivers/accel/qaic/qaic_debugfs.c | 5 +- drivers/accel/qaic/qaic_drv.c | 3 + drivers/ata/libata-core.c | 11 +- drivers/cxl/acpi.c | 2 +- drivers/cxl/core/features.c | 3 + drivers/cxl/core/region.c | 7 +- drivers/cxl/core/trace.h | 2 +- drivers/dpll/zl3073x/core.c | 280 +++++++++++++-------- drivers/dpll/zl3073x/core.h | 3 + drivers/dpll/zl3073x/devlink.c | 18 +- drivers/dpll/zl3073x/regs.h | 3 + drivers/gpu/drm/amd/amdgpu/Makefile | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 54 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 2 +- .../gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 +++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/nv.h | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 7 - .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/ast/ast_mode.c | 18 +- drivers/gpu/drm/ast/ast_reg.h | 1 + drivers/gpu/drm/bridge/lontium-lt9211.c | 3 +- drivers/gpu/drm/drm_draw.c | 2 +- drivers/gpu/drm/drm_draw_internal.h | 2 +- drivers/gpu/drm/i915/display/intel_fb.c | 38 +-- drivers/gpu/drm/i915/display/intel_frontbuffer.c | 10 +- .../gpu/drm/i915/gem/i915_gem_object_frontbuffer.h | 2 - drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 +- drivers/gpu/drm/panthor/panthor_fw.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 13 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 +- drivers/gpu/drm/xe/display/xe_plane_initial.c | 3 +- drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 + drivers/gpu/drm/xe/xe_assert.h | 4 +- drivers/gpu/drm/xe/xe_bo.c | 1 + drivers/gpu/drm/xe/xe_bo.h | 4 +- drivers/gpu/drm/xe/xe_bo_evict.c | 8 - drivers/gpu/drm/xe/xe_bo_types.h | 1 + drivers/gpu/drm/xe/xe_device.c | 22 +- drivers/gpu/drm/xe/xe_device_types.h | 62 +---- drivers/gpu/drm/xe/xe_gt_idle.c | 8 + drivers/gpu/drm/xe/xe_gt_pagefault.c | 13 +- drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 3 +- drivers/gpu/drm/xe/xe_guc_submit.c | 13 +- drivers/gpu/drm/xe/xe_migrate.c | 25 +- drivers/gpu/drm/xe/xe_pci.c | 8 + drivers/gpu/drm/xe/xe_query.c | 5 +- drivers/gpu/drm/xe/xe_svm.c | 63 ++--- drivers/gpu/drm/xe/xe_tile.c | 58 +++-- drivers/gpu/drm/xe/xe_tile.h | 14 +- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 10 +- drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 22 +- drivers/gpu/drm/xe/xe_ttm_vram_mgr.h | 3 +- drivers/gpu/drm/xe/xe_vm.c | 32 ++- drivers/gpu/drm/xe/xe_vm_types.h | 2 + drivers/gpu/drm/xe/xe_vram.c | 245 +++++++++++++----- drivers/gpu/drm/xe/xe_vram.h | 14 +- drivers/gpu/drm/xe/xe_vram_types.h | 85 +++++++ drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 28 ++- .../intel-quickspi/quickspi-protocol.c | 3 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 226 +++++++---------- drivers/net/can/m_can/m_can.c | 64 +++-- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/can/usb/gs_usb.c | 23 +- drivers/net/ethernet/airoha/airoha_eth.c | 16 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 +- drivers/net/ethernet/google/gve/gve.h | 2 + drivers/net/ethernet/google/gve/gve_desc_dqo.h | 3 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 16 +- drivers/net/ethernet/intel/idpf/idpf_ptp.c | 3 + .../net/ethernet/intel/idpf/idpf_virtchnl_ptp.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +- drivers/net/ethernet/intel/ixgbevf/defines.h | 1 + drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 ++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 182 +++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 1 + drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 1 + drivers/net/ethernet/mediatek/mtk_wed.c | 8 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/netdevsim/netdev.c | 7 + drivers/net/phy/broadcom.c | 20 +- drivers/net/phy/realtek/realtek_main.c | 23 +- drivers/net/usb/lan78xx.c | 19 +- drivers/net/usb/r8152.c | 7 +- drivers/net/usb/usbnet.c | 2 + drivers/nvme/host/auth.c | 6 +- drivers/nvme/host/multipath.c | 6 +- drivers/nvme/host/tcp.c | 3 + drivers/pci/controller/vmd.c | 13 + drivers/phy/cadence/cdns-dphy.c | 133 +++++++--- drivers/usb/gadget/function/f_acm.c | 42 ++-- drivers/usb/gadget/function/f_ecm.c | 48 ++-- drivers/usb/gadget/function/f_ncm.c | 78 +++--- drivers/usb/gadget/function/f_rndis.c | 85 +++---- drivers/usb/gadget/udc/core.c | 3 + fs/btrfs/extent_io.c | 2 +- fs/btrfs/free-space-tree.c | 15 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/relocation.c | 13 +- fs/btrfs/super.c | 3 +- fs/btrfs/zoned.c | 2 +- fs/coredump.c | 2 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/exec.c | 2 +- fs/ext4/ext4_jbd2.c | 11 +- fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 +- fs/file_attr.c | 12 +- fs/fuse/ioctl.c | 4 - fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 25 +- fs/nfsd/blocklayoutxdr.c | 86 ++++--- fs/nfsd/blocklayoutxdr.h | 4 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++- fs/nfsd/nfs4xdr.c | 25 +- fs/nfsd/pnfs.h | 1 + fs/nfsd/xdr4.h | 39 ++- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/inode.c | 5 +- fs/smb/client/inode.c | 6 +- fs/smb/client/misc.c | 17 ++ fs/smb/client/smb2ops.c | 8 +- fs/smb/server/mgmt/user_session.c | 7 +- fs/smb/server/smb2pdu.c | 9 +- fs/smb/server/transport_ipc.c | 12 + fs/xfs/libxfs/xfs_log_format.h | 30 ++- fs/xfs/libxfs/xfs_ondisk.h | 2 + fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 ++- include/linux/brcmphy.h | 1 + include/linux/libata.h | 6 + include/linux/suspend.h | 2 + include/linux/usb/gadget.h | 25 ++ include/net/ip_tunnels.h | 15 ++ include/uapi/drm/amdgpu_drm.h | 21 -- io_uring/register.c | 1 + io_uring/rw.c | 2 +- kernel/events/core.c | 8 +- kernel/power/hibernate.c | 11 + kernel/sched/core.c | 2 + kernel/sched/deadline.c | 3 + kernel/sched/fair.c | 26 +- mm/slub.c | 9 +- net/can/j1939/main.c | 2 + net/core/dev.c | 40 ++- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp_output.c | 19 +- net/ipv6/ip6_tunnel.c | 3 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 31 ++- rust/kernel/cpufreq.rs | 3 +- sound/firewire/amdtp-stream.h | 2 +- sound/hda/codecs/realtek/alc269.c | 1 + sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 + sound/hda/codecs/side-codecs/hda_component.c | 4 + sound/hda/controllers/intel.c | 1 + sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 +- sound/soc/codecs/idt821034.c | 12 +- sound/soc/codecs/nau8821.c | 115 +++++---- sound/usb/card.c | 10 +- .../testing/selftests/bpf/prog_tests/arg_parsing.c | 12 +- tools/testing/selftests/net/rtnetlink.sh | 2 + tools/testing/selftests/net/vlan_bridge_binding.sh | 2 + 211 files changed, 2408 insertions(+), 1262 deletions(-)

3 weeks

9
172
0 0

[PATCH 6.4 000/797] 6.4.4-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.4.4 release. There are 797 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 19 Jul 2023 18:55:19 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.4.4-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.4.4-rc2 Andres Freund <andres(a)anarazel.de> io_uring: Use io_schedule* in cqring wait Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: add earlycon for imx8ulp platform Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: send staged packets when setting initial private key Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: use saner cpu selection wrapping Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> netfilter: nf_tables: prevent OOB access in nft_byteorder_eval Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> netfilter: nf_tables: do not ignore genmask when looking up chain by id Florent Revest <revest(a)chromium.org> netfilter: conntrack: Avoid nf_ct_helper_hash uses after free Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: check RAS irq existence for VCN/JPEG Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: add abnormal fan detection for smu 13.0.0 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma4: set align mask to 255 Evan Quan <evan.quan(a)amd.com> drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario Jiadong Zhu <Jiadong.Zhu(a)amd.com> drm/amdgpu: Skip mark offset for high priority rings Christian König <christian.koenig(a)amd.com> drm/amdgpu: make sure that BOs have a backing store Christian König <christian.koenig(a)amd.com> drm/amdgpu: make sure BOs are locked in amdgpu_vm_get_memory WANG Xuerui <git(a)xen0n.name> LoongArch: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation Zhihao Cheng <chengzhihao1(a)huawei.com> ovl: fix null pointer dereference in ovl_get_acl_rcu() Zhihao Cheng <chengzhihao1(a)huawei.com> ovl: let helper ovl_i_path_real() return the realinode Zhihao Cheng <chengzhihao1(a)huawei.com> ovl: fix null pointer dereference in ovl_permission() Masahiro Yamada <masahiroy(a)kernel.org> kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS Nathan Chancellor <nathan(a)kernel.org> kbuild: Add KBUILD_CPPFLAGS to as-option invocation Nathan Chancellor <nathan(a)kernel.org> kbuild: Add CLANG_FLAGS to as-instr Nathan Chancellor <nathan(a)kernel.org> powerpc/vdso: Include CLANG_FLAGS explicitly in ldflags-y Nathan Chancellor <nathan(a)kernel.org> mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation Arnd Bergmann <arnd(a)arndb.de> Input: ads7846 - fix pointer cast warning Jan Kara <jack(a)suse.cz> fs: no need to check source Yu Kuai <yukuai3(a)huawei.com> md/raid1-10: fix casting from randomized structure in raid1_submit_write() Linus Walleij <linus.walleij(a)linaro.org> Input: ads7846 - Fix usage of match data Yu Kuai <yukuai3(a)huawei.com> blktrace: use inline function for blk_trace_remove() while blktrace is disabled Christian Marangi <ansuelsmth(a)gmail.com> leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename Arnd Bergmann <arnd(a)arndb.de> ARM: orion5x: fix d2net gpio initialization Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: qcom: ipq4019: fix broken NAND controller properties override Linus Walleij <linus.walleij(a)linaro.org> ARM: dts: qcom: msm8660: Fix regulator node names Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> regulator: tps65219: Fix matching interrupts for their regulators Ricardo Ribalda Delgado <ribalda(a)chromium.org> ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path Ricardo Ribalda Delgado <ribalda(a)chromium.org> ASoC: mediatek: mt8173: Fix irq error path Filipe Manana <fdmanana(a)suse.com> btrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block() Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent buffer leak after tree mod log failure at split_node() Filipe Manana <fdmanana(a)suse.com> btrfs: add missing error handling when logging operation while COWing extent buffer Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when deleting quota root from the dirty cow roots list Naohiro Aota <naota(a)elisp.net> btrfs: move out now unused BG from the reclaim list Naohiro Aota <naota(a)elisp.net> btrfs: reinsert BGs failed to reclaim David Sterba <dsterba(a)suse.com> btrfs: add block-group tree to lockdep classes Naohiro Aota <naota(a)elisp.net> btrfs: bail out reclaim process if filesystem is read-only Naohiro Aota <naota(a)elisp.net> btrfs: delete unused BGs while reclaiming BGs Boris Burkov <boris(a)bur.io> btrfs: warn on invalid slot in tree mod log rewind Boris Burkov <boris(a)bur.io> btrfs: insert tree mod log move in push_node_left Christoph Hellwig <hch(a)lst.de> btrfs: fix dirty_metadata_bytes for redirtied buffers Matt Corallo <blnxfsl(a)bluematt.me> btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile Abhijeet Rastogi <abhijeet.1989(a)gmail.com> ipvs: increase ip_vs_conn_tab_bits range for 64BIT Mario Limonciello <mario.limonciello(a)amd.com> usb: typec: ucsi: Mark dGPUs as DEVICE scope Jan Kara <jack(a)suse.cz> fs: Lock moved directories Jan Kara <jack(a)suse.cz> fs: Establish locking order for unrelated directories Jan Kara <jack(a)suse.cz> Revert "udf: Protect rename against modification of moved directory" Jan Kara <jack(a)suse.cz> Revert "f2fs: fix potential corruption when moving a directory" Jan Kara <jack(a)suse.cz> ext4: Remove ext4 locking of moved directory Thomas Weißschuh <linux(a)weissschuh.net> fs: avoid empty option when generating legacy mount string Fabian Frederick <fabf(a)skynet.be> jffs2: reduce stack usage in jffs2_build_xattr_subsystem() Christian Brauner <brauner(a)kernel.org> nfsd: use vfs setgid helper Roberto Sassu <roberto.sassu(a)huawei.com> shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs Ryan Roberts <ryan.roberts(a)arm.com> mm/damon/ops-common: atomically test and clear young on ptes and pmds Arnd Bergmann <arnd(a)arndb.de> autofs: use flexible array in ioctl structure Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> integrity: Fix possible multiple allocation in integrity_inode_get() Kees Cook <keescook(a)chromium.org> um: Use HOST_DIR for mrproper Siddh Raman Pant <code(a)siddh.me> watch_queue: prevent dangling pipe pointer Zheng Wang <zyytlz.wz(a)163.com> bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent Zheng Wang <zyytlz.wz(a)163.com> bcache: Remove unnecessary NULL point check in node allocations Mingzhe Zou <mingzhe.zou(a)easystack.cn> bcache: fixup btree_cache_wait list damage Quan Zhou <quan.zhou(a)mediatek.com> wifi: mt76: mt7921e: fix init command fail with enabled device Felix Fietkau <nbd(a)nbd.name> wifi: cfg80211: fix receiving mesh packets without RFC1042 header Alexander Wetzel <alexander(a)wetzel-home.de> wifi: ath10k: Serialize wake_tx_queue ops Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix regulatory disconnect for non-MLO Chevron Li <chevron.li(a)bayhubtech.com> mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used. Ulf Hansson <ulf.hansson(a)linaro.org> mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS Robert Marko <robimarko(a)gmail.com> mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M Robert Marko <robimarko(a)gmail.com> mmc: core: disable TRIM on Kingston EMMC04G-M627 Yu Zhao <yuzhao(a)google.com> mm/mglru: make memcg_lru->lock irq safe Jens Axboe <axboe(a)kernel.dk> io_uring: wait interruptibly for request completions on exit Jianmin Lv <lvjianmin(a)loongson.cn> irqchip/loongson-pch-pic: Fix initialization of HT vector register Dai Ngo <dai.ngo(a)oracle.com> NFSD: add encoding of op_recall flag for write delegation Liu Peibao <liupeibao(a)loongson.cn> irqchip/loongson-pch-pic: Fix potential incorrect hwirq assignment Jeff Layton <jlayton(a)kernel.org> nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Jianmin Lv <lvjianmin(a)loongson.cn> irqchip/loongson-liointc: Fix IRQ trigger polarity Mark Brown <broonie(a)kernel.org> arm64/signal: Restore TPIDR2 register rather than memory state Daniel Miess <daniel.miess(a)amd.com> Revert "drm/amd/display: Move DCN314 DOMAIN power control to DMCUB" Geert Uytterhoeven <geert+renesas(a)glider.be> lib: dhry: fix sleeping allocations inside non-preemptable section Matthew Wilcox (Oracle) <willy(a)infradead.org> writeback: account the number of pages written back Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Don't try to handle more interrupt events after error John Johansen <john.johansen(a)canonical.com> apparmor: fix profile verification and enable it John Johansen <john.johansen(a)canonical.com> apparmor: fix policy_compat permission remap with extended permissions John Johansen <john.johansen(a)canonical.com> apparmor: add missing failure check in compute_xmatch_perms Danila Chernetsov <listdansp(a)mail.ru> apparmor: fix missing error check for rhashtable_insert_fast Artur Rojek <contact(a)artur-rojek.eu> sh: dma: Fix DMA channel offset calculation Marc Zyngier <maz(a)kernel.org> risc-v: Fix order of IPI enablement vs RCU startup Thorsten Winkler <twinkler(a)linux.ibm.com> s390/qeth: Fix vipa deletion David Howells <dhowells(a)redhat.com> afs: Fix accidental truncation when storing data Hariprasad Kelam <hkelam(a)marvell.com> octeontx-af: fix hardware timestamp configuration Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: always enable the send_meta options Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_sja1105: fix MAC DA patching from meta frames Guillaume Nault <gnault(a)redhat.com> pptp: Fix fib lookup calls. Woody Zhang <woodylab(a)foxmail.com> riscv: move memblock_allow_resize() after linear mapping is ready Amir Goldstein <amir73il(a)gmail.com> fanotify: disallow mount/sb marks on kernel internal pseudo fs Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/psr: Fix BDW PSR AUX CH data register offsets Lin Ma <linma(a)zju.edu.cn> net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX Ilya Maximets <i.maximets(a)ovn.org> xsk: Honor SO_BINDTODEVICE on bind SeongJae Park <sj(a)kernel.org> bpf, btf: Warn but return no error for NULL btf from __register_btf_kfunc_id_set() Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: fix NULL pointer dereference Eric Dumazet <edumazet(a)google.com> tcp: annotate data races in __tcp_oow_rate_limited() Eric Dumazet <edumazet(a)google.com> net: fix net_dev_start_xmit trace event vs skb_transport_offset() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_sja1105: fix source port decoding in vlan_filtering=0 bridge mode Vladimir Oltean <vladimir.oltean(a)nxp.com> net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode Pali Rohár <pali(a)kernel.org> powerpc: dts: turris1x.dts: Fix PCIe MEM size for pci2 node Randy Dunlap <rdunlap(a)infradead.org> powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y Zeng Heng <zengheng4(a)huawei.com> ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Reset MAC features in FLR Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Add validation before accessing cgx and lmac Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix mapping for NIX block from CGX connection Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: cn10kb: fix interrupt csr addresses Chao Yu <chao(a)kernel.org> f2fs: fix error path handling in truncate_dnode() Nishanth Menon <nm(a)ti.com> mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Don't try to enable secure display TA multiple times Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix number of fence calculations Jonas Gorski <jonas.gorski(a)gmail.com> spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Zhengchao Shao <shaozhengchao(a)huawei.com> mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix MTU configuration Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Do not reset dql stats on NON_FATAL err Martin Habets <habetsm.xilinx(a)gmail.com> sfc: support for devlink port requires MAE access Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix marking SCAN_RSP as not connectable Pauli Virtanen <pav(a)iki.fi> Bluetooth: ISO: use hci_sync for setting CIG parameters Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: fix invalid-bdaddr quirk for non-persistent setup Tobias Heider <me(a)tobhe.de> Add MODULE_FIRMWARE() for FIRMWARE_TG357766. Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: always enable the INCL_SRCPT option Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: don't drop PTP frames with tag_8021q when RX timestamping is disabled Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: don't keep PTP configuration of all ports in single structure Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: don't report that RX timestamping is enabled by default Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> spi: spi-geni-qcom: enable SPI_CONTROLLER_MUST_TX for GPI DMA mode Florian Westphal <fw(a)strlen.de> net/sched: act_ipt: zero skb->cb before calling target Florian Westphal <fw(a)strlen.de> net/sched: act_ipt: add sanity checks on skb before calling target Florian Westphal <fw(a)strlen.de> net/sched: act_ipt: add sanity checks on table name and hook locations Chengfeng Ye <dg573847474(a)gmail.com> sctp: fix potential deadlock on &net->sctp.addr_wq_lock Randy Dunlap <rdunlap(a)infradead.org> media: cec: i2c: ch7322: also select REGMAP Arnd Bergmann <arnd(a)arndb.de> media: tc358746: select CONFIG_GENERIC_PHY Peng Fan <peng.fan(a)nxp.com> tools/virtio: fix build break for aarch64 Dragos Tatulea <dtatulea(a)nvidia.com> virtio-vdpa: Fix unchecked call to NULL set_vq_affinity Chao Yu <chao(a)kernel.org> f2fs: check return value of freeze_super() Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/i915/guc/slpc: Apply min softlimit correctly Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> rtc: st-lpc: Release some resources in st_rtc_probe() in case of error Jinke Han <hanjinke.666(a)bytedance.com> blk-throttle: Fix io statistics for cgroup v1 Ian Rogers <irogers(a)google.com> perf bpf: Move the declaration of struct rq Li Nan <linan122(a)huawei.com> md/raid10: fix the condition to call bio_end_io_acct() Shuijing Li <shuijing.li(a)mediatek.com> pwm: mtk_disp: Fix the disable flow of disp_pwm Dan Carpenter <dan.carpenter(a)linaro.org> pwm: ab8500: Fix error code in probe() Marek Vasut <marex(a)denx.de> pwm: sysfs: Do not apply state to already disabled PWMs Fancy Fang <chen.fang(a)nxp.com> pwm: imx-tpm: force 'real_period' to be zero in suspend Yury Norov <yury.norov(a)gmail.com> lib/bitmap: drop optimization of bitmap_{from,to}_arr64 Claudiu Beznea <claudiu.beznea(a)microchip.com> phy: tegra: xusb: check return value of devm_kzalloc() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: stmpe: Only disable the regulators if they are enabled Neil Armstrong <neil.armstrong(a)linaro.org> phy: qcom: qmp-combo: fix Display Port PHY configuration for SM8550 Yicong Yang <yangyicong(a)hisilicon.com> hwtracing: hisi_ptt: Fix potential sleep in atomic context Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: mmcc-msm8974: fix MDSS_GDSC power flags Claudiu Beznea <claudiu.beznea(a)microchip.com> misc: fastrpc: check return value of devm_kasprintf() Daniel Golle <daniel(a)makrotopia.org> cpufreq: mediatek: correct voltages for MT7622 and MT7623 Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler Pierre Morel <pmorel(a)linux.ibm.com> KVM: s390: vsie: fix the length of APCB bitmap Amelie Delaunay <amelie.delaunay(a)foss.st.com> mfd: stmfx: Nullify stmfx->vdd in case of error Amelie Delaunay <amelie.delaunay(a)foss.st.com> mfd: stmfx: Fix error path in stmfx_chip_init Laurentiu Tudor <laurentiu.tudor(a)nxp.com> bus: fsl-mc: don't assume child devices are all fsl-mc devices Phil Elwell <phil(a)raspberrypi.com> nvmem: rmem: Use NVMEM_DEVID_AUTO Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation Alexander Stein <alexander.stein(a)ew.tq-group.com> nvmem: imx-ocotp: Reverse MAC addresses on all i.MX derivates Yi Yingao <m202271736(a)hust.edu.cn> nvmem: sunplus-ocotp: release otp->clk before return Nipun Gupta <nipun.gupta(a)amd.com> cdx: fix driver managed dma support Matti Vaittinen <mazziesaccount(a)gmail.com> drivers: fwnode: fix fwnode_irq_get[_byname]() Tony Lindgren <tony(a)atomide.com> serial: 8250_omap: Use force_suspend and resume for system suspend Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial detection" Jiasheng Jiang <jiasheng(a)iscas.ac.cn> mfd: intel-lpss: Add missing check for platform_get_resource Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: wcd934x: Fix an error handling path in wcd934x_slim_probe() Daniel Bristot de Oliveira <bristot(a)kernel.org> rtla/hwnoise: Reduce runtime to 75% Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() Prashanth K <quic_prashk(a)quicinc.com> usb: common: usb-conn-gpio: Set last role to unknown before initial detection Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() Nico Boehr <nrb(a)linux.ibm.com> KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes Chao Yu <chao(a)kernel.org> f2fs: flush error flags in workqueue Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix the wrong condition to determine atomic context Chao Yu <chao(a)kernel.org> f2fs: support errors=remount-ro|continue|panic mountoption Chao Yu <chao(a)kernel.org> f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() Chao Yu <chao(a)kernel.org> f2fs: fix potential deadlock due to unpaired node_write lock use Bob Peterson <rpeterso(a)redhat.com> gfs2: Fix duplicate should_fault_in_pages() call Sergey Shtylyov <s.shtylyov(a)omp.ru> sh: Avoid using IRQ0 on SH3 and SH4 Hans de Goede <hdegoede(a)redhat.com> media: atomisp: ov2680: Stop using half pixelclock for binned modes Dan Carpenter <dan.carpenter(a)linaro.org> media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() Hans de Goede <hdegoede(a)redhat.com> media: atomisp: gc0310: Fix double free in gc0310_remove() Rikard Falkeborn <rikard.falkeborn(a)gmail.com> media: venus: helpers: Fix ALIGN() of non power of two Stephan Gerhold <stephan(a)gerhold.net> mfd: rt5033: Drop rt5033-battery sub-device ChiYuan Huang <cy_huang(a)richtek.com> power: supply: rt9467: Make charger-enable control as logic level Mike Leach <mike.leach(a)linaro.org> coresight: etm4x: Fix missing trctraceidr file in sysfs James Clark <james.clark(a)arm.com> coresight: Fix loss of connection info when a module is unloaded Clark Wang <xiaoning.wang(a)nxp.com> i3c: master: svc: fix cpu schedule in spin lock Yue Zhao <findns94(a)gmail.com> lkdtm: replace ll_rw_block with submit_bh Muchun Song <muchun.song(a)linux.dev> kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR John Ogness <john.ogness(a)linutronix.de> serial: 8250: lock port for UART_IER access in omap8250_irq() John Ogness <john.ogness(a)linutronix.de> serial: core: lock port for start_rx() in uart_resume_port() John Ogness <john.ogness(a)linutronix.de> serial: 8250: lock port for stop_rx() in omap8250_irq() John Ogness <john.ogness(a)linutronix.de> serial: core: lock port for stop_rx() in uart_suspend_port() Bhupesh Sharma <bhupesh.sharma(a)linaro.org> usb: misc: eud: Fix eud sysfs path (use 'qcom_eud') Arnd Bergmann <arnd(a)arndb.de> usb: hide unused usbfs_notify_suspend/resume functions Li Yang <lidaxian(a)hust.edu.cn> usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> extcon: Fix kernel doc of property capability fields to avoid warnings Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> extcon: Fix kernel doc of property fields to avoid warnings Prashanth K <quic_prashk(a)quicinc.com> usb: gadget: u_serial: Add null pointer check in gserial_suspend Vladislav Efanov <VEfanov(a)ispras.ru> usb: dwc3: qcom: Fix potential memory leak Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: debugfs: fix unbalanced pm_runtime_put() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: qcom: fix unbalanced pm_runtime_put() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: qcom: use consistently 'ctrl' as state variable name Arnd Bergmann <arnd(a)arndb.de> staging: vchiq_arm: mark vchiq_platform_init() static Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: mmcc-msm8974: use clk_rcg2_shared_ops for mdp_clk_src clock Kathiravan T <quic_kathirav(a)quicinc.com> clk: qcom: ipq5332: fix the order of SLEEP_CLK and XO clock Kathiravan T <quic_kathirav(a)quicinc.com> clk: qcom: ipq5332: fix the src parameter in ftbl_gcc_apss_axi_clk_src Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: dispcc-qcm2290: Fix GPLL0_OUT_DIV handling Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: dispcc-qcm2290: Fix BI_TCXO_AO handling Robert Marko <robimarko(a)gmail.com> clk: qcom: ipq6018: fix networking resets Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: using decoder status instead of core work count Martin Kepplinger <martink(a)posteo.de> media: hi846: fix usage of pm_runtime_get_if_in_use() Geert Uytterhoeven <geert+renesas(a)glider.be> media: renesas: fdp1: Identify R-Car Gen2 versions Daniel Scally <dan.scally(a)ideasonboard.com> media: i2c: Correct format propagation for st-mipid02 Dan Carpenter <error27(a)gmail.com> media: i2c: imx296: fix error checking in imx296_read_temperature() Duoming Zhou <duoming(a)zju.edu.cn> media: usb: siano: Fix warning due to null work_func_t function pointer Marek Vasut <marex(a)denx.de> media: videodev2.h: Fix struct v4l2_input tuner index comment Ming Qian <ming.qian(a)nxp.com> media: amphion: initiate a drain of the capture queue in dynamic resolution change Daniel Lundberg Pedersen <dlp(a)qtec.com> media: videodev2.h: Fix p_s32 and p_s64 pointer types Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: common: saa7146: Avoid a leak in vmalloc_to_sg() Ming Qian <ming.qian(a)nxp.com> media: amphion: drop repeated codec data for vc1g format Ming Qian <ming.qian(a)nxp.com> media: amphion: drop repeated codec data for vc1l format Daniil Dulov <d.dulov(a)aladdin.ru> media: usb: Check az6007_read() return value Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: gcc-qcm2290: Mark RCGs shared where applicable Mantas Pucka <mantas(a)8devices.com> clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: mmcc-msm8974: remove oxili_ocmemgx_clk Kathiravan T <quic_kathirav(a)quicinc.com> clk: qcom: gcc: ipq5332: Use floor ops for SDCC clocks Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: rpm: Don't use clk_get_optional for bus clocks anymore Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: rpm: Rename icc provider num_clocks to num_bus_clocks Tony Lindgren <tony(a)atomide.com> serial: 8250: omap: Fix freeing of resources on failed register Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: dwc2: Fix some error handling paths Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Improve the XHCI system resume time Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> USB: Extend pci resume function to handle PM events Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> cpufreq: tegra194: Fix an error handling path in tegra194_cpufreq_probe() John Paul Adrian Glaubitz <glaubitz(a)physik.fu-berlin.de> sh: j2: Use ioremap() to translate device tree address into kernel memory Yangtao Li <frank.li(a)vivo.com> f2fs: do not allow to defragment files have FI_COMPRESS_RELEASED Konrad Dybcio <konrad.dybcio(a)linaro.org> dt-bindings: power: reset: qcom-pon: Only allow reboot-mode pre-pmk8350 Dan Carpenter <error27(a)gmail.com> w1: fix loop in w1_fini() Stefan Wahren <stefan.wahren(a)i2se.com> w1: w1_therm: fix locking behavior in convert_t Thomas Gleixner <tglx(a)linutronix.de> x86/efi: Make efi_set_virtual_address_map IBT safe Will Deacon <will(a)kernel.org> arm64: sme: Use STR P to clear FFR context field in streaming SVE mode Arnd Bergmann <arnd(a)arndb.de> ksmbd: avoid field overflow warning Paulo Alcantara <pc(a)manguebit.com> smb: client: fix shared DFS root mounts with different prefixes Paulo Alcantara <pc(a)manguebit.com> smb: client: fix broken file attrs with nodfs mounts Shyam Prasad N <sprasad(a)microsoft.com> cifs: do all necessary checks for credits within or before locking Shyam Prasad N <sprasad(a)microsoft.com> cifs: prevent use-after-free by freeing the cfile later Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Disable PCI DMA before grabbing the EFI memory map Masahiro Yamada <masahiroy(a)kernel.org> kbuild: deb-pkg: remove the CONFIG_MODULES check in buildeb Josh Triplett <josh(a)joshtriplett.org> kbuild: builddeb: always make modules_install, to install modules.builtin* Vishal Verma <vishal.l.verma(a)intel.com> tools/testing/cxl: Fix command effects for inject/clear poison Dan Williams <dan.j.williams(a)intel.com> cxl/region: Fix state transitions after reset failure Dan Williams <dan.j.williams(a)intel.com> cxl/region: Flag partially torn down regions as unusable Dan Williams <dan.j.williams(a)intel.com> cxl/region: Move cache invalidation before region teardown, and before setup Sami Tolvanen <samitolvanen(a)google.com> kbuild: Disable GCOV for *.mod.o Sami Tolvanen <samitolvanen(a)google.com> kbuild: Fix CFI failures with GCOV Ding Hui <dinghui(a)sangfor.com.cn> SUNRPC: Fix UAF in svc_tcp_listen_data_ready() Filipe Manana <fdmanana(a)suse.com> btrfs: do not BUG_ON() on tree mod log failure at balance_level() Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when deleting free space root from the dirty cow roots list Christian Loehle <CLoehle(a)hyperstone.com> mmc: block: ioctl: do write error check for spi Demi Marie Obenour <demi(a)invisiblethingslab.com> block: increment diskseq on all media change events Michael Schmitz <schmitzmic(a)gmail.com> block: change all __u32 annotations to __be32 in affs_hardblocks.h Michael Schmitz <schmitzmic(a)gmail.com> block: add overflow checks for Amiga partition support Michael Schmitz <schmitzmic(a)gmail.com> block: fix signed int overflow in Amiga partition support John Johansen <john.johansen(a)canonical.com> apparmor: fix: kzalloc perms tables for shared dfas Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix potential data race at PCM memory allocation helpers Takashi Iwai <tiwai(a)suse.de> ALSA: jack: Fix mutex call in snd_jack_report() Werner Sembach <wse(a)tuxedocomputers.com> ALSA: hda/realtek: Add quirk for Clevo NPx0SNx Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook Martin Kaiser <martin(a)kaiser.cx> hwrng: st - keep clock enabled while hwrng is registered Tarun Sahu <tsahu(a)linux.ibm.com> dax/kmem: Pass valid argument to memory_group_register_static Dan Williams <dan.j.williams(a)intel.com> dax: Introduce alloc_dev_dax_id() Dan Williams <dan.j.williams(a)intel.com> dax: Fix dax_mapping_release() use after free Bharath SM <bharathsm(a)microsoft.com> SMB3: Do not send lease break acknowledgment if all file handles have been closed Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION Qi Zheng <zhengqi.arch(a)bytedance.com> NFSv4.2: fix wrong shrinker_id Hareshx Sankar Raj <hareshx.sankar.raj(a)intel.com> crypto: qat - unmap buffers before free for RSA Hareshx Sankar Raj <hareshx.sankar.raj(a)intel.com> crypto: qat - unmap buffer before free for DH Masahiro Yamada <masahiroy(a)kernel.org> ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard Dan Carpenter <dan.carpenter(a)linaro.org> modpost: fix off by one in is_executable_section() Pierre-Clément Tosi <ptosi(a)google.com> scripts/mksysmap: Fix badly escaped '$' Bhupesh Sharma <bhupesh.sharma(a)linaro.org> dt-bindings: qcom-qce: Fix compatible combinations for SM8150 and IPQ4019 SoCs Stephan Müller <smueller(a)chronox.de> crypto: jitter - correct health test during initialization Arnd Bergmann <arnd(a)arndb.de> crypto: marvell/cesa - Fix type mismatch warning Masahiro Yamada <masahiroy(a)kernel.org> modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} Masahiro Yamada <masahiroy(a)kernel.org> modpost: fix section mismatch message for R_ARM_ABS32 Randy Dunlap <rdunlap(a)infradead.org> crypto: nx - fix build warnings when DEBUG_FS is not enabled Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove broken calculation of exception_table_entry size Herbert Xu <herbert(a)gondor.apana.org.au> hwrng: virtio - Fix race on data_avail and actual data Eric Farman <farman(a)linux.ibm.com> vfio/mdev: Move the compat_class initialization to module init Xinghui Li <korantli(a)tencent.com> PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> PCI: endpoint: functions/pci-epf-test: Fix dma_chan direction Shunsuke Mie <mie(a)igel.co.jp> PCI: endpoint: Fix a Kconfig prompt of vNTB driver Song Shuai <songshuaishuai(a)tinylab.org> riscv: hibernate: remove WARN_ON in save_processor_state Namhyung Kim <namhyung(a)kernel.org> perf test: Set PERF_EXEC_PATH for script execution Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo Tiezhu Yang <yangtiezhu(a)loongson.cn> riscv: uprobes: Restore thread.bad_cause Xi Pardee <xi.pardee(a)intel.com> platform/x86:intel/pmc: Update maps for Meteor Lake P/M platforms Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Disable write access to read only registers for IP v2.9.0 Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Use DWC helpers for modifying the read-only DBI registers Song Shuai <songshuaishuai(a)tinylab.org> riscv: hibernation: Remove duplicate call of suspend_restore_csrs Aditya Gupta <adityag(a)linux.ibm.com> powerpc: update ppc_save_regs to save current r1 in pt_regs Colin Ian King <colin.i.king(a)gmail.com> powerpc/powernv/sriov: perform null check on iov before dereferencing iov Stanley Chu <stanley.chu(a)mediatek.com> scsi: ufs: core: mcq: Fix the incorrect OCS value for the device command Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Remove a ufshcd_add_command_trace() call Namhyung Kim <namhyung(a)kernel.org> perf stat: Reset aggr stats for each run Claudiu Beznea <claudiu.beznea(a)microchip.com> pinctrl: at91-pio4: check return value of devm_kasprintf() Claudiu Beznea <claudiu.beznea(a)microchip.com> pinctrl: microchip-sgpio: check return value of devm_kasprintf() Xiaolei Wang <xiaolei.wang(a)windriver.com> pinctrl: freescale: Fix a memory out of bounds when num_configs is 1 Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Fix VAS mm use after free Ian Rogers <irogers(a)google.com> perf tool x86: Fix perf_env memory leak Ravi Bangoria <ravi.bangoria(a)amd.com> perf tool x86: Consolidate is_amd check into single function Michal Wilczynski <michal.wilczynski(a)intel.com> platform/x86/dell/dell-rbtn: Fix resources leaking on error path Aditya Gupta <adityag(a)linux.ibm.com> perf tests task_analyzer: Skip tests if no libtraceevent support Aditya Gupta <adityag(a)linux.ibm.com> perf tests task_analyzer: Fix bad substitution ${$1} Kan Liang <kan.liang(a)linux.intel.com> perf metric: Fix no group check Namhyung Kim <namhyung(a)kernel.org> perf dwarf-aux: Fix off-by-one in die_get_varname() David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/pmc/mtl: Put devices in D3 during resume David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/pmc: Add resume callback Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles Arnaldo Carvalho de Melo <acme(a)redhat.com> perf script: Fix allocation of evsel->priv related to per-event dump files Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/signal32: Force inlining of __unsafe_save_user_regs() and save_tm_user_regs_unsafe() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare() Christophe Leroy <christophe.leroy(a)csgroup.eu> kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures Jiasheng Jiang <jiasheng(a)iscas.ac.cn> pinctrl: npcm7xx: Add missing check for ioremap Wells Lu <wellslutw(a)gmail.com> pinctrl:sunplus: Add check for kmalloc Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: think-lmi: Correct NVME password handling Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: think-lmi: Correct System password interface Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: think-lmi: mutex protection around multiple WMI calls Xi Pardee <xi.pardee(a)intel.com> platform/x86:intel/pmc: Remove Meteor Lake S platform support Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cherryview: Return correct value if pin in push-pull mode Arnaldo Carvalho de Melo <acme(a)redhat.com> perf bench: Add missing setlocale() call to allow usage of %'d style formatting Thierry Reding <treding(a)nvidia.com> pinctrl: tegra: Duplicate pinmux functions table Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix handling of lrbp->cmd Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Increase the START STOP UNIT timeout from one to ten seconds Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state Sui Jingfeng <suijingfeng(a)loongson.cn> PCI: Add pci_clear_master() stub for non-CONFIG_PCI Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: Declare ufshcd_{hold,release}() once Wells Lu <wellslutw(a)gmail.com> pinctrl: sunplus: Add check for kmalloc Junyan Ye <yejunyan(a)hust.edu.cn> PCI: ftpci100: Release the clock resources Ian Rogers <irogers(a)google.com> perf evsel: Don't let for_each_group() treat the head of the list as one of its nodes Rongguang Wei <weirongguang(a)kylinos.cn> PCI: pciehp: Cancel bringup sequence if card is not present Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: at91: fix a couple NULL vs IS_ERR() checks Yuchen Yang <u202114568(a)hust.edu.cn> scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() Ding Hui <dinghui(a)sangfor.com.cn> PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Hans de Goede <hdegoede(a)redhat.com> platform/x86: lenovo-yogabook: Set default keyboard backligh brightness on probe() Hans de Goede <hdegoede(a)redhat.com> platform/x86: lenovo-yogabook: Reprobe devices on remove() Hans de Goede <hdegoede(a)redhat.com> platform/x86: lenovo-yogabook: Fix work race on remove() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors Jinhong Zhu <jinhongzhu(a)hust.edu.cn> scsi: qedf: Fix NULL dereference in error handling Nirmal Patel <nirmal.patel(a)linux.intel.com> PCI: vmd: Reset VMD config register between soft reboots Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: cadence: Fix Gen2 Link Retraining process Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Call iopt_area_contig_done() under the lock Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Do not access the area pointer after unlocking Syed Saba Kareem <Syed.SabaKareem(a)amd.com> ASoC: amd: acp: clear pdm dma interrupt mask Michael Walle <mwalle(a)kernel.org> ARM: dts: lan966x: kontron-d10: fix SPI CS Michael Walle <mwalle(a)kernel.org> ARM: dts: lan966x: kontron-d10: fix board reset Fei Shao <fshao(a)chromium.org> clk: Fix memory leak in devm_clk_notifier_register() Claudiu Beznea <claudiu.beznea(a)microchip.com> ASoC: imx-audmix: check return value of devm_kasprintf() Amir Goldstein <amir73il(a)gmail.com> ovl: update of dentry revalidate flags after copy up Alexey Romanov <avromanov(a)sberdevices.ru> drivers: meson: secure-pwrc: always enable DMA domain Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: clocking-wizard: check return value of devm_kasprintf() Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: ti: clkctrl: check return value of kasprintf() Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: keystone: sci-clk: check return value of kasprintf() Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: si5341: free unused memory on probe failure Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: si5341: check return value of {devm_}kasprintf() Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: si5341: return error if one synth clock registration fails Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: cdce925: check return value of kasprintf() Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: vc5: check memory returned by kasprintf() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mt8173-apmixedsys: Fix iomap not released issue AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mt8173-apmixedsys: Fix return value for of_iomap() error AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Grab iomem pointer for divider clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: correct MERGE_3D length Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: fix sc7280 and sc7180 PINGPONG done interrupts Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Disable pingpong TE on DPU 5.0.0 and above Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Move autorefresh disable from CMD encoder to pingpong Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Drop unused poll_timeout_wr_ptr PINGPONG callback Luben Tuikov <luben.tuikov(a)amd.com> drm/amdgpu: Fix usage of UMC fill record in RAS Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function. Daniel Golle <daniel(a)makrotopia.org> arm64: dts: mt7986: increase bl2 partition on NAND of Bananapi R3 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz Allen-KH Cheng <allen-kh.cheng(a)mediatek.com> arm64: dts: mediatek: Add cpufreq nodes for MT8192 Bjorn Andersson <quic_bjorande(a)quicinc.com> drm/msm/dp: Free resources after unregistering them Bjorn Andersson <quic_bjorande(a)quicinc.com> drm/msm/dp: Drop aux devices together with DP controller Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dsi: Remove incorrect references to slice_count Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Fix slice_last_group_size calculation Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: do not enable color-management if DSPPs are not available Su Hui <suhui(a)nfschina.com> ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer Nishanth Menon <nm(a)ti.com> arm64: dts: ti: k3-am69-sk: Fix main_i2c0 alias Thejasvi Konduru <t-konduru(a)ti.com> arm64: dts: ti: k3-j784s4: Fix wakeup pinmux range and pinctrl node offsets Nishanth Menon <nm(a)ti.com> arm64: dts: ti: k3-j784s4-evm: Fix main_i2c0 alias Andrew Davis <afd(a)ti.com> arm64: dts: ti: k3-j721e-beagleboneai64: Fix mailbox node status Yuan Can <yuancan(a)huawei.com> clk: tegra: tegra124-emc: Fix potential memory leak Dan Carpenter <dan.carpenter(a)linaro.org> clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider() Dan Carpenter <dan.carpenter(a)linaro.org> clk: bcm: rpi: Fix off by one in raspberrypi_discover_clocks() Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: sm8550: Add missing interconnect path to USB HC Marijn Suijten <marijn.suijten(a)somainline.org> arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8550: Flush RSC sleep & wake votes Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sdm845: Flush RSC sleep & wake votes Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sdm670: Flush RSC sleep & wake votes Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: qdu1000: Flush RSC sleep & wake votes Bosi Zhang <u201911157(a)hust.edu.cn> clk: mediatek: fix of_iomap memory leak Yuxing Liu <lyx2022(a)hust.edu.cn> clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() Zhanhao Hu <zero12113(a)hust.edu.cn> clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe Hao Luo <m202171776(a)hust.edu.cn> clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe Kai Ma <kaima(a)hust.edu.cn> clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe Adam Ford <aford173(a)gmail.com> clk: imx: composite-8m: Add imx8m_divider_determine_rate Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: wraparound mbox producer index Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/a5xx: really check for A510 in a5xx_gpu_init Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/a6xx: don't set IO_PGTABLE_QUIRK_ARM_OUTER_WBWA with coherent SMMU Chia-I Wu <olvaffe(a)gmail.com> amdgpu: validate offset_in_bo of drm_amdgpu_gem_va Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix access checks in rxe_check_bind_mw Geert Uytterhoeven <geert+renesas(a)glider.be> HID: uclogic: Modular KUnit tests should not depend on KUNIT=y Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: fix possible division-by-zero errors Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode Chen-Yu Tsai <wenst(a)chromium.org> soc: mediatek: SVS: Fix MT8192 GPU node name Daniil Dulov <d.dulov(a)aladdin.ru> drm/amdkfd: Fix potential deallocation of previously deallocated memory. Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/amd/display: Fix a test CalculatePrefetchSchedule() Paul Cercueil <paul(a)crapouillou.net> MIPS: DTS: CI20: Fix ACT8600 regulator node names Maxime Ripard <maxime(a)cerno.tech> clk: Export clk_hw_forward_rate_request() Christian Lamparter <chunkeey(a)gmail.com> ARM: dts: BCM5301X: fix duplex-full => full-duplex Guenter Roeck <linux(a)roeck-us.net> hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 Tim Harvey <tharvey(a)gateworks.com> hwmon: (gsc-hwmon) fix fan pwm temperature scaling Olivier Moysan <olivier.moysan(a)foss.st.com> ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx Dan Carpenter <dan.carpenter(a)linaro.org> accel/habanalabs: fix gaudi2_get_tpc_idle_status() return Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2 Chris Morgan <macromorgan(a)hotmail.com> arm64: dts: rockchip: Fix compatible for Bluetooth on rk3566-anbernic Caleb Connolly <caleb.connolly(a)linaro.org> Input: pm8941-powerkey - fix debounce on gen2+ PMICs Keerthy <j-keerthy(a)ti.com> arm64: dts: ti: k3-j7200: Fix physical address of pin Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Assign ES8316 MCLK rate on rk3588-rock-5b Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: No 10bit gamma on desktop gen3 parts Matt Roper <matthew.d.roper(a)intel.com> drm/i915/display: Make display responsible for probing its own IP Matt Roper <matthew.d.roper(a)intel.com> drm/i915/display: Move display runtime info to display structure Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Convert INTEL_INFO()->display to a pointer Matt Roper <matthew.d.roper(a)intel.com> drm/i915/display: Move display device info to header under display/ Jani Nikula <jani.nikula(a)intel.com> drm/i915: hide mkwrite_device_info() better Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix limited range csc matrix Bjorn Andersson <quic_bjorande(a)quicinc.com> dt-bindings: arm-smmu: Fix SC8280XP Adreno binding Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dpu: always clear every individual pending flush mask Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register Wolfram Sang <wsa+renesas(a)sang-engineering.com> arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix hns_roce_table_get return value Brendan Cunningham <bcunningham(a)cornelisnetworks.com> IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate Arnd Bergmann <arnd(a)arndb.de> RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes Randy Dunlap <rdunlap(a)infradead.org> soc/fsl/qe: fix usb.c build errors Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM: dts: meson8: correct uart_B and uart_C clock references Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: es8316: Do not set rate constraints for unsupported MCLKs Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: es8316: Increment max value for ALC Capture Target Volume control Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> ARM: dts: qcom: apq8074-dragonboard: Set DMA as remotely controlled Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> memory: brcmstb_dpfe: fix testing array offset after use Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Shorten the AV96 HDMI sound card name Douglas Anderson <dianders(a)chromium.org> arm64: dts: mediatek: mt8195: Add mediatek,broken-save-restore-fw to cherry Douglas Anderson <dianders(a)chromium.org> arm64: dts: mediatek: mt8192: Add mediatek,broken-save-restore-fw to asurada Douglas Anderson <dianders(a)chromium.org> arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: apq8096: fix fixed regulator name property Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: pm7250b: add missing spmi-vadc include Arnd Bergmann <arnd(a)arndb.de> ARM: omap2: fix missing tick_broadcast() prototype Arnd Bergmann <arnd(a)arndb.de> ARM: ep93xx: fix missing-prototype warnings Dario Binacchi <dario.binacchi(a)amarulasolutions.com> drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Adam Ford <aford173(a)gmail.com> drm: bridge: samsung-dsim: Fix PMS Calculator on imx8m[mnp] Frieder Schrempf <frieder.schrempf(a)kontron.de> drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: apq8016-sbc: Fix regulator constraints Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdm845-polaris: add missing touchscreen child node reg Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: correct pinctrl unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: correct crypto unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: correct USB phy unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: correct PCI phy unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: correct DMA controller unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: correct thermal-sensor unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdm845: correct camss unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdm630: correct camss unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8996: correct camss unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8994: correct SPMI unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8976: correct MMC unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8953: correct WCNSS unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8953: correct IOMMU unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8916: correct WCNSS unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8916: correct MMC unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8916: correct camss unit address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: ipq6018: correct qrng unit address Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: pm8998: don't use GIC_SPI for SPMI interrupts Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: qcom: msm8974: do not use underscore in node name (again) Linus Walleij <linus.walleij(a)linaro.org> ARM/musb: omap2: Remove global GPIO numbers from TUSB6010 Linus Walleij <linus.walleij(a)linaro.org> ARM: omap2: Rewrite WLAN quirk to use GPIO descriptors Linus Walleij <linus.walleij(a)linaro.org> ARM: omap2: Get USB hub reset GPIO from descriptor Linus Walleij <linus.walleij(a)linaro.org> ARM/gpio: Push OMAP2 quirk down into TWL4030 driver Linus Walleij <linus.walleij(a)linaro.org> ARM: omap1: Exorcise the legacy GPIO header Linus Walleij <linus.walleij(a)linaro.org> ARM: omap1: Make serial wakeup GPIOs use descriptors Linus Walleij <linus.walleij(a)linaro.org> ARM: omap1: Fix up the Nokia 770 board device IRQs Linus Walleij <linus.walleij(a)linaro.org> ARM/mmc: Convert old mmci-omap to GPIO descriptors Linus Walleij <linus.walleij(a)linaro.org> Input: ads7846 - Convert to use software nodes Linus Walleij <linus.walleij(a)linaro.org> ARM: omap1: Remove reliance on GPIO numbers from SX1 Linus Walleij <linus.walleij(a)linaro.org> ARM: omap1: Remove reliance on GPIO numbers from PalmTE Linus Walleij <linus.walleij(a)linaro.org> ARM: omap1: Drop header on AMS Delta Linus Walleij <linus.walleij(a)linaro.org> ARM/mfd/gpio: Fixup TPS65010 regression on OMAP1 OSK1 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: anx7625: Prevent endless probe loop Bhupesh Sharma <bhupesh.sharma(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: Fix CD gpio for SDHC2 Tony Lindgren <tony(a)atomide.com> ARM: dts: gta04: Move model property out of pinctrl node Biju Das <biju.das.jz(a)bp.renesas.com> clk: renesas: rzg2l: Fix CPG_SIPLL5_CLK1 register write Jean-Philippe Brucker <jean-philippe(a)linaro.org> iommu/virtio: Return size mapped for a detached domain Jean-Philippe Brucker <jean-philippe(a)linaro.org> iommu/virtio: Detach domain on endpoint release Arnd Bergmann <arnd(a)arndb.de> drm/nouveau: dispnv50: fix missing-prototypes warning Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Use V4.0 PCC DSPP sub-block in SC7[12]80 Arnaud Vrac <avrac(a)freebox.fr> drm/msm/dpu: fix cursor block register bit offset in msm8998 hw catalog Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable DSPP_2/3 for LM_2/3 on sm8450 Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to remove an unnecessary log Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Use unique names while registering interrupts Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to remove unnecessary return labels Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Disable/kill tasklet only if it is enabled Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> hwmon: (f71882fg) prevent possible division by zero Dan Carpenter <dan.carpenter(a)linaro.org> clk: imx: scu: use _safe list iterator to avoid a use after free Devi Priya <quic_devipriy(a)quicinc.com> arm64: dts: qcom: ipq9574: Update the size of GICC & GICV regions Alexander Stein <alexander.stein(a)ew.tq-group.com> drm/bridge: tc358767: Switch to devm MIPI-DSI helpers Robert Marko <robert.marko(a)sartura.hr> arm64: dts: microchip: sparx5: do not use PSCI on reference boards Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix dispc quirk masking bool variables Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards Maíra Canal <mcanal(a)igalia.com> drm/vkms: Fix RGB565 pixel conversion Maíra Canal <mcanal(a)igalia.com> drm: Add fixed-point helper to get rounded integer values Maíra Canal <mcanal(a)igalia.com> drm/vkms: isolate pixel conversion functionality Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: sof_sdw: start set codec init function with an adr index Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices Trevor Wu <trevor.wu(a)mediatek.com> ASoC: dt-bindings: mediatek,mt8188-afe: correct clock name Dan Carpenter <dan.carpenter(a)linaro.org> driver: soc: xilinx: use _safe loop iterator to avoid a use after free Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: sharp-ls043t1le01: adjust mode settings XuDong Liu <m202071377(a)hust.edu.cn> drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` Marek Vasut <marex(a)denx.de> Input: adxl34x - do not hardcode interrupt trigger type Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: rs9: Fix .driver_data content in i2c_device_id Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: vc7: Fix .driver_data content in i2c_device_id Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: vc5: Fix .driver_data content in i2c_device_id hfdevel(a)gmx.net <hfdevel(a)gmx.net> ARM: dts: meson8b: correct uart_B and uart_C clock references Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Luc Ma <luc(a)sietium.com> drm/vram-helper: fix function names in vram helper doc Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: tests - fix input_test_match_device_id test Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: fix THS_TRAILCNT computation Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: fix TXTAGOCNT computation Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: fix THS_ZEROCNT computation Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: fix TCLK_TRAILCNT computation Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: fix TCLK_ZEROCNT computation Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: fix PLL target frequency Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: fix PLL parameters computation Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: always enable HS video mode Alexander Stein <alexander.stein(a)ew.tq-group.com> drm/bridge: ti-sn65dsi83: Fix enable error path Geert Uytterhoeven <geert+renesas(a)glider.be> Input: tests - modular KUnit tests should not depend on KUNIT=y Geert Uytterhoeven <geert+renesas(a)glider.be> Input: tests - fix use-after-free and refcount underflow in input_test_exit() Duoming Zhou <duoming(a)zju.edu.cn> Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync() Luca Weiss <luca(a)z3ntu.xyz> Input: drv260x - sleep between polling GO bit Markus Elfring <elfring(a)users.sourceforge.net> drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/i915/guc/slpc: Provide sysfs for efficient freq Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Explicitly specify update type per plane info change Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> radeon: avoid double free in ci_dpm_init() Arnd Bergmann <arnd(a)arndb.de> drm/amd/display: fix is_timing_changed() prototype Wesley Chalmers <Wesley.Chalmers(a)amd.com> drm/amd/display: Add logging for display MALL refresh setting Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Unconditionally print when DP sink power state fails Dan Carpenter <error27(a)gmail.com> drm/imx/lcdc: fix a NULL vs IS_ERR() bug in probe Kuniyuki Iwashima <kuniyu(a)amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses Cambda Zhu <cambda(a)linux.alibaba.com> ipvlan: Fix return value of ipvlan_queue_xmit() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix underflow in chain reference counter Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: unbind non-anonymous set if rule construction fails Ilia.Gavrilov <Ilia.Gavrilov(a)infotecs.ru> netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Jeremy Sowden <jeremy(a)azazel.net> lib/ts_bm: reset initial match offset for every block of text Lin Ma <linma(a)zju.edu.cn> net: nfc: Fix use-after-free caused by nfc_llcp_find_local Edward Cree <ecree.xilinx(a)gmail.com> sfc: fix crash when reading stats while NIC is resetting David Howells <dhowells(a)redhat.com> ocfs2: Fix use of slab data with sendpage Maxim Kochetkov <fido_max(a)inbox.ru> net: axienet: Move reset before 64-bit DMA detection Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Fix use-after-free in __gtp_encap_destroy(). Sabrina Dubroca <sd(a)queasysnail.net> selftests: rtnetlink: remove netdevsim device after ipsec offload test Eric Dumazet <edumazet(a)google.com> sch_netem: fix issues in netem_change() vs get_dist_table() Eric Dumazet <edumazet(a)google.com> bonding: do not assume skb mac_header is set Eric Dumazet <edumazet(a)google.com> netlink: do not hard code device address lenth in fdb dumps Eric Dumazet <edumazet(a)google.com> netlink: fix potential deadlock in netlink_set_err() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> net: stmmac: fix double serdes powerdown Vinicius Costa Gomes <vinicius.gomes(a)intel.com> igc: Work around HW bug causing missing timestamps Vinicius Costa Gomes <vinicius.gomes(a)intel.com> igc: Retrieve TX timestamp during interrupt handling Vinicius Costa Gomes <vinicius.gomes(a)intel.com> igc: Check if hardware TX timestamping is enabled earlier Vinicius Costa Gomes <vinicius.gomes(a)intel.com> igc: Fix race condition in PTP tx code Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_pciefd: Set hardware timestamp on transmitted packets Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_pciefd: Add function to set skb hwtstamps Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: length: fix bitstuffing count Gilad Sever <gilad9366(a)gmail.com> bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings Gilad Sever <gilad9366(a)gmail.com> bpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint Gilad Sever <gilad9366(a)gmail.com> bpf: Factor out socket lookup functions for the TC hookpoint. Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: convert msecs to jiffies where needed Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: check only affected links Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection Marek Vasut <marex(a)denx.de> mmc: Add MMC_QUIRK_BROKEN_SD_CACHE for Kingston Canvas Go Plus from 11/2019 Douglas Anderson <dianders(a)chromium.org> watchdog/hardlockup: keep kernel.nmi_watchdog sysctl as 0444 if probe fails Lecopzer Chen <lecopzer.chen(a)mediatek.com> watchdog/perf: adapt the watchdog_perf interface for async model Douglas Anderson <dianders(a)chromium.org> watchdog/hardlockup: rename some "NMI watchdog" constants/function Douglas Anderson <dianders(a)chromium.org> watchdog/hardlockup: move perf hardlockup checking/panic to common watchdog.c Lecopzer Chen <lecopzer.chen(a)mediatek.com> watchdog/hardlockup: change watchdog_nmi_enable() to void Lecopzer Chen <lecopzer.chen(a)mediatek.com> watchdog: remove WATCHDOG_DEFAULT Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: move mm_count into its own cache line Ilan Peer <ilan.peer(a)intel.com> wifi: ieee80211: Fix the common size calculation for reconfiguration ML Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix regulatory disconnect with OCB/NAN Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: drop incorrect nontransmitted BSS update code Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: rewrite merging of inherited elements Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr> wifi: mac80211: Remove "Missing iftype sband data/EHT cap" spam Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pull from TXQs with softirqs disabled Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: correctly access HE/EHT sband capa Gregory Greenman <gregory.greenman(a)intel.com> wifi: iwlwifi: mvm: add support for Extra EHT LTF Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: add helpers to access sband iftype data Ziyang Huang <hzyitc(a)outlook.com> wifi: ath11k: Add missing hw_ops->get_ring_selector() for IPQ5018 Ziyang Huang <hzyitc(a)outlook.com> wifi: ath11k: Restart firmware after cold boot calibration for IPQ5018 Ziyang Huang <hzyitc(a)outlook.com> wifi: ath11k: Add missing ops config for IPQ5018 in ath11k_ahb_probe() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> wifi: ath11k: Add missing check for ioremap Edwin Peer <edwin.peer(a)broadcom.com> rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: fw: print PC register value instead of address Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: mvm: Handle return value for iwl_mvm_sta_init Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix permissions for valid_links debugfs entry Eduard Zingerman <eddyz87(a)gmail.com> bpf: Verify scalar ids mapping in regsafe() using check_ids() Eduard Zingerman <eddyz87(a)gmail.com> bpf: Use scalar ids in mark_chain_precision() Remi Pommarel <repk(a)triplefau.lt> wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: Fix invalid pointer check in get_xlated_program() Arnd Bergmann <arnd(a)arndb.de> memstick r592: make memstick_debug_get_tpc_name() static Douglas Anderson <dianders(a)chromium.org> mmc: mediatek: Avoid ugly error message when SDIO wakeup IRQ isn't used Zhen Lei <thunder.leizhen(a)huawei.com> kexec: fix a memory leak in crash_shrink_memory() Douglas Anderson <dianders(a)chromium.org> watchdog/perf: more properly prevent false positives with turbo modes Douglas Anderson <dianders(a)chromium.org> watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config Haifeng Xu <haifeng.xu(a)shopee.com> selftests: cgroup: fix unexpected failure on test_memcg_low Karol Kolacinski <karol.kolacinski(a)intel.com> ice: handle extts in the miscellaneous interrupt thread Marek Vasut <marex(a)denx.de> wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown Marek Vasut <marex(a)denx.de> wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled Vijaya Krishna Nivarthi <quic_vnivarth(a)quicinc.com> spi: spi-geni-qcom: Do not do DMA map/unmap inside driver, use framework instead Vijaya Krishna Nivarthi <quic_vnivarth(a)quicinc.com> soc: qcom: geni-se: Add interfaces geni_se_tx_init_dma() and geni_se_rx_init_dma() Jesper Dangaard Brouer <brouer(a)redhat.com> selftests/bpf: Fix check_mtu using wrong variable type Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: recalc min chandef for new STA links Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: send time sync only if needed Viktor Malik <vmalik(a)redhat.com> tools/resolve_btfids: Fix setting HOSTCFLAGS Dave Marchevsky <davemarchevsky(a)fb.com> bpf: Make bpf_refcount_acquire fallible for non-owning refs Dave Marchevsky <davemarchevsky(a)fb.com> bpf: Fix __bpf_{list,rbtree}_add's beginning-of-node calculation Dave Marchevsky <davemarchevsky(a)fb.com> bpf: Set kptr_struct_meta for node param to list and rbtree insert funcs Dave Marchevsky <davemarchevsky(a)fb.com> bpf: Remove anonymous union in bpf_kfunc_call_arg_meta Youghandhar Chintala <quic_youghand(a)quicinc.com> wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart Jesper Dangaard Brouer <brouer(a)redhat.com> samples/bpf: xdp1 and xdp2 reduce XDPBUFSIZE to 60 Sascha Hauer <s.hauer(a)pengutronix.de> wifi: rtw88: usb: silence log flooding error message Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: ray_cs: Fix an error handling path in ray_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: wl3501_cs: Fix an error handling path in wl3501_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: atmel: Fix an error handling path in atmel_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: orinoco: Fix an error handling path in orinoco_cs_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: orinoco: Fix an error handling path in spectrum_cs_probe() Geert Uytterhoeven <geert+renesas(a)glider.be> regulator: core: Streamline debugfs operations Geert Uytterhoeven <geert+renesas(a)glider.be> regulator: core: Fix more error checking for debugfs_create_dir() Sebastian Reichel <sebastian.reichel(a)collabora.com> regulator: rk808: fix asynchronous probing Alexey Gladkov <legion(a)kernel.org> selftests/bpf: Do not use sign-file as testcase Yafang Shao <laoar.shao(a)gmail.com> bpf: Fix memleak due to fentry attach failure Yafang Shao <laoar.shao(a)gmail.com> bpf: Remove bpf trampoline selector Alan Maguire <alan.maguire(a)oracle.com> bpftool: JIT limited misreported as negative value on aarch64 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() Joy Chakraborty <joychakr(a)google.com> spi: dw: Round of n_bytes to power of 2 Stanislav Fomichev <sdf(a)google.com> bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen Andrii Nakryiko <andrii(a)kernel.org> libbpf: fix offsetof() and container_of() to work with CO-RE Edward Cree <ecree.xilinx(a)gmail.com> sfc: release encap match in efx_tc_flow_free() Alexander Mikhalitsyn <alexander(a)mihalicyn.com> sctp: add bpf_bypass_getsockopt proto callback Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() Dan Carpenter <dan.carpenter(a)linaro.org> wifi: rtw88: unlock on error path in rtw_ops_add_interface() Amisha Patel <amisha.patel(a)microchip.com> wifi: wilc1000: fix for absent RSN capabilities WFA testcase Vijaya Krishna Nivarthi <quic_vnivarth(a)quicinc.com> spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG Pengcheng Yang <yangpc(a)wangsu.com> samples/bpf: Fix buffer overflow in tcp_basertt Dan Carpenter <dan.carpenter(a)linaro.org> wifi: rtw89: fix rtw89_read_chip_ver() for RTL8852B and RTL8851B Andrii Nakryiko <andrii(a)kernel.org> bpf: fix propagate_precision() logic for inner frames Andrii Nakryiko <andrii(a)kernel.org> bpf: maintain bitmasks across all active frames in __mark_chain_precision Andrii Nakryiko <andrii(a)kernel.org> bpf: improve precision backtrack logging Andrii Nakryiko <andrii(a)kernel.org> bpf: encapsulate precision backtracking bookkeeping Martin KaFai Lau <martin.lau(a)kernel.org> libbpf: btf_dump_type_data_check_overflow needs to consider BTF_MEMBER_BITFIELD_SIZE Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx Peter Seiderer <ps.report(a)gmx.net> wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation Jesper Dangaard Brouer <brouer(a)redhat.com> igc: Enable and fix RX hash usage by netstack Hao Jia <jiahao.os(a)bytedance.com> sched/core: Avoid multiple calling update_rq_clock() in __cfsb_csd_unthrottle() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> pstore/ram: Add check for kstrdup Roberto Sassu <roberto.sassu(a)huawei.com> ima: Fix build warnings Roberto Sassu <roberto.sassu(a)huawei.com> evm: Fix build warnings Roberto Sassu <roberto.sassu(a)huawei.com> evm: Complete description of evm_inode_setattr() Mark Rutland <mark.rutland(a)arm.com> locking/atomic: arm: fix sync ops Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> reiserfs: Initialize sec->length in reiserfs_security_init(). Juergen Gross <jgross(a)suse.com> x86/mm: Fix __swp_entry_to_pte() for Xen PV guests Ravi Bangoria <ravi.bangoria(a)amd.com> perf/ibs: Fix interface via core pmu events Mark Brown <broonie(a)kernel.org> selftests/ftace: Fix KTAP output ordering Colin Ian King <colin.i.king(a)gmail.com> kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: ensure fast64 integer types have 64 bits Juergen Gross <jgross(a)suse.com> x86/xen: Set MTRR state when running as Xen PV initial domain Juergen Gross <jgross(a)suse.com> x86/mtrr: Replace size_or_mask and size_and_mask with a much easier concept Juergen Gross <jgross(a)suse.com> x86/hyperv: Set MTRR state when running as SEV-SNP Hyper-V guest Juergen Gross <jgross(a)suse.com> x86/mtrr: Support setting MTRR state for software defined MTRRs Juergen Gross <jgross(a)suse.com> x86/mtrr: Remove physical address size calculation Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup() Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Correct name of use_softirq module parameter Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Stop rcu_tasks_invoke_cbs() from using never-onlined CPUs Paul E. McKenney <paulmck(a)kernel.org> rcu: Make rcu_cpu_starting() rely on interrupts being disabled Daniel Latypov <dlatypov(a)google.com> kunit: tool: undo type subscripts for subprocess.Popen Peng Fan <peng.fan(a)nxp.com> thermal/drivers/qoriq: Only enable supported sensors Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() Stephan Gerhold <stephan.gerhold(a)kernkonzept.com> thermal/drivers/qcom/tsens-v0_1: Add mdm9607 correction offsets Stephan Gerhold <stephan.gerhold(a)kernkonzept.com> thermal/drivers/qcom/tsens-v0_1: Fix mdm9607 slope values Matti Lehtimäki <matti.lehtimaki(a)gmail.com> thermal/drivers/qcom/tsens-v0_1: Add support for MSM8226 Tero Kristo <tero.kristo(a)linux.intel.com> cpufreq: intel_pstate: Fix energy_performance_preference for passive Arnd Bergmann <arnd(a)arndb.de> ARM: 9303/1: kprobes: avoid missing-declaration warnings Ulf Hansson <ulf.hansson(a)linaro.org> PM: domains: Move the verification of in-params from genpd_add_device() Zhang Rui <rui.zhang(a)intel.com> powercap: RAPL: Fix CONFIG_IOSF_MBI dependency Sumeet Pawnikar <sumeet.r.pawnikar(a)intel.com> powercap: RAPL: fix invalid initialization for pl4_supported field Li Yang <leoyang.li(a)nxp.com> APEI: GHES: correctly return NULL for ghes_get_devices() Robin Murphy <robin.murphy(a)arm.com> perf/arm_cspmu: Fix event attribute type Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf: arm_cspmu: Set irq affinitiy only if overflow interrupt is used Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: Don't migrate perf to the CPU going to teardown Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/mm: Allow guest.enc_status_change_prepare() to fail Marc Zyngier <maz(a)kernel.org> drivers/perf: apple_m1: Force 63bit counters for M2 CPUs Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix DTC reset Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> PM: domains: fix integer overflow issues in genpd_parse_state() Feng Mingxi <m202271825(a)hust.edu.cn> clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Ming Lei <ming.lei(a)redhat.com> blk-mq: don't insert passthrough request into sw queue Christoph Hellwig <hch(a)lst.de> btrfs: fix file_offset for REQ_BTRFS_ONE_ORDERED bios that get split Christoph Hellwig <hch(a)lst.de> btrfs: don't treat zoned writeback as being from an async helper thread Christoph Hellwig <hch(a)lst.de> btrfs: only call __extent_writepage_io from extent_write_locked_range Christoph Hellwig <hch(a)lst.de> btrfs: don't fail writeback when allocating the compression context fails Christoph Hellwig <hch(a)lst.de> btrfs: fix range_end calculation in extent_write_locked_range Christoph Hellwig <hch(a)lst.de> btrfs: submit a writeback bio per extent_buffer Christoph Hellwig <hch(a)lst.de> btrfs: return bool from lock_extent_buffer_for_io Christoph Hellwig <hch(a)lst.de> btrfs: don't use btrfs_bio_ctrl for extent buffer reading Christoph Hellwig <hch(a)lst.de> btrfs: always read the entire extent_buffer Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode(). Wen Yang <wenyang.linux(a)foxmail.com> tick/rcu: Fix bogus ratelimit condition Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Prevent RT livelock in itimer_delete() Gao Xiang <xiang(a)kernel.org> erofs: fix compact 4B support for 16k block size Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Prevent page release when nothing was received John Paul Adrian Glaubitz <glaubitz(a)physik.fu-berlin.de> irqchip/jcore-aic: Fix missing allocation of IRQ descriptors Antonio Borneo <antonio.borneo(a)foss.st.com> irqchip/stm32-exti: Fix warning on initialized field overwritten Christoph Hellwig <hch(a)lst.de> splice: don't call file_accessed in copy_splice_read Jianmin Lv <lvjianmin(a)loongson.cn> irqchip/loongson-eiointc: Fix irq affinity setting during resume Yu Kuai <yukuai3(a)huawei.com> block: fix blktrace debugfs entries leakage Yu Kuai <yukuai3(a)huawei.com> md/raid1-10: submit write io directly if bitmap is not enabled Yu Kuai <yukuai3(a)huawei.com> md/raid1-10: factor out a helper to submit normal write Yu Kuai <yukuai3(a)huawei.com> md/raid1-10: factor out a helper to add bio to plug Li Nan <linan122(a)huawei.com> md/raid10: fix io loss while replacement replace rdev Li Nan <linan122(a)huawei.com> md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request Li Nan <linan122(a)huawei.com> md/raid10: fix wrong setting of max_corr_read_errors Li Nan <linan122(a)huawei.com> md/raid10: fix overflow of md/safe_mode_delay Li Nan <linan122(a)huawei.com> md/raid10: check slab-out-of-bounds in md_bitmap_get_counter Chaitanya Kulkarni <kch(a)nvidia.com> nvme-core: fix dev_pm_qos memleak Chaitanya Kulkarni <kch(a)nvidia.com> nvme-core: add missing fault-injection cleanup Chaitanya Kulkarni <kch(a)nvidia.com> nvme-core: fix memory leak in dhchap_ctrl_secret Chaitanya Kulkarni <kch(a)nvidia.com> nvme-core: fix memory leak in dhchap_secret_store NeilBrown <neilb(a)suse.de> lockd: drop inappropriate svc_get() from locked_get() Yu Kuai <yukuai3(a)huawei.com> blk-mq: fix potential io hang by wrong 'wake_batch' Arnd Bergmann <arnd(a)arndb.de> virt: sevguest: Add CONFIG_CRYPTO dependency Waiman Long <longman(a)redhat.com> blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() Tom Lendacky <thomas.lendacky(a)amd.com> x86/sev: Fix calculation of end address based on number of pages Li Nan <linan122(a)huawei.com> blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost Eric Biggers <ebiggers(a)google.com> fsverity: don't use bio_first_page_all() in fsverity_verify_bio() Eric Biggers <ebiggers(a)google.com> fsverity: use shash API instead of ahash API Shawn Wang <shawnwang(a)linux.alibaba.com> x86/resctrl: Only show tasks' pid in current pid namespace Gao Xiang <xiang(a)kernel.org> erofs: kill hooked chains to avoid loops on deduplicated compressed images David Howells <dhowells(a)redhat.com> splice: Fix filemap_splice_read() to use the correct inode Yu Kuai <yukuai3(a)huawei.com> block/rq_qos: protect rq_qos apis with a new lock Bart Van Assche <bvanassche(a)acm.org> block: Fix the type of the second bdev_op_is_zoned_write() argument Ming Lei <ming.lei(a)redhat.com> blk-mq: don't queue plugged passthrough requests into scheduler Alexander Gordeev <agordeev(a)linux.ibm.com> s390/kasan: fix insecure W+X mapping warning Arnd Bergmann <arnd(a)arndb.de> fs: pipe: reveal missing function protoypes Hersen Wu <hersenxs.wu(a)amd.com> Revert "drm/amd/display: edp do not add non-edid timings" Sean Nyekjaer <sean(a)geanix.com> iio: accel: fxls8962af: fixup buffer scan element type Sean Nyekjaer <sean(a)geanix.com> iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF Fabrizio Lamarque <fl.scratchpad(a)gmail.com> iio: adc: ad7192: Fix internal/external clock selection Fabrizio Lamarque <fl.scratchpad(a)gmail.com> iio: adc: ad7192: Fix null ad7192_state pointer access Rasmus Villemoes <linux(a)rasmusvillemoes.dk> iio: addac: ad74413: don't set DIN_SINK for functions other than digital input Fabrizio Lamarque <fl.scratchpad(a)gmail.com> dt-bindings: iio: ad7192: Add mandatory reference voltage source Alvin Šipraga <alsi(a)bang-olufsen.dk> extcon: usbc-tusb320: Unregister typec port on driver removal EJ Hsu <ejh(a)nvidia.com> phy: tegra: xusb: Clear the driver reference in usb-phy dev Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: dwc3: gadget: Propagate core init errors to UDC during pullup Davide Tronchin <davide.tronchin.94(a)gmail.com> USB: serial: option: add LARA-R6 01B PIDs ndesaulniers(a)google.com <ndesaulniers(a)google.com> start_kernel: Add __no_stack_protector function attribute ------------- Diffstat: Documentation/ABI/testing/sysfs-driver-eud | 2 +- .../devicetree/bindings/crypto/qcom-qce.yaml | 6 + .../devicetree/bindings/iio/adc/adi,ad7192.yaml | 5 + .../devicetree/bindings/iommu/arm,smmu.yaml | 6 +- .../devicetree/bindings/power/reset/qcom,pon.yaml | 4 +- .../bindings/sound/mediatek,mt8188-afe.yaml | 36 +- Documentation/fault-injection/provoke-crashes.rst | 2 +- Documentation/filesystems/autofs-mount-control.rst | 2 +- Documentation/filesystems/autofs.rst | 2 +- Documentation/filesystems/directory-locking.rst | 26 +- Documentation/filesystems/f2fs.rst | 16 + Documentation/networking/af_xdp.rst | 9 + Makefile | 4 +- arch/arc/include/asm/linkage.h | 8 +- arch/arm/boot/dts/bcm53015-meraki-mr26.dts | 2 +- arch/arm/boot/dts/bcm53016-meraki-mr32.dts | 2 +- arch/arm/boot/dts/bcm5301x.dtsi | 1 - arch/arm/boot/dts/iwg20d-q7-common.dtsi | 2 +- .../boot/dts/lan966x-kontron-kswitch-d10-mmt.dtsi | 16 +- arch/arm/boot/dts/meson8.dtsi | 4 +- arch/arm/boot/dts/meson8b.dtsi | 4 +- arch/arm/boot/dts/omap3-gta04a5one.dts | 4 +- arch/arm/boot/dts/qcom-apq8060-dragonboard.dts | 4 +- arch/arm/boot/dts/qcom-apq8074-dragonboard.dts | 4 + arch/arm/boot/dts/qcom-ipq4019-ap.dk04.1-c1.dts | 8 +- arch/arm/boot/dts/qcom-ipq4019-ap.dk04.1.dtsi | 10 +- arch/arm/boot/dts/qcom-ipq4019-ap.dk07.1.dtsi | 12 +- arch/arm/boot/dts/qcom-msm8974.dtsi | 2 +- arch/arm/boot/dts/stm32mp15xx-dhcom-pdk2.dtsi | 11 +- arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi | 8 +- .../boot/dts/stm32mp15xx-dhcor-drc-compact.dtsi | 6 + arch/arm/boot/dts/stm32mp15xx-dhcor-som.dtsi | 6 - arch/arm/boot/dts/stm32mp15xx-dhcor-testbench.dtsi | 8 + arch/arm/boot/dts/stm32mp15xx-dkx.dtsi | 2 +- arch/arm/include/asm/assembler.h | 17 + arch/arm/include/asm/sync_bitops.h | 29 +- arch/arm/lib/bitops.h | 14 +- arch/arm/lib/testchangebit.S | 4 + arch/arm/lib/testclearbit.S | 4 + arch/arm/lib/testsetbit.S | 4 + arch/arm/mach-ep93xx/timer-ep93xx.c | 3 +- arch/arm/mach-omap1/board-ams-delta.c | 1 - arch/arm/mach-omap1/board-nokia770.c | 207 +++--- arch/arm/mach-omap1/board-osk.c | 146 +++-- arch/arm/mach-omap1/board-palmte.c | 51 +- arch/arm/mach-omap1/board-sx1-mmc.c | 1 - arch/arm/mach-omap1/board-sx1.c | 40 +- arch/arm/mach-omap1/devices.c | 1 - arch/arm/mach-omap1/gpio15xx.c | 1 - arch/arm/mach-omap1/gpio16xx.c | 1 - arch/arm/mach-omap1/irq.c | 1 - arch/arm/mach-omap1/serial.c | 30 +- arch/arm/mach-omap2/board-generic.c | 1 + arch/arm/mach-omap2/board-n8x0.c | 156 ++--- arch/arm/mach-omap2/omap_device.c | 1 - arch/arm/mach-omap2/pdata-quirks.c | 132 ++-- arch/arm/mach-omap2/usb-tusb6010.c | 20 +- arch/arm/mach-omap2/usb-tusb6010.h | 12 + arch/arm/mach-orion5x/board-dt.c | 3 + arch/arm/mach-orion5x/common.h | 6 + arch/arm/mach-pxa/spitz.c | 11 +- arch/arm/probes/kprobes/checkers-common.c | 2 +- arch/arm/probes/kprobes/core.c | 2 +- arch/arm/probes/kprobes/opt-arm.c | 2 - arch/arm/probes/kprobes/test-core.c | 2 +- arch/arm/probes/kprobes/test-core.h | 4 + .../dts/mediatek/mt7986a-bananapi-bpi-r3-nand.dtso | 6 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 4 + arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 4 + arch/arm64/boot/dts/mediatek/mt8192.dtsi | 22 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 4 + arch/arm64/boot/dts/microchip/sparx5.dtsi | 2 +- .../boot/dts/microchip/sparx5_pcb_common.dtsi | 12 + arch/arm64/boot/dts/qcom/apq8016-sbc.dts | 78 ++- arch/arm64/boot/dts/qcom/apq8096-ifc6640.dts | 4 +- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 2 +- arch/arm64/boot/dts/qcom/ipq9574.dtsi | 6 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 8 +- arch/arm64/boot/dts/qcom/msm8953.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8976.dtsi | 6 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/qcom/pm7250b.dtsi | 1 + arch/arm64/boot/dts/qcom/pm8998.dtsi | 2 +- arch/arm64/boot/dts/qcom/qdu1000.dtsi | 1 + arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 3 +- arch/arm64/boot/dts/qcom/sdm630.dtsi | 2 +- arch/arm64/boot/dts/qcom/sdm670.dtsi | 1 + arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts | 1 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 3 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 2 +- .../boot/dts/qcom/sm8250-sony-xperia-edo.dtsi | 7 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm8550.dtsi | 9 +- arch/arm64/boot/dts/renesas/ulcb-kf.dtsi | 3 +- .../boot/dts/rockchip/rk3566-anbernic-rgxx3.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 2 + arch/arm64/boot/dts/ti/k3-am69-sk.dts | 2 +- .../boot/dts/ti/k3-j7200-common-proc-board.dts | 28 +- arch/arm64/boot/dts/ti/k3-j721e-beagleboneai64.dts | 5 + arch/arm64/boot/dts/ti/k3-j784s4-evm.dts | 32 +- arch/arm64/boot/dts/ti/k3-j784s4-mcu-wakeup.dtsi | 29 +- arch/arm64/include/asm/fpsimdmacros.h | 6 +- arch/arm64/kernel/signal.c | 2 +- arch/loongarch/Makefile | 2 +- arch/mips/Makefile | 2 +- arch/mips/alchemy/devboards/db1000.c | 11 +- arch/mips/boot/dts/ingenic/ci20.dts | 27 +- arch/powerpc/Kconfig.debug | 2 +- arch/powerpc/boot/dts/turris1x.dts | 6 +- arch/powerpc/include/asm/nmi.h | 4 +- arch/powerpc/kernel/interrupt.c | 3 +- arch/powerpc/kernel/ppc_save_regs.S | 6 +- arch/powerpc/kernel/signal_32.c | 15 +- arch/powerpc/kernel/smp.c | 1 + arch/powerpc/kernel/vdso/Makefile | 2 +- arch/powerpc/kernel/watchdog.c | 12 +- arch/powerpc/mm/book3s64/radix_pgtable.c | 34 +- arch/powerpc/mm/init_64.c | 2 +- arch/powerpc/platforms/powernv/pci-sriov.c | 6 +- arch/powerpc/platforms/powernv/vas-window.c | 2 +- arch/powerpc/platforms/pseries/mobility.c | 4 +- arch/powerpc/platforms/pseries/vas.c | 2 +- arch/riscv/kernel/hibernate-asm.S | 1 - arch/riscv/kernel/hibernate.c | 1 - arch/riscv/kernel/probes/uprobes.c | 2 + arch/riscv/kernel/smpboot.c | 5 +- arch/riscv/mm/init.c | 4 +- arch/s390/kvm/diag.c | 8 +- arch/s390/kvm/kvm-s390.c | 4 + arch/s390/kvm/vsie.c | 6 +- arch/s390/mm/vmem.c | 14 +- arch/sh/drivers/dma/dma-sh.c | 37 +- arch/sh/include/mach-common/mach/highlander.h | 2 +- arch/sh/include/mach-common/mach/r2d.h | 2 +- arch/sh/include/mach-dreamcast/mach/sysasic.h | 2 +- arch/sh/include/mach-se/mach/se7724.h | 2 +- arch/sh/kernel/cpu/sh2/probe.c | 2 +- arch/sh/kernel/cpu/sh3/entry.S | 4 +- arch/sparc/kernel/nmi.c | 10 +- arch/um/Makefile | 2 +- arch/x86/coco/tdx/tdx.c | 51 +- arch/x86/events/amd/core.c | 2 +- arch/x86/events/amd/ibs.c | 53 +- arch/x86/hyperv/ivm.c | 4 + arch/x86/include/asm/mtrr.h | 40 +- arch/x86/include/asm/perf_event.h | 2 + arch/x86/include/asm/pgtable_64.h | 4 +- arch/x86/include/asm/sev.h | 16 +- arch/x86/include/asm/x86_init.h | 2 +- arch/x86/include/uapi/asm/mtrr.h | 8 - arch/x86/kernel/cpu/mtrr/cleanup.c | 18 +- arch/x86/kernel/cpu/mtrr/generic.c | 124 +++- arch/x86/kernel/cpu/mtrr/mtrr.c | 73 +-- arch/x86/kernel/cpu/mtrr/mtrr.h | 4 +- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 8 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev.c | 14 +- arch/x86/kernel/x86_init.c | 2 +- arch/x86/mm/mem_encrypt_amd.c | 4 +- arch/x86/mm/pat/set_memory.c | 3 +- arch/x86/platform/efi/efi_64.c | 6 +- arch/x86/xen/enlighten_pv.c | 52 ++ block/blk-cgroup.c | 20 +- block/blk-core.c | 1 + block/blk-iocost.c | 7 +- block/blk-mq-debugfs.c | 2 +- block/blk-mq-tag.c | 15 +- block/blk-mq.c | 13 +- block/blk-mq.h | 3 +- block/blk-rq-qos.c | 20 +- block/blk-throttle.c | 6 - block/blk-throttle.h | 9 + block/blk-wbt.c | 2 + block/disk-events.c | 1 + block/genhd.c | 5 +- block/partitions/amiga.c | 102 ++- crypto/jitterentropy.c | 9 +- drivers/accel/habanalabs/gaudi2/gaudi2.c | 2 +- drivers/acpi/apei/ghes.c | 2 + drivers/base/power/domain.c | 15 +- drivers/base/property.c | 12 +- drivers/bus/fsl-mc/dprc-driver.c | 6 + drivers/bus/ti-sysc.c | 4 +- drivers/cdx/cdx.c | 18 + drivers/char/hw_random/st-rng.c | 21 +- drivers/char/hw_random/virtio-rng.c | 10 +- drivers/clk/bcm/clk-raspberrypi.c | 4 +- drivers/clk/clk-cdce925.c | 12 + drivers/clk/clk-renesas-pcie.c | 4 +- drivers/clk/clk-si5341.c | 38 +- drivers/clk/clk-versaclock5.c | 45 +- drivers/clk/clk-versaclock7.c | 2 +- drivers/clk/clk.c | 2 + drivers/clk/imx/clk-composite-8m.c | 31 + drivers/clk/imx/clk-imx8mn.c | 8 +- drivers/clk/imx/clk-imx8mp.c | 24 +- drivers/clk/imx/clk-imx93.c | 15 +- drivers/clk/imx/clk-imxrt1050.c | 22 +- drivers/clk/imx/clk-scu.c | 4 +- drivers/clk/keystone/sci-clk.c | 2 + drivers/clk/mediatek/clk-mt8173-apmixedsys.c | 7 +- drivers/clk/mediatek/clk-mtk.c | 13 +- drivers/clk/qcom/camcc-sc7180.c | 19 +- drivers/clk/qcom/dispcc-qcm2290.c | 12 +- drivers/clk/qcom/gcc-ipq5332.c | 6 +- drivers/clk/qcom/gcc-ipq6018.c | 34 +- drivers/clk/qcom/gcc-qcm2290.c | 62 +- drivers/clk/qcom/mmcc-msm8974.c | 23 +- drivers/clk/renesas/rzg2l-cpg.c | 6 +- drivers/clk/renesas/rzg2l-cpg.h | 3 - drivers/clk/tegra/clk-tegra124-emc.c | 2 + drivers/clk/ti/clkctrl.c | 7 + drivers/clk/xilinx/clk-xlnx-clock-wizard.c | 7 +- drivers/clocksource/timer-cadence-ttc.c | 19 +- drivers/cpufreq/intel_pstate.c | 2 + drivers/cpufreq/mediatek-cpufreq.c | 13 +- drivers/cpufreq/tegra194-cpufreq.c | 6 +- .../crypto/intel/qat/qat_common/qat_asym_algs.c | 14 +- drivers/crypto/marvell/cesa/cipher.c | 2 +- drivers/crypto/nx/Makefile | 2 +- drivers/crypto/nx/nx.h | 4 +- drivers/cxl/core/region.c | 102 +-- drivers/cxl/cxl.h | 16 +- drivers/dax/bus.c | 61 +- drivers/dax/dax-private.h | 4 +- drivers/dax/kmem.c | 2 +- drivers/extcon/extcon-usbc-tusb320.c | 42 +- drivers/extcon/extcon.c | 8 + drivers/firmware/efi/libstub/efi-stub-helper.c | 6 +- drivers/gpio/gpio-twl4030.c | 52 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 85 +-- drivers/gpu/drm/amd/amdgpu/nbio_v2_3.c | 11 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 13 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 5 +- .../dc/clk_mgr/dcn30/dcn30_clk_mgr_smu_msg.c | 3 + drivers/gpu/drm/amd/display/dc/core/dc.c | 3 - drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 +- drivers/gpu/drm/amd/display/dc/dc.h | 3 + .../gpu/drm/amd/display/dc/dcn314/dcn314_hwseq.c | 23 - .../gpu/drm/amd/display/dc/dcn314/dcn314_hwseq.h | 2 - .../gpu/drm/amd/display/dc/dcn314/dcn314_init.c | 2 +- .../amd/display/dc/dml/dcn21/display_mode_vba_21.c | 2 +- .../display/dc/dml/dcn32/display_rq_dlg_calc_32.c | 2 +- .../display/dc/link/protocols/link_dp_capability.c | 4 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 18 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 1 + drivers/gpu/drm/bridge/analogix/anx7625.c | 128 ++-- drivers/gpu/drm/bridge/ite-it6505.c | 3 +- drivers/gpu/drm/bridge/samsung-dsim.c | 22 +- drivers/gpu/drm/bridge/tc358767.c | 4 +- drivers/gpu/drm/bridge/tc358768.c | 93 ++- drivers/gpu/drm/bridge/ti-sn65dsi83.c | 20 +- drivers/gpu/drm/drm_gem_vram_helper.c | 6 +- drivers/gpu/drm/i915/Makefile | 2 + drivers/gpu/drm/i915/display/intel_color.c | 36 +- drivers/gpu/drm/i915/display/intel_crtc.c | 2 +- drivers/gpu/drm/i915/display/intel_cursor.c | 4 +- drivers/gpu/drm/i915/display/intel_display.c | 2 +- drivers/gpu/drm/i915/display/intel_display.h | 10 +- .../gpu/drm/i915/display/intel_display_device.c | 728 +++++++++++++++++++++ .../gpu/drm/i915/display/intel_display_device.h | 86 +++ drivers/gpu/drm/i915/display/intel_display_power.c | 6 +- .../gpu/drm/i915/display/intel_display_reg_defs.h | 14 +- drivers/gpu/drm/i915/display/intel_fb_pin.c | 2 +- drivers/gpu/drm/i915/display/intel_fbc.c | 6 +- drivers/gpu/drm/i915/display/intel_hdcp.c | 2 +- drivers/gpu/drm/i915/display/intel_hti.c | 2 +- drivers/gpu/drm/i915/display/intel_psr.c | 4 +- drivers/gpu/drm/i915/display/intel_psr_regs.h | 2 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 2 +- drivers/gpu/drm/i915/display/skl_watermark.c | 8 +- drivers/gpu/drm/i915/gt/intel_gt_sysfs_pm.c | 35 + drivers/gpu/drm/i915/gt/uc/intel_guc_slpc.c | 40 +- drivers/gpu/drm/i915/gt/uc/intel_guc_slpc.h | 1 + drivers/gpu/drm/i915/gt/uc/intel_guc_slpc_types.h | 1 + drivers/gpu/drm/i915/i915_driver.c | 12 +- drivers/gpu/drm/i915/i915_drv.h | 52 +- drivers/gpu/drm/i915/i915_pci.c | 384 +---------- drivers/gpu/drm/i915/i915_reg.h | 33 - drivers/gpu/drm/i915/intel_device_info.c | 140 ++-- drivers/gpu/drm/i915/intel_device_info.h | 69 +- drivers/gpu/drm/i915/intel_step.c | 8 +- drivers/gpu/drm/imx/lcdc/imx-lcdc.c | 4 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 3 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 +- .../drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 8 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 12 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 12 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 12 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_2_sc7180.h | 10 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_3_sm6115.h | 2 +- .../drm/msm/disp/dpu1/catalog/dpu_6_5_qcm2290.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_7_2_sc7280.h | 18 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 5 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 60 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 36 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_pingpong.c | 75 ++- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_pingpong.h | 31 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 4 + drivers/gpu/drm/msm/dp/dp_display.c | 16 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 26 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_14nm.c | 3 + drivers/gpu/drm/nouveau/dispnv50/disp.c | 1 + drivers/gpu/drm/nouveau/nv50_display.h | 4 +- drivers/gpu/drm/panel/panel-sharp-ls043t1le01.c | 11 +- drivers/gpu/drm/panel/panel-simple.c | 4 +- drivers/gpu/drm/radeon/ci_dpm.c | 28 +- drivers/gpu/drm/radeon/cypress_dpm.c | 8 +- drivers/gpu/drm/radeon/ni_dpm.c | 8 +- drivers/gpu/drm/radeon/rv740_dpm.c | 8 +- drivers/gpu/drm/sun4i/sun4i_tcon.c | 19 +- drivers/gpu/drm/vkms/vkms_composer.c | 4 +- drivers/gpu/drm/vkms/vkms_drv.h | 4 +- drivers/gpu/drm/vkms/vkms_formats.c | 131 ++-- drivers/gpu/drm/vkms/vkms_formats.h | 2 +- drivers/gpu/drm/vkms/vkms_plane.c | 2 +- drivers/hid/Kconfig | 2 +- drivers/hwmon/f71882fg.c | 7 +- drivers/hwmon/gsc-hwmon.c | 6 +- drivers/hwmon/pmbus/adm1275.c | 52 +- drivers/hwtracing/coresight/coresight-core.c | 9 +- .../hwtracing/coresight/coresight-etm4x-sysfs.c | 27 +- drivers/hwtracing/ptt/hisi_ptt.c | 12 +- drivers/hwtracing/ptt/hisi_ptt.h | 2 + drivers/i2c/busses/i2c-designware-pcidrv.c | 13 +- drivers/i2c/busses/i2c-nvidia-gpu.c | 3 + drivers/i2c/busses/i2c-xiic.c | 2 + drivers/i3c/master/svc-i3c-master.c | 19 +- drivers/iio/accel/fxls8962af-core.c | 8 +- drivers/iio/adc/ad7192.c | 8 +- drivers/iio/addac/ad74413r.c | 11 +- drivers/infiniband/hw/bnxt_re/main.c | 20 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 40 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 46 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 1 + drivers/infiniband/hw/hfi1/ipoib_tx.c | 4 +- drivers/infiniband/hw/hfi1/mmu_rb.c | 101 +-- drivers/infiniband/hw/hfi1/mmu_rb.h | 3 + drivers/infiniband/hw/hfi1/sdma.c | 23 +- drivers/infiniband/hw/hfi1/sdma.h | 47 +- drivers/infiniband/hw/hfi1/sdma_txreq.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 137 ++-- drivers/infiniband/hw/hfi1/user_sdma.h | 1 - drivers/infiniband/hw/hfi1/vnic_sdma.c | 4 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 7 +- drivers/infiniband/hw/irdma/uk.c | 10 +- drivers/infiniband/sw/rxe/rxe_mw.c | 17 +- drivers/input/Kconfig | 2 +- drivers/input/misc/adxl34x.c | 3 +- drivers/input/misc/drv260x.c | 1 + drivers/input/misc/pm8941-pwrkey.c | 19 +- drivers/input/tests/input_test.c | 6 +- drivers/input/touchscreen/ads7846.c | 114 ++-- drivers/input/touchscreen/cyttsp4_core.c | 3 +- drivers/interconnect/qcom/icc-rpm.c | 12 +- drivers/interconnect/qcom/icc-rpm.h | 4 +- drivers/iommu/iommufd/device.c | 2 +- drivers/iommu/iommufd/io_pagetable.c | 14 +- drivers/iommu/virtio-iommu.c | 57 +- drivers/irqchip/irq-jcore-aic.c | 7 + drivers/irqchip/irq-loongson-eiointc.c | 2 +- drivers/irqchip/irq-loongson-liointc.c | 12 +- drivers/irqchip/irq-loongson-pch-pic.c | 10 +- drivers/irqchip/irq-stm32-exti.c | 12 + drivers/leds/trigger/ledtrig-netdev.c | 3 + drivers/mailbox/ti-msgmgr.c | 12 +- drivers/md/bcache/btree.c | 25 +- drivers/md/bcache/btree.h | 1 + drivers/md/bcache/super.c | 4 +- drivers/md/bcache/writeback.c | 10 + drivers/md/md-bitmap.c | 21 +- drivers/md/md-bitmap.h | 7 + drivers/md/md.c | 9 +- drivers/md/raid1-10.c | 42 ++ drivers/md/raid1.c | 25 +- drivers/md/raid10.c | 75 +-- drivers/media/cec/i2c/Kconfig | 1 + drivers/media/common/saa7146/saa7146_core.c | 6 +- drivers/media/i2c/Kconfig | 1 + drivers/media/i2c/hi846.c | 3 +- drivers/media/i2c/imx296.c | 4 +- drivers/media/i2c/st-mipid02.c | 9 +- drivers/media/platform/amphion/vdec.c | 7 +- drivers/media/platform/amphion/venc.c | 4 +- drivers/media/platform/amphion/vpu_malone.c | 12 + drivers/media/platform/amphion/vpu_v4l2.c | 5 +- drivers/media/platform/amphion/vpu_v4l2.h | 2 +- .../platform/mediatek/vcodec/vdec_msg_queue.c | 33 +- .../platform/mediatek/vcodec/vdec_msg_queue.h | 16 +- drivers/media/platform/qcom/venus/helpers.c | 4 +- drivers/media/platform/renesas/rcar_fdp1.c | 5 + drivers/media/usb/dvb-usb-v2/az6007.c | 3 +- drivers/media/usb/siano/smsusb.c | 3 +- drivers/memory/brcmstb_dpfe.c | 4 +- drivers/memstick/host/r592.c | 4 +- drivers/mfd/intel-lpss-acpi.c | 3 + drivers/mfd/rt5033.c | 3 - drivers/mfd/stmfx.c | 7 +- drivers/mfd/stmpe.c | 4 +- drivers/mfd/tps65010.c | 14 +- drivers/mfd/wcd934x.c | 9 +- drivers/misc/fastrpc.c | 3 + drivers/misc/lkdtm/core.c | 2 +- drivers/mmc/core/block.c | 6 + drivers/mmc/core/card.h | 30 +- drivers/mmc/core/quirks.h | 27 + drivers/mmc/core/sd.c | 2 +- drivers/mmc/host/mmci.c | 1 + drivers/mmc/host/mtk-sd.c | 2 +- drivers/mmc/host/omap.c | 46 +- drivers/mmc/host/sdhci.c | 4 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/can/kvaser_pciefd.c | 39 +- drivers/net/dsa/ocelot/felix.c | 12 + drivers/net/dsa/sja1105/sja1105.h | 2 +- drivers/net/dsa/sja1105/sja1105_main.c | 14 +- drivers/net/dsa/sja1105/sja1105_ptp.c | 48 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 6 +- drivers/net/ethernet/broadcom/tg3.c | 1 + drivers/net/ethernet/ibm/ibmvnic.c | 9 +- drivers/net/ethernet/intel/ice/ice.h | 7 + drivers/net/ethernet/intel/ice/ice_main.c | 29 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 12 +- drivers/net/ethernet/intel/ice/ice_ptp.h | 4 +- drivers/net/ethernet/intel/igc/igc.h | 36 +- drivers/net/ethernet/intel/igc/igc_main.c | 45 +- drivers/net/ethernet/intel/igc/igc_ptp.c | 142 ++-- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 33 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 2 + .../ethernet/marvell/octeontx2/af/lmac_common.h | 3 + drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 32 +- drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 5 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 1 + drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 12 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 22 +- drivers/net/ethernet/mellanox/mlxsw/minimal.c | 1 + drivers/net/ethernet/mscc/ocelot.c | 1 - drivers/net/ethernet/mscc/ocelot_ptp.c | 66 +- drivers/net/ethernet/sfc/ef10.c | 13 +- drivers/net/ethernet/sfc/efx_devlink.c | 3 + drivers/net/ethernet/sfc/tc.c | 32 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 - drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 10 +- drivers/net/gtp.c | 2 + drivers/net/ipvlan/ipvlan_core.c | 9 +- drivers/net/ppp/pptp.c | 31 +- drivers/net/wireguard/netlink.c | 14 +- drivers/net/wireguard/queueing.c | 1 + drivers/net/wireguard/queueing.h | 25 +- drivers/net/wireguard/receive.c | 2 +- drivers/net/wireguard/send.c | 2 +- drivers/net/wireless/ath/ath10k/core.c | 12 +- drivers/net/wireless/ath/ath10k/core.h | 3 + drivers/net/wireless/ath/ath10k/mac.c | 13 +- drivers/net/wireless/ath/ath11k/ahb.c | 1 + drivers/net/wireless/ath/ath11k/core.c | 1 + drivers/net/wireless/ath/ath11k/hw.c | 2 +- drivers/net/wireless/ath/ath11k/qmi.c | 5 + drivers/net/wireless/ath/ath9k/ar9003_hw.c | 27 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 8 +- drivers/net/wireless/ath/ath9k/main.c | 11 +- drivers/net/wireless/ath/ath9k/wmi.c | 4 + drivers/net/wireless/atmel/atmel_cs.c | 13 +- drivers/net/wireless/intel/iwlwifi/fw/api/rs.h | 2 + drivers/net/wireless/intel/iwlwifi/fw/dump.c | 7 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 10 +- drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c | 58 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 + drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 5 +- drivers/net/wireless/intersil/orinoco/orinoco_cs.c | 13 +- .../net/wireless/intersil/orinoco/spectrum_cs.c | 13 +- drivers/net/wireless/legacy/ray_cs.c | 16 +- drivers/net/wireless/legacy/wl3501_cs.c | 16 +- drivers/net/wireless/marvell/mwifiex/scan.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7921/dma.c | 4 - drivers/net/wireless/mediatek/mt76/mt7921/mcu.c | 8 - drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 8 + drivers/net/wireless/microchip/wilc1000/hif.c | 8 +- drivers/net/wireless/realtek/rtw88/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw88/usb.c | 2 +- drivers/net/wireless/realtek/rtw89/core.c | 2 +- drivers/net/wireless/rsi/rsi_91x_sdio.c | 9 +- drivers/nvme/host/core.c | 16 +- drivers/nvmem/imx-ocotp.c | 8 +- drivers/nvmem/rmem.c | 1 + drivers/nvmem/sunplus-ocotp.c | 9 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 27 + drivers/pci/controller/dwc/pcie-qcom.c | 11 +- drivers/pci/controller/pci-ftpci100.c | 14 +- drivers/pci/controller/vmd.c | 11 +- drivers/pci/endpoint/functions/Kconfig | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 2 +- drivers/pci/hotplug/pciehp_ctrl.c | 8 + drivers/pci/pcie/aspm.c | 21 +- drivers/perf/apple_m1_cpu_pmu.c | 30 +- drivers/perf/arm-cmn.c | 7 +- drivers/perf/arm_cspmu/arm_cspmu.c | 11 +- drivers/perf/arm_pmu.c | 2 + drivers/perf/hisilicon/hisi_pcie_pmu.c | 2 +- drivers/phy/Kconfig | 1 + drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 8 +- drivers/phy/tegra/xusb.c | 4 + drivers/pinctrl/bcm/pinctrl-bcm2835.c | 6 +- drivers/pinctrl/freescale/pinctrl-scu.c | 3 +- drivers/pinctrl/intel/pinctrl-cherryview.c | 15 +- drivers/pinctrl/nuvoton/pinctrl-npcm7xx.c | 2 + drivers/pinctrl/pinctrl-at91-pio4.c | 2 + drivers/pinctrl/pinctrl-at91.c | 8 +- drivers/pinctrl/pinctrl-microchip-sgpio.c | 3 + drivers/pinctrl/sunplus/sppctl.c | 23 +- drivers/pinctrl/tegra/pinctrl-tegra.c | 15 +- drivers/pinctrl/tegra/pinctrl-tegra.h | 3 +- drivers/pinctrl/tegra/pinctrl-tegra114.c | 7 +- drivers/pinctrl/tegra/pinctrl-tegra124.c | 7 +- drivers/pinctrl/tegra/pinctrl-tegra194.c | 7 +- drivers/pinctrl/tegra/pinctrl-tegra20.c | 7 +- drivers/pinctrl/tegra/pinctrl-tegra210.c | 7 +- drivers/pinctrl/tegra/pinctrl-tegra30.c | 7 +- drivers/platform/x86/dell/dell-rbtn.c | 13 +- drivers/platform/x86/intel/pmc/core.c | 15 +- drivers/platform/x86/intel/pmc/core.h | 31 +- drivers/platform/x86/intel/pmc/mtl.c | 475 +++++++++++++- drivers/platform/x86/lenovo-yogabook-wmi.c | 34 +- drivers/platform/x86/think-lmi.c | 20 +- drivers/platform/x86/thinkpad_acpi.c | 6 +- drivers/power/supply/rt9467-charger.c | 2 +- drivers/powercap/Kconfig | 4 +- drivers/powercap/intel_rapl_msr.c | 17 +- drivers/pwm/pwm-ab8500.c | 2 +- drivers/pwm/pwm-imx-tpm.c | 7 + drivers/pwm/pwm-mtk-disp.c | 13 +- drivers/pwm/sysfs.c | 17 + drivers/regulator/core.c | 30 +- drivers/regulator/rk808-regulator.c | 1 + drivers/regulator/tps65219-regulator.c | 6 +- drivers/rtc/rtc-st-lpc.c | 2 +- drivers/s390/net/qeth_l3_sys.c | 2 +- drivers/scsi/3w-xxxx.c | 4 +- drivers/scsi/lpfc/lpfc_els.c | 14 +- drivers/scsi/qedf/qedf_main.c | 3 +- drivers/soc/amlogic/meson-secure-pwrc.c | 2 +- drivers/soc/fsl/qe/Kconfig | 1 + drivers/soc/mediatek/mtk-svs.c | 4 +- drivers/soc/qcom/qcom-geni-se.c | 67 +- drivers/soc/xilinx/xlnx_event_manager.c | 6 +- drivers/soundwire/debugfs.c | 3 +- drivers/soundwire/qcom.c | 179 ++--- drivers/spi/spi-bcm-qspi.c | 10 +- drivers/spi/spi-dw-core.c | 5 +- drivers/spi/spi-geni-qcom.c | 111 ++-- drivers/staging/media/atomisp/i2c/atomisp-gc0310.c | 2 +- drivers/staging/media/atomisp/i2c/atomisp-ov2680.c | 8 +- drivers/staging/media/atomisp/i2c/ov2680.h | 1 + .../media/atomisp/pci/atomisp_gmin_platform.c | 2 +- .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 4 +- drivers/thermal/qcom/tsens-v0_1.c | 56 +- drivers/thermal/qcom/tsens.c | 19 +- drivers/thermal/qcom/tsens.h | 6 +- drivers/thermal/qoriq_thermal.c | 30 +- drivers/thermal/sun8i_thermal.c | 55 +- drivers/tty/serial/8250/8250_omap.c | 25 +- drivers/tty/serial/fsl_lpuart.c | 1 + drivers/tty/serial/serial_core.c | 10 +- drivers/ufs/core/ufshcd-priv.h | 3 - drivers/ufs/core/ufshcd.c | 21 +- drivers/usb/core/devio.c | 2 + drivers/usb/core/hcd-pci.c | 24 +- drivers/usb/dwc2/platform.c | 16 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 5 +- drivers/usb/dwc3/dwc3-qcom.c | 17 +- drivers/usb/dwc3/gadget.c | 4 +- drivers/usb/gadget/function/u_serial.c | 13 +- drivers/usb/host/ehci-pci.c | 3 +- drivers/usb/host/ohci-pci.c | 8 +- drivers/usb/host/uhci-pci.c | 7 +- drivers/usb/host/xhci-histb.c | 2 +- drivers/usb/host/xhci-pci.c | 4 +- drivers/usb/host/xhci-plat.c | 4 +- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 5 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/musb/musb_core.c | 1 - drivers/usb/musb/musb_core.h | 2 - drivers/usb/musb/tusb6010.c | 53 +- drivers/usb/phy/phy-tahvo.c | 2 +- drivers/usb/serial/option.c | 4 + drivers/usb/typec/ucsi/psy.c | 14 + drivers/vdpa/vdpa_user/vduse_dev.c | 6 +- drivers/vfio/mdev/mdev_core.c | 23 +- drivers/video/fbdev/omap/lcd_mipid.c | 16 +- drivers/virt/coco/sev-guest/Kconfig | 1 + drivers/virtio/virtio_vdpa.c | 4 +- drivers/w1/slaves/w1_therm.c | 31 +- drivers/w1/w1.c | 4 +- fs/afs/write.c | 8 +- fs/btrfs/bio.c | 3 +- fs/btrfs/block-group.c | 41 +- fs/btrfs/ctree.c | 49 +- fs/btrfs/disk-io.c | 7 +- fs/btrfs/extent_io.c | 333 ++++------ fs/btrfs/extent_io.h | 5 +- fs/btrfs/free-space-tree.c | 3 + fs/btrfs/inode.c | 92 ++- fs/btrfs/locking.c | 5 +- fs/btrfs/qgroup.c | 2 + fs/btrfs/tree-mod-log.c | 115 +++- fs/erofs/zdata.c | 72 +- fs/erofs/zmap.c | 6 +- fs/ext4/namei.c | 17 +- fs/f2fs/checkpoint.c | 7 +- fs/f2fs/compress.c | 11 +- fs/f2fs/data.c | 11 +- fs/f2fs/f2fs.h | 23 +- fs/f2fs/file.c | 13 +- fs/f2fs/gc.c | 27 +- fs/f2fs/namei.c | 16 +- fs/f2fs/node.c | 7 +- fs/f2fs/super.c | 160 ++++- fs/fs_context.c | 3 +- fs/gfs2/file.c | 2 +- fs/inode.c | 42 ++ fs/internal.h | 2 + fs/jffs2/build.c | 5 +- fs/jffs2/xattr.c | 13 +- fs/jffs2/xattr.h | 4 +- fs/kernfs/dir.c | 2 + fs/lockd/svc.c | 1 - fs/namei.c | 25 +- fs/nfs/nfs42xattr.c | 79 ++- fs/nfs/nfs4proc.c | 1 + fs/nfsd/cache.h | 2 + fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfscache.c | 25 +- fs/nfsd/nfsctl.c | 10 +- fs/nfsd/vfs.c | 4 +- fs/notify/fanotify/fanotify_user.c | 14 + fs/ntfs3/xattr.c | 3 + fs/ocfs2/cluster/tcp.c | 23 +- fs/overlayfs/copy_up.c | 2 + fs/overlayfs/dir.c | 3 +- fs/overlayfs/export.c | 3 +- fs/overlayfs/inode.c | 17 +- fs/overlayfs/namei.c | 3 +- fs/overlayfs/overlayfs.h | 8 +- fs/overlayfs/super.c | 2 +- fs/overlayfs/util.c | 31 +- fs/pstore/ram_core.c | 2 + fs/ramfs/inode.c | 2 +- fs/reiserfs/xattr_security.c | 1 + fs/smb/client/cifs_debug.c | 16 +- fs/smb/client/cifsglob.h | 10 +- fs/smb/client/cifsproto.h | 2 +- fs/smb/client/connect.c | 70 +- fs/smb/client/dfs.c | 55 +- fs/smb/client/dfs.h | 19 +- fs/smb/client/dfs_cache.c | 8 +- fs/smb/client/file.c | 25 +- fs/smb/client/misc.c | 38 +- fs/smb/client/smb2inode.c | 9 +- fs/smb/client/smb2ops.c | 19 +- fs/smb/client/transport.c | 20 +- fs/smb/server/smb_common.c | 2 +- fs/splice.c | 1 - fs/udf/namei.c | 14 +- fs/verity/enable.c | 19 +- fs/verity/fsverity_private.h | 13 +- fs/verity/hash_algs.c | 131 +--- fs/verity/verify.c | 113 ++-- include/drm/bridge/samsung-dsim.h | 3 + include/drm/drm_fixed.h | 6 + include/linux/bitmap.h | 8 +- include/linux/blk-mq.h | 3 +- include/linux/blkdev.h | 3 +- include/linux/blktrace_api.h | 6 +- include/linux/bpf.h | 1 - include/linux/bpf_verifier.h | 52 +- include/linux/can/length.h | 14 +- include/linux/compiler_attributes.h | 12 + include/linux/dsa/sja1105.h | 4 - include/linux/ieee80211.h | 6 +- include/linux/mfd/tps65010.h | 11 +- include/linux/mfd/twl.h | 3 - include/linux/mm_types.h | 23 +- include/linux/mmc/card.h | 1 + include/linux/netdevice.h | 9 + include/linux/nmi.h | 35 +- include/linux/pci.h | 1 + include/linux/perf/arm_pmu.h | 2 + include/linux/pipe_fs_i.h | 4 - include/linux/platform_data/lcd-mipid.h | 2 - include/linux/platform_data/mmc-omap.h | 2 - include/linux/ramfs.h | 1 + include/linux/sh_intc.h | 6 +- include/linux/soc/qcom/geni-se.h | 4 + include/linux/spi/ads7846.h | 2 - include/linux/usb/hcd.h | 2 +- include/linux/usb/musb.h | 13 - include/linux/watch_queue.h | 3 +- include/net/bluetooth/mgmt.h | 1 + include/net/dsa.h | 12 +- include/net/mac80211.h | 44 +- include/net/regulatory.h | 13 +- include/net/sock.h | 1 + include/soc/mscc/ocelot.h | 10 +- include/trace/events/net.h | 3 +- include/trace/events/timer.h | 6 +- include/uapi/linux/affs_hardblocks.h | 68 +- include/uapi/linux/auto_dev-ioctl.h | 2 +- include/uapi/linux/videodev2.h | 6 +- include/ufs/ufshcd.h | 1 - init/Makefile | 1 + init/main.c | 3 +- io_uring/io_uring.c | 35 +- kernel/bpf/btf.c | 6 +- kernel/bpf/cgroup.c | 15 + kernel/bpf/helpers.c | 12 +- kernel/bpf/trampoline.c | 32 +- kernel/bpf/verifier.c | 716 +++++++++++++++----- kernel/kcsan/core.c | 2 + kernel/kexec_core.c | 5 +- kernel/rcu/rcu.h | 6 + kernel/rcu/rcuscale.c | 199 +++--- kernel/rcu/tasks.h | 7 +- kernel/rcu/tree.c | 23 +- kernel/sched/fair.c | 18 + kernel/sched/sched.h | 22 + kernel/time/posix-timers.c | 43 +- kernel/time/tick-sched.c | 2 +- kernel/watch_queue.c | 12 +- kernel/watchdog.c | 302 ++++++--- kernel/watchdog_hld.c | 48 +- lib/bitmap.c | 2 +- lib/dhry_1.c | 11 +- lib/test_firmware.c | 12 +- lib/ts_bm.c | 4 +- mm/damon/ops-common.c | 16 +- mm/damon/ops-common.h | 4 +- mm/damon/paddr.c | 4 +- mm/damon/vaddr.c | 4 +- mm/filemap.c | 4 +- mm/page-writeback.c | 8 +- mm/shmem.c | 2 +- mm/vmscan.c | 13 +- net/bluetooth/hci_conn.c | 47 +- net/bluetooth/hci_event.c | 15 +- net/bluetooth/hci_sync.c | 28 +- net/bridge/br_if.c | 5 +- net/core/filter.c | 126 +++- net/core/rtnetlink.c | 104 +-- net/core/sock.c | 17 +- net/dsa/dsa.c | 2 +- net/dsa/slave.c | 84 ++- net/dsa/switch.c | 4 +- net/dsa/switch.h | 3 + net/dsa/tag_sja1105.c | 90 +-- net/ipv4/tcp_input.c | 12 +- net/mac80211/debugfs_netdev.c | 2 +- net/mac80211/eht.c | 5 +- net/mac80211/he.c | 3 +- net/mac80211/mlme.c | 30 +- net/mac80211/sta_info.c | 2 + net/mac80211/util.c | 15 +- net/netfilter/ipvs/Kconfig | 27 +- net/netfilter/ipvs/ip_vs_conn.c | 4 +- net/netfilter/nf_conntrack_helper.c | 4 + net/netfilter/nf_conntrack_proto_dccp.c | 52 +- net/netfilter/nf_conntrack_sip.c | 2 +- net/netfilter/nf_tables_api.c | 17 +- net/netfilter/nft_byteorder.c | 14 +- net/netlink/af_netlink.c | 5 +- net/netlink/diag.c | 7 +- net/nfc/llcp.h | 1 - net/nfc/llcp_commands.c | 15 +- net/nfc/llcp_core.c | 49 +- net/nfc/llcp_sock.c | 18 +- net/nfc/netlink.c | 20 +- net/nfc/nfc.h | 1 + net/sched/act_ipt.c | 70 +- net/sched/act_pedit.c | 1 + net/sched/sch_netem.c | 59 +- net/sctp/socket.c | 22 +- net/sunrpc/svcsock.c | 23 +- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 12 +- net/wireless/core.c | 16 - net/wireless/reg.c | 16 +- net/wireless/scan.c | 367 ++++------- net/wireless/util.c | 2 + net/xdp/xsk.c | 5 + samples/bpf/tcp_basertt_kern.c | 2 +- samples/bpf/xdp1_kern.c | 2 +- samples/bpf/xdp2_kern.c | 2 +- scripts/Makefile.clang | 3 +- scripts/Makefile.compiler | 4 +- scripts/Makefile.modfinal | 2 +- scripts/Makefile.vmlinux | 1 + scripts/mksysmap | 4 +- scripts/mod/modpost.c | 86 +-- scripts/package/builddeb | 14 +- security/apparmor/policy.c | 13 + security/apparmor/policy_compat.c | 20 +- security/apparmor/policy_unpack.c | 100 +-- security/integrity/evm/evm_crypto.c | 2 +- security/integrity/evm/evm_main.c | 4 +- security/integrity/iint.c | 15 +- security/integrity/ima/ima_modsig.c | 3 + security/integrity/ima/ima_policy.c | 3 +- sound/core/jack.c | 15 +- sound/core/pcm_memory.c | 44 +- sound/pci/ac97/ac97_codec.c | 4 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/amd/acp/acp-pdm.c | 2 +- sound/soc/codecs/es8316.c | 23 +- sound/soc/fsl/imx-audmix.c | 9 + sound/soc/intel/boards/sof_sdw.c | 18 +- sound/soc/mediatek/mt8173/mt8173-afe-pcm.c | 13 +- tools/bpf/bpftool/feature.c | 24 +- tools/bpf/resolve_btfids/Makefile | 4 +- tools/include/nolibc/stdint.h | 10 +- tools/lib/bpf/bpf_helpers.h | 15 +- tools/lib/bpf/btf_dump.c | 22 +- tools/perf/arch/x86/util/Build | 1 + tools/perf/arch/x86/util/env.c | 19 + tools/perf/arch/x86/util/env.h | 7 + tools/perf/arch/x86/util/evsel.c | 16 +- tools/perf/arch/x86/util/mem-events.c | 19 +- tools/perf/builtin-bench.c | 2 + tools/perf/builtin-script.c | 16 +- tools/perf/builtin-stat.c | 2 + tools/perf/tests/shell/test_task_analyzer.sh | 26 +- tools/perf/util/bpf_skel/lock_contention.bpf.c | 2 - tools/perf/util/bpf_skel/vmlinux.h | 10 + tools/perf/util/dwarf-aux.c | 2 +- tools/perf/util/evsel.h | 24 +- tools/perf/util/evsel_fprintf.c | 1 + tools/perf/util/metricgroup.c | 2 +- tools/testing/cxl/test/mem.c | 4 +- tools/testing/kunit/kunit_kernel.py | 6 +- tools/testing/kunit/mypy.ini | 6 + tools/testing/kunit/run_checks.py | 2 +- tools/testing/selftests/bpf/Makefile | 3 +- tools/testing/selftests/bpf/prog_tests/check_mtu.c | 2 +- .../testing/selftests/bpf/progs/refcounted_kptr.c | 2 + .../selftests/bpf/progs/refcounted_kptr_fail.c | 4 +- tools/testing/selftests/bpf/test_verifier.c | 24 +- tools/testing/selftests/bpf/verifier/precise.c | 106 +-- tools/testing/selftests/cgroup/test_memcontrol.c | 4 +- tools/testing/selftests/ftrace/ftracetest | 2 +- tools/testing/selftests/net/rtnetlink.sh | 1 + tools/testing/selftests/nolibc/nolibc-test.c | 6 +- .../rcutorture/configs/rcu/BUSTED-BOOST.boot | 2 +- .../selftests/rcutorture/configs/rcu/TREE03.boot | 2 +- .../selftests/vDSO/vdso_test_clock_getres.c | 4 +- tools/testing/selftests/wireguard/netns.sh | 30 +- tools/tracing/rtla/src/osnoise_top.c | 8 +- tools/virtio/Makefile | 13 +- 875 files changed, 10433 insertions(+), 6354 deletions(-)

3 weeks

2
2
0 0

, el clima laboral también se gestiona

by Daniel Rodríguez

Mejora el clima organizacional body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Diagnostica el clima y cultura de tu organización con Vorecol Work Environment. Hola, , El desempeño de un equipo no solo depende del talento individual, también del entorno en el que trabaja. Muchas veces, los problemas de rotación o bajo compromiso tienen raíces invisibles... hasta que se miden. Por eso quiero presentarte Vorecol Work Environment, una herramienta diseñada para ayudarte a comprender mejor cómo se vive la cultura y el clima dentro de tu organización. Con Vorecol puedes: Aplicar evaluaciones periódicas de clima y cultura organizacional, personalizadas a tu contexto. Obtener resultados organizados por áreas, con alertas sobre temas críticos como liderazgo, carga laboral o reconocimiento. Acceder a paneles dinámicos que te permiten visualizar tendencias, puntos de mejora y fortalezas de forma clara. Ideal para organizaciones que quieren escuchar más, reaccionar mejor y construir un entorno donde las personas quieran quedarse. Si estás buscando mejorar tu ambiente laboral, vale la pena considerarlo. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, -------------- Atte.: Daniel Rodríguez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewispprseup">click aquí</a>

3 weeks

1
0
0 0

[PATCH 6.1.y] selftests/mm: Move default_huge_page_size to vm_util.c

by Leon Hwang

Fix the build error: map_hugetlb.c: In function 'main': map_hugetlb.c:79:25: warning: implicit declaration of function 'default_huge_page_size' [-Wimplicit-function-declaration] 79 | hugepage_size = default_huge_page_size(); | ^~~~~~~~~~~~~~~~~~~~~~ /usr/bin/ld: /tmp/ccYOogvJ.o: in function 'main': map_hugetlb.c:(.text+0x114): undefined reference to 'default_huge_page_size' According to the latest selftests, 'default_huge_page_size' has been moved to 'vm_util.c'. So fix the error by the same way. Reviewed-by: Lance Yang <lance.yang(a)linux.dev> Signed-off-by: Leon Hwang <leon.hwang(a)linux.dev> --- tools/testing/selftests/vm/Makefile | 1 + tools/testing/selftests/vm/userfaultfd.c | 24 ------------------------ tools/testing/selftests/vm/vm_util.c | 21 +++++++++++++++++++++ tools/testing/selftests/vm/vm_util.h | 1 + 4 files changed, 23 insertions(+), 24 deletions(-) diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile index 192ea3725c5c..ed90deebef0d 100644 --- a/tools/testing/selftests/vm/Makefile +++ b/tools/testing/selftests/vm/Makefile @@ -100,6 +100,7 @@ $(OUTPUT)/madv_populate: vm_util.c $(OUTPUT)/soft-dirty: vm_util.c $(OUTPUT)/split_huge_page_test: vm_util.c $(OUTPUT)/userfaultfd: vm_util.c +$(OUTPUT)/map_hugetlb: vm_util.c ifeq ($(MACHINE),x86_64) BINARIES_32 := $(patsubst %,$(OUTPUT)/%,$(BINARIES_32)) diff --git a/tools/testing/selftests/vm/userfaultfd.c b/tools/testing/selftests/vm/userfaultfd.c index 297f250c1d95..4751b28eba18 100644 --- a/tools/testing/selftests/vm/userfaultfd.c +++ b/tools/testing/selftests/vm/userfaultfd.c @@ -1674,30 +1674,6 @@ static int userfaultfd_stress(void) || userfaultfd_events_test() || userfaultfd_minor_test(); } -/* - * Copied from mlock2-tests.c - */ -unsigned long default_huge_page_size(void) -{ - unsigned long hps = 0; - char *line = NULL; - size_t linelen = 0; - FILE *f = fopen("/proc/meminfo", "r"); - - if (!f) - return 0; - while (getline(&line, &linelen, f) > 0) { - if (sscanf(line, "Hugepagesize: %lu kB", &hps) == 1) { - hps <<= 10; - break; - } - } - - free(line); - fclose(f); - return hps; -} - static void set_test_type(const char *type) { if (!strcmp(type, "anon")) { diff --git a/tools/testing/selftests/vm/vm_util.c b/tools/testing/selftests/vm/vm_util.c index fc5743bc1283..613cc61602c9 100644 --- a/tools/testing/selftests/vm/vm_util.c +++ b/tools/testing/selftests/vm/vm_util.c @@ -161,6 +161,27 @@ bool check_huge_shmem(void *addr, int nr_hpages, uint64_t hpage_size) return __check_huge(addr, "ShmemPmdMapped:", nr_hpages, hpage_size); } +unsigned long default_huge_page_size(void) +{ + unsigned long hps = 0; + char *line = NULL; + size_t linelen = 0; + FILE *f = fopen("/proc/meminfo", "r"); + + if (!f) + return 0; + while (getline(&line, &linelen, f) > 0) { + if (sscanf(line, "Hugepagesize: %lu kB", &hps) == 1) { + hps <<= 10; + break; + } + } + + free(line); + fclose(f); + return hps; +} + static bool check_vmflag(void *addr, const char *flag) { char buffer[MAX_LINE_LENGTH]; diff --git a/tools/testing/selftests/vm/vm_util.h b/tools/testing/selftests/vm/vm_util.h index 470f85fe9594..a4439db0d6f8 100644 --- a/tools/testing/selftests/vm/vm_util.h +++ b/tools/testing/selftests/vm/vm_util.h @@ -11,4 +11,5 @@ uint64_t read_pmd_pagesize(void); bool check_huge_anon(void *addr, int nr_hpages, uint64_t hpage_size); bool check_huge_file(void *addr, int nr_hpages, uint64_t hpage_size); bool check_huge_shmem(void *addr, int nr_hpages, uint64_t hpage_size); +unsigned long default_huge_page_size(void); bool softdirty_supported(void); -- 2.43.0

3 weeks

4
10
0 0

[PATCH 2/8] USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC

by Johan Hovold

Asserting or deasserting a modem control line using TIOCMBIS or TIOCMBIC should not deassert any lines that are not in the mask. Fix this long-standing issue dating back to 2003 when the support for these ioctls was added with the introduction of the tiocmset() callback. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/kobil_sct.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/usb/serial/kobil_sct.c b/drivers/usb/serial/kobil_sct.c index 464433be2034..96ea571c436a 100644 --- a/drivers/usb/serial/kobil_sct.c +++ b/drivers/usb/serial/kobil_sct.c @@ -418,7 +418,7 @@ static int kobil_tiocmset(struct tty_struct *tty, struct usb_serial_port *port = tty->driver_data; struct device *dev = &port->dev; struct kobil_private *priv; - int result; + int result = 0; int dtr = 0; int rts = 0; @@ -435,12 +435,12 @@ static int kobil_tiocmset(struct tty_struct *tty, if (set & TIOCM_DTR) dtr = 1; if (clear & TIOCM_RTS) - rts = 0; + rts = 1; if (clear & TIOCM_DTR) - dtr = 0; + dtr = 1; - if (priv->device_type == KOBIL_ADAPTER_B_PRODUCT_ID) { - if (dtr != 0) + if (dtr && priv->device_type == KOBIL_ADAPTER_B_PRODUCT_ID) { + if (set & TIOCM_DTR) dev_dbg(dev, "%s - Setting DTR\n", __func__); else dev_dbg(dev, "%s - Clearing DTR\n", __func__); @@ -448,13 +448,13 @@ static int kobil_tiocmset(struct tty_struct *tty, usb_sndctrlpipe(port->serial->dev, 0), SUSBCRequest_SetStatusLinesOrQueues, USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT, - ((dtr != 0) ? SUSBCR_SSL_SETDTR : SUSBCR_SSL_CLRDTR), + ((set & TIOCM_DTR) ? SUSBCR_SSL_SETDTR : SUSBCR_SSL_CLRDTR), 0, NULL, 0, KOBIL_TIMEOUT); - } else { - if (rts != 0) + } else if (rts) { + if (set & TIOCM_RTS) dev_dbg(dev, "%s - Setting RTS\n", __func__); else dev_dbg(dev, "%s - Clearing RTS\n", __func__); @@ -462,7 +462,7 @@ static int kobil_tiocmset(struct tty_struct *tty, usb_sndctrlpipe(port->serial->dev, 0), SUSBCRequest_SetStatusLinesOrQueues, USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT, - ((rts != 0) ? SUSBCR_SSL_SETRTS : SUSBCR_SSL_CLRRTS), + ((set & TIOCM_RTS) ? SUSBCR_SSL_SETRTS : SUSBCR_SSL_CLRRTS), 0, NULL, 0, -- 2.49.1

3 weeks

1
0
0 0

[PATCH 1/8] USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC

by Johan Hovold

Asserting or deasserting a modem control line using TIOCMBIS or TIOCMBIC should not deassert any lines that are not in the mask. Fix this long-standing regression dating back to 2003 when the tiocmset() callback was introduced. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/belkin_sa.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/drivers/usb/serial/belkin_sa.c b/drivers/usb/serial/belkin_sa.c index 44f5b58beec9..aa6b4c4ad5ec 100644 --- a/drivers/usb/serial/belkin_sa.c +++ b/drivers/usb/serial/belkin_sa.c @@ -435,7 +435,7 @@ static int belkin_sa_tiocmset(struct tty_struct *tty, struct belkin_sa_private *priv = usb_get_serial_port_data(port); unsigned long control_state; unsigned long flags; - int retval; + int retval = 0; int rts = 0; int dtr = 0; @@ -452,26 +452,32 @@ static int belkin_sa_tiocmset(struct tty_struct *tty, } if (clear & TIOCM_RTS) { control_state &= ~TIOCM_RTS; - rts = 0; + rts = 1; } if (clear & TIOCM_DTR) { control_state &= ~TIOCM_DTR; - dtr = 0; + dtr = 1; } priv->control_state = control_state; spin_unlock_irqrestore(&priv->lock, flags); - retval = BSA_USB_CMD(BELKIN_SA_SET_RTS_REQUEST, rts); - if (retval < 0) { - dev_err(&port->dev, "Set RTS error %d\n", retval); - goto exit; + if (rts) { + retval = BSA_USB_CMD(BELKIN_SA_SET_RTS_REQUEST, + !!(control_state & TIOCM_RTS)); + if (retval < 0) { + dev_err(&port->dev, "Set RTS error %d\n", retval); + goto exit; + } } - retval = BSA_USB_CMD(BELKIN_SA_SET_DTR_REQUEST, dtr); - if (retval < 0) { - dev_err(&port->dev, "Set DTR error %d\n", retval); - goto exit; + if (dtr) { + retval = BSA_USB_CMD(BELKIN_SA_SET_DTR_REQUEST, + !!(control_state & TIOCM_DTR)); + if (retval < 0) { + dev_err(&port->dev, "Set DTR error %d\n", retval); + goto exit; + } } exit: return retval; -- 2.49.1

3 weeks

1
0
0 0

[PATCH RESEND] fsi/core: fix error handling in fsi_slave_init()

by Ma Ke

Once cdev_device_add() failed, we should use put_device() to decrement reference count for cleanup. Or it could cause memory leak. Although operations in err_free_ida are similar to the operations in callback function fsi_slave_release(), put_device() is a correct handling operation as comments require when cdev_device_add() fails. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 371975b0b075 ("fsi/core: Fix error paths on CFAM init") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/fsi/fsi-core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c index c6c115993ebc..444878ab9fb1 100644 --- a/drivers/fsi/fsi-core.c +++ b/drivers/fsi/fsi-core.c @@ -1084,7 +1084,8 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) rc = cdev_device_add(&slave->cdev, &slave->dev); if (rc) { dev_err(&slave->dev, "Error %d creating slave device\n", rc); - goto err_free_ida; + put_device(&slave->dev); + return rc; } /* Now that we have the cdev registered with the core, any fatal @@ -1110,8 +1111,6 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) return 0; -err_free_ida: - fsi_free_minor(slave->dev.devt); err_free: of_node_put(slave->dev.of_node); kfree(slave); -- 2.17.1

3 weeks

2
1
0 0

[PATCH v2] drm/tilcdc: Fix removal actions in case of failed probe

by Kory Maincent

From: "Kory Maincent (TI.com)" <kory.maincent(a)bootlin.com> The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered. Currently, these functions are called unconditionally in tilcdc_fini(), which causes warnings during probe deferral scenarios. [ 7.972317] WARNING: CPU: 0 PID: 23 at drivers/gpu/drm/drm_atomic_state_helper.c:175 drm_atomic_helper_crtc_duplicate_state+0x60/0x68 ... [ 8.005820] drm_atomic_helper_crtc_duplicate_state from drm_atomic_get_crtc_state+0x68/0x108 [ 8.005858] drm_atomic_get_crtc_state from drm_atomic_helper_disable_all+0x90/0x1c8 [ 8.005885] drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x90/0x144 [ 8.005911] drm_atomic_helper_shutdown from tilcdc_fini+0x68/0xf8 [tilcdc] [ 8.005957] tilcdc_fini [tilcdc] from tilcdc_pdev_probe+0xb0/0x6d4 [tilcdc] Fix this by moving both drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() inside the priv->is_registered conditional block, ensuring they only execute after successful device registration. Cc: stable(a)vger.kernel.org Reviewed-by: Swamil Jain <s-jain1(a)ti.com> Fixes: 3c4babae3c4a ("drm: Call drm_atomic_helper_shutdown() at shutdown/remove time for misc drivers") Signed-off-by: Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> --- I'm working on removing the usage of deprecated functions as well as general improvements to this driver, but it will take some time so for now this is a simple fix to a functional bug. Change in v2: - Add missing cc: stable tag - Add Swamil reviewed-by --- drivers/gpu/drm/tilcdc/tilcdc_drv.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/tilcdc/tilcdc_drv.c b/drivers/gpu/drm/tilcdc/tilcdc_drv.c index 7caec4d38ddf..2031267a3490 100644 --- a/drivers/gpu/drm/tilcdc/tilcdc_drv.c +++ b/drivers/gpu/drm/tilcdc/tilcdc_drv.c @@ -172,11 +172,11 @@ static void tilcdc_fini(struct drm_device *dev) if (priv->crtc) tilcdc_crtc_shutdown(priv->crtc); - if (priv->is_registered) + if (priv->is_registered) { drm_dev_unregister(dev); - - drm_kms_helper_poll_fini(dev); - drm_atomic_helper_shutdown(dev); + drm_kms_helper_poll_fini(dev); + drm_atomic_helper_shutdown(dev); + } tilcdc_irq_uninstall(dev); drm_mode_config_cleanup(dev); -- 2.43.0

3 weeks

1
0
0 0

[PATCH] ksmbd: transport_ipc: validate payload size before reading handle

by Qianchang Zhao

handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable(a)vger.kernel.org Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Signed-off-by: Qianchang Zhao <pioooooooooip(a)gmail.com> --- fs/smb/server/transport_ipc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c index 46f87fd1ce1c..2028de4d3ddf 100644 --- a/fs/smb/server/transport_ipc.c +++ b/fs/smb/server/transport_ipc.c @@ -263,6 +263,10 @@ static void ipc_msg_handle_free(int handle) static int handle_response(int type, void *payload, size_t sz) { + /* Prevent 4-byte read beyond declared payload size */ + if (sz < sizeof(unsigned int)) + return -EINVAL; + unsigned int handle = *(unsigned int *)payload; struct ipc_msg_table_entry *entry; int ret = 0; -- 2.34.1

3 weeks

3
2
0 0

[PATCH v3 1/4] ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime

by Srinivas Kandagatla

For some reason we endedup allocating sdw_stream_runtime for every cpu dai, this has two issues. 1. we never set snd_soc_dai_set_stream for non soundwire dai, which means there is no way that we can free this, resulting in memory leak 2. startup and shutdown callbacks can be called without hw_params callback called. This combination results in memory leak because machine driver sruntime array pointer is only set in hw_params callback. Fix this by 1. adding a helper function to get sdw_runtime for substream which can be used by shutdown callback to get hold of sruntime to free. 2. only allocate sdw_runtime for soundwire dais. Fixes: d32bac9cb09c ("ASoC: qcom: Add helper for allocating Soundwire stream runtime") Cc: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> Tested-by: Steev Klimaszewski <threeway(a)gmail.com> # Thinkpad X13s --- sound/soc/qcom/sc7280.c | 2 +- sound/soc/qcom/sc8280xp.c | 2 +- sound/soc/qcom/sdw.c | 105 +++++++++++++++++++++----------------- sound/soc/qcom/sdw.h | 1 + sound/soc/qcom/sm8250.c | 2 +- sound/soc/qcom/x1e80100.c | 2 +- 6 files changed, 64 insertions(+), 50 deletions(-) diff --git a/sound/soc/qcom/sc7280.c b/sound/soc/qcom/sc7280.c index af412bd0c89f..c444dae563c7 100644 --- a/sound/soc/qcom/sc7280.c +++ b/sound/soc/qcom/sc7280.c @@ -317,7 +317,7 @@ static void sc7280_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_card *card = rtd->card; struct sc7280_snd_data *data = snd_soc_card_get_drvdata(card); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); switch (cpu_dai->id) { case MI2S_PRIMARY: diff --git a/sound/soc/qcom/sc8280xp.c b/sound/soc/qcom/sc8280xp.c index 78e327bc2f07..9ba536dff667 100644 --- a/sound/soc/qcom/sc8280xp.c +++ b/sound/soc/qcom/sc8280xp.c @@ -73,7 +73,7 @@ static void sc8280xp_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct sc8280xp_snd_data *pdata = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = pdata->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); pdata->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); diff --git a/sound/soc/qcom/sdw.c b/sound/soc/qcom/sdw.c index 7d7981d4295b..7b2cae92c812 100644 --- a/sound/soc/qcom/sdw.c +++ b/sound/soc/qcom/sdw.c @@ -7,6 +7,37 @@ #include <sound/soc.h> #include "sdw.h" +static bool qcom_snd_is_sdw_dai(int id) +{ + switch (id) { + case WSA_CODEC_DMA_RX_0: + case WSA_CODEC_DMA_TX_0: + case WSA_CODEC_DMA_RX_1: + case WSA_CODEC_DMA_TX_1: + case WSA_CODEC_DMA_TX_2: + case RX_CODEC_DMA_RX_0: + case TX_CODEC_DMA_TX_0: + case RX_CODEC_DMA_RX_1: + case TX_CODEC_DMA_TX_1: + case RX_CODEC_DMA_RX_2: + case TX_CODEC_DMA_TX_2: + case RX_CODEC_DMA_RX_3: + case TX_CODEC_DMA_TX_3: + case RX_CODEC_DMA_RX_4: + case TX_CODEC_DMA_TX_4: + case RX_CODEC_DMA_RX_5: + case TX_CODEC_DMA_TX_5: + case RX_CODEC_DMA_RX_6: + case RX_CODEC_DMA_RX_7: + case SLIMBUS_0_RX...SLIMBUS_6_TX: + return true; + default: + break; + } + + return false; +} + /** * qcom_snd_sdw_startup() - Helper to start Soundwire stream for SoC audio card * @substream: The PCM substream from audio, as passed to snd_soc_ops->startup() @@ -29,6 +60,9 @@ int qcom_snd_sdw_startup(struct snd_pcm_substream *substream) u32 rx_ch_cnt = 0, tx_ch_cnt = 0; int ret, i, j; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return 0; + sruntime = sdw_alloc_stream(cpu_dai->name, SDW_STREAM_PCM); if (!sruntime) return -ENOMEM; @@ -89,19 +123,8 @@ int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, if (!sruntime) return 0; - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case WSA_CODEC_DMA_RX_1: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - break; - default: + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) return 0; - } if (*stream_prepared) return 0; @@ -129,9 +152,7 @@ int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, } EXPORT_SYMBOL_GPL(qcom_snd_sdw_prepare); -int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, - struct snd_pcm_hw_params *params, - struct sdw_stream_runtime **psruntime) +struct sdw_stream_runtime *qcom_snd_sdw_get_stream(struct snd_pcm_substream *substream) { struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *codec_dai; @@ -139,21 +160,23 @@ int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, struct sdw_stream_runtime *sruntime; int i; - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - for_each_rtd_codec_dais(rtd, i, codec_dai) { - sruntime = snd_soc_dai_get_stream(codec_dai, substream->stream); - if (sruntime != ERR_PTR(-ENOTSUPP)) - *psruntime = sruntime; - } - break; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return NULL; + + for_each_rtd_codec_dais(rtd, i, codec_dai) { + sruntime = snd_soc_dai_get_stream(codec_dai, substream->stream); + if (sruntime != ERR_PTR(-ENOTSUPP)) + return sruntime; } + return NULL; +} +EXPORT_SYMBOL_GPL(qcom_snd_sdw_get_stream); + +int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, + struct snd_pcm_hw_params *params, + struct sdw_stream_runtime **psruntime) +{ + *psruntime = qcom_snd_sdw_get_stream(substream); return 0; @@ -166,23 +189,13 @@ int qcom_snd_sdw_hw_free(struct snd_pcm_substream *substream, struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case WSA_CODEC_DMA_RX_1: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - if (sruntime && *stream_prepared) { - sdw_disable_stream(sruntime); - sdw_deprepare_stream(sruntime); - *stream_prepared = false; - } - break; - default: - break; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return 0; + + if (sruntime && *stream_prepared) { + sdw_disable_stream(sruntime); + sdw_deprepare_stream(sruntime); + *stream_prepared = false; } return 0; diff --git a/sound/soc/qcom/sdw.h b/sound/soc/qcom/sdw.h index 392e3455f1b1..b8bc5beb0522 100644 --- a/sound/soc/qcom/sdw.h +++ b/sound/soc/qcom/sdw.h @@ -10,6 +10,7 @@ int qcom_snd_sdw_startup(struct snd_pcm_substream *substream); int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, struct sdw_stream_runtime *runtime, bool *stream_prepared); +struct sdw_stream_runtime *qcom_snd_sdw_get_stream(struct snd_pcm_substream *stream); int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, struct snd_pcm_hw_params *params, struct sdw_stream_runtime **psruntime); diff --git a/sound/soc/qcom/sm8250.c b/sound/soc/qcom/sm8250.c index f5b75a06e5bd..ce5b0059207f 100644 --- a/sound/soc/qcom/sm8250.c +++ b/sound/soc/qcom/sm8250.c @@ -117,7 +117,7 @@ static void sm8250_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct sm8250_snd_data *data = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); data->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); diff --git a/sound/soc/qcom/x1e80100.c b/sound/soc/qcom/x1e80100.c index 444f2162889f..2e3599516aa2 100644 --- a/sound/soc/qcom/x1e80100.c +++ b/sound/soc/qcom/x1e80100.c @@ -55,7 +55,7 @@ static void x1e80100_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct x1e80100_snd_data *data = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); data->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); -- 2.51.0

3 weeks

1
0
0 0

Export Inquiry from Ledcor Group.

by Phillip Davies

3 weeks

1
0
0 0

[PATCH] objtool/rust: add one more `noreturn` Rust function

by Miguel Ojeda

Between Rust 1.79 and 1.86, under `CONFIG_RUST_KERNEL_DOCTESTS=y`, `objtool` may report: rust/doctests_kernel_generated.o: warning: objtool: rust_doctest_kernel_alloc_kbox_rs_13() falls through to next function rust_doctest_kernel_alloc_kvec_rs_0() (as well as in rust_doctest_kernel_alloc_kvec_rs_0) due to calls to the `noreturn` symbol: core::option::expect_failed from code added in commits 779db37373a3 ("rust: alloc: kvec: implement AsPageIter for VVec") and 671618432f46 ("rust: alloc: kbox: implement AsPageIter for VBox"). Thus add the mangled one to the list so that `objtool` knows it is actually `noreturn`. This can be reproduced as well in other versions by tweaking the code, such as the latest stable Rust (1.90.0). Stable does not have code that triggers this, but it could have it in the future. Downstream forks could too. Thus tag it for backport. See commit 56d680dd23c3 ("objtool/rust: list `noreturn` Rust functions") for more details. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later. Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- tools/objtool/check.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index a5770570b106..3c7ab910b189 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -217,6 +217,7 @@ static bool is_rust_noreturn(const struct symbol *func) * these come from the Rust standard library). */ return str_ends_with(func->name, "_4core5sliceSp15copy_from_slice17len_mismatch_fail") || + str_ends_with(func->name, "_4core6option13expect_failed") || str_ends_with(func->name, "_4core6option13unwrap_failed") || str_ends_with(func->name, "_4core6result13unwrap_failed") || str_ends_with(func->name, "_4core9panicking5panic") || base-commit: 211ddde0823f1442e4ad052a2f30f050145ccada -- 2.51.0

3 weeks

5
5
0 0

[PATCH v2 4/4] net: ravb: Ensure memory write completes before ringing TX doorbell

by Prabhakar

From: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Add a final dma_wmb() barrier before triggering the transmit request (TCCR_TSRQ) to ensure all descriptor and buffer writes are visible to the DMA engine. According to the hardware manual, a read-back operation is required before writing to the doorbell register to guarantee completion of previous writes. Instead of performing a dummy read, a dma_wmb() is used to both enforce the same ordering semantics on the CPU side and also to ensure completion of writes. Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper") Cc: stable(a)vger.kernel.org Co-developed-by: Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> Signed-off-by: Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> --- v1->v2: - New patch added to separate out the memory barrier change before ringing the doorbell. --- drivers/net/ethernet/renesas/ravb_main.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c index 0e40001f64b4..c3fc15f9ec85 100644 --- a/drivers/net/ethernet/renesas/ravb_main.c +++ b/drivers/net/ethernet/renesas/ravb_main.c @@ -2232,6 +2232,14 @@ static netdev_tx_t ravb_start_xmit(struct sk_buff *skb, struct net_device *ndev) dma_wmb(); desc->die_dt = DT_FSINGLE; } + + /* Before ringing the doorbell we need to make sure that the latest + * writes have been committed to memory, otherwise it could delay + * things until the doorbell is rang again. + * This is in replacement of the read operation mentioned in the HW + * manuals. + */ + dma_wmb(); ravb_modify(ndev, TCCR, TCCR_TSRQ0 << q, TCCR_TSRQ0 << q); priv->cur_tx[q] += num_tx_desc; -- 2.43.0

3 weeks

2
1
0 0

[PATCH v2 3/4] net: ravb: Enforce descriptor type ordering

by Prabhakar

From: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Ensure the TX descriptor type fields are published in a safe order so the DMA engine never begins processing a descriptor chain before all descriptor fields are fully initialised. For multi-descriptor transmits the driver writes DT_FEND into the last descriptor and DT_FSTART into the first. The DMA engine begins processing when it observes DT_FSTART. Move the dma_wmb() barrier so it executes immediately after DT_FEND and immediately before writing DT_FSTART (and before DT_FSINGLE in the single-descriptor case). This guarantees that all prior CPU writes to the descriptor memory are visible to the device before DT_FSTART is seen. This avoids a situation where compiler/CPU reordering could publish DT_FSTART ahead of DT_FEND or other descriptor fields, allowing the DMA to start on a partially initialised chain and causing corrupted transmissions or TX timeouts. Such a failure was observed on RZ/G2L with an RT kernel as transmit queue timeouts and device resets. Fixes: 2f45d1902acf ("ravb: minimize TX data copying") Cc: stable(a)vger.kernel.org Co-developed-by: Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> Signed-off-by: Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> --- v1->v2: - Reflowed the code and updated the comment to clarify the ordering requirements. - Updated commit message. - Split up adding memory barrier change before ringing doorbell into a separate patch. --- drivers/net/ethernet/renesas/ravb_main.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c index a200e205825a..0e40001f64b4 100644 --- a/drivers/net/ethernet/renesas/ravb_main.c +++ b/drivers/net/ethernet/renesas/ravb_main.c @@ -2211,13 +2211,25 @@ static netdev_tx_t ravb_start_xmit(struct sk_buff *skb, struct net_device *ndev) skb_tx_timestamp(skb); } - /* Descriptor type must be set after all the above writes */ - dma_wmb(); + if (num_tx_desc > 1) { desc->die_dt = DT_FEND; desc--; + /* When using multi-descriptors, DT_FEND needs to get written + * before DT_FSTART, but the compiler may reorder the memory + * writes in an attempt to optimize the code. + * Use a dma_wmb() barrier to make sure DT_FEND and DT_FSTART + * are written exactly in the order shown in the code. + * This is particularly important for cases where the DMA engine + * is already running when we are running this code. If the DMA + * sees DT_FSTART without the corresponding DT_FEND it will enter + * an error condition. + */ + dma_wmb(); desc->die_dt = DT_FSTART; } else { + /* Descriptor type must be set after all the above writes */ + dma_wmb(); desc->die_dt = DT_FSINGLE; } ravb_modify(ndev, TCCR, TCCR_TSRQ0 << q, TCCR_TSRQ0 << q); -- 2.43.0

3 weeks

2
1
0 0

[PATCH v2 1/4] ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime

by Srinivas Kandagatla

For some reason we endedup allocating sdw_stream_runtime for every cpu dai, this has two issues. 1. we never set snd_soc_dai_set_stream for non soundwire dai, which means there is no way that we can free this, resulting in memory leak 2. startup and shutdown callbacks can be called without hw_params callback called. This combination results in memory leak because machine driver sruntime array pointer is only set in hw_params callback. Fix this by 1. adding a helper function to get sdw_runtime for substream which can be used by shutdown callback to get hold of sruntime to free. 2. only allocate sdw_runtime for soundwire dais. Fixes: d32bac9cb09c ("ASoC: qcom: Add helper for allocating Soundwire stream runtime") Cc: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/qcom/sc7280.c | 2 +- sound/soc/qcom/sc8280xp.c | 2 +- sound/soc/qcom/sdw.c | 105 +++++++++++++++++++++----------------- sound/soc/qcom/sdw.h | 1 + sound/soc/qcom/sm8250.c | 2 +- sound/soc/qcom/x1e80100.c | 2 +- 6 files changed, 64 insertions(+), 50 deletions(-) diff --git a/sound/soc/qcom/sc7280.c b/sound/soc/qcom/sc7280.c index af412bd0c89f..c444dae563c7 100644 --- a/sound/soc/qcom/sc7280.c +++ b/sound/soc/qcom/sc7280.c @@ -317,7 +317,7 @@ static void sc7280_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_card *card = rtd->card; struct sc7280_snd_data *data = snd_soc_card_get_drvdata(card); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); switch (cpu_dai->id) { case MI2S_PRIMARY: diff --git a/sound/soc/qcom/sc8280xp.c b/sound/soc/qcom/sc8280xp.c index 78e327bc2f07..9ba536dff667 100644 --- a/sound/soc/qcom/sc8280xp.c +++ b/sound/soc/qcom/sc8280xp.c @@ -73,7 +73,7 @@ static void sc8280xp_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct sc8280xp_snd_data *pdata = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = pdata->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); pdata->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); diff --git a/sound/soc/qcom/sdw.c b/sound/soc/qcom/sdw.c index 7d7981d4295b..7b2cae92c812 100644 --- a/sound/soc/qcom/sdw.c +++ b/sound/soc/qcom/sdw.c @@ -7,6 +7,37 @@ #include <sound/soc.h> #include "sdw.h" +static bool qcom_snd_is_sdw_dai(int id) +{ + switch (id) { + case WSA_CODEC_DMA_RX_0: + case WSA_CODEC_DMA_TX_0: + case WSA_CODEC_DMA_RX_1: + case WSA_CODEC_DMA_TX_1: + case WSA_CODEC_DMA_TX_2: + case RX_CODEC_DMA_RX_0: + case TX_CODEC_DMA_TX_0: + case RX_CODEC_DMA_RX_1: + case TX_CODEC_DMA_TX_1: + case RX_CODEC_DMA_RX_2: + case TX_CODEC_DMA_TX_2: + case RX_CODEC_DMA_RX_3: + case TX_CODEC_DMA_TX_3: + case RX_CODEC_DMA_RX_4: + case TX_CODEC_DMA_TX_4: + case RX_CODEC_DMA_RX_5: + case TX_CODEC_DMA_TX_5: + case RX_CODEC_DMA_RX_6: + case RX_CODEC_DMA_RX_7: + case SLIMBUS_0_RX...SLIMBUS_6_TX: + return true; + default: + break; + } + + return false; +} + /** * qcom_snd_sdw_startup() - Helper to start Soundwire stream for SoC audio card * @substream: The PCM substream from audio, as passed to snd_soc_ops->startup() @@ -29,6 +60,9 @@ int qcom_snd_sdw_startup(struct snd_pcm_substream *substream) u32 rx_ch_cnt = 0, tx_ch_cnt = 0; int ret, i, j; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return 0; + sruntime = sdw_alloc_stream(cpu_dai->name, SDW_STREAM_PCM); if (!sruntime) return -ENOMEM; @@ -89,19 +123,8 @@ int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, if (!sruntime) return 0; - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case WSA_CODEC_DMA_RX_1: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - break; - default: + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) return 0; - } if (*stream_prepared) return 0; @@ -129,9 +152,7 @@ int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, } EXPORT_SYMBOL_GPL(qcom_snd_sdw_prepare); -int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, - struct snd_pcm_hw_params *params, - struct sdw_stream_runtime **psruntime) +struct sdw_stream_runtime *qcom_snd_sdw_get_stream(struct snd_pcm_substream *substream) { struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *codec_dai; @@ -139,21 +160,23 @@ int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, struct sdw_stream_runtime *sruntime; int i; - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - for_each_rtd_codec_dais(rtd, i, codec_dai) { - sruntime = snd_soc_dai_get_stream(codec_dai, substream->stream); - if (sruntime != ERR_PTR(-ENOTSUPP)) - *psruntime = sruntime; - } - break; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return NULL; + + for_each_rtd_codec_dais(rtd, i, codec_dai) { + sruntime = snd_soc_dai_get_stream(codec_dai, substream->stream); + if (sruntime != ERR_PTR(-ENOTSUPP)) + return sruntime; } + return NULL; +} +EXPORT_SYMBOL_GPL(qcom_snd_sdw_get_stream); + +int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, + struct snd_pcm_hw_params *params, + struct sdw_stream_runtime **psruntime) +{ + *psruntime = qcom_snd_sdw_get_stream(substream); return 0; @@ -166,23 +189,13 @@ int qcom_snd_sdw_hw_free(struct snd_pcm_substream *substream, struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case WSA_CODEC_DMA_RX_1: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - if (sruntime && *stream_prepared) { - sdw_disable_stream(sruntime); - sdw_deprepare_stream(sruntime); - *stream_prepared = false; - } - break; - default: - break; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return 0; + + if (sruntime && *stream_prepared) { + sdw_disable_stream(sruntime); + sdw_deprepare_stream(sruntime); + *stream_prepared = false; } return 0; diff --git a/sound/soc/qcom/sdw.h b/sound/soc/qcom/sdw.h index 392e3455f1b1..b8bc5beb0522 100644 --- a/sound/soc/qcom/sdw.h +++ b/sound/soc/qcom/sdw.h @@ -10,6 +10,7 @@ int qcom_snd_sdw_startup(struct snd_pcm_substream *substream); int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, struct sdw_stream_runtime *runtime, bool *stream_prepared); +struct sdw_stream_runtime *qcom_snd_sdw_get_stream(struct snd_pcm_substream *stream); int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, struct snd_pcm_hw_params *params, struct sdw_stream_runtime **psruntime); diff --git a/sound/soc/qcom/sm8250.c b/sound/soc/qcom/sm8250.c index f5b75a06e5bd..ce5b0059207f 100644 --- a/sound/soc/qcom/sm8250.c +++ b/sound/soc/qcom/sm8250.c @@ -117,7 +117,7 @@ static void sm8250_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct sm8250_snd_data *data = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); data->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); diff --git a/sound/soc/qcom/x1e80100.c b/sound/soc/qcom/x1e80100.c index 444f2162889f..2e3599516aa2 100644 --- a/sound/soc/qcom/x1e80100.c +++ b/sound/soc/qcom/x1e80100.c @@ -55,7 +55,7 @@ static void x1e80100_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct x1e80100_snd_data *data = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); data->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); -- 2.51.0

3 weeks

2
3
0 0

[PATCH 1/3] drm/i915/dmc: Clear HRR EVT_CTL/HTP to zero on ADL-S

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> On ADL-S the main DMC HRR event DMC_EVT_CTL/HTP are never restored to their previous values during DC6 exit. This angers assert_dmc_loaded(), and basically makes the HRR handler unusable because we don't rewrite EVT_HTP when enabling DMC events. Let's just clear the HRR EVT_CTL/HTP to zero from the beginnning so that the expected value matches the post-DC6 reality. I suppose if we ever had actual use for HRR we'd have to both, reject HRR+PSR, and reprogram EVT_HTP when enabling the event. But for now we don't care about HRR so keeping both registers zeroed is fine. Cc: stable(a)vger.kernel.org Tested-by: Petr Vorel <pvorel(a)suse.cz> Fixes: 43175c92d403 ("drm/i915/dmc: Assert DMC is loaded harder") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/15153 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_dmc.c | 55 +++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/display/intel_dmc.c b/drivers/gpu/drm/i915/display/intel_dmc.c index be6d37ea1139..5ba531e3bc36 100644 --- a/drivers/gpu/drm/i915/display/intel_dmc.c +++ b/drivers/gpu/drm/i915/display/intel_dmc.c @@ -550,6 +550,36 @@ static bool is_event_handler(struct intel_display *display, REG_FIELD_GET(DMC_EVT_CTL_EVENT_ID_MASK, data) == event_id; } +static bool fixup_dmc_evt(struct intel_display *display, + enum intel_dmc_id dmc_id, + i915_reg_t reg_ctl, u32 *data_ctl, + i915_reg_t reg_htp, u32 *data_htp) +{ + if (!is_dmc_evt_ctl_reg(display, dmc_id, reg_ctl)) + return false; + + if (!is_dmc_evt_htp_reg(display, dmc_id, reg_htp)) + return false; + + /* make sure reg_ctl and reg_htp are for the same event */ + if (i915_mmio_reg_offset(reg_ctl) - i915_mmio_reg_offset(DMC_EVT_CTL(display, dmc_id, 0)) != + i915_mmio_reg_offset(reg_htp) - i915_mmio_reg_offset(DMC_EVT_HTP(display, dmc_id, 0))) + return false; + + /* + * On ADL-S the HRR event handler is not restored after DC6. + * Clear it to zero from the beginning to avoid mismatches later. + */ + if (display->platform.alderlake_s && dmc_id == DMC_FW_MAIN && + is_event_handler(display, dmc_id, MAINDMC_EVENT_VBLANK_A, reg_ctl, *data_ctl)) { + *data_ctl = 0; + *data_htp = 0; + return true; + } + + return false; +} + static bool disable_dmc_evt(struct intel_display *display, enum intel_dmc_id dmc_id, i915_reg_t reg, u32 data) @@ -1068,9 +1098,32 @@ static u32 parse_dmc_fw_header(struct intel_dmc *dmc, for (i = 0; i < mmio_count; i++) { dmc_info->mmioaddr[i] = _MMIO(mmioaddr[i]); dmc_info->mmiodata[i] = mmiodata[i]; + } + for (i = 0; i < mmio_count - 1; i++) { + u32 orig_mmiodata[2] = { + dmc_info->mmiodata[i], + dmc_info->mmiodata[i+1], + }; + + if (!fixup_dmc_evt(display, dmc_id, + dmc_info->mmioaddr[i], &dmc_info->mmiodata[i], + dmc_info->mmioaddr[i+1], &dmc_info->mmiodata[i+1])) + continue; + + drm_dbg_kms(display->drm, + " mmio[%d]: 0x%x = 0x%x->0x%x (EVT_CTL)\n", + i, i915_mmio_reg_offset(dmc_info->mmioaddr[i]), + orig_mmiodata[0], dmc_info->mmiodata[i]); + drm_dbg_kms(display->drm, + " mmio[%d]: 0x%x = 0x%x->0x%x (EVT_HTP)\n", + i+1, i915_mmio_reg_offset(dmc_info->mmioaddr[i+1]), + orig_mmiodata[1], dmc_info->mmiodata[i+1]); + } + + for (i = 0; i < mmio_count; i++) { drm_dbg_kms(display->drm, " mmio[%d]: 0x%x = 0x%x%s%s\n", - i, mmioaddr[i], mmiodata[i], + i, i915_mmio_reg_offset(dmc_info->mmioaddr[i]), dmc_info->mmiodata[i], is_dmc_evt_ctl_reg(display, dmc_id, dmc_info->mmioaddr[i]) ? " (EVT_CTL)" : is_dmc_evt_htp_reg(display, dmc_id, dmc_info->mmioaddr[i]) ? " (EVT_HTP)" : "", disable_dmc_evt(display, dmc_id, dmc_info->mmioaddr[i], -- 2.49.1

3 weeks

2
1
0 0

[PATCH 0/2] PCI: Keystone: __init and IRQ Fixes

by Siddharth Vadapalli

Hello, This series is based on commit 320475fbd590 Merge tag 'mtd/fixes-for-6.17-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux of Mainline Linux. The first patch in the series has been posted as a Fix in contrast to its predecessor at: https://lore.kernel.org/r/20250903124505.365913-10-s-vadapalli@ti.com/ based on the feedback provided by Jiri Slaby <jirislaby(a)kernel.org> at: https://lore.kernel.org/r/3d3a4b52-e343-42f3-9d69-94c259812143@kernel.org/ Since the Fix is independent of enabling loadable module support for the pci-keystone.c driver, it is being posted as a new patch. Checking out at the commit of Mainline Linux which this series is based on, I noticed an exception triggered by the pci-keystone.c driver during its probe. Although this is not a fatal exception and Linux continues to boot, the driver is non-functional. I root-caused the exception to free_initmem() freeing the memory associated with the ks_pcie_host_init() function in the driver before the driver's probe was invoked. This appears to be a race condition but it is easily reproducible with the Linux .config that I have used. The fix therefore is to remove the __init macro which is implemented by the second patch in the series. For reference, the logs for the case where Linux is built by checking out at the base commit of Mainline Linux are: https://gist.github.com/Siddharth-Vadapalli-at-TI/f4891b707921c53dfb464ad2f… and the logs clearly prove that the print associated with free_initmem() which is: [ 2.446834] Freeing unused kernel memory: 4864K is displayed prior to the prints associated with the pci-keystone.c driver being probed which is: [ 7.707103] keystone-pcie 5500000.pcie: host bridge /bus@100000/pcie@5500000 ranges: Building Linux by applying both patches in the series on the base commit of Mainline Linux, the driver probes successfully without any exceptions or errors. This was tested on AM654-EVM with an NVMe SSD connected to the PCIe Connector on the board. The NVMe SSD enumerates successfully. Additionally, the 'hdparm' utility was used to read from the SSD confirming that the SSD is functional. The logs corresponding to this are: https://gist.github.com/Siddharth-Vadapalli-at-TI/1b09a12a53db4233e82c5bcfc… Regards, Siddharth. Siddharth Vadapalli (2): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit PCI: keystone: Remove the __init macro for the ks_pcie_host_init() callback drivers/pci/controller/dwc/pci-keystone.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.43.0

3 weeks

3
5
0 0

[PATCH v2] serial: 8250: always disable IRQ during THRE test

by Peng Zhang

commit 039d4926379b ("serial: 8250: Toggle IER bits on only after irq has been set up") moved IRQ setup before the THRE test, so the interrupt handler can run during the test and race with its IIR reads. This can produce wrong THRE test results and cause spurious registration of the serial8250_backup_timeout timer. Unconditionally disable the IRQ for the short duration of the test and re-enable it afterwards to avoid the race. Cc: stable(a)vger.kernel.org Fixes: 039d4926379b ("serial: 8250: Toggle IER bits on only after irq has been set up") Signed-off-by: Peng Zhang <zhangpeng.00(a)bytedance.com> --- drivers/tty/serial/8250/8250_port.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 719faf92aa8a..f1740cc91143 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -2147,8 +2147,7 @@ static void serial8250_THRE_test(struct uart_port *port) if (up->port.flags & UPF_NO_THRE_TEST) return; - if (port->irqflags & IRQF_SHARED) - disable_irq_nosync(port->irq); + disable_irq(port->irq); /* * Test for UARTs that do not reassert THRE when the transmitter is idle and the interrupt @@ -2170,8 +2169,7 @@ static void serial8250_THRE_test(struct uart_port *port) serial_port_out(port, UART_IER, 0); } - if (port->irqflags & IRQF_SHARED) - enable_irq(port->irq); + enable_irq(port->irq); /* * If the interrupt is not reasserted, or we otherwise don't trust the iir, setup a timer to -- 2.20.1

3 weeks

3
2
0 0

[RESEND PATCH] dma-mapping: benchmark: Add padding to ensure uABI remained consistent

by Qinxin Xia

The padding field in the structure was previously reserved to maintain a stable interface for potential new fields, ensuring compatibility with user-space shared data structures. However,it was accidentally removed by tiantao in a prior commit, which may lead to incompatibility between user space and the kernel. This patch reinstates the padding to restore the original structure layout and preserve compatibility. Fixes: 8ddde07a3d28 ("dma-mapping: benchmark: extract a common header file for map_benchmark definition") Cc: stable(a)vger.kernel.org Acked-by: Barry Song <baohua(a)kernel.org> Signed-off-by: Qinxin Xia <xiaqinxin(a)huawei.com> --- include/linux/map_benchmark.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/map_benchmark.h b/include/linux/map_benchmark.h index 62674c83bde4..2ac2fe52f248 100644 --- a/include/linux/map_benchmark.h +++ b/include/linux/map_benchmark.h @@ -27,5 +27,6 @@ struct map_benchmark { __u32 dma_dir; /* DMA data direction */ __u32 dma_trans_ns; /* time for DMA transmission in ns */ __u32 granule; /* how many PAGE_SIZE will do map/unmap once a time */ + __u8 expansion[76]; /* For future use */ }; #endif /* _KERNEL_DMA_BENCHMARK_H */ -- 2.33.0

3 weeks

1
1
0 0

RE: wifi: ath10k: avoid unnecessary wait for service ready message

by Andreas Tobler

Dear all, this commit (Upstream commit 51a73f1b2e56b0324b4a3bb8cebc4221b5be4c7) makes our WLE600 Compex wifi cards (qca988x based) unusable. Reverting the commit brings the wifi card back. This was discovered on the v6.12.53 from today. ath10k messages excerpt: -------------- Oct 15 22:00:13 klog: ath10k_pci 0000:05:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0 Oct 15 22:00:13 klog: ath10k_pci 0000:05:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043222ff sub 0000:0000 Oct 15 22:00:13 klog: ath10k_pci 0000:05:00.0: kconfig debug 0 debugfs 0 tracing 0 dfs 1 testmode 0 Oct 15 22:00:13 klog: ath10k_pci 0000:05:00.0: firmware ver 10.2.4-1.0-00047 api 5 features no-p2p,raw-mode,mfp,allows-mesh-bcast crc32 35bd9258 Oct 15 22:00:13 klog: ath10k_pci 0000:05:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08 Oct 15 22:00:20 klog: ath10k_pci 0000:05:00.0: wmi unified ready event not received Oct 15 22:00:21 klog: ath10k_pci 0000:05:00.0: could not init core (-110) Oct 15 22:00:21 klog: ath10k_pci 0000:05:00.0: could not probe fw (-110) -------------- Beside reverting, how can we help fixing this? Thanks & regards, Andreas

3 weeks

2
4
0 0

[PATCH RESEND] Once cdev_device_add() failed, we should use put_device() to decrement reference count for cleanup. Or it could cause memory leak. Although operations in err_free_ida are similar to the operations in callback function fsi_slave_release(), put_device() is a correct handling operation as comments require when cdev_device_add() fails.

by Ma Ke

As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 371975b0b075 ("fsi/core: Fix error paths on CFAM init") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/fsi/fsi-core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c index c6c115993ebc..444878ab9fb1 100644 --- a/drivers/fsi/fsi-core.c +++ b/drivers/fsi/fsi-core.c @@ -1084,7 +1084,8 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) rc = cdev_device_add(&slave->cdev, &slave->dev); if (rc) { dev_err(&slave->dev, "Error %d creating slave device\n", rc); - goto err_free_ida; + put_device(&slave->dev); + return rc; } /* Now that we have the cdev registered with the core, any fatal @@ -1110,8 +1111,6 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) return 0; -err_free_ida: - fsi_free_minor(slave->dev.devt); err_free: of_node_put(slave->dev.of_node); kfree(slave); -- 2.17.1

3 weeks

2
1
0 0

[PATCH v2] usb: gadget: udc: fix race condition in usb_del_gadget

by Jimmy Hu

A race condition during gadget teardown can lead to a use-after-free in usb_gadget_state_work(), as reported by KASAN: BUG: KASAN: invalid-access in sysfs_notify+0_x_2c/0_x_d0 Workqueue: events usb_gadget_state_work The fundamental race occurs because a concurrent event (e.g., an interrupt) can call usb_gadget_set_state() and schedule gadget->work at any time during the cleanup process in usb_del_gadget(). Commit 399a45e5237c ("usb: gadget: core: flush gadget workqueue after device removal") attempted to fix this by moving flush_work() to after device_del(). However, this does not fully solve the race, as a new work item can still be scheduled *after* flush_work() completes but before the gadget's memory is freed, leading to the same use-after-free. This patch fixes the race condition robustly by introducing a 'teardown' flag and a 'state_lock' spinlock to the usb_gadget struct. The flag is set during cleanup in usb_del_gadget() *before* calling flush_work() to prevent any new work from being scheduled once cleanup has commenced. The scheduling site, usb_gadget_set_state(), now checks this flag under the lock before queueing the work, thus safely closing the race window. Changes in v2: - Removed redundant inline comments as suggested by Alan Stern. Fixes: 5702f75375aa9 ("usb: gadget: udc-core: move sysfs_notify() to a workqueue") Signed-off-by: Jimmy Hu <hhhuuu(a)google.com> Cc: stable(a)vger.kernel.org --- drivers/usb/gadget/udc/core.c | 17 ++++++++++++++++- include/linux/usb/gadget.h | 5 +++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index d709e24c1fd4..66d2428835da 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1123,8 +1123,13 @@ static void usb_gadget_state_work(struct work_struct *work) void usb_gadget_set_state(struct usb_gadget *gadget, enum usb_device_state state) { + unsigned long flags; + + spin_lock_irqsave(&gadget->state_lock, flags); gadget->state = state; - schedule_work(&gadget->work); + if (!gadget->teardown) + schedule_work(&gadget->work); + spin_unlock_irqrestore(&gadget->state_lock, flags); } EXPORT_SYMBOL_GPL(usb_gadget_set_state); @@ -1357,6 +1362,8 @@ static void usb_udc_nop_release(struct device *dev) void usb_initialize_gadget(struct device *parent, struct usb_gadget *gadget, void (*release)(struct device *dev)) { + spin_lock_init(&gadget->state_lock); + gadget->teardown = false; INIT_WORK(&gadget->work, usb_gadget_state_work); gadget->dev.parent = parent; @@ -1531,6 +1538,7 @@ EXPORT_SYMBOL_GPL(usb_add_gadget_udc); void usb_del_gadget(struct usb_gadget *gadget) { struct usb_udc *udc = gadget->udc; + unsigned long flags; if (!udc) return; @@ -1544,6 +1552,13 @@ void usb_del_gadget(struct usb_gadget *gadget) kobject_uevent(&udc->dev.kobj, KOBJ_REMOVE); sysfs_remove_link(&udc->dev.kobj, "gadget"); device_del(&gadget->dev); + /* + * Set the teardown flag before flushing the work to prevent new work + * from being scheduled while we are cleaning up. + */ + spin_lock_irqsave(&gadget->state_lock, flags); + gadget->teardown = true; + spin_unlock_irqrestore(&gadget->state_lock, flags); flush_work(&gadget->work); ida_free(&gadget_id_numbers, gadget->id_number); cancel_work_sync(&udc->vbus_work); diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h index 0f28c5512fcb..8b5e593f7966 100644 --- a/include/linux/usb/gadget.h +++ b/include/linux/usb/gadget.h @@ -351,6 +351,9 @@ struct usb_gadget_ops { * can handle. The UDC must support this and all slower speeds and lower * number of lanes. * @state: the state we are now (attached, suspended, configured, etc) + * @state_lock: Spinlock protecting the `state` and `teardown` members. + * @teardown: True if the device is undergoing teardown, used to prevent + * new work from being scheduled during cleanup. * @name: Identifies the controller hardware type. Used in diagnostics * and sometimes configuration. * @dev: Driver model state for this abstract device. @@ -426,6 +429,8 @@ struct usb_gadget { enum usb_ssp_rate max_ssp_rate; enum usb_device_state state; + spinlock_t state_lock; + bool teardown; const char *name; struct device dev; unsigned isoch_delay; -- 2.51.0.760.g7b8bcc2412-goog

3 weeks

3
2
0 0

[PATCH 6.1.y] sctp: linearize cloned gso packets in sctp_rcv

by Vasiliy Kovalev

From: Xin Long <lucien.xin(a)gmail.com> commit fd60d8a086191fe33c2d719732d2482052fa6805 upstream. A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs caused by this: BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211 sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211 sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122 __release_sock+0x1da/0x330 net/core/sock.c:3106 release_sock+0x6b/0x250 net/core/sock.c:3660 sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360 sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885 sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031 inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:718 [inline] and BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987 sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987 sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88 sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331 sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148 __release_sock+0x1d3/0x330 net/core/sock.c:3213 release_sock+0x6b/0x270 net/core/sock.c:3767 sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367 sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886 sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032 inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:712 [inline] This patch fixes it by linearizing cloned gso packets in sctp_rcv(). Fixes: 90017accff61 ("sctp: Add GSO support") Reported-by: syzbot+773e51afe420baaf0e2b(a)syzkaller.appspotmail.com Reported-by: syzbot+70a42f45e76bede082be(a)syzkaller.appspotmail.com Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Link: https://patch.msgid.link/dd7dc337b99876d4132d0961f776913719f7d225.175459561… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ kovalev: bp to fix CVE-2025-38718 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- This patch is lost/missing, as it has already been added into stable branches less than and greater than 6.1. --- net/sctp/input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/input.c b/net/sctp/input.c index 4ee9374dcfb9..182898cb754a 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c @@ -114,7 +114,7 @@ int sctp_rcv(struct sk_buff *skb) * it's better to just linearize it otherwise crc computing * takes longer. */ - if ((!is_gso && skb_linearize(skb)) || + if (((!is_gso || skb_cloned(skb)) && skb_linearize(skb)) || !pskb_may_pull(skb, sizeof(struct sctphdr))) goto discard_it; -- 2.50.1

3 weeks

1
0
0 0

[PATCH] mm/shmem: fix THP allocation size check and fallback

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> There are some problems with the code implementations of THP fallback. suitable_orders could be zero, and calling highest_order on a zero value returns an overflowed size. And the order check loop is updating the index value on every loop which may cause the index to be aligned by a larger value while the loop shrinks the order. And it forgot to try order 0 after the final loop. This is usually fine because shmem_add_to_page_cache ensures the shmem mapping is still sane, but it might cause many potential issues like allocating random folios into the random position in the map or return -ENOMEM by accident. This triggered some strange userspace errors [1], and shouldn't have happened in the first place. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/linux-mm/CAMgjq7DqgAmj25nDUwwu1U2cSGSn8n4-Hqpgotted… [1] Fixes: e7a2ab7b3bb5d ("mm: shmem: add mTHP support for anonymous shmem") Signed-off-by: Kairui Song <kasong(a)tencent.com> --- mm/shmem.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index b50ce7dbc84a..25303711f123 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1824,6 +1824,9 @@ static unsigned long shmem_suitable_orders(struct inode *inode, struct vm_fault unsigned long pages; int order; + if (!orders) + return 0; + if (vma) { orders = thp_vma_suitable_orders(vma, vmf->address, orders); if (!orders) @@ -1888,27 +1891,28 @@ static struct folio *shmem_alloc_and_add_folio(struct vm_fault *vmf, if (!IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE)) orders = 0; - if (orders > 0) { - suitable_orders = shmem_suitable_orders(inode, vmf, - mapping, index, orders); + suitable_orders = shmem_suitable_orders(inode, vmf, + mapping, index, orders); + if (suitable_orders) { order = highest_order(suitable_orders); - while (suitable_orders) { + do { pages = 1UL << order; - index = round_down(index, pages); - folio = shmem_alloc_folio(gfp, order, info, index); - if (folio) + folio = shmem_alloc_folio(gfp, order, info, round_down(index, pages)); + if (folio) { + index = round_down(index, pages); goto allocated; + } if (pages == HPAGE_PMD_NR) count_vm_event(THP_FILE_FALLBACK); count_mthp_stat(order, MTHP_STAT_SHMEM_FALLBACK); order = next_order(&suitable_orders, order); - } - } else { - pages = 1; - folio = shmem_alloc_folio(gfp, 0, info, index); + } while (suitable_orders); } + + pages = 1; + folio = shmem_alloc_folio(gfp, 0, info, index); if (!folio) return ERR_PTR(-ENOMEM); -- 2.51.0

3 weeks

2
3
0 0

[PATCH v3] mm/huge_memory: do not change split_huge_page*() target order silently.

by Zi Yan

Page cache folios from a file system that support large block size (LBS) can have minimal folio order greater than 0, thus a high order folio might not be able to be split down to order-0. Commit e220917fa507 ("mm: split a folio in minimum folio order chunks") bumps the target order of split_huge_page*() to the minimum allowed order when splitting a LBS folio. This causes confusion for some split_huge_page*() callers like memory failure handling code, since they expect after-split folios all have order-0 when split succeeds but in reality get min_order_for_split() order folios and give warnings. Fix it by failing a split if the folio cannot be split to the target order. Rename try_folio_split() to try_folio_split_to_order() to reflect the added new_order parameter. Remove its unused list parameter. Fixes: e220917fa507 ("mm: split a folio in minimum folio order chunks") [The test poisons LBS folios, which cannot be split to order-0 folios, and also tries to poison all memory. The non split LBS folios take more memory than the test anticipated, leading to OOM. The patch fixed the kernel warning and the test needs some change to avoid OOM.] Reported-by: syzbot+e6367ea2fdab6ed46056(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/68d2c943.a70a0220.1b52b.02b3.GAE@google.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Luis Chamberlain <mcgrof(a)kernel.org> Reviewed-by: Pankaj Raghav <p.raghav(a)samsung.com> Reviewed-by: Wei Yang <richard.weiyang(a)gmail.com> --- From V2[1]: 1. Removed a typo in try_folio_split_to_order() comment. 2. Sent the Fixes patch separately. [1] https://lore.kernel.org/linux-mm/20251016033452.125479-1-ziy@nvidia.com/ include/linux/huge_mm.h | 55 +++++++++++++++++------------------------ mm/huge_memory.c | 9 +------ mm/truncate.c | 6 +++-- 3 files changed, 28 insertions(+), 42 deletions(-) diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h index c4a811958cda..7698b3542c4f 100644 --- a/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h @@ -383,45 +383,30 @@ static inline int split_huge_page_to_list_to_order(struct page *page, struct lis } /* - * try_folio_split - try to split a @folio at @page using non uniform split. + * try_folio_split_to_order - try to split a @folio at @page to @new_order using + * non uniform split. * @folio: folio to be split - * @page: split to order-0 at the given page - * @list: store the after-split folios + * @page: split to @new_order at the given page + * @new_order: the target split order * - * Try to split a @folio at @page using non uniform split to order-0, if - * non uniform split is not supported, fall back to uniform split. + * Try to split a @folio at @page using non uniform split to @new_order, if + * non uniform split is not supported, fall back to uniform split. After-split + * folios are put back to LRU list. Use min_order_for_split() to get the lower + * bound of @new_order. * * Return: 0: split is successful, otherwise split failed. */ -static inline int try_folio_split(struct folio *folio, struct page *page, - struct list_head *list) +static inline int try_folio_split_to_order(struct folio *folio, + struct page *page, unsigned int new_order) { - int ret = min_order_for_split(folio); - - if (ret < 0) - return ret; - - if (!non_uniform_split_supported(folio, 0, false)) - return split_huge_page_to_list_to_order(&folio->page, list, - ret); - return folio_split(folio, ret, page, list); + if (!non_uniform_split_supported(folio, new_order, /* warns= */ false)) + return split_huge_page_to_list_to_order(&folio->page, NULL, + new_order); + return folio_split(folio, new_order, page, NULL); } static inline int split_huge_page(struct page *page) { - struct folio *folio = page_folio(page); - int ret = min_order_for_split(folio); - - if (ret < 0) - return ret; - - /* - * split_huge_page() locks the page before splitting and - * expects the same page that has been split to be locked when - * returned. split_folio(page_folio(page)) cannot be used here - * because it converts the page to folio and passes the head - * page to be split. - */ - return split_huge_page_to_list_to_order(page, NULL, ret); + return split_huge_page_to_list_to_order(page, NULL, 0); } void deferred_split_folio(struct folio *folio, bool partially_mapped); #ifdef CONFIG_MEMCG @@ -611,14 +596,20 @@ static inline int split_huge_page(struct page *page) return -EINVAL; } +static inline int min_order_for_split(struct folio *folio) +{ + VM_WARN_ON_ONCE_FOLIO(1, folio); + return -EINVAL; +} + static inline int split_folio_to_list(struct folio *folio, struct list_head *list) { VM_WARN_ON_ONCE_FOLIO(1, folio); return -EINVAL; } -static inline int try_folio_split(struct folio *folio, struct page *page, - struct list_head *list) +static inline int try_folio_split_to_order(struct folio *folio, + struct page *page, unsigned int new_order) { VM_WARN_ON_ONCE_FOLIO(1, folio); return -EINVAL; diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f14fbef1eefd..fc65ec3393d2 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3812,8 +3812,6 @@ static int __folio_split(struct folio *folio, unsigned int new_order, min_order = mapping_min_folio_order(folio->mapping); if (new_order < min_order) { - VM_WARN_ONCE(1, "Cannot split mapped folio below min-order: %u", - min_order); ret = -EINVAL; goto out; } @@ -4165,12 +4163,7 @@ int min_order_for_split(struct folio *folio) int split_folio_to_list(struct folio *folio, struct list_head *list) { - int ret = min_order_for_split(folio); - - if (ret < 0) - return ret; - - return split_huge_page_to_list_to_order(&folio->page, list, ret); + return split_huge_page_to_list_to_order(&folio->page, list, 0); } /* diff --git a/mm/truncate.c b/mm/truncate.c index 91eb92a5ce4f..9210cf808f5c 100644 --- a/mm/truncate.c +++ b/mm/truncate.c @@ -194,6 +194,7 @@ bool truncate_inode_partial_folio(struct folio *folio, loff_t start, loff_t end) size_t size = folio_size(folio); unsigned int offset, length; struct page *split_at, *split_at2; + unsigned int min_order; if (pos < start) offset = start - pos; @@ -223,8 +224,9 @@ bool truncate_inode_partial_folio(struct folio *folio, loff_t start, loff_t end) if (!folio_test_large(folio)) return true; + min_order = mapping_min_folio_order(folio->mapping); split_at = folio_page(folio, PAGE_ALIGN_DOWN(offset) / PAGE_SIZE); - if (!try_folio_split(folio, split_at, NULL)) { + if (!try_folio_split_to_order(folio, split_at, min_order)) { /* * try to split at offset + length to make sure folios within * the range can be dropped, especially to avoid memory waste @@ -254,7 +256,7 @@ bool truncate_inode_partial_folio(struct folio *folio, loff_t start, loff_t end) */ if (folio_test_large(folio2) && folio2->mapping == folio->mapping) - try_folio_split(folio2, split_at2, NULL); + try_folio_split_to_order(folio2, split_at2, min_order); folio_unlock(folio2); out: -- 2.51.0

3 weeks

4
6
0 0

[PATCH v2 0/3] gpio: idio-16: Fix regmap initialization errors

by William Breathitt Gray

The migration of IDIO-16 GPIO drivers to the regmap API resulted in some regressions to the gpio-104-idio-16, gpio-pci-idio-16, and gpio-idio-16 modules. Specifically, the 104-idio-16 and pci-idio-16 GPIO drivers utilize regmap caching and thus must set max_register for their regmap_config, while gpio-idio-16 requires fixed_direction_output to represent the fixed direction of the IDIO-16 GPIO lines. Fixes for these regressions are provided by this series. Link: https://lore.kernel.org/r/cover.1680618405.git.william.gray@linaro.org Closes: https://lore.kernel.org/r/9b0375fd-235f-4ee1-a7fa-daca296ef6bf@nutanix.com Signed-off-by: William Breathitt Gray <wbg(a)kernel.org> --- Changes in v2: - Pick up Reviewed-by tags - Replace Link tags with Closes tags for fixes addressing bug reports - Link to v1: https://lore.kernel.org/r/20251017-fix-gpio-idio-16-regmap-v1-0-a7c71080f74… --- William Breathitt Gray (3): gpio: 104-idio-16: Define maximum valid register address offset gpio: pci-idio-16: Define maximum valid register address offset gpio: idio-16: Define fixed direction of the GPIO lines drivers/gpio/gpio-104-idio-16.c | 1 + drivers/gpio/gpio-idio-16.c | 5 +++++ drivers/gpio/gpio-pci-idio-16.c | 1 + 3 files changed, 7 insertions(+) --- base-commit: eba11116f39533d2e38cc5898014f2c95f32d23a change-id: 20251017-fix-gpio-idio-16-regmap-1282cdc56a19 Best regards, -- William Breathitt Gray <wbg(a)kernel.org>

3 weeks

4
12
0 0

LOAN OFFER

by Ms. Madelaine Alfelor

Dear sir/Ma I'm an Investment Financing Consultant working for top investment financing companies globally. By virtue of my esteemed affiliation with a Bank in Hong Kong, S. Korea, Japan and the USA, we can help you get a Credit Line which will actively give you access to Funds between $10 million to $5 billion up to a period of 5 to 10 years for 5% annual rate on the credit line in returns. I will help you process the Credit Line within a few days if interested. The Fund is available to fund any type of viable businesses, investments or projects. Let me know the exact amount you need for your projects. Get in touch if you have a viable project that requires funding. Regards Ms. Madelaine Alfelor.

3 weeks

1
0
0 0

Re: Patch "PM: hibernate: Add pm_hibernation_mode_is_suspend()" has been added to the 6.17-stable tree

by Pascal Ernster

[2025-10-20 10:36] gregkh linuxfoundation ! org: > This is a note to let you know that I've just added the patch titled > > PM: hibernate: Add pm_hibernation_mode_is_suspend() > > to the 6.17-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > pm-hibernate-add-pm_hibernation_mode_is_suspend.patch > and it can be found in the queue-6.17 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From stable+bounces-187839-greg=kroah.com(a)vger.kernel.org Sat Oct 18 15:51:25 2025 > From: Sasha Levin <sashal(a)kernel.org> > Date: Sat, 18 Oct 2025 09:51:01 -0400 > Subject: PM: hibernate: Add pm_hibernation_mode_is_suspend() > To: stable(a)vger.kernel.org > Cc: "Mario Limonciello (AMD)" <superm1(a)kernel.org>, Ionut Nechita <ionut_n2001(a)yahoo.com>, Kenneth Crudup <kenny(a)panix.com>, Alex Deucher <alexander.deucher(a)amd.com>, "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com>, Sasha Levin <sashal(a)kernel.org> > Message-ID: <20251018135102.711457-1-sashal(a)kernel.org> > > From: "Mario Limonciello (AMD)" <superm1(a)kernel.org> > > [ Upstream commit 495c8d35035edb66e3284113bef01f3b1b843832 ] > > Some drivers have different flows for hibernation and suspend. If > the driver opportunistically will skip thaw() then it needs a hint > to know what is happening after the hibernate. > > Introduce a new symbol pm_hibernation_mode_is_suspend() that drivers > can call to determine if suspending the system for this purpose. > > Tested-by: Ionut Nechita <ionut_n2001(a)yahoo.com> > Tested-by: Kenneth Crudup <kenny(a)panix.com> > Acked-by: Alex Deucher <alexander.deucher(a)amd.com> > Signed-off-by: Mario Limonciello (AMD) <superm1(a)kernel.org> > Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> > Stable-dep-of: 0a6e9e098fcc ("drm/amd: Fix hybrid sleep") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > include/linux/suspend.h | 2 ++ > kernel/power/hibernate.c | 11 +++++++++++ > 2 files changed, 13 insertions(+) > > --- a/include/linux/suspend.h > +++ b/include/linux/suspend.h > @@ -276,6 +276,7 @@ extern void arch_suspend_enable_irqs(voi > > extern int pm_suspend(suspend_state_t state); > extern bool sync_on_suspend_enabled; > +bool pm_hibernation_mode_is_suspend(void); > #else /* !CONFIG_SUSPEND */ > #define suspend_valid_only_mem NULL > > @@ -288,6 +289,7 @@ static inline bool pm_suspend_via_firmwa > static inline bool pm_resume_via_firmware(void) { return false; } > static inline bool pm_suspend_no_platform(void) { return false; } > static inline bool pm_suspend_default_s2idle(void) { return false; } > +static inline bool pm_hibernation_mode_is_suspend(void) { return false; } > > static inline void suspend_set_ops(const struct platform_suspend_ops *ops) {} > static inline int pm_suspend(suspend_state_t state) { return -ENOSYS; } > --- a/kernel/power/hibernate.c > +++ b/kernel/power/hibernate.c > @@ -80,6 +80,17 @@ static const struct platform_hibernation > > static atomic_t hibernate_atomic = ATOMIC_INIT(1); > > +#ifdef CONFIG_SUSPEND > +/** > + * pm_hibernation_mode_is_suspend - Check if hibernation has been set to suspend > + */ > +bool pm_hibernation_mode_is_suspend(void) > +{ > + return hibernation_mode == HIBERNATION_SUSPEND; > +} > +EXPORT_SYMBOL_GPL(pm_hibernation_mode_is_suspend); > +#endif > + > bool hibernate_acquire(void) > { > return atomic_add_unless(&hibernate_atomic, -1, 0); > > > Patches currently in stable-queue which might be from sashal(a)kernel.org are > > queue-6.17/drm-amd-fix-hybrid-sleep.patch > queue-6.17/usb-gadget-introduce-free_usb_request-helper.patch > queue-6.17/pm-hibernate-add-pm_hibernation_mode_is_suspend.patch > queue-6.17/usb-gadget-store-endpoint-pointer-in-usb_request.patch > queue-6.17/media-nxp-imx8-isi-m2m-fix-streaming-cleanup-on-release.patch > queue-6.17/usb-gadget-f_rndis-refactor-bind-path-to-use-__free.patch Hi, I kept getting "ERROR: modpost: "pm_hibernation_mode_is_suspend" [drivers/gpu/drm/amd/amdgpu/amdgpu.ko] undefined!" when trying to build a 6.17.4 kernel with all the patches from queue-6.17 applied on top (from the stable-queue git repo at commit id 6aceec507fd0d3cefa7cac227eaf897edf09bf32). That build-time error is gone and the resulting kernel boots/runs fine on various x86_64 machines and VMs since I've removed/omitted both this patch and queue-6.17/drm-amd-fix-hybrid-sleep.patch. I'm not sure if omitting queue-6.17/drm-amd-fix-hybrid-sleep.patch would have been sufficient, but both patches are part of the same patch set anyway. Sadly, I haven't been able to figure out what about the changes actually causes the issue. My first guess was that if CONFIG_SUSPEND is not selected/enabled, then the whole pm_hibernation_mode_is_suspend() function and the corresponding export symbol would be missing. However, the kernel that I was trying to build *does* have CONFIG_SUSPEND=y in its config, so this shouldn't be the cause… Regards Pascal

3 weeks

3
7
0 0

[PATCH] ACPI: video: Fix use-after-free in acpi_video_bus_put_devices()

by Yuhao Jiang

The code contains a use-after-free vulnerability due to missing cancellation of delayed work during device removal. Specifically, in acpi_video_bus_remove(), the function acpi_video_bus_put_devices() is called, which frees all acpi_video_device structures without cancelling the associated delayed work (switch_brightness_work). This work is scheduled via brightness_switch_event() in response to ACPI events (e.g., brightness key presses) with a 100ms delay. If the work is pending when the device is removed, it may execute after the memory is freed, leading to use-after-free when the work function acpi_video_switch_brightness() accesses the device structure. Fix this by calling cancel_delayed_work_sync() before freeing each acpi_video_device to ensure the work is fully completed before the memory is released. Fixes: 67b662e189f46 ("ACPI / video: seperate backlight control and event interface") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- drivers/acpi/acpi_video.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c index 103f29661576..5b80f87e078f 100644 --- a/drivers/acpi/acpi_video.c +++ b/drivers/acpi/acpi_video.c @@ -1974,6 +1974,7 @@ static int acpi_video_bus_put_devices(struct acpi_video_bus *video) mutex_lock(&video->device_list_lock); list_for_each_entry_safe(dev, next, &video->video_device_list, entry) { + cancel_delayed_work_sync(&dev->switch_brightness_work); list_del(&dev->entry); kfree(dev); } -- 2.34.1

3 weeks

1
0
0 0

[PATCH] ACPI: video: Fix use-after-free in acpi_video_bus_put_devices()

by Yuhao Jiang

The code contains a use-after-free vulnerability due to missing cancellation of delayed work during device removal. Specifically, in acpi_video_bus_remove(), the function acpi_video_bus_put_devices() is called, which frees all acpi_video_device structures without cancelling the associated delayed work (switch_brightness_work). This work is scheduled via brightness_switch_event() in response to ACPI events (e.g., brightness key presses) with a 100ms delay. If the work is pending when the device is removed, it may execute after the memory is freed, leading to use-after-free when the work function acpi_video_switch_brightness() accesses the device structure. Fix this by calling cancel_delayed_work_sync() before freeing each acpi_video_device to ensure the work is fully completed before the memory is released. Fixes: 67b662e189f46 ("ACPI / video: seperate backlight control and event interface") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- drivers/acpi/acpi_video.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c index 103f29661576..5b80f87e078f 100644 --- a/drivers/acpi/acpi_video.c +++ b/drivers/acpi/acpi_video.c @@ -1974,6 +1974,7 @@ static int acpi_video_bus_put_devices(struct acpi_video_bus *video) mutex_lock(&video->device_list_lock); list_for_each_entry_safe(dev, next, &video->video_device_list, entry) { + cancel_delayed_work_sync(&dev->switch_brightness_work); list_del(&dev->entry); kfree(dev); } -- 2.34.1

3 weeks

1
0
0 0

[PATCH net] virtio-net: zero unused hash fields

by Jason Wang

When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may leak information to another side. Fixing this by zeroing the unused hash fields. Fixes: a2fb4bc4e2a6a ("net: implement virtio helpers to handle UDP GSO tunneling")x Cc: <stable(a)vger.kernel.org> Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- include/linux/virtio_net.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 20e0584db1dd..4d1780848d0e 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -401,6 +401,10 @@ virtio_net_hdr_tnl_from_skb(const struct sk_buff *skb, if (!tnl_hdr_negotiated) return -EINVAL; + vhdr->hash_hdr.hash_value = 0; + vhdr->hash_hdr.hash_report = 0; + vhdr->hash_hdr.padding = 0; + /* Let the basic parsing deal with plain GSO features. */ skb_shinfo(skb)->gso_type &= ~tnl_gso_type; ret = virtio_net_hdr_from_skb(skb, hdr, true, false, vlan_hlen); -- 2.42.0

3 weeks

3
3
0 0

ORDER 8745631

by Diana Owen

Greetings, I hope this email finds you well. I am Mrs. Diana Owen contacting you from Reality Trading Group Ltd India. . As a new growing company, we are looking for reliable company of your product as seen in your website for urgent purchase order basis. Could you please give me more details and specification of your products. We also need your products catalog, MOQ, Production Lead Time and Unit price? Best Regards, Mrs. Diana Owen Purchase Manager Company: Reality Trading Group Ltd

3 weeks

1
0
0 0

[PATCH] scsi: aacraid: Fix DMA mapping leak in aac_send_raw_srb error paths

by Yuhao Jiang

The aac_send_raw_srb function creates DMA mappings for scatter-gather buffers but fails to unmap them in most error paths, leading to DMA mapping resource leaks. This patch fixes all error paths except -ERESTARTSYS. The -ERESTARTSYS case is a known design issue where resources cannot be safely freed (hardware may still be accessing them) but also cannot be properly tracked for later cleanup (they are local variables). Fixed paths: - copy_from_user failures during SG buffer setup - aac_hba_send/aac_fib_send errors after DMA mapping - copy_to_user failures after successful command execution Fixes: 423400e64d377 ("scsi: aacraid: Include HBA direct interface") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- drivers/scsi/aacraid/commctrl.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c index 68240d6f27ab..e0495f278e2e 100644 --- a/drivers/scsi/aacraid/commctrl.c +++ b/drivers/scsi/aacraid/commctrl.c @@ -493,6 +493,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) void __user *sg_user[HBA_MAX_SG_EMBEDDED]; void *sg_list[HBA_MAX_SG_EMBEDDED]; u32 sg_count[HBA_MAX_SG_EMBEDDED]; + dma_addr_t sg_dma_addr[HBA_MAX_SG_EMBEDDED]; + int sg_dma_last_mapped = -1; u32 sg_indx = 0; u32 byte_count = 0; u32 actual_fibsize64, actual_fibsize = 0; @@ -690,6 +692,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) } addr = dma_map_single(&dev->pdev->dev, p, sg_count[i], data_dir); + sg_dma_addr[i] = addr; + sg_dma_last_mapped = i; hbacmd->sge[i].addr_hi = cpu_to_le32((u32)(addr>>32)); hbacmd->sge[i].addr_lo = cpu_to_le32( (u32)(addr & 0xffffffff)); @@ -752,6 +756,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) } addr = dma_map_single(&dev->pdev->dev, p, sg_count[i], data_dir); + sg_dma_addr[i] = addr; + sg_dma_last_mapped = i; psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); psg->sg[i].addr[1] = cpu_to_le32(addr>>32); @@ -808,6 +814,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) } addr = dma_map_single(&dev->pdev->dev, p, sg_count[i], data_dir); + sg_dma_addr[i] = addr; + sg_dma_last_mapped = i; psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); psg->sg[i].addr[1] = cpu_to_le32(addr>>32); @@ -865,6 +873,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) addr = dma_map_single(&dev->pdev->dev, p, usg->sg[i].count, data_dir); + sg_dma_addr[i] = addr; + sg_dma_last_mapped = i; psg->sg[i].addr = cpu_to_le32(addr & 0xffffffff); byte_count += usg->sg[i].count; @@ -905,6 +915,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) } addr = dma_map_single(&dev->pdev->dev, p, sg_count[i], data_dir); + sg_dma_addr[i] = addr; + sg_dma_last_mapped = i; psg->sg[i].addr = cpu_to_le32(addr); byte_count += sg_count[i]; @@ -986,6 +998,10 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) cleanup: kfree(user_srbcmd); if (rcode != -ERESTARTSYS) { + for (i = 0; i <= sg_dma_last_mapped; i++) { + dma_unmap_single(&dev->pdev->dev, sg_dma_addr[i], + sg_count[i], data_dir); + } for (i = 0; i <= sg_indx; i++) kfree(sg_list[i]); aac_fib_complete(srbfib); -- 2.34.1

3 weeks

1
0
0 0

[PATCH 6.1.y ] drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'

by Vasiliy Kovalev

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> commit cdb637d339572398821204a1142d8d615668f1e9 upstream. The issue arises when the array 'adev->vcn.vcn_config' is accessed before checking if the index 'adev->vcn.num_vcn_inst' is within the bounds of the array. The fix involves moving the bounds check before the array access. This ensures that 'adev->vcn.num_vcn_inst' is within the bounds of the array before it is used as an index. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use. Fixes: a0ccc717c4ab ("drm/amdgpu/discovery: validate VCN and SDMA instances") Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [ kovalev: bp to fix CVE-2024-27042 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c index d8441e273..8bc3a4bf3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c @@ -1128,15 +1128,16 @@ static int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev) * 0b10 : encode is disabled * 0b01 : decode is disabled */ - adev->vcn.vcn_config[adev->vcn.num_vcn_inst] = - ip->revision & 0xc0; - ip->revision &= ~0xc0; - if (adev->vcn.num_vcn_inst < AMDGPU_MAX_VCN_INSTANCES) + if (adev->vcn.num_vcn_inst < AMDGPU_MAX_VCN_INSTANCES) { + adev->vcn.vcn_config[adev->vcn.num_vcn_inst] = + ip->revision & 0xc0; adev->vcn.num_vcn_inst++; + } else dev_err(adev->dev, "Too many VCN instances: %d vs %d\n", adev->vcn.num_vcn_inst + 1, AMDGPU_MAX_VCN_INSTANCES); + ip->revision &= ~0xc0; } if (le16_to_cpu(ip->hw_id) == SDMA0_HWID || le16_to_cpu(ip->hw_id) == SDMA1_HWID || -- 2.50.1

3 weeks, 1 day

1
0
0 0

【年に一度】SBIポイントで豪華賞品を交換 — 在庫がなくなり次第終了No.86212

by SBI証券

平素よりSBI証券をご利用いただき、誠にありがとうございます。SBI証券では、日頃のご愛顧に感謝を込めて、年に一度だけの「ポイント交換キャンペーン」を開催しております。お客様の現在の保有ポイントは以下のとおりです。保有ポイント28,810ポイント本キャンペーンでは、貯まったポイントを豪華賞品と交換いただけます。交換は先着順で、在庫がなくなり次第終了となります。交換は以下のページからお手続きください。ポイント交換ページhttps://www.sbisec.co.jp/member/point/交換可能賞品の一例キャンペーン終了日：2025年10月22日・Apple iPad（第9世代 Wi-Fiモデル 64GB）【限定100台／残り15台】・Dyson コードレス掃除機【限定200台／残り90台】・Apple Watch SE（GPSモデル）・BALMUDA The Toaster（バルミューダトースター）・JCBギフトカード（5,000円分）・SBIオリジナル記念グッズ（非売品）この「年に一度の特別企画」は、例年多くのお客様にご参加いただいております。人気商品の在庫はすでに残りわずかです。ご注意・本キャンペーンは年に一度のみの開催です。・在庫がなくなり次第、予告なく終了いたします。・ポイント交換後の変更・キャンセルはお受けできません。一年に一度の特別なチャンスを、ぜひお見逃しなく。この機会にポイント交換をご利用ください。 SBI証券株式会社東京都港区六本木1-6-1 泉ガーデンタワーhttps://www.sbisec.co.jp/ © 2025 SBI SECURITIES Co., Ltd.

3 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] fuse: fix livelock in synchronous file put from fuseblk" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101630-unvaried-protector-cae4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 15 Sep 2025 17:24:17 -0700 Subject: [PATCH] fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the file descriptor before the writes complete. Unsurprisingly, the AIO exerciser threads are mostly stuck waiting for responses from the fuseblk server: # cat /proc/372265/task/372313/stack [<0>] request_wait_answer+0x1fe/0x2a0 [fuse] [<0>] __fuse_simple_request+0xd3/0x2b0 [fuse] [<0>] fuse_do_getattr+0xfc/0x1f0 [fuse] [<0>] fuse_file_read_iter+0xbe/0x1c0 [fuse] [<0>] aio_read+0x130/0x1e0 [<0>] io_submit_one+0x542/0x860 [<0>] __x64_sys_io_submit+0x98/0x1a0 [<0>] do_syscall_64+0x37/0xf0 [<0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 But the /weird/ part is that the fuseblk server threads are waiting for responses from itself: # cat /proc/372210/task/372232/stack [<0>] request_wait_answer+0x1fe/0x2a0 [fuse] [<0>] __fuse_simple_request+0xd3/0x2b0 [fuse] [<0>] fuse_file_put+0x9a/0xd0 [fuse] [<0>] fuse_release+0x36/0x50 [fuse] [<0>] __fput+0xec/0x2b0 [<0>] task_work_run+0x55/0x90 [<0>] syscall_exit_to_user_mode+0xe9/0x100 [<0>] do_syscall_64+0x43/0xf0 [<0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 The fuseblk server is fuse2fs so there's nothing all that exciting in the server itself. So why is the fuse server calling fuse_file_put? The commit message for the fstest sheds some light on that: "By closing the file descriptor before calling io_destroy, you pretty much guarantee that the last put on the ioctx will be done in interrupt context (during I/O completion). Aha. AIO fgets a new struct file from the fd when it queues the ioctx. The completion of the FUSE_WRITE command from userspace causes the fuse server to call the AIO completion function. The completion puts the struct file, queuing a delayed fput to the fuse server task. When the fuse server task returns to userspace, it has to run the delayed fput, which in the case of a fuseblk server, it does synchronously. Sending the FUSE_RELEASE command sychronously from fuse server threads is a bad idea because a client program can initiate enough simultaneous AIOs such that all the fuse server threads end up in delayed_fput, and now there aren't any threads left to handle the queued fuse commands. Fix this by only using asynchronous fputs when closing files, and leave a comment explaining why. Cc: stable(a)vger.kernel.org # v2.6.38 Fixes: 5a18ec176c934c ("fuse: fix hang of single threaded fuseblk filesystem") Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 54786f62a9d8..f1ef77a0be05 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -356,8 +356,14 @@ void fuse_file_release(struct inode *inode, struct fuse_file *ff, * Make the release synchronous if this is a fuseblk mount, * synchronous RELEASE is allowed (and desirable) in this case * because the server can be trusted not to screw up. + * + * Always use the asynchronous file put because the current thread + * might be the fuse server. This can happen if a process starts some + * aio and closes the fd before the aio completes. Since aio takes its + * own ref to the file, the IO completion has to drop the ref, which is + * how the fuse server can end up closing its clients' files. */ - fuse_file_put(ff, ff->fm->fc->destroy); + fuse_file_put(ff, false); } void fuse_release_common(struct file *file, bool isdir)

3 weeks, 1 day

2
1
0 0

[PATCH net 0/5] mptcp: handle late ADD_ADDR + selftests skip

by Matthieu Baerts (NGI0)

Here are a few independent fixes related to MPTCP and its selftests: - Patch 1: correctly handle ADD_ADDR being received after the switch to 'fully-established'. A fix for another recent fix backported up to v5.14. - Patches 2-5: properly mark some MPTCP Join subtests as 'skipped' if the tested kernel doesn't support the feature being validated. Some fixes for up to v5.13, v5.18, v6.11 and v6.18-rc1 respectively. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (5): mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported selftests: mptcp: join: mark laminar tests as skipped if not supported net/mptcp/pm_kernel.c | 6 ++++++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 +++++++++--------- 2 files changed, 15 insertions(+), 9 deletions(-) --- base-commit: ffff5c8fc2af2218a3332b3d5b97654599d50cde change-id: 20251020-net-mptcp-c-flag-late-add-addr-1d954e7b63d2 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

3 weeks, 1 day

2
5
0 0

[REGRESSION] Secureboot violation for linux enrolled by-hash into db v6.17.4 and v6.18-rc1

by Dimitri John Ledkov

If one enrolls linux kernel by-hash into db (for example using virt-fw-vars), the secureboot fails with security violation as EDK2 computation of authenticode for the linux binary doesn't match the enrolled hash. This is reproducible in AWS VMs, as well as locally with EDK2 builds with secureboot. Not affected v6.17 Not affected v6.17.3 Affected v6.17.4 Affected v6.18-rc1 Affected v6.18-rc2 Suspected patches are: $ git log --oneline v6.17.3..v6.17.4 -- scripts/ 8e5e13c8df9e6 kbuild: Add '.rel.*' strip pattern for vmlinux 7b80f81ae3190 kbuild: Restore pattern to avoid stripping .rela.dyn from vmlinux 5b5cdb1fe434e kbuild: keep .modinfo section in vmlinux.unstripped 86f364ee58420 kbuild: always create intermediate vmlinux.unstripped Reverting all of the above, makes secureboot with by-hash enrolled into db work again. I will try to bisect this further to determine the culprit. It feels like the strip potentially didn't update section offsets or their numbers or something like that. -- Regards, Dimitri.

3 weeks, 1 day

3
2
0 0

[merged mm-hotfixes-stable] mm-damon-core-use-damos_commit_quota_goal-for-new-goal-commit.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: use damos_commit_quota_goal() for new goal commit has been removed from the -mm tree. Its filename was mm-damon-core-use-damos_commit_quota_goal-for-new-goal-commit.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: use damos_commit_quota_goal() for new goal commit Date: Mon, 13 Oct 2025 17:18:44 -0700 When damos_commit_quota_goals() is called for adding new DAMOS quota goals of DAMOS_QUOTA_USER_INPUT metric, current_value fields of the new goals should be also set as requested. However, damos_commit_quota_goals() is not updating the field for the case, since it is setting only metrics and target values using damos_new_quota_goal(), and metric-optional union fields using damos_commit_quota_goal_union(). As a result, users could see the first current_value parameter that committed online with a new quota goal is ignored. Users are assumed to commit the current_value for DAMOS_QUOTA_USER_INPUT quota goals, since it is being used as a feedback. Hence the real impact would be subtle. That said, this is obviously not intended behavior. Fix the issue by using damos_commit_quota_goal() which sets all quota goal parameters, instead of damos_commit_quota_goal_union(), which sets only the union fields. Link: https://lkml.kernel.org/r/20251014001846.279282-1-sj@kernel.org Fixes: 1aef9df0ee90 ("mm/damon/core: commit damos_quota_goal->nid") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.16+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/damon/core.c~mm-damon-core-use-damos_commit_quota_goal-for-new-goal-commit +++ a/mm/damon/core.c @@ -835,7 +835,7 @@ int damos_commit_quota_goals(struct damo src_goal->metric, src_goal->target_value); if (!new_goal) return -ENOMEM; - damos_commit_quota_goal_union(new_goal, src_goal); + damos_commit_quota_goal(new_goal, src_goal); damos_add_quota_goal(dst, new_goal); } return 0; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-zswap-remove-unnecessary-dlen-writes-for-incompressible-pages.patch mm-zswap-fix-typos-s-zwap-zswap.patch mm-zswap-s-red-black-tree-xarray.patch docs-admin-guide-mm-zswap-s-red-black-tree-xarray.patch mm-damon-document-damos_quota_goal-nid-use-case.patch mm-damon-add-damos-quota-goal-type-for-per-memcg-per-node-memory-usage.patch mm-damon-core-implement-damos_quota_node_memcg_used_bp.patch mm-damon-sysfs-schemes-implement-path-file-under-quota-goal-directory.patch mm-damon-sysfs-schemes-support-damos_quota_node_memcg_used_bp.patch mm-damon-core-add-damos-quota-gaol-metric-for-per-memcg-per-numa-free-memory.patch mm-damon-sysfs-schemes-support-damos_quota_node_memcg_free_bp.patch docs-mm-damon-design-document-damos_quota_node_memcg_usedfree_bp.patch docs-admin-guide-mm-damon-usage-document-damos-quota-goal-path-file.patch docs-abi-damon-document-damos-quota-goal-path-file.patch

3 weeks, 1 day

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-fix-potential-memory-leak-by-cleaning-ops_filter-in-damon_destroy_scheme.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme has been removed from the -mm tree. Its filename was mm-damon-core-fix-potential-memory-leak-by-cleaning-ops_filter-in-damon_destroy_scheme.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Enze Li <lienze(a)kylinos.cn> Subject: mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme Date: Tue, 14 Oct 2025 16:42:25 +0800 Currently, damon_destroy_scheme() only cleans up the filter list but leaves ops_filter untouched, which could lead to memory leaks when a scheme is destroyed. This patch ensures both filter and ops_filter are properly freed in damon_destroy_scheme(), preventing potential memory leaks. Link: https://lkml.kernel.org/r/20251014084225.313313-1-lienze@kylinos.cn Fixes: ab82e57981d0 ("mm/damon/core: introduce damos->ops_filters") Signed-off-by: Enze Li <lienze(a)kylinos.cn> Reviewed-by: SeongJae Park <sj(a)kernel.org> Tested-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/damon/core.c~mm-damon-core-fix-potential-memory-leak-by-cleaning-ops_filter-in-damon_destroy_scheme +++ a/mm/damon/core.c @@ -452,6 +452,9 @@ void damon_destroy_scheme(struct damos * damos_for_each_filter_safe(f, next, s) damos_destroy_filter(f); + damos_for_each_ops_filter_safe(f, next, s) + damos_destroy_filter(f); + kfree(s->migrate_dests.node_id_arr); kfree(s->migrate_dests.weight_arr); damon_del_scheme(s); _ Patches currently in -mm which might be from lienze(a)kylinos.cn are

3 weeks, 1 day

1
0
0 0

[merged mm-hotfixes-stable] vmw_balloon-indicate-success-when-effectively-deflating-during-migration.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: vmw_balloon: indicate success when effectively deflating during migration has been removed from the -mm tree. Its filename was vmw_balloon-indicate-success-when-effectively-deflating-during-migration.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: vmw_balloon: indicate success when effectively deflating during migration Date: Tue, 14 Oct 2025 14:44:55 +0200 When migrating a balloon page, we first deflate the old page to then inflate the new page. However, if inflating the new page succeeded, we effectively deflated the old page, reducing the balloon size. In that case, the migration actually worked: similar to migrating+ immediately deflating the new page. The old page will be freed back to the buddy. Right now, the core will leave the page be marked as isolated (as we returned an error). When later trying to putback that page, we will run into the WARN_ON_ONCE() in balloon_page_putback(). That handling was changed in commit 3544c4faccb8 ("mm/balloon_compaction: stop using __ClearPageMovable()"); before that change, we would have tolerated that way of handling it. To fix it, let's just return 0 in that case, making the core effectively just clear the "isolated" flag + freeing it back to the buddy as if the migration succeeded. Note that the new page will also get freed when the core puts the last reference. Note that this also makes it all be more consistent: we will no longer unisolate the page in the balloon driver while keeping it marked as being isolated in migration core. This was found by code inspection. Link: https://lkml.kernel.org/r/20251014124455.478345-1-david@redhat.com Fixes: 3544c4faccb8 ("mm/balloon_compaction: stop using __ClearPageMovable()") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Jerrin Shaji George <jerrin.shaji-george(a)broadcom.com> Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/misc/vmw_balloon.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) --- a/drivers/misc/vmw_balloon.c~vmw_balloon-indicate-success-when-effectively-deflating-during-migration +++ a/drivers/misc/vmw_balloon.c @@ -1737,7 +1737,7 @@ static int vmballoon_migratepage(struct { unsigned long status, flags; struct vmballoon *b; - int ret; + int ret = 0; b = container_of(b_dev_info, struct vmballoon, b_dev_info); @@ -1796,17 +1796,15 @@ static int vmballoon_migratepage(struct * A failure happened. While we can deflate the page we just * inflated, this deflation can also encounter an error. Instead * we will decrease the size of the balloon to reflect the - * change and report failure. + * change. */ atomic64_dec(&b->size); - ret = -EBUSY; } else { /* * Success. Take a reference for the page, and we will add it to * the list after acquiring the lock. */ get_page(newpage); - ret = 0; } /* Update the balloon list under the @pages_lock */ @@ -1817,7 +1815,7 @@ static int vmballoon_migratepage(struct * If we succeed just insert it to the list and update the statistics * under the lock. */ - if (!ret) { + if (status == VMW_BALLOON_SUCCESS) { balloon_page_insert(&b->b_dev_info, newpage); __count_vm_event(BALLOON_MIGRATE); } _ Patches currently in -mm which might be from david(a)redhat.com are

3 weeks, 1 day

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-fix-list_add_tail-call-on-damon_call.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: fix list_add_tail() call on damon_call() has been removed from the -mm tree. Its filename was mm-damon-core-fix-list_add_tail-call-on-damon_call.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: fix list_add_tail() call on damon_call() Date: Tue, 14 Oct 2025 13:59:36 -0700 Each damon_ctx maintains callback requests using a linked list (damon_ctx->call_controls). When a new callback request is received via damon_call(), the new request should be added to the list. However, the function is making a mistake at list_add_tail() invocation: putting the new item to add and the list head to add it before, in the opposite order. Because of the linked list manipulation implementation, the new request can still be reached from the context's list head. But the list items that were added before the new request are dropped from the list. As a result, the callbacks are unexpectedly not invocated. Worse yet, if the dropped callback requests were dynamically allocated, the memory is leaked. Actually DAMON sysfs interface is using a dynamically allocated repeat-mode callback request for automatic essential stats update. And because the online DAMON parameters commit is using a non-repeat-mode callback request, the issue can easily be reproduced, like below. # damo start --damos_action stat --refresh_stat 1s # damo tune --damos_action stat --refresh_stat 1s The first command dynamically allocates the repeat-mode callback request for automatic essential stat update. Users can see the essential stats are automatically updated for every second, using the sysfs interface. The second command calls damon_commit() with a new callback request that was made for the commit. As a result, the previously added repeat-mode callback request is dropped from the list. The automatic stats refresh stops working, and the memory for the repeat-mode callback request is leaked. It can be confirmed using kmemleak. Fix the mistake on the list_add_tail() call. Link: https://lkml.kernel.org/r/20251014205939.1206-1-sj@kernel.org Fixes: 004ded6bee11 ("mm/damon: accept parallel damon_call() requests") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/damon/core.c~mm-damon-core-fix-list_add_tail-call-on-damon_call +++ a/mm/damon/core.c @@ -1450,7 +1450,7 @@ int damon_call(struct damon_ctx *ctx, st INIT_LIST_HEAD(&control->list); mutex_lock(&ctx->call_controls_lock); - list_add_tail(&ctx->call_controls, &control->list); + list_add_tail(&control->list, &ctx->call_controls); mutex_unlock(&ctx->call_controls_lock); if (!damon_is_running(ctx)) return -EINVAL; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-zswap-remove-unnecessary-dlen-writes-for-incompressible-pages.patch mm-zswap-fix-typos-s-zwap-zswap.patch mm-zswap-s-red-black-tree-xarray.patch docs-admin-guide-mm-zswap-s-red-black-tree-xarray.patch mm-damon-document-damos_quota_goal-nid-use-case.patch mm-damon-add-damos-quota-goal-type-for-per-memcg-per-node-memory-usage.patch mm-damon-core-implement-damos_quota_node_memcg_used_bp.patch mm-damon-sysfs-schemes-implement-path-file-under-quota-goal-directory.patch mm-damon-sysfs-schemes-support-damos_quota_node_memcg_used_bp.patch mm-damon-core-add-damos-quota-gaol-metric-for-per-memcg-per-numa-free-memory.patch mm-damon-sysfs-schemes-support-damos_quota_node_memcg_free_bp.patch docs-mm-damon-design-document-damos_quota_node_memcg_usedfree_bp.patch docs-admin-guide-mm-damon-usage-document-damos-quota-goal-path-file.patch docs-abi-damon-document-damos-quota-goal-path-file.patch

3 weeks, 1 day

1
0
0 0

[merged mm-hotfixes-stable] mm-mremap-correctly-account-old-mapping-after-mremap_dontunmap-remap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/mremap: correctly account old mapping after MREMAP_DONTUNMAP remap has been removed from the -mm tree. Its filename was mm-mremap-correctly-account-old-mapping-after-mremap_dontunmap-remap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/mremap: correctly account old mapping after MREMAP_DONTUNMAP remap Date: Mon, 13 Oct 2025 17:58:36 +0100 Commit b714ccb02a76 ("mm/mremap: complete refactor of move_vma()") mistakenly introduced a new behaviour - clearing the VM_ACCOUNT flag of the old mapping when a mapping is mremap()'d with the MREMAP_DONTUNMAP flag set. While we always clear the VM_LOCKED and VM_LOCKONFAULT flags for the old mapping (the page tables have been moved, so there is no data that could possibly be locked in memory), there is no reason to touch any other VMA flags. This is because after the move the old mapping is in a state as if it were freshly mapped. This implies that the attributes of the mapping ought to remain the same, including whether or not the mapping is accounted. Link: https://lkml.kernel.org/r/20251013165836.273113-1-lorenzo.stoakes@oracle.com Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Fixes: b714ccb02a76 ("mm/mremap: complete refactor of move_vma()") Reviewed-by: Pedro Falcato <pfalcato(a)suse.de> Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) --- a/mm/mremap.c~mm-mremap-correctly-account-old-mapping-after-mremap_dontunmap-remap +++ a/mm/mremap.c @@ -1237,10 +1237,10 @@ static int copy_vma_and_data(struct vma_ } /* - * Perform final tasks for MADV_DONTUNMAP operation, clearing mlock() and - * account flags on remaining VMA by convention (it cannot be mlock()'d any - * longer, as pages in range are no longer mapped), and removing anon_vma_chain - * links from it (if the entire VMA was copied over). + * Perform final tasks for MADV_DONTUNMAP operation, clearing mlock() flag on + * remaining VMA by convention (it cannot be mlock()'d any longer, as pages in + * range are no longer mapped), and removing anon_vma_chain links from it if the + * entire VMA was copied over. */ static void dontunmap_complete(struct vma_remap_struct *vrm, struct vm_area_struct *new_vma) @@ -1250,11 +1250,8 @@ static void dontunmap_complete(struct vm unsigned long old_start = vrm->vma->vm_start; unsigned long old_end = vrm->vma->vm_end; - /* - * We always clear VM_LOCKED[ONFAULT] | VM_ACCOUNT on the old - * vma. - */ - vm_flags_clear(vrm->vma, VM_LOCKED_MASK | VM_ACCOUNT); + /* We always clear VM_LOCKED[ONFAULT] on the old VMA. */ + vm_flags_clear(vrm->vma, VM_LOCKED_MASK); /* * anon_vma links of the old vma is no longer needed after its page _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-shmem-update-shmem-to-use-mmap_prepare.patch device-dax-update-devdax-to-use-mmap_prepare.patch mm-vma-remove-unused-function-make-internal-functions-static.patch mm-add-vma_desc_size-vma_desc_pages-helpers.patch relay-update-relay-to-use-mmap_prepare.patch mm-vma-rename-__mmap_prepare-function-to-avoid-confusion.patch mm-add-remap_pfn_range_prepare-remap_pfn_range_complete.patch mm-abstract-io_remap_pfn_range-based-on-pfn.patch mm-introduce-io_remap_pfn_range_.patch mm-add-ability-to-take-further-action-in-vm_area_desc.patch doc-update-porting-vfs-documentation-for-mmap_prepare-actions.patch mm-hugetlbfs-update-hugetlbfs-to-use-mmap_prepare.patch mm-add-shmem_zero_setup_desc.patch mm-update-mem-char-driver-to-use-mmap_prepare.patch mm-update-resctl-to-use-mmap_prepare.patch

3 weeks, 1 day

1
0
0 0

[PATCH] usb: raw-gadget: do not limit transfer length

by andrey.konovalov＠linux.dev

From: Andrey Konovalov <andreyknvl(a)gmail.com> Drop the check on the maximum transfer length in Raw Gadget for both control and non-control transfers. Limiting the transfer length causes a problem with emulating USB devices whose full configuration descriptor exceeds PAGE_SIZE in length. Overall, there does not appear to be any reason to enforce any kind of transfer length limit on the Raw Gadget side for either control or non-control transfers, so let's just drop the related check. Cc: stable(a)vger.kernel.org Fixes: f2c2e717642c ("usb: gadget: add raw-gadget interface") Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- drivers/usb/gadget/legacy/raw_gadget.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c index 20165e1582d9..b71680c58de6 100644 --- a/drivers/usb/gadget/legacy/raw_gadget.c +++ b/drivers/usb/gadget/legacy/raw_gadget.c @@ -667,8 +667,6 @@ static void *raw_alloc_io_data(struct usb_raw_ep_io *io, void __user *ptr, return ERR_PTR(-EINVAL); if (!usb_raw_io_flags_valid(io->flags)) return ERR_PTR(-EINVAL); - if (io->length > PAGE_SIZE) - return ERR_PTR(-EINVAL); if (get_from_user) data = memdup_user(ptr + sizeof(*io), io->length); else { -- 2.43.0

3 weeks, 1 day

3
4
0 0

[PATCH RESEND] usb: raw-gadget: do not limit transfer length

by andrey.konovalov＠linux.dev

From: Andrey Konovalov <andreyknvl(a)gmail.com> Drop the check on the maximum transfer length in Raw Gadget for both control and non-control transfers. Limiting the transfer length causes a problem with emulating USB devices whose full configuration descriptor exceeds PAGE_SIZE in length. Overall, there does not appear to be any reason to enforce any kind of transfer length limit on the Raw Gadget side for either control or non-control transfers, so let's just drop the related check. Cc: stable(a)vger.kernel.org Fixes: f2c2e717642c ("usb: gadget: add raw-gadget interface") Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- drivers/usb/gadget/legacy/raw_gadget.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c index 20165e1582d9..b71680c58de6 100644 --- a/drivers/usb/gadget/legacy/raw_gadget.c +++ b/drivers/usb/gadget/legacy/raw_gadget.c @@ -667,8 +667,6 @@ static void *raw_alloc_io_data(struct usb_raw_ep_io *io, void __user *ptr, return ERR_PTR(-EINVAL); if (!usb_raw_io_flags_valid(io->flags)) return ERR_PTR(-EINVAL); - if (io->length > PAGE_SIZE) - return ERR_PTR(-EINVAL); if (get_from_user) data = memdup_user(ptr + sizeof(*io), io->length); else { -- 2.43.0

3 weeks, 1 day

1
0
0 0

[PATCH 0/2] fuse: Fix possible memleak at startup with immediate teardown

by Bernd Schubert

Do not merge yet, the current series has not been tested yet. The race is only easily reproducible with additional patches that pin pages during FUSE_IO_URING_CMD_REGISTER - slows it down and then xfstest's generic/001 triggers it reliably. However, I need to update these pin patches for linux master. Signed-off-by: Bernd Schubert <bschubert(a)ddn.com> --- Bernd Schubert (1): fuse: Move ring queues_refs decrement Jian Huang Li (1): fs/fuse: fix potential memory leak from fuse_uring_cancel fs/fuse/dev_uring.c | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) --- base-commit: 6548d364a3e850326831799d7e3ea2d7bb97ba08 change-id: 20251021-io-uring-fixes-cancel-mem-leak-820642677c37 Best regards, -- Bernd Schubert <bschubert(a)ddn.com>

3 weeks, 1 day

1
1
0 0

+ mm-shmem-fix-thp-allocation-size-check-and-fallback.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/shmem: fix THP allocation size check and fallback has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-shmem-fix-thp-allocation-size-check-and-fallback.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem: fix THP allocation size check and fallback Date: Wed, 22 Oct 2025 03:04:36 +0800 There are some problems with the code implementations of THP fallback. suitable_orders could be zero, and calling highest_order on a zero value returns an overflowed size. And the order check loop is updating the index value on every loop which may cause the index to be aligned by a larger value while the loop shrinks the order. And it forgot to try order 0 after the final loop. This is usually fine because shmem_add_to_page_cache ensures the shmem mapping is still sane, but it might cause many potential issues like allocating random folios into the random position in the map or return -ENOMEM by accident. This triggered some strange userspace errors [1], and shouldn't have happened in the first place. Link: https://lkml.kernel.org/r/20251021190436.81682-1-ryncsn@gmail.com Link: https://lore.kernel.org/linux-mm/CAMgjq7DqgAmj25nDUwwu1U2cSGSn8n4-Hqpgotted… [1] Fixes: e7a2ab7b3bb5d ("mm: shmem: add mTHP support for anonymous shmem") Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nico Pache <npache(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) --- a/mm/shmem.c~mm-shmem-fix-thp-allocation-size-check-and-fallback +++ a/mm/shmem.c @@ -1824,6 +1824,9 @@ static unsigned long shmem_suitable_orde unsigned long pages; int order; + if (!orders) + return 0; + if (vma) { orders = thp_vma_suitable_orders(vma, vmf->address, orders); if (!orders) @@ -1888,27 +1891,28 @@ static struct folio *shmem_alloc_and_add if (!IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE)) orders = 0; - if (orders > 0) { - suitable_orders = shmem_suitable_orders(inode, vmf, - mapping, index, orders); + suitable_orders = shmem_suitable_orders(inode, vmf, + mapping, index, orders); + if (suitable_orders) { order = highest_order(suitable_orders); - while (suitable_orders) { + do { pages = 1UL << order; - index = round_down(index, pages); - folio = shmem_alloc_folio(gfp, order, info, index); - if (folio) + folio = shmem_alloc_folio(gfp, order, info, round_down(index, pages)); + if (folio) { + index = round_down(index, pages); goto allocated; + } if (pages == HPAGE_PMD_NR) count_vm_event(THP_FILE_FALLBACK); count_mthp_stat(order, MTHP_STAT_SHMEM_FALLBACK); order = next_order(&suitable_orders, order); - } - } else { - pages = 1; - folio = shmem_alloc_folio(gfp, 0, info, index); + } while (suitable_orders); } + + pages = 1; + folio = shmem_alloc_folio(gfp, 0, info, index); if (!folio) return ERR_PTR(-ENOMEM); _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-fix-thp-allocation-size-check-and-fallback.patch

3 weeks, 1 day

1
0
0 0

[PATCH 5.10/5.15] srcu: Tighten cleanup_srcu_struct() GP checks

by Vasiliy Kovalev

From: "Paul E. McKenney" <paulmck(a)kernel.org> commit 8ed00760203d8018bee042fbfe8e076579be2c2b upstream. Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct(). Fixes: da915ad5cf25 ("srcu: Parallelize callback handling") Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> [ kovalev: backport to fix CVE-2022-49651; added Fixes tag for commit da915ad5cf25 that introduced the srcu_gp_seq_needed field and the race condition between grace period requests and cleanup ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- kernel/rcu/srcutree.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c index b8821665c435..5d89d941280f 100644 --- a/kernel/rcu/srcutree.c +++ b/kernel/rcu/srcutree.c @@ -388,9 +388,11 @@ void cleanup_srcu_struct(struct srcu_struct *ssp) return; /* Forgot srcu_barrier(), so just leak it! */ } if (WARN_ON(rcu_seq_state(READ_ONCE(ssp->srcu_gp_seq)) != SRCU_STATE_IDLE) || + WARN_ON(rcu_seq_current(&ssp->srcu_gp_seq) != ssp->srcu_gp_seq_needed) || WARN_ON(srcu_readers_active(ssp))) { - pr_info("%s: Active srcu_struct %p state: %d\n", - __func__, ssp, rcu_seq_state(READ_ONCE(ssp->srcu_gp_seq))); + pr_info("%s: Active srcu_struct %p read state: %d gp state: %lu/%lu\n", + __func__, ssp, rcu_seq_state(READ_ONCE(ssp->srcu_gp_seq)), + rcu_seq_current(&ssp->srcu_gp_seq), ssp->srcu_gp_seq_needed); return; /* Caller forgot to stop doing call_srcu()? */ } free_percpu(ssp->sda); -- 2.50.1

3 weeks, 1 day

1
0
0 0

[PATCH v1 0/3] PCI fixes for s390

by Farhan Ali

Hi, I came across some issues in PCI code for s390 while working on VFIO error recovery for s390 PCI devices [1]. These patches can be indepedently applied and has no depedency on error recovery patch series. We would like to get these patches merged as they do fix some existing issues. [1] https://lore.kernel.org/all/20250924171628.826-1-alifm@linux.ibm.com/ Thanks Farhan Farhan Ali (3): PCI: Allow per function PCI slots s390/pci: Add architecture specific resource/bus address translation s390/pci: Restore IRQ unconditionally for the zPCI device arch/s390/include/asm/pci.h | 1 - arch/s390/pci/pci.c | 74 ++++++++++++++++++++++++++++++ arch/s390/pci/pci_irq.c | 9 +--- drivers/pci/host-bridge.c | 4 +- drivers/pci/hotplug/s390_pci_hpc.c | 10 +++- drivers/pci/pci.c | 5 +- drivers/pci/slot.c | 14 ++++-- include/linux/pci.h | 1 + 8 files changed, 100 insertions(+), 18 deletions(-) -- 2.43.0

3 weeks, 1 day

4
8
0 0

[PATCH] drm/amd: Add missing return for VPE idle handler

by Mario Limonciello

Adjusting the idle handler for DPM0 handling forgot a return statement which causes the system to not be able to enter s0i3. Add the missing return statement. Cc: stable(a)vger.kernel.org Reported-by: Sultan Alsawaf <sultan(a)kerneltoast.com> Closes: https://lore.kernel.org/amd-gfx/aPawCXBY9eM8oZvG@sultan-box/ Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c index f4932339d79d..aa78c2ee9e21 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c @@ -356,6 +356,7 @@ static void vpe_idle_work_handler(struct work_struct *work) goto reschedule; amdgpu_device_ip_set_powergating_state(adev, AMD_IP_BLOCK_TYPE_VPE, AMD_PG_STATE_GATE); + return; reschedule: schedule_delayed_work(&adev->vpe.idle_work, VPE_IDLE_TIMEOUT); -- 2.49.0

3 weeks, 1 day

3
5
0 0

FAILED: patch "[PATCH] fuse: fix livelock in synchronous file put from fuseblk" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101627-calzone-emperor-7442@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 15 Sep 2025 17:24:17 -0700 Subject: [PATCH] fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the file descriptor before the writes complete. Unsurprisingly, the AIO exerciser threads are mostly stuck waiting for responses from the fuseblk server: # cat /proc/372265/task/372313/stack [<0>] request_wait_answer+0x1fe/0x2a0 [fuse] [<0>] __fuse_simple_request+0xd3/0x2b0 [fuse] [<0>] fuse_do_getattr+0xfc/0x1f0 [fuse] [<0>] fuse_file_read_iter+0xbe/0x1c0 [fuse] [<0>] aio_read+0x130/0x1e0 [<0>] io_submit_one+0x542/0x860 [<0>] __x64_sys_io_submit+0x98/0x1a0 [<0>] do_syscall_64+0x37/0xf0 [<0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 But the /weird/ part is that the fuseblk server threads are waiting for responses from itself: # cat /proc/372210/task/372232/stack [<0>] request_wait_answer+0x1fe/0x2a0 [fuse] [<0>] __fuse_simple_request+0xd3/0x2b0 [fuse] [<0>] fuse_file_put+0x9a/0xd0 [fuse] [<0>] fuse_release+0x36/0x50 [fuse] [<0>] __fput+0xec/0x2b0 [<0>] task_work_run+0x55/0x90 [<0>] syscall_exit_to_user_mode+0xe9/0x100 [<0>] do_syscall_64+0x43/0xf0 [<0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 The fuseblk server is fuse2fs so there's nothing all that exciting in the server itself. So why is the fuse server calling fuse_file_put? The commit message for the fstest sheds some light on that: "By closing the file descriptor before calling io_destroy, you pretty much guarantee that the last put on the ioctx will be done in interrupt context (during I/O completion). Aha. AIO fgets a new struct file from the fd when it queues the ioctx. The completion of the FUSE_WRITE command from userspace causes the fuse server to call the AIO completion function. The completion puts the struct file, queuing a delayed fput to the fuse server task. When the fuse server task returns to userspace, it has to run the delayed fput, which in the case of a fuseblk server, it does synchronously. Sending the FUSE_RELEASE command sychronously from fuse server threads is a bad idea because a client program can initiate enough simultaneous AIOs such that all the fuse server threads end up in delayed_fput, and now there aren't any threads left to handle the queued fuse commands. Fix this by only using asynchronous fputs when closing files, and leave a comment explaining why. Cc: stable(a)vger.kernel.org # v2.6.38 Fixes: 5a18ec176c934c ("fuse: fix hang of single threaded fuseblk filesystem") Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 54786f62a9d8..f1ef77a0be05 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -356,8 +356,14 @@ void fuse_file_release(struct inode *inode, struct fuse_file *ff, * Make the release synchronous if this is a fuseblk mount, * synchronous RELEASE is allowed (and desirable) in this case * because the server can be trusted not to screw up. + * + * Always use the asynchronous file put because the current thread + * might be the fuse server. This can happen if a process starts some + * aio and closes the fd before the aio completes. Since aio takes its + * own ref to the file, the IO completion has to drop the ref, which is + * how the fuse server can end up closing its clients' files. */ - fuse_file_put(ff, ff->fm->fc->destroy); + fuse_file_put(ff, false); } void fuse_release_common(struct file *file, bool isdir)

3 weeks, 1 day

2
2
0 0

FAILED: patch "[PATCH] PCI: tegra194: Reset BARs when running in PCIe endpoint mode" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 42f9c66a6d0cc45758dab77233c5460e1cf003df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101639-january-preheated-6487@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42f9c66a6d0cc45758dab77233c5460e1cf003df Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Mon, 22 Sep 2025 16:08:25 +0200 Subject: [PATCH] PCI: tegra194: Reset BARs when running in PCIe endpoint mode Tegra already defines all BARs except BAR0 as BAR_RESERVED. This is sufficient for pci-epf-test to not allocate backing memory and to not call set_bar() for those BARs. However, marking a BAR as BAR_RESERVED does not mean that the BAR gets disabled. The host side driver, pci_endpoint_test, simply does an ioremap for all enabled BARs and will run tests against all enabled BARs, so it will run tests against the BARs marked as BAR_RESERVED. After running the BAR tests (which will write to all enabled BARs), the inbound address translation is broken. This is because the tegra controller exposes the ATU Port Logic Structure in BAR4, so when BAR4 is written, the inbound address translation settings get overwritten. To avoid this, implement the dw_pcie_ep_ops .init() callback and start off by disabling all BARs (pci-epf-test will later enable/configure BARs that are not defined as BAR_RESERVED). This matches the behavior of other PCIe endpoint drivers: dra7xx, imx6, layerscape-ep, artpec6, dw-rockchip, qcom-ep, rcar-gen4, and uniphier-ep. With this, the PCI endpoint kselftest test case CONSECUTIVE_BAR_TEST (which was specifically made to detect address translation issues) passes. Fixes: c57247f940e8 ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194") Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250922140822.519796-7-cassel@kernel.org diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c index fe418b9bfbb4..359d92dca86a 100644 --- a/drivers/pci/controller/dwc/pcie-tegra194.c +++ b/drivers/pci/controller/dwc/pcie-tegra194.c @@ -1941,6 +1941,15 @@ static irqreturn_t tegra_pcie_ep_pex_rst_irq(int irq, void *arg) return IRQ_HANDLED; } +static void tegra_pcie_ep_init(struct dw_pcie_ep *ep) +{ + struct dw_pcie *pci = to_dw_pcie_from_ep(ep); + enum pci_barno bar; + + for (bar = 0; bar < PCI_STD_NUM_BARS; bar++) + dw_pcie_ep_reset_bar(pci, bar); +}; + static int tegra_pcie_ep_raise_intx_irq(struct tegra_pcie_dw *pcie, u16 irq) { /* Tegra194 supports only INTA */ @@ -2016,6 +2025,7 @@ tegra_pcie_ep_get_features(struct dw_pcie_ep *ep) } static const struct dw_pcie_ep_ops pcie_ep_ops = { + .init = tegra_pcie_ep_init, .raise_irq = tegra_pcie_ep_raise_irq, .get_features = tegra_pcie_ep_get_features, };

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] PM: EM: Fix late boot with holes in CPU topology" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 1ebe8f7e782523e62cd1fa8237f7afba5d1dae83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101616-gigahertz-profane-b22c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1ebe8f7e782523e62cd1fa8237f7afba5d1dae83 Mon Sep 17 00:00:00 2001 From: Christian Loehle <christian.loehle(a)arm.com> Date: Sun, 31 Aug 2025 22:43:57 +0100 Subject: [PATCH] PM: EM: Fix late boot with holes in CPU topology Commit e3f1164fc9ee ("PM: EM: Support late CPUs booting and capacity adjustment") added a mechanism to handle CPUs that come up late by retrying when any of the `cpufreq_cpu_get()` call fails. However, if there are holes in the CPU topology (offline CPUs, e.g. nosmt), the first missing CPU causes the loop to break, preventing subsequent online CPUs from being updated. Instead of aborting on the first missing CPU policy, loop through all and retry if any were missing. Fixes: e3f1164fc9ee ("PM: EM: Support late CPUs booting and capacity adjustment") Suggested-by: Kenneth Crudup <kenneth.crudup(a)gmail.com> Reported-by: Kenneth Crudup <kenneth.crudup(a)gmail.com> Link: https://lore.kernel.org/linux-pm/40212796-734c-4140-8a85-854f72b8144d@panix… Cc: 6.9+ <stable(a)vger.kernel.org> # 6.9+ Signed-off-by: Christian Loehle <christian.loehle(a)arm.com> Link: https://patch.msgid.link/20250831214357.2020076-1-christian.loehle@arm.com [ rjw: Drop the new pr_debug() message which is not very useful ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/kernel/power/energy_model.c b/kernel/power/energy_model.c index 8df55397414a..5f17d2e8e954 100644 --- a/kernel/power/energy_model.c +++ b/kernel/power/energy_model.c @@ -799,7 +799,7 @@ void em_adjust_cpu_capacity(unsigned int cpu) static void em_check_capacity_update(void) { cpumask_var_t cpu_done_mask; - int cpu; + int cpu, failed_cpus = 0; if (!zalloc_cpumask_var(&cpu_done_mask, GFP_KERNEL)) { pr_warn("no free memory\n"); @@ -817,10 +817,8 @@ static void em_check_capacity_update(void) policy = cpufreq_cpu_get(cpu); if (!policy) { - pr_debug("Accessing cpu%d policy failed\n", cpu); - schedule_delayed_work(&em_update_work, - msecs_to_jiffies(1000)); - break; + failed_cpus++; + continue; } cpufreq_cpu_put(policy); @@ -835,6 +833,9 @@ static void em_check_capacity_update(void) em_adjust_new_capacity(cpu, dev, pd); } + if (failed_cpus) + schedule_delayed_work(&em_update_work, msecs_to_jiffies(1000)); + free_cpumask_var(cpu_done_mask); }

3 weeks, 1 day

2
4
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) passing 'const struct iomap *' to parameter of type 'struct iomap ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- passing 'const struct iomap *' to parameter of type 'struct iomap *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] in fs/dax.o (fs/dax.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:568e928648fdbc507b4cfc190ad338a93fe02440 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 63caad8a89c150b298b2e95d18ca60cd904d3183 Log excerpt: ===================================================== fs/dax.c:1147:44: error: passing 'const struct iomap *' to parameter of type 'struct iomap *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] 1147 | const sector_t sector = dax_iomap_sector(iomap, pos); | ^~~~~ fs/dax.c:1009:48: note: passing argument to parameter 'iomap' here 1009 | static sector_t dax_iomap_sector(struct iomap *iomap, loff_t pos) | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig on (arm64): - compiler: clang-17 - config: https://files.kernelci.org/kbuild-clang-17-arm64-allmodconfig-68f7d39c95331… - dashboard: https://d.kernelci.org/build/maestro:68f7d39c9533132a1895417c #kernelci issue maestro:568e928648fdbc507b4cfc190ad338a93fe02440 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] memory: samsung: exynos-srom: Fix of_iomap leak in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6744085079e785dae5f7a2239456135407c58b25 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101607-discharge-haiku-4150@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6744085079e785dae5f7a2239456135407c58b25 Mon Sep 17 00:00:00 2001 From: Zhen Ni <zhen.ni(a)easystack.cn> Date: Wed, 6 Aug 2025 10:55:38 +0800 Subject: [PATCH] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe The of_platform_populate() call at the end of the function has a possible failure path, causing a resource leak. Replace of_iomap() with devm_platform_ioremap_resource() to ensure automatic cleanup of srom->reg_base. This issue was detected by smatch static analysis: drivers/memory/samsung/exynos-srom.c:155 exynos_srom_probe()warn: 'srom->reg_base' from of_iomap() not released on lines: 155. Fixes: 8ac2266d8831 ("memory: samsung: exynos-srom: Add support for bank configuration") Cc: stable(a)vger.kernel.org Signed-off-by: Zhen Ni <zhen.ni(a)easystack.cn> Link: https://lore.kernel.org/r/20250806025538.306593-1-zhen.ni@easystack.cn Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> diff --git a/drivers/memory/samsung/exynos-srom.c b/drivers/memory/samsung/exynos-srom.c index e73dd330af47..d913fb901973 100644 --- a/drivers/memory/samsung/exynos-srom.c +++ b/drivers/memory/samsung/exynos-srom.c @@ -121,20 +121,18 @@ static int exynos_srom_probe(struct platform_device *pdev) return -ENOMEM; srom->dev = dev; - srom->reg_base = of_iomap(np, 0); - if (!srom->reg_base) { + srom->reg_base = devm_platform_ioremap_resource(pdev, 0); + if (IS_ERR(srom->reg_base)) { dev_err(&pdev->dev, "iomap of exynos srom controller failed\n"); - return -ENOMEM; + return PTR_ERR(srom->reg_base); } platform_set_drvdata(pdev, srom); srom->reg_offset = exynos_srom_alloc_reg_dump(exynos_srom_offsets, ARRAY_SIZE(exynos_srom_offsets)); - if (!srom->reg_offset) { - iounmap(srom->reg_base); + if (!srom->reg_offset) return -ENOMEM; - } for_each_child_of_node(np, child) { if (exynos_srom_configure_bank(srom, child)) {

3 weeks, 1 day

2
2
0 0

FAILED: patch "[PATCH] PCI: rcar-host: Drop PMSR spinlock" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0a8f173d9dad13930d5888505dc4c4fd6a1d4262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101648-abruptly-poncho-afdd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0a8f173d9dad13930d5888505dc4c4fd6a1d4262 Mon Sep 17 00:00:00 2001 From: Marek Vasut <marek.vasut+renesas(a)mailbox.org> Date: Tue, 9 Sep 2025 18:26:24 +0200 Subject: [PATCH] PCI: rcar-host: Drop PMSR spinlock The pmsr_lock spinlock used to be necessary to synchronize access to the PMSR register, because that access could have been triggered from either config space access in rcar_pcie_config_access() or an exception handler rcar_pcie_aarch32_abort_handler(). The rcar_pcie_aarch32_abort_handler() case is no longer applicable since commit 6e36203bc14c ("PCI: rcar: Use PCI_SET_ERROR_RESPONSE after read which triggered an exception"), which performs more accurate, controlled invocation of the exception, and a fixup. This leaves rcar_pcie_config_access() as the only call site from which rcar_pcie_wakeup() is called. The rcar_pcie_config_access() can only be called from the controller struct pci_ops .read and .write callbacks, and those are serialized in drivers/pci/access.c using raw spinlock 'pci_lock' . It should be noted that CONFIG_PCI_LOCKLESS_CONFIG is never set on this platform. Since the 'pci_lock' is a raw spinlock , and the 'pmsr_lock' is not a raw spinlock, this constellation triggers 'BUG: Invalid wait context' with CONFIG_PROVE_RAW_LOCK_NESTING=y . Remove the pmsr_lock to fix the locking. Fixes: a115b1bd3af0 ("PCI: rcar: Add L1 link state fix into data abort hook") Reported-by: Duy Nguyen <duy.nguyen.rh(a)renesas.com> Reported-by: Thuan Nguyen <thuan.nguyen-hong(a)banvien.com.vn> Signed-off-by: Marek Vasut <marek.vasut+renesas(a)mailbox.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250909162707.13927-1-marek.vasut+renesas@mailbox… diff --git a/drivers/pci/controller/pcie-rcar-host.c b/drivers/pci/controller/pcie-rcar-host.c index 4780e0109e58..625a00f3b223 100644 --- a/drivers/pci/controller/pcie-rcar-host.c +++ b/drivers/pci/controller/pcie-rcar-host.c @@ -52,20 +52,13 @@ struct rcar_pcie_host { int (*phy_init_fn)(struct rcar_pcie_host *host); }; -static DEFINE_SPINLOCK(pmsr_lock); - static int rcar_pcie_wakeup(struct device *pcie_dev, void __iomem *pcie_base) { - unsigned long flags; u32 pmsr, val; int ret = 0; - spin_lock_irqsave(&pmsr_lock, flags); - - if (!pcie_base || pm_runtime_suspended(pcie_dev)) { - ret = -EINVAL; - goto unlock_exit; - } + if (!pcie_base || pm_runtime_suspended(pcie_dev)) + return -EINVAL; pmsr = readl(pcie_base + PMSR); @@ -87,8 +80,6 @@ static int rcar_pcie_wakeup(struct device *pcie_dev, void __iomem *pcie_base) writel(L1FAEG | PMEL1RX, pcie_base + PMSR); } -unlock_exit: - spin_unlock_irqrestore(&pmsr_lock, flags); return ret; }

3 weeks, 1 day

2
2
0 0

FAILED: patch "[PATCH] PCI: tegra194: Reset BARs when running in PCIe endpoint mode" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 42f9c66a6d0cc45758dab77233c5460e1cf003df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101638-slider-outlying-148b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42f9c66a6d0cc45758dab77233c5460e1cf003df Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Mon, 22 Sep 2025 16:08:25 +0200 Subject: [PATCH] PCI: tegra194: Reset BARs when running in PCIe endpoint mode Tegra already defines all BARs except BAR0 as BAR_RESERVED. This is sufficient for pci-epf-test to not allocate backing memory and to not call set_bar() for those BARs. However, marking a BAR as BAR_RESERVED does not mean that the BAR gets disabled. The host side driver, pci_endpoint_test, simply does an ioremap for all enabled BARs and will run tests against all enabled BARs, so it will run tests against the BARs marked as BAR_RESERVED. After running the BAR tests (which will write to all enabled BARs), the inbound address translation is broken. This is because the tegra controller exposes the ATU Port Logic Structure in BAR4, so when BAR4 is written, the inbound address translation settings get overwritten. To avoid this, implement the dw_pcie_ep_ops .init() callback and start off by disabling all BARs (pci-epf-test will later enable/configure BARs that are not defined as BAR_RESERVED). This matches the behavior of other PCIe endpoint drivers: dra7xx, imx6, layerscape-ep, artpec6, dw-rockchip, qcom-ep, rcar-gen4, and uniphier-ep. With this, the PCI endpoint kselftest test case CONSECUTIVE_BAR_TEST (which was specifically made to detect address translation issues) passes. Fixes: c57247f940e8 ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194") Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250922140822.519796-7-cassel@kernel.org diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c index fe418b9bfbb4..359d92dca86a 100644 --- a/drivers/pci/controller/dwc/pcie-tegra194.c +++ b/drivers/pci/controller/dwc/pcie-tegra194.c @@ -1941,6 +1941,15 @@ static irqreturn_t tegra_pcie_ep_pex_rst_irq(int irq, void *arg) return IRQ_HANDLED; } +static void tegra_pcie_ep_init(struct dw_pcie_ep *ep) +{ + struct dw_pcie *pci = to_dw_pcie_from_ep(ep); + enum pci_barno bar; + + for (bar = 0; bar < PCI_STD_NUM_BARS; bar++) + dw_pcie_ep_reset_bar(pci, bar); +}; + static int tegra_pcie_ep_raise_intx_irq(struct tegra_pcie_dw *pcie, u16 irq) { /* Tegra194 supports only INTA */ @@ -2016,6 +2025,7 @@ tegra_pcie_ep_get_features(struct dw_pcie_ep *ep) } static const struct dw_pcie_ep_ops pcie_ep_ops = { + .init = tegra_pcie_ep_init, .raise_irq = tegra_pcie_ep_raise_irq, .get_features = tegra_pcie_ep_get_features, };

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] PCI: j721e: Fix programming sequence of "strap" settings" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f842d3313ba179d4005096357289c7ad09cec575 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101614-regulator-gumball-c7c6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f842d3313ba179d4005096357289c7ad09cec575 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Mon, 8 Sep 2025 17:38:27 +0530 Subject: [PATCH] PCI: j721e: Fix programming sequence of "strap" settings The Cadence PCIe Controller integrated in the TI K3 SoCs supports both Root-Complex and Endpoint modes of operation. The Glue Layer allows "strapping" the Mode of operation of the Controller, the Link Speed and the Link Width. This is enabled by programming the "PCIEn_CTRL" register (n corresponds to the PCIe instance) within the CTRL_MMR memory-mapped register space. The "reset-values" of the registers are also different depending on the mode of operation. Since the PCIe Controller latches onto the "reset-values" immediately after being powered on, if the Glue Layer configuration is not done while the PCIe Controller is off, it will result in the PCIe Controller latching onto the wrong "reset-values". In practice, this will show up as a wrong representation of the PCIe Controller's capability structures in the PCIe Configuration Space. Some such capabilities which are supported by the PCIe Controller in the Root-Complex mode but are incorrectly latched onto as being unsupported are: - Link Bandwidth Notification - Alternate Routing ID (ARI) Forwarding Support - Next capability offset within Advanced Error Reporting (AER) capability Fix this by powering off the PCIe Controller before programming the "strap" settings and powering it on after that. The runtime PM APIs namely pm_runtime_put_sync() and pm_runtime_get_sync() will decrement and increment the usage counter respectively, causing GENPD to power off and power on the PCIe Controller. Fixes: f3e25911a430 ("PCI: j721e: Add TI J721E PCIe driver") Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250908120828.1471776-1-s-vadapalli@ti.com diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c index cfca13a4c840..5a9ae33e2b93 100644 --- a/drivers/pci/controller/cadence/pci-j721e.c +++ b/drivers/pci/controller/cadence/pci-j721e.c @@ -284,6 +284,25 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) if (!ret) offset = args.args[0]; + /* + * The PCIe Controller's registers have different "reset-values" + * depending on the "strap" settings programmed into the PCIEn_CTRL + * register within the CTRL_MMR memory-mapped register space. + * The registers latch onto a "reset-value" based on the "strap" + * settings sampled after the PCIe Controller is powered on. + * To ensure that the "reset-values" are sampled accurately, power + * off the PCIe Controller before programming the "strap" settings + * and power it on after that. The runtime PM APIs namely + * pm_runtime_put_sync() and pm_runtime_get_sync() will decrement and + * increment the usage counter respectively, causing GENPD to power off + * and power on the PCIe Controller. + */ + ret = pm_runtime_put_sync(dev); + if (ret < 0) { + dev_err(dev, "Failed to power off PCIe Controller\n"); + return ret; + } + ret = j721e_pcie_set_mode(pcie, syscon, offset); if (ret < 0) { dev_err(dev, "Failed to set pci mode\n"); @@ -302,6 +321,12 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) return ret; } + ret = pm_runtime_get_sync(dev); + if (ret < 0) { + dev_err(dev, "Failed to power on PCIe Controller\n"); + return ret; + } + /* Enable ACSPCIE refclk output if the optional property exists */ syscon = syscon_regmap_lookup_by_phandle_optional(node, "ti,syscon-acspcie-proxy-ctrl");

3 weeks, 1 day

2
2
0 0

FAILED: patch "[PATCH] PCI: tegra194: Reset BARs when running in PCIe endpoint mode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 42f9c66a6d0cc45758dab77233c5460e1cf003df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101638-carry-unwashed-bba6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42f9c66a6d0cc45758dab77233c5460e1cf003df Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Mon, 22 Sep 2025 16:08:25 +0200 Subject: [PATCH] PCI: tegra194: Reset BARs when running in PCIe endpoint mode Tegra already defines all BARs except BAR0 as BAR_RESERVED. This is sufficient for pci-epf-test to not allocate backing memory and to not call set_bar() for those BARs. However, marking a BAR as BAR_RESERVED does not mean that the BAR gets disabled. The host side driver, pci_endpoint_test, simply does an ioremap for all enabled BARs and will run tests against all enabled BARs, so it will run tests against the BARs marked as BAR_RESERVED. After running the BAR tests (which will write to all enabled BARs), the inbound address translation is broken. This is because the tegra controller exposes the ATU Port Logic Structure in BAR4, so when BAR4 is written, the inbound address translation settings get overwritten. To avoid this, implement the dw_pcie_ep_ops .init() callback and start off by disabling all BARs (pci-epf-test will later enable/configure BARs that are not defined as BAR_RESERVED). This matches the behavior of other PCIe endpoint drivers: dra7xx, imx6, layerscape-ep, artpec6, dw-rockchip, qcom-ep, rcar-gen4, and uniphier-ep. With this, the PCI endpoint kselftest test case CONSECUTIVE_BAR_TEST (which was specifically made to detect address translation issues) passes. Fixes: c57247f940e8 ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194") Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250922140822.519796-7-cassel@kernel.org diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c index fe418b9bfbb4..359d92dca86a 100644 --- a/drivers/pci/controller/dwc/pcie-tegra194.c +++ b/drivers/pci/controller/dwc/pcie-tegra194.c @@ -1941,6 +1941,15 @@ static irqreturn_t tegra_pcie_ep_pex_rst_irq(int irq, void *arg) return IRQ_HANDLED; } +static void tegra_pcie_ep_init(struct dw_pcie_ep *ep) +{ + struct dw_pcie *pci = to_dw_pcie_from_ep(ep); + enum pci_barno bar; + + for (bar = 0; bar < PCI_STD_NUM_BARS; bar++) + dw_pcie_ep_reset_bar(pci, bar); +}; + static int tegra_pcie_ep_raise_intx_irq(struct tegra_pcie_dw *pcie, u16 irq) { /* Tegra194 supports only INTA */ @@ -2016,6 +2025,7 @@ tegra_pcie_ep_get_features(struct dw_pcie_ep *ep) } static const struct dw_pcie_ep_ops pcie_ep_ops = { + .init = tegra_pcie_ep_init, .raise_irq = tegra_pcie_ep_raise_irq, .get_features = tegra_pcie_ep_get_features, };

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] spi: cadence-quadspi: Flush posted register writes before" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 29e0b471ccbd674d20d4bbddea1a51e7105212c5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101621-blah-dyslexic-116b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 29e0b471ccbd674d20d4bbddea1a51e7105212c5 Mon Sep 17 00:00:00 2001 From: Pratyush Yadav <pratyush(a)kernel.org> Date: Sat, 6 Sep 2025 00:29:55 +0530 Subject: [PATCH] spi: cadence-quadspi: Flush posted register writes before INDAC access cqspi_indirect_read_execute() and cqspi_indirect_write_execute() first set the enable bit on APB region and then start reading/writing to the AHB region. On TI K3 SoCs these regions lie on different endpoints. This means that the order of the two operations is not guaranteed, and they might be reordered at the interconnect level. It is possible for the AHB write to be executed before the APB write to enable the indirect controller, causing the transaction to be invalid and the write erroring out. Read back the APB region write before accessing the AHB region to make sure the write got flushed and the race condition is eliminated. Fixes: 140623410536 ("mtd: spi-nor: Add driver for Cadence Quad SPI Flash Controller") CC: stable(a)vger.kernel.org Reviewed-by: Pratyush Yadav <pratyush(a)kernel.org> Signed-off-by: Pratyush Yadav <pratyush(a)kernel.org> Signed-off-by: Santhosh Kumar K <s-k6(a)ti.com> Message-ID: <20250905185958.3575037-2-s-k6(a)ti.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index 9bf823348cd3..eaf9a0f522d5 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -764,6 +764,7 @@ static int cqspi_indirect_read_execute(struct cqspi_flash_pdata *f_pdata, reinit_completion(&cqspi->transfer_complete); writel(CQSPI_REG_INDIRECTRD_START_MASK, reg_base + CQSPI_REG_INDIRECTRD); + readl(reg_base + CQSPI_REG_INDIRECTRD); /* Flush posted write. */ while (remaining > 0) { if (use_irq && @@ -1090,6 +1091,8 @@ static int cqspi_indirect_write_execute(struct cqspi_flash_pdata *f_pdata, reinit_completion(&cqspi->transfer_complete); writel(CQSPI_REG_INDIRECTWR_START_MASK, reg_base + CQSPI_REG_INDIRECTWR); + readl(reg_base + CQSPI_REG_INDIRECTWR); /* Flush posted write. */ + /* * As per 66AK2G02 TRM SPRUHY8F section 11.15.5.3 Indirect Access * Controller programming sequence, couple of cycles of

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] spi: cadence-quadspi: Flush posted register writes before DAC" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1ad55767e77a853c98752ed1e33b68049a243bd7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101635-laurel-crawling-2104@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1ad55767e77a853c98752ed1e33b68049a243bd7 Mon Sep 17 00:00:00 2001 From: Pratyush Yadav <pratyush(a)kernel.org> Date: Sat, 6 Sep 2025 00:29:56 +0530 Subject: [PATCH] spi: cadence-quadspi: Flush posted register writes before DAC access cqspi_read_setup() and cqspi_write_setup() program the address width as the last step in the setup. This is likely to be immediately followed by a DAC region read/write. On TI K3 SoCs the DAC region is on a different endpoint from the register region. This means that the order of the two operations is not guaranteed, and they might be reordered at the interconnect level. It is possible that the DAC read/write goes through before the address width update goes through. In this situation if the previous command used a different address width the OSPI command is sent with the wrong number of address bytes, resulting in an invalid command and undefined behavior. Read back the size register to make sure the write gets flushed before accessing the DAC region. Fixes: 140623410536 ("mtd: spi-nor: Add driver for Cadence Quad SPI Flash Controller") CC: stable(a)vger.kernel.org Reviewed-by: Pratyush Yadav <pratyush(a)kernel.org> Signed-off-by: Pratyush Yadav <pratyush(a)kernel.org> Signed-off-by: Santhosh Kumar K <s-k6(a)ti.com> Message-ID: <20250905185958.3575037-3-s-k6(a)ti.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index eaf9a0f522d5..447a32a08a93 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -719,6 +719,7 @@ static int cqspi_read_setup(struct cqspi_flash_pdata *f_pdata, reg &= ~CQSPI_REG_SIZE_ADDRESS_MASK; reg |= (op->addr.nbytes - 1); writel(reg, reg_base + CQSPI_REG_SIZE); + readl(reg_base + CQSPI_REG_SIZE); /* Flush posted write. */ return 0; } @@ -1063,6 +1064,7 @@ static int cqspi_write_setup(struct cqspi_flash_pdata *f_pdata, reg &= ~CQSPI_REG_SIZE_ADDRESS_MASK; reg |= (op->addr.nbytes - 1); writel(reg, reg_base + CQSPI_REG_SIZE); + readl(reg_base + CQSPI_REG_SIZE); /* Flush posted write. */ return 0; }

3 weeks, 1 day

2
1
0 0

[PATCH 2/2] io_uring/sqpoll: be smarter on when to update the stime usage

by Jens Axboe

The current approach is a bit naive, and hence calls the time querying way too often. Only start the "doing work" timer when there's actual work to do, and then use that information to terminate (and account) the work time once done. This greatly reduces the frequency of these calls, when they cannot have changed anyway. Running a basic random reader that is setup to use SQPOLL, a profile before this change shows these as the top cycle consumers: + 32.60% iou-sqp-1074 [kernel.kallsyms] [k] thread_group_cputime_adjusted + 19.97% iou-sqp-1074 [kernel.kallsyms] [k] thread_group_cputime + 12.20% io_uring io_uring [.] submitter_uring_fn + 4.13% iou-sqp-1074 [kernel.kallsyms] [k] getrusage + 2.45% iou-sqp-1074 [kernel.kallsyms] [k] io_submit_sqes + 2.18% iou-sqp-1074 [kernel.kallsyms] [k] __pi_memset_generic + 2.09% iou-sqp-1074 [kernel.kallsyms] [k] cputime_adjust and after this change, top of profile looks as follows: + 36.23% io_uring io_uring [.] submitter_uring_fn + 23.26% iou-sqp-819 [kernel.kallsyms] [k] io_sq_thread + 10.14% iou-sqp-819 [kernel.kallsyms] [k] io_sq_tw + 6.52% iou-sqp-819 [kernel.kallsyms] [k] tctx_task_work_run + 4.82% iou-sqp-819 [kernel.kallsyms] [k] nvme_submit_cmds.part.0 + 2.91% iou-sqp-819 [kernel.kallsyms] [k] io_submit_sqes [...] 0.02% iou-sqp-819 [kernel.kallsyms] [k] cputime_adjust where it's spending the cycles on things that actually matter. Reported-by: Fengnan Chang <changfengnan(a)bytedance.com> Cc: stable(a)vger.kernel.org Fixes: 3fcb9d17206e ("io_uring/sqpoll: statistics of the true utilization of sq threads") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/sqpoll.c | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 8705b0aa82e0..f6916f46c047 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -170,6 +170,11 @@ static inline bool io_sqd_events_pending(struct io_sq_data *sqd) return READ_ONCE(sqd->state); } +struct io_sq_time { + bool started; + struct timespec64 ts; +}; + struct timespec64 io_sq_cpu_time(struct task_struct *tsk) { u64 utime, stime; @@ -178,15 +183,27 @@ struct timespec64 io_sq_cpu_time(struct task_struct *tsk) return ns_to_timespec64(stime); } -static void io_sq_update_worktime(struct io_sq_data *sqd, struct timespec64 start) +static void io_sq_update_worktime(struct io_sq_data *sqd, struct io_sq_time *ist) { struct timespec64 ts; - ts = timespec64_sub(io_sq_cpu_time(current), start); + if (!ist->started) + return; + ist->started = false; + ts = timespec64_sub(io_sq_cpu_time(current), ist->ts); sqd->work_time += ts.tv_sec * 1000000 + ts.tv_nsec / 1000; } -static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) +static void io_sq_start_worktime(struct io_sq_time *ist) +{ + if (ist->started) + return; + ist->started = true; + ist->ts = io_sq_cpu_time(current); +} + +static int __io_sq_thread(struct io_ring_ctx *ctx, struct io_sq_data *sqd, + bool cap_entries, struct io_sq_time *ist) { unsigned int to_submit; int ret = 0; @@ -199,6 +216,8 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit || !wq_list_empty(&ctx->iopoll_list)) { const struct cred *creds = NULL; + io_sq_start_worktime(ist); + if (ctx->sq_creds != current_cred()) creds = override_creds(ctx->sq_creds); @@ -277,7 +296,6 @@ static int io_sq_thread(void *data) struct llist_node *retry_list = NULL; struct io_sq_data *sqd = data; struct io_ring_ctx *ctx; - struct timespec64 start; unsigned long timeout = 0; char buf[TASK_COMM_LEN] = {}; DEFINE_WAIT(wait); @@ -315,6 +333,7 @@ static int io_sq_thread(void *data) mutex_lock(&sqd->lock); while (1) { bool cap_entries, sqt_spin = false; + struct io_sq_time ist = { }; if (io_sqd_events_pending(sqd) || signal_pending(current)) { if (io_sqd_handle_event(sqd)) @@ -323,9 +342,8 @@ static int io_sq_thread(void *data) } cap_entries = !list_is_singular(&sqd->ctx_list); - start = io_sq_cpu_time(current); list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { - int ret = __io_sq_thread(ctx, cap_entries); + int ret = __io_sq_thread(ctx, sqd, cap_entries, &ist); if (!sqt_spin && (ret > 0 || !wq_list_empty(&ctx->iopoll_list))) sqt_spin = true; @@ -333,15 +351,18 @@ static int io_sq_thread(void *data) if (io_sq_tw(&retry_list, IORING_TW_CAP_ENTRIES_VALUE)) sqt_spin = true; - list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) - if (io_napi(ctx)) + list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { + if (io_napi(ctx)) { + io_sq_start_worktime(&ist); io_napi_sqpoll_busy_poll(ctx); + } + } + + io_sq_update_worktime(sqd, &ist); if (sqt_spin || !time_after(jiffies, timeout)) { - if (sqt_spin) { - io_sq_update_worktime(sqd, start); + if (sqt_spin) timeout = jiffies + sqd->sq_thread_idle; - } if (unlikely(need_resched())) { mutex_unlock(&sqd->lock); cond_resched(); -- 2.51.0

3 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] ext4: avoid potential buffer over-read in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101635-twitch-preoccupy-ad1d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <tytso(a)mit.edu> Date: Tue, 16 Sep 2025 23:22:47 -0400 Subject: [PATCH] ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount_options() by treating s_mount_opts as a potential __nonstring. Cc: stable(a)vger.kernel.org Fixes: 8b67f04ab9de ("ext4: Add mount options in superblock") Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Message-ID: <20250916-tune2fs-v2-1-d594dc7486f0(a)mit.edu> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d26e5c0731e5..488f4c281a3f 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2469,7 +2469,7 @@ static int parse_apply_sb_mount_options(struct super_block *sb, struct ext4_fs_context *m_ctx) { struct ext4_sb_info *sbi = EXT4_SB(sb); - char *s_mount_opts = NULL; + char s_mount_opts[65]; struct ext4_fs_context *s_ctx = NULL; struct fs_context *fc = NULL; int ret = -ENOMEM; @@ -2477,15 +2477,11 @@ static int parse_apply_sb_mount_options(struct super_block *sb, if (!sbi->s_es->s_mount_opts[0]) return 0; - s_mount_opts = kstrndup(sbi->s_es->s_mount_opts, - sizeof(sbi->s_es->s_mount_opts), - GFP_KERNEL); - if (!s_mount_opts) - return ret; + strscpy_pad(s_mount_opts, sbi->s_es->s_mount_opts); fc = kzalloc(sizeof(struct fs_context), GFP_KERNEL); if (!fc) - goto out_free; + return -ENOMEM; s_ctx = kzalloc(sizeof(struct ext4_fs_context), GFP_KERNEL); if (!s_ctx) @@ -2517,11 +2513,8 @@ static int parse_apply_sb_mount_options(struct super_block *sb, ret = 0; out_free: - if (fc) { - ext4_fc_free(fc); - kfree(fc); - } - kfree(s_mount_opts); + ext4_fc_free(fc); + kfree(fc); return ret; }

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] ext4: avoid potential buffer over-read in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101635-unbuckled-masses-9441@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <tytso(a)mit.edu> Date: Tue, 16 Sep 2025 23:22:47 -0400 Subject: [PATCH] ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount_options() by treating s_mount_opts as a potential __nonstring. Cc: stable(a)vger.kernel.org Fixes: 8b67f04ab9de ("ext4: Add mount options in superblock") Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Message-ID: <20250916-tune2fs-v2-1-d594dc7486f0(a)mit.edu> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d26e5c0731e5..488f4c281a3f 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2469,7 +2469,7 @@ static int parse_apply_sb_mount_options(struct super_block *sb, struct ext4_fs_context *m_ctx) { struct ext4_sb_info *sbi = EXT4_SB(sb); - char *s_mount_opts = NULL; + char s_mount_opts[65]; struct ext4_fs_context *s_ctx = NULL; struct fs_context *fc = NULL; int ret = -ENOMEM; @@ -2477,15 +2477,11 @@ static int parse_apply_sb_mount_options(struct super_block *sb, if (!sbi->s_es->s_mount_opts[0]) return 0; - s_mount_opts = kstrndup(sbi->s_es->s_mount_opts, - sizeof(sbi->s_es->s_mount_opts), - GFP_KERNEL); - if (!s_mount_opts) - return ret; + strscpy_pad(s_mount_opts, sbi->s_es->s_mount_opts); fc = kzalloc(sizeof(struct fs_context), GFP_KERNEL); if (!fc) - goto out_free; + return -ENOMEM; s_ctx = kzalloc(sizeof(struct ext4_fs_context), GFP_KERNEL); if (!s_ctx) @@ -2517,11 +2513,8 @@ static int parse_apply_sb_mount_options(struct super_block *sb, ret = 0; out_free: - if (fc) { - ext4_fc_free(fc); - kfree(fc); - } - kfree(s_mount_opts); + ext4_fc_free(fc); + kfree(fc); return ret; }

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] spi: cadence-quadspi: Flush posted register writes before DAC" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1ad55767e77a853c98752ed1e33b68049a243bd7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101634-glare-unrivaled-70bf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1ad55767e77a853c98752ed1e33b68049a243bd7 Mon Sep 17 00:00:00 2001 From: Pratyush Yadav <pratyush(a)kernel.org> Date: Sat, 6 Sep 2025 00:29:56 +0530 Subject: [PATCH] spi: cadence-quadspi: Flush posted register writes before DAC access cqspi_read_setup() and cqspi_write_setup() program the address width as the last step in the setup. This is likely to be immediately followed by a DAC region read/write. On TI K3 SoCs the DAC region is on a different endpoint from the register region. This means that the order of the two operations is not guaranteed, and they might be reordered at the interconnect level. It is possible that the DAC read/write goes through before the address width update goes through. In this situation if the previous command used a different address width the OSPI command is sent with the wrong number of address bytes, resulting in an invalid command and undefined behavior. Read back the size register to make sure the write gets flushed before accessing the DAC region. Fixes: 140623410536 ("mtd: spi-nor: Add driver for Cadence Quad SPI Flash Controller") CC: stable(a)vger.kernel.org Reviewed-by: Pratyush Yadav <pratyush(a)kernel.org> Signed-off-by: Pratyush Yadav <pratyush(a)kernel.org> Signed-off-by: Santhosh Kumar K <s-k6(a)ti.com> Message-ID: <20250905185958.3575037-3-s-k6(a)ti.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index eaf9a0f522d5..447a32a08a93 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -719,6 +719,7 @@ static int cqspi_read_setup(struct cqspi_flash_pdata *f_pdata, reg &= ~CQSPI_REG_SIZE_ADDRESS_MASK; reg |= (op->addr.nbytes - 1); writel(reg, reg_base + CQSPI_REG_SIZE); + readl(reg_base + CQSPI_REG_SIZE); /* Flush posted write. */ return 0; } @@ -1063,6 +1064,7 @@ static int cqspi_write_setup(struct cqspi_flash_pdata *f_pdata, reg &= ~CQSPI_REG_SIZE_ADDRESS_MASK; reg |= (op->addr.nbytes - 1); writel(reg, reg_base + CQSPI_REG_SIZE); + readl(reg_base + CQSPI_REG_SIZE); /* Flush posted write. */ return 0; }

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] phy: cadence: cdns-dphy: Update calibration wait time for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2c27aaee934a1b5229152fe33a14f1fdf50da143 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101626-squeamish-relock-6780@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c27aaee934a1b5229152fe33a14f1fdf50da143 Mon Sep 17 00:00:00 2001 From: Devarsh Thakkar <devarsht(a)ti.com> Date: Fri, 4 Jul 2025 18:29:15 +0530 Subject: [PATCH] phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Do read-modify-write so that we re-use the characterized reset value as specified in TRM [1] to program calibration wait time which defines number of cycles to wait for after startup state machine is in bandgap enable state. This fixes PLL lock timeout error faced while using RPi DSI Panel on TI's AM62L and J721E SoC since earlier calibration wait time was getting overwritten to zero value thus failing the PLL to lockup and causing timeout. [1] AM62P TRM (Section 14.8.6.3.2.1.1 DPHY_TX_DPHYTX_CMN0_CMN_DIG_TBIT2): Link: https://www.ti.com/lit/pdf/spruj83 Cc: stable(a)vger.kernel.org Fixes: 7a343c8bf4b5 ("phy: Add Cadence D-PHY support") Signed-off-by: Devarsh Thakkar <devarsht(a)ti.com> Tested-by: Harikrishna Shenoy <h-shenoy(a)ti.com> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250704125915.1224738-3-devarsht@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/cadence/cdns-dphy.c b/drivers/phy/cadence/cdns-dphy.c index da8de0a9d086..24a25606996c 100644 --- a/drivers/phy/cadence/cdns-dphy.c +++ b/drivers/phy/cadence/cdns-dphy.c @@ -30,6 +30,7 @@ #define DPHY_CMN_SSM DPHY_PMA_CMN(0x20) #define DPHY_CMN_SSM_EN BIT(0) +#define DPHY_CMN_SSM_CAL_WAIT_TIME GENMASK(8, 1) #define DPHY_CMN_TX_MODE_EN BIT(9) #define DPHY_CMN_PWM DPHY_PMA_CMN(0x40) @@ -410,7 +411,8 @@ static int cdns_dphy_power_on(struct phy *phy) writel(reg, dphy->regs + DPHY_BAND_CFG); /* Start TX state machine. */ - writel(DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, + reg = readl(dphy->regs + DPHY_CMN_SSM); + writel((reg & DPHY_CMN_SSM_CAL_WAIT_TIME) | DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, dphy->regs + DPHY_CMN_SSM); ret = cdns_dphy_wait_for_pll_lock(dphy);

3 weeks, 1 day

2
3
0 0

FAILED: patch "[PATCH] ext4: avoid potential buffer over-read in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101622-hungrily-marbling-e7ef@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <tytso(a)mit.edu> Date: Tue, 16 Sep 2025 23:22:47 -0400 Subject: [PATCH] ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount_options() by treating s_mount_opts as a potential __nonstring. Cc: stable(a)vger.kernel.org Fixes: 8b67f04ab9de ("ext4: Add mount options in superblock") Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Message-ID: <20250916-tune2fs-v2-1-d594dc7486f0(a)mit.edu> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d26e5c0731e5..488f4c281a3f 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2469,7 +2469,7 @@ static int parse_apply_sb_mount_options(struct super_block *sb, struct ext4_fs_context *m_ctx) { struct ext4_sb_info *sbi = EXT4_SB(sb); - char *s_mount_opts = NULL; + char s_mount_opts[65]; struct ext4_fs_context *s_ctx = NULL; struct fs_context *fc = NULL; int ret = -ENOMEM; @@ -2477,15 +2477,11 @@ static int parse_apply_sb_mount_options(struct super_block *sb, if (!sbi->s_es->s_mount_opts[0]) return 0; - s_mount_opts = kstrndup(sbi->s_es->s_mount_opts, - sizeof(sbi->s_es->s_mount_opts), - GFP_KERNEL); - if (!s_mount_opts) - return ret; + strscpy_pad(s_mount_opts, sbi->s_es->s_mount_opts); fc = kzalloc(sizeof(struct fs_context), GFP_KERNEL); if (!fc) - goto out_free; + return -ENOMEM; s_ctx = kzalloc(sizeof(struct ext4_fs_context), GFP_KERNEL); if (!s_ctx) @@ -2517,11 +2513,8 @@ static int parse_apply_sb_mount_options(struct super_block *sb, ret = 0; out_free: - if (fc) { - ext4_fc_free(fc); - kfree(fc); - } - kfree(s_mount_opts); + ext4_fc_free(fc); + kfree(fc); return ret; }

3 weeks, 1 day

2
1
0 0

[PATCH v3] drm/nouveau: Fix refcount leak in nouveau_connector_detect

by Shuhao Fu

A possible inconsistent refcount update has been identified in function `nouveau_connector_detect`, which may cause a resource leak. After calling `pm_runtime_get_*(dev->dev)`, the usage counter of `dev->dev` gets increased. In case function `nvif_outp_edid_get` returns negative, function `nouveau_connector_detect` returns without decreasing the usage counter of `dev->dev`, causing a refcount inconsistency. Closes: https://gitlab.freedesktop.org/drm/nouveau/-/issues/450 Fixes: 0cd7e0718139 ("drm/nouveau/disp: add output method to fetch edid") Signed-off-by: Shuhao Fu <sfual(a)cse.ust.hk> Cc: stable(a)vger.kernel.org Change in v3: - Cc stable Change in v2: - Add "Fixes" and "Cc" tags --- drivers/gpu/drm/nouveau/nouveau_connector.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 63621b151..45caccade 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -600,8 +600,10 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) new_edid = drm_get_edid(connector, nv_encoder->i2c); } else { ret = nvif_outp_edid_get(&nv_encoder->outp, (u8 **)&new_edid); - if (ret < 0) - return connector_status_disconnected; + if (ret < 0) { + conn_status = connector_status_disconnected; + goto out; + } } nouveau_connector_set_edid(nv_connector, new_edid); -- 2.39.5

3 weeks, 1 day

1
1
0 0

FAILED: patch "[PATCH] phy: cadence: cdns-dphy: Update calibration wait time for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2c27aaee934a1b5229152fe33a14f1fdf50da143 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101626-mossy-unsaid-e0a8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c27aaee934a1b5229152fe33a14f1fdf50da143 Mon Sep 17 00:00:00 2001 From: Devarsh Thakkar <devarsht(a)ti.com> Date: Fri, 4 Jul 2025 18:29:15 +0530 Subject: [PATCH] phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Do read-modify-write so that we re-use the characterized reset value as specified in TRM [1] to program calibration wait time which defines number of cycles to wait for after startup state machine is in bandgap enable state. This fixes PLL lock timeout error faced while using RPi DSI Panel on TI's AM62L and J721E SoC since earlier calibration wait time was getting overwritten to zero value thus failing the PLL to lockup and causing timeout. [1] AM62P TRM (Section 14.8.6.3.2.1.1 DPHY_TX_DPHYTX_CMN0_CMN_DIG_TBIT2): Link: https://www.ti.com/lit/pdf/spruj83 Cc: stable(a)vger.kernel.org Fixes: 7a343c8bf4b5 ("phy: Add Cadence D-PHY support") Signed-off-by: Devarsh Thakkar <devarsht(a)ti.com> Tested-by: Harikrishna Shenoy <h-shenoy(a)ti.com> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250704125915.1224738-3-devarsht@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/cadence/cdns-dphy.c b/drivers/phy/cadence/cdns-dphy.c index da8de0a9d086..24a25606996c 100644 --- a/drivers/phy/cadence/cdns-dphy.c +++ b/drivers/phy/cadence/cdns-dphy.c @@ -30,6 +30,7 @@ #define DPHY_CMN_SSM DPHY_PMA_CMN(0x20) #define DPHY_CMN_SSM_EN BIT(0) +#define DPHY_CMN_SSM_CAL_WAIT_TIME GENMASK(8, 1) #define DPHY_CMN_TX_MODE_EN BIT(9) #define DPHY_CMN_PWM DPHY_PMA_CMN(0x40) @@ -410,7 +411,8 @@ static int cdns_dphy_power_on(struct phy *phy) writel(reg, dphy->regs + DPHY_BAND_CFG); /* Start TX state machine. */ - writel(DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, + reg = readl(dphy->regs + DPHY_CMN_SSM); + writel((reg & DPHY_CMN_SSM_CAL_WAIT_TIME) | DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, dphy->regs + DPHY_CMN_SSM); ret = cdns_dphy_wait_for_pll_lock(dphy);

3 weeks, 1 day

2
3
0 0

FAILED: patch "[PATCH] ext4: avoid potential buffer over-read in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101623-skydiver-grading-5b2f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <tytso(a)mit.edu> Date: Tue, 16 Sep 2025 23:22:47 -0400 Subject: [PATCH] ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount_options() by treating s_mount_opts as a potential __nonstring. Cc: stable(a)vger.kernel.org Fixes: 8b67f04ab9de ("ext4: Add mount options in superblock") Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Message-ID: <20250916-tune2fs-v2-1-d594dc7486f0(a)mit.edu> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d26e5c0731e5..488f4c281a3f 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2469,7 +2469,7 @@ static int parse_apply_sb_mount_options(struct super_block *sb, struct ext4_fs_context *m_ctx) { struct ext4_sb_info *sbi = EXT4_SB(sb); - char *s_mount_opts = NULL; + char s_mount_opts[65]; struct ext4_fs_context *s_ctx = NULL; struct fs_context *fc = NULL; int ret = -ENOMEM; @@ -2477,15 +2477,11 @@ static int parse_apply_sb_mount_options(struct super_block *sb, if (!sbi->s_es->s_mount_opts[0]) return 0; - s_mount_opts = kstrndup(sbi->s_es->s_mount_opts, - sizeof(sbi->s_es->s_mount_opts), - GFP_KERNEL); - if (!s_mount_opts) - return ret; + strscpy_pad(s_mount_opts, sbi->s_es->s_mount_opts); fc = kzalloc(sizeof(struct fs_context), GFP_KERNEL); if (!fc) - goto out_free; + return -ENOMEM; s_ctx = kzalloc(sizeof(struct ext4_fs_context), GFP_KERNEL); if (!s_ctx) @@ -2517,11 +2513,8 @@ static int parse_apply_sb_mount_options(struct super_block *sb, ret = 0; out_free: - if (fc) { - ext4_fc_free(fc); - kfree(fc); - } - kfree(s_mount_opts); + ext4_fc_free(fc); + kfree(fc); return ret; }

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] PCI: rcar-host: Convert struct rcar_msi mask_lock into raw" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5ed35b4d490d8735021cce9b715b62a418310864 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101634-immunity-sinuous-afc9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5ed35b4d490d8735021cce9b715b62a418310864 Mon Sep 17 00:00:00 2001 From: Marek Vasut <marek.vasut+renesas(a)mailbox.org> Date: Tue, 9 Sep 2025 18:26:25 +0200 Subject: [PATCH] PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock The rcar_msi_irq_unmask() function may be called from a PCI driver request_threaded_irq() function. This triggers kernel/irq/manage.c __setup_irq() which locks raw spinlock &desc->lock descriptor lock and with that descriptor lock held, calls rcar_msi_irq_unmask(). Since the &desc->lock descriptor lock is a raw spinlock, and the rcar_msi .mask_lock is not a raw spinlock, this setup triggers 'BUG: Invalid wait context' with CONFIG_PROVE_RAW_LOCK_NESTING=y. Use scoped_guard() to simplify the locking. Fixes: 83ed8d4fa656 ("PCI: rcar: Convert to MSI domains") Reported-by: Duy Nguyen <duy.nguyen.rh(a)renesas.com> Reported-by: Thuan Nguyen <thuan.nguyen-hong(a)banvien.com.vn> Signed-off-by: Marek Vasut <marek.vasut+renesas(a)mailbox.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Acked-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250909162707.13927-2-marek.vasut+renesas@mailbox… diff --git a/drivers/pci/controller/pcie-rcar-host.c b/drivers/pci/controller/pcie-rcar-host.c index 625a00f3b223..213028052aa5 100644 --- a/drivers/pci/controller/pcie-rcar-host.c +++ b/drivers/pci/controller/pcie-rcar-host.c @@ -12,6 +12,7 @@ */ #include <linux/bitops.h> +#include <linux/cleanup.h> #include <linux/clk.h> #include <linux/clk-provider.h> #include <linux/delay.h> @@ -38,7 +39,7 @@ struct rcar_msi { DECLARE_BITMAP(used, INT_PCI_MSI_NR); struct irq_domain *domain; struct mutex map_lock; - spinlock_t mask_lock; + raw_spinlock_t mask_lock; int irq1; int irq2; }; @@ -602,28 +603,26 @@ static void rcar_msi_irq_mask(struct irq_data *d) { struct rcar_msi *msi = irq_data_get_irq_chip_data(d); struct rcar_pcie *pcie = &msi_to_host(msi)->pcie; - unsigned long flags; u32 value; - spin_lock_irqsave(&msi->mask_lock, flags); - value = rcar_pci_read_reg(pcie, PCIEMSIIER); - value &= ~BIT(d->hwirq); - rcar_pci_write_reg(pcie, value, PCIEMSIIER); - spin_unlock_irqrestore(&msi->mask_lock, flags); + scoped_guard(raw_spinlock_irqsave, &msi->mask_lock) { + value = rcar_pci_read_reg(pcie, PCIEMSIIER); + value &= ~BIT(d->hwirq); + rcar_pci_write_reg(pcie, value, PCIEMSIIER); + } } static void rcar_msi_irq_unmask(struct irq_data *d) { struct rcar_msi *msi = irq_data_get_irq_chip_data(d); struct rcar_pcie *pcie = &msi_to_host(msi)->pcie; - unsigned long flags; u32 value; - spin_lock_irqsave(&msi->mask_lock, flags); - value = rcar_pci_read_reg(pcie, PCIEMSIIER); - value |= BIT(d->hwirq); - rcar_pci_write_reg(pcie, value, PCIEMSIIER); - spin_unlock_irqrestore(&msi->mask_lock, flags); + scoped_guard(raw_spinlock_irqsave, &msi->mask_lock) { + value = rcar_pci_read_reg(pcie, PCIEMSIIER); + value |= BIT(d->hwirq); + rcar_pci_write_reg(pcie, value, PCIEMSIIER); + } } static void rcar_compose_msi_msg(struct irq_data *data, struct msi_msg *msg) @@ -736,7 +735,7 @@ static int rcar_pcie_enable_msi(struct rcar_pcie_host *host) int err; mutex_init(&msi->map_lock); - spin_lock_init(&msi->mask_lock); + raw_spin_lock_init(&msi->mask_lock); err = of_address_to_resource(dev->of_node, 0, &res); if (err)

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] phy: cadence: cdns-dphy: Update calibration wait time for" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 2c27aaee934a1b5229152fe33a14f1fdf50da143 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101625-happiness-heavily-11c6@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c27aaee934a1b5229152fe33a14f1fdf50da143 Mon Sep 17 00:00:00 2001 From: Devarsh Thakkar <devarsht(a)ti.com> Date: Fri, 4 Jul 2025 18:29:15 +0530 Subject: [PATCH] phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Do read-modify-write so that we re-use the characterized reset value as specified in TRM [1] to program calibration wait time which defines number of cycles to wait for after startup state machine is in bandgap enable state. This fixes PLL lock timeout error faced while using RPi DSI Panel on TI's AM62L and J721E SoC since earlier calibration wait time was getting overwritten to zero value thus failing the PLL to lockup and causing timeout. [1] AM62P TRM (Section 14.8.6.3.2.1.1 DPHY_TX_DPHYTX_CMN0_CMN_DIG_TBIT2): Link: https://www.ti.com/lit/pdf/spruj83 Cc: stable(a)vger.kernel.org Fixes: 7a343c8bf4b5 ("phy: Add Cadence D-PHY support") Signed-off-by: Devarsh Thakkar <devarsht(a)ti.com> Tested-by: Harikrishna Shenoy <h-shenoy(a)ti.com> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250704125915.1224738-3-devarsht@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/cadence/cdns-dphy.c b/drivers/phy/cadence/cdns-dphy.c index da8de0a9d086..24a25606996c 100644 --- a/drivers/phy/cadence/cdns-dphy.c +++ b/drivers/phy/cadence/cdns-dphy.c @@ -30,6 +30,7 @@ #define DPHY_CMN_SSM DPHY_PMA_CMN(0x20) #define DPHY_CMN_SSM_EN BIT(0) +#define DPHY_CMN_SSM_CAL_WAIT_TIME GENMASK(8, 1) #define DPHY_CMN_TX_MODE_EN BIT(9) #define DPHY_CMN_PWM DPHY_PMA_CMN(0x40) @@ -410,7 +411,8 @@ static int cdns_dphy_power_on(struct phy *phy) writel(reg, dphy->regs + DPHY_BAND_CFG); /* Start TX state machine. */ - writel(DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, + reg = readl(dphy->regs + DPHY_CMN_SSM); + writel((reg & DPHY_CMN_SSM_CAL_WAIT_TIME) | DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, dphy->regs + DPHY_CMN_SSM); ret = cdns_dphy_wait_for_pll_lock(dphy);

3 weeks, 1 day

2
3
0 0

FAILED: patch "[PATCH] phy: cadence: cdns-dphy: Update calibration wait time for" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 2c27aaee934a1b5229152fe33a14f1fdf50da143 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101625-laborer-imaging-a408@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c27aaee934a1b5229152fe33a14f1fdf50da143 Mon Sep 17 00:00:00 2001 From: Devarsh Thakkar <devarsht(a)ti.com> Date: Fri, 4 Jul 2025 18:29:15 +0530 Subject: [PATCH] phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Do read-modify-write so that we re-use the characterized reset value as specified in TRM [1] to program calibration wait time which defines number of cycles to wait for after startup state machine is in bandgap enable state. This fixes PLL lock timeout error faced while using RPi DSI Panel on TI's AM62L and J721E SoC since earlier calibration wait time was getting overwritten to zero value thus failing the PLL to lockup and causing timeout. [1] AM62P TRM (Section 14.8.6.3.2.1.1 DPHY_TX_DPHYTX_CMN0_CMN_DIG_TBIT2): Link: https://www.ti.com/lit/pdf/spruj83 Cc: stable(a)vger.kernel.org Fixes: 7a343c8bf4b5 ("phy: Add Cadence D-PHY support") Signed-off-by: Devarsh Thakkar <devarsht(a)ti.com> Tested-by: Harikrishna Shenoy <h-shenoy(a)ti.com> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250704125915.1224738-3-devarsht@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/cadence/cdns-dphy.c b/drivers/phy/cadence/cdns-dphy.c index da8de0a9d086..24a25606996c 100644 --- a/drivers/phy/cadence/cdns-dphy.c +++ b/drivers/phy/cadence/cdns-dphy.c @@ -30,6 +30,7 @@ #define DPHY_CMN_SSM DPHY_PMA_CMN(0x20) #define DPHY_CMN_SSM_EN BIT(0) +#define DPHY_CMN_SSM_CAL_WAIT_TIME GENMASK(8, 1) #define DPHY_CMN_TX_MODE_EN BIT(9) #define DPHY_CMN_PWM DPHY_PMA_CMN(0x40) @@ -410,7 +411,8 @@ static int cdns_dphy_power_on(struct phy *phy) writel(reg, dphy->regs + DPHY_BAND_CFG); /* Start TX state machine. */ - writel(DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, + reg = readl(dphy->regs + DPHY_CMN_SSM); + writel((reg & DPHY_CMN_SSM_CAL_WAIT_TIME) | DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, dphy->regs + DPHY_CMN_SSM); ret = cdns_dphy_wait_for_pll_lock(dphy);

3 weeks, 1 day

2
3
0 0

[PATCH AUTOSEL 6.17-5.4] hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()

by Sasha Levin

From: Viacheslav Dubeyko <slava(a)dubeyko.com> [ Upstream commit 2048ec5b98dbdfe0b929d2e42dc7a54c389c53dd ] The syzbot reported issue in hfs_find_set_zero_bits(): ===================================================== BUG: KMSAN: uninit-value in hfs_find_set_zero_bits+0x74d/0xb60 fs/hfs/bitmap.c:45 hfs_find_set_zero_bits+0x74d/0xb60 fs/hfs/bitmap.c:45 hfs_vbm_search_free+0x13c/0x5b0 fs/hfs/bitmap.c:151 hfs_extend_file+0x6a5/0x1b00 fs/hfs/extent.c:408 hfs_get_block+0x435/0x1150 fs/hfs/extent.c:353 __block_write_begin_int+0xa76/0x3030 fs/buffer.c:2151 block_write_begin fs/buffer.c:2262 [inline] cont_write_begin+0x10e1/0x1bc0 fs/buffer.c:2601 hfs_write_begin+0x85/0x130 fs/hfs/inode.c:52 cont_expand_zero fs/buffer.c:2528 [inline] cont_write_begin+0x35a/0x1bc0 fs/buffer.c:2591 hfs_write_begin+0x85/0x130 fs/hfs/inode.c:52 hfs_file_truncate+0x1d6/0xe60 fs/hfs/extent.c:494 hfs_inode_setattr+0x964/0xaa0 fs/hfs/inode.c:654 notify_change+0x1993/0x1aa0 fs/attr.c:552 do_truncate+0x28f/0x310 fs/open.c:68 do_ftruncate+0x698/0x730 fs/open.c:195 do_sys_ftruncate fs/open.c:210 [inline] __do_sys_ftruncate fs/open.c:215 [inline] __se_sys_ftruncate fs/open.c:213 [inline] __x64_sys_ftruncate+0x11b/0x250 fs/open.c:213 x64_sys_call+0xfe3/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:78 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4154 [inline] slab_alloc_node mm/slub.c:4197 [inline] __kmalloc_cache_noprof+0x7f7/0xed0 mm/slub.c:4354 kmalloc_noprof include/linux/slab.h:905 [inline] hfs_mdb_get+0x1cc8/0x2a90 fs/hfs/mdb.c:175 hfs_fill_super+0x3d0/0xb80 fs/hfs/super.c:337 get_tree_bdev_flags+0x6e3/0x920 fs/super.c:1681 get_tree_bdev+0x38/0x50 fs/super.c:1704 hfs_get_tree+0x35/0x40 fs/hfs/super.c:388 vfs_get_tree+0xb0/0x5c0 fs/super.c:1804 do_new_mount+0x738/0x1610 fs/namespace.c:3902 path_mount+0x6db/0x1e90 fs/namespace.c:4226 do_mount fs/namespace.c:4239 [inline] __do_sys_mount fs/namespace.c:4450 [inline] __se_sys_mount+0x6eb/0x7d0 fs/namespace.c:4427 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4427 x64_sys_call+0xfa7/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:166 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 12609 Comm: syz.1.2692 Not tainted 6.16.0-syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 ===================================================== The HFS_SB(sb)->bitmap buffer is allocated in hfs_mdb_get(): HFS_SB(sb)->bitmap = kmalloc(8192, GFP_KERNEL); Finally, it can trigger the reported issue because kmalloc() doesn't clear the allocated memory. If allocated memory contains only zeros, then everything will work pretty fine. But if the allocated memory contains the "garbage", then it can affect the bitmap operations and it triggers the reported issue. This patch simply exchanges the kmalloc() on kzalloc() with the goal to guarantee the correctness of bitmap operations. Because, newly created allocation bitmap should have all available blocks free. Potentially, initialization bitmap's read operation could not fill the whole allocated memory and "garbage" in the not initialized memory will be the reason of volume coruptions and file system driver bugs. Reported-by: syzbot <syzbot+773fa9d79b29bd8b6831(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=773fa9d79b29bd8b6831 Signed-off-by: Viacheslav Dubeyko <slava(a)dubeyko.com> cc: John Paul Adrian Glaubitz <glaubitz(a)physik.fu-berlin.de> cc: Yangtao Li <frank.li(a)vivo.com> cc: linux-fsdevel(a)vger.kernel.org Link: https://lore.kernel.org/r/20250820230636.179085-1-slava@dubeyko.com Signed-off-by: Viacheslav Dubeyko <slava(a)dubeyko.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## YES This commit should be backported to stable kernel trees and **has already been backported** (commit 71929d4dcb5ed in the current tree is the backported version). ### Detailed Analysis #### Bug Severity and Impact **Critical filesystem corruption bug** present since 2016 (commit 80f8dccf95147f): 1. **Uninitialized Memory Issue**: The HFS bitmap buffer is allocated with `kmalloc(8192, GFP_KERNEL)` at fs/hfs/mdb.c:175, but `kmalloc()` does not zero memory. The subsequent bitmap read operation (lines 179-197) only reads `(fs_ablocks + 8) / 8` bytes from disk, potentially leaving a large portion of the 8192-byte buffer uninitialized. 2. **Quantified Impact**: - Small filesystem (10,000 blocks): **84.7%** of bitmap uninitialized (6,941 bytes) - Medium filesystem (50,000 blocks): **23.7%** uninitialized (1,941 bytes) - Only filesystems near 65,528 blocks fully initialize the buffer 3. **Real-World Consequences**: - When `hfs_find_set_zero_bits()` (fs/hfs/bitmap.c:44) accesses the bitmap at `val = *curr`, it reads uninitialized garbage - This causes incorrect block allocation decisions during file operations (extend, truncate, write) - Can lead to filesystem corruption, data loss, or allocation failures - Detected by KMSAN during syzbot fuzzing, indicating real exploitability #### The Fix **Perfect minimal fix** - single line change at fs/hfs/mdb.c:175: ```c - HFS_SB(sb)->bitmap = kmalloc(8192, GFP_KERNEL); + HFS_SB(sb)->bitmap = kzalloc(8192, GFP_KERNEL); ``` `kzalloc()` guarantees zero-initialized memory, ensuring the bitmap starts in a correct state where unread regions are treated as free (zero bits). #### Stable Backport Criteria Evaluation ✅ **Fixes user-affecting bug**: Prevents filesystem corruption and incorrect block allocation ✅ **Small and contained**: Single line change, no side effects ✅ **No architectural changes**: Simple allocation function swap ✅ **Minimal regression risk**: Zero risk - only makes behavior more correct ✅ **Confined to subsystem**: Only affects HFS filesystem code ✅ **Follows stable rules**: Important bugfix, minimal change, well- tested (syzbot reported) #### Context and History - **Bug introduced**: 2016-01-02 by Al Viro (80f8dccf95147f) when replacing `__get_free_pages()` with `kmalloc()` - **Mainline fix**: 2025-08-20 (commit 2048ec5b98dbdfe0b929d2e42dc7a54c389c53dd) - **Backport status**: Already backported to this tree (71929d4dcb5ed) by Sasha Levin - **Similar fixes**: Recent HFS bug fixes (slab-out-of-bounds, GPF issues) typically include `Cc: stable(a)vger.kernel.org` and get backported - **Active maintenance**: 155 commits to fs/hfs/ since 2022, showing continued bugfixing effort #### Technical Review The commit message correctly explains the issue and references the syzkaller report. The fix is architecturally sound - the bitmap should logically start with all blocks free (zero bits), so zero-initializing the buffer is the correct approach rather than relying on disk data to fill all 8192 bytes. **Performance impact**: Negligible one-time cost of zeroing 8KB during mount operation. **Backport recommendation**: **STRONGLY RECOMMENDED** for all stable trees supporting HFS filesystem. fs/hfs/mdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/hfs/mdb.c b/fs/hfs/mdb.c index 8082eb01127cd..bf811347bb07d 100644 --- a/fs/hfs/mdb.c +++ b/fs/hfs/mdb.c @@ -172,7 +172,7 @@ int hfs_mdb_get(struct super_block *sb) pr_warn("continuing without an alternate MDB\n"); } - HFS_SB(sb)->bitmap = kmalloc(8192, GFP_KERNEL); + HFS_SB(sb)->bitmap = kzalloc(8192, GFP_KERNEL); if (!HFS_SB(sb)->bitmap) goto out; -- 2.51.0

3 weeks, 1 day

3
35
0 0

[PATCH] leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs

by Christian Hitz

From: Christian Hitz <christian.hitz(a)bbv.ch> Signed-off-by: Christian Hitz <christian.hitz(a)bbv.ch> Cc: stable(a)vger.kernel.org --- drivers/leds/leds-lp50xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/leds/leds-lp50xx.c b/drivers/leds/leds-lp50xx.c index 94f8ef6b482c..05229e2f2e7e 100644 --- a/drivers/leds/leds-lp50xx.c +++ b/drivers/leds/leds-lp50xx.c @@ -54,7 +54,7 @@ /* There are 3 LED outputs per bank */ #define LP50XX_LEDS_PER_MODULE 3 -#define LP5009_MAX_LED_MODULES 2 +#define LP5009_MAX_LED_MODULES 3 #define LP5012_MAX_LED_MODULES 4 #define LP5018_MAX_LED_MODULES 6 #define LP5024_MAX_LED_MODULES 8 -- 2.51.0

3 weeks, 1 day

2
1
0 0

Re: Patch "rust: cpufreq: fix formatting" has been added to the 6.17-stable tree

by Miguel Ojeda

On Tue, Oct 21, 2025 at 4:58 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > rust: cpufreq: fix formatting > > to the 6.17-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > rust-cpufreq-fix-formatting.patch > and it can be found in the queue-6.17 subdirectory. Yes, thanks -- with this one 6.17.y should be `rustfmt` clean again too, like mainline. Cheers, Miguel

3 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] cxl: Fix match_region_by_range() to use" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x f4d027921c811ff7fc16e4d03c6bbbf4347cf37a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102001-outsmart-slackness-607a@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4d027921c811ff7fc16e4d03c6bbbf4347cf37a Mon Sep 17 00:00:00 2001 From: Dave Jiang <dave.jiang(a)intel.com> Date: Fri, 10 Oct 2025 13:57:55 -0700 Subject: [PATCH] cxl: Fix match_region_by_range() to use region_res_match_cxl_range() match_region_by_range() is not using the helper function that also takes extended linear cache size into account when comparing regions. This causes a x2 region to show up as 2 partial incomplete regions rather than a single CXL region with extended linear cache support. Replace the open coded compare logic with the proper helper function for comparison. User visible impact is that when 'cxl list' is issued, no activa CXL region(s) are shown. There may be multiple idle regions present. No actual active CXL region is present in the kernel. [dj: Fix stable address] Fixes: 0ec9849b6333 ("acpi/hmat / cxl: Add extended linear cache support for CXL") Cc: stable(a)vger.kernel.org Reviewed-by: Gregory Price <gourry(a)gourry.net> Reviewed-by: Alison Schofield <alison.schofield(a)intel.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Signed-off-by: Dave Jiang <dave.jiang(a)intel.com> diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c index 858d4678628d..57ed85e332d3 100644 --- a/drivers/cxl/core/region.c +++ b/drivers/cxl/core/region.c @@ -3398,10 +3398,7 @@ static int match_region_by_range(struct device *dev, const void *data) p = &cxlr->params; guard(rwsem_read)(&cxl_rwsem.region); - if (p->res && p->res->start == r->start && p->res->end == r->end) - return 1; - - return 0; + return region_res_match_cxl_range(p, r); } static int cxl_extended_linear_cache_resize(struct cxl_region *cxlr,

3 weeks, 1 day

2
1
0 0

[PATCH] ksmbd: transport_ipc: validate payload size before reading handle

by Qianchang Zhao

handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable(a)vger.kernel.org Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Signed-off-by: Qianchang Zhao <pioooooooooip(a)gmail.com> --- fs/smb/server/transport_ipc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c index 46f87fd1ce1c..2028de4d3ddf 100644 --- a/fs/smb/server/transport_ipc.c +++ b/fs/smb/server/transport_ipc.c @@ -263,6 +263,10 @@ static void ipc_msg_handle_free(int handle) static int handle_response(int type, void *payload, size_t sz) { + /* Prevent 4-byte read beyond declared payload size */ + if (sz < sizeof(unsigned int)) + return -EINVAL; + unsigned int handle = *(unsigned int *)payload; struct ipc_msg_table_entry *entry; int ret = 0; -- 2.34.1

3 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Don't allow evicting of BOs in same VM in array of VM" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 7ac74613e5f2ef3450f44fd2127198662c2563a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102048-unrushed-state-ce5e@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7ac74613e5f2ef3450f44fd2127198662c2563a9 Mon Sep 17 00:00:00 2001 From: Matthew Brost <matthew.brost(a)intel.com> Date: Thu, 9 Oct 2025 04:06:18 -0700 Subject: [PATCH] drm/xe: Don't allow evicting of BOs in same VM in array of VM binds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit An array of VM binds can potentially evict other buffer objects (BOs) within the same VM under certain conditions, which may lead to NULL pointer dereferences later in the bind pipeline. To prevent this, clear the allow_res_evict flag in the xe_bo_validate call. v2: - Invert polarity of no_res_evict (Thomas) - Add comment in code explaining issue (Thomas) Cc: stable(a)vger.kernel.org Reported-by: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6268 Fixes: 774b5fa509a9 ("drm/xe: Avoid evicting object of the same vm in none fault mode") Fixes: 77f2ef3f16f5 ("drm/xe: Lock all gpuva ops during VM bind IOCTL") Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Tested-by: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Reviewed-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Link: https://lore.kernel.org/r/20251009110618.3481870-1-matthew.brost@intel.com (cherry picked from commit 8b9ba8d6d95fe75fed6b0480bb03da4b321bea08) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 027e6ce648c5..f602b874e054 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -2832,7 +2832,7 @@ static void vm_bind_ioctl_ops_unwind(struct xe_vm *vm, } static int vma_lock_and_validate(struct drm_exec *exec, struct xe_vma *vma, - bool validate) + bool res_evict, bool validate) { struct xe_bo *bo = xe_vma_bo(vma); struct xe_vm *vm = xe_vma_vm(vma); @@ -2843,7 +2843,8 @@ static int vma_lock_and_validate(struct drm_exec *exec, struct xe_vma *vma, err = drm_exec_lock_obj(exec, &bo->ttm.base); if (!err && validate) err = xe_bo_validate(bo, vm, - !xe_vm_in_preempt_fence_mode(vm), exec); + !xe_vm_in_preempt_fence_mode(vm) && + res_evict, exec); } return err; @@ -2913,14 +2914,23 @@ static int prefetch_ranges(struct xe_vm *vm, struct xe_vma_op *op) } static int op_lock_and_prep(struct drm_exec *exec, struct xe_vm *vm, - struct xe_vma_op *op) + struct xe_vma_ops *vops, struct xe_vma_op *op) { int err = 0; + bool res_evict; + + /* + * We only allow evicting a BO within the VM if it is not part of an + * array of binds, as an array of binds can evict another BO within the + * bind. + */ + res_evict = !(vops->flags & XE_VMA_OPS_ARRAY_OF_BINDS); switch (op->base.op) { case DRM_GPUVA_OP_MAP: if (!op->map.invalidate_on_bind) err = vma_lock_and_validate(exec, op->map.vma, + res_evict, !xe_vm_in_fault_mode(vm) || op->map.immediate); break; @@ -2931,11 +2941,13 @@ static int op_lock_and_prep(struct drm_exec *exec, struct xe_vm *vm, err = vma_lock_and_validate(exec, gpuva_to_vma(op->base.remap.unmap->va), - false); + res_evict, false); if (!err && op->remap.prev) - err = vma_lock_and_validate(exec, op->remap.prev, true); + err = vma_lock_and_validate(exec, op->remap.prev, + res_evict, true); if (!err && op->remap.next) - err = vma_lock_and_validate(exec, op->remap.next, true); + err = vma_lock_and_validate(exec, op->remap.next, + res_evict, true); break; case DRM_GPUVA_OP_UNMAP: err = check_ufence(gpuva_to_vma(op->base.unmap.va)); @@ -2944,7 +2956,7 @@ static int op_lock_and_prep(struct drm_exec *exec, struct xe_vm *vm, err = vma_lock_and_validate(exec, gpuva_to_vma(op->base.unmap.va), - false); + res_evict, false); break; case DRM_GPUVA_OP_PREFETCH: { @@ -2959,7 +2971,7 @@ static int op_lock_and_prep(struct drm_exec *exec, struct xe_vm *vm, err = vma_lock_and_validate(exec, gpuva_to_vma(op->base.prefetch.va), - false); + res_evict, false); if (!err && !xe_vma_has_no_bo(vma)) err = xe_bo_migrate(xe_vma_bo(vma), region_to_mem_type[region], @@ -3005,7 +3017,7 @@ static int vm_bind_ioctl_ops_lock_and_prep(struct drm_exec *exec, return err; list_for_each_entry(op, &vops->list, link) { - err = op_lock_and_prep(exec, vm, op); + err = op_lock_and_prep(exec, vm, vops, op); if (err) return err; } @@ -3638,6 +3650,8 @@ int xe_vm_bind_ioctl(struct drm_device *dev, void *data, struct drm_file *file) } xe_vma_ops_init(&vops, vm, q, syncs, num_syncs); + if (args->num_binds > 1) + vops.flags |= XE_VMA_OPS_ARRAY_OF_BINDS; for (i = 0; i < args->num_binds; ++i) { u64 range = bind_ops[i].range; u64 addr = bind_ops[i].addr; diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index da39940501d8..413353e1c225 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -476,6 +476,7 @@ struct xe_vma_ops { /** @flag: signify the properties within xe_vma_ops*/ #define XE_VMA_OPS_FLAG_HAS_SVM_PREFETCH BIT(0) #define XE_VMA_OPS_FLAG_MADVISE BIT(1) +#define XE_VMA_OPS_ARRAY_OF_BINDS BIT(2) u32 flags; #ifdef TEST_VM_OPS_ERROR /** @inject_error: inject error to test error handling */

3 weeks, 1 day

2
1
0 0

¿Tu evaluación de desempeño es realmente objetiva?

by Luis Rodríguez

Evaluaciones de Desempeño Objetivas con Vorecol 360 Feedback body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; padding-top: 10px; } Mejora tus evaluaciones de desempeño con feedback 360 real y automatizado. Hola, ¿Te has preguntado qué tan completas son tus evaluaciones de desempeño? En Vorecol 360 Feedback te ayudamos a implementar evaluaciones verdaderamente objetivas, recogiendo percepciones desde todas las direcciones: líderes, pares, colaboradores y autoevaluación. Lo que más valoran nuestros clientes de RRHH es que: Obtienen una visión completa y real del desempeño. Fomentan una cultura de feedback constructivo. Identifican oportunidades de desarrollo con mayor precisión. Automatizan todo el proceso con reportes claros y personalizables. Si estás buscando mejorar tus evaluaciones y fortalecer el desarrollo interno, te lo recomiendo muchísimo. Para más información puedes responder este correo o llamarme al número de abajo. Saludos, ------------------------ Atte.: Luis Rodríguez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewisppwseup">click aquí</a>

3 weeks, 1 day

1
0
0 0

[PATCH v3 00/10] pmdomain: samsung: add supoort for Google GS101

by André Draszik

Hi, This series adds support for the power domains on Google GS101. It's fairly similar to SoCs already supported by this driver, except that register acces does not work via plain ioremap() / readl() / writel(). Instead, the regmap created by the PMU driver must be used (which uses Arm SMCC calls under the hood). The DT update to add the new required properties on gs101 will be posted separately. Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- Changes in v3: - use additionalProperties, not unevaluatedProperties in patch 2 - fix path in $id in patch 2 (Rob) - drop comment around 'select' in patch 2 (Rob) - collect tags - Link to v2: https://lore.kernel.org/r/20251009-gs101-pd-v2-0-3f4a6db2af39@linaro.org Changes in v2: - Krzysztof: - move google,gs101-pmu binding into separate file - mark devm_kstrdup_const() patch as fix - use bool for need_early_sync_state - merge patches 8 and 10 from v1 series into one patch - collect tags - Link to v1: https://lore.kernel.org/r/20251006-gs101-pd-v1-0-f0cb0c01ea7b@linaro.org --- André Draszik (10): dt-bindings: power: samsung: add google,gs101-pd dt-bindings: soc: samsung: exynos-pmu: move gs101-pmu into separate binding dt-bindings: soc: samsung: gs101-pmu: allow power domains as children pmdomain: samsung: plug potential memleak during probe pmdomain: samsung: convert to using regmap pmdomain: samsung: convert to regmap_read_poll_timeout() pmdomain: samsung: don't hardcode offset for registers to 0 and 4 pmdomain: samsung: selectively handle enforced sync_state pmdomain: samsung: add support for google,gs101-pd pmdomain: samsung: use dev_err() instead of pr_err() .../devicetree/bindings/power/pd-samsung.yaml | 1 + .../bindings/soc/google/google,gs101-pmu.yaml | 106 +++++++++++++++++ .../bindings/soc/samsung/exynos-pmu.yaml | 20 ---- MAINTAINERS | 1 + drivers/pmdomain/samsung/exynos-pm-domains.c | 126 +++++++++++++++------ 5 files changed, 200 insertions(+), 54 deletions(-) --- base-commit: 58e817956925fdc12c61f1cb86915b82ae1603c1 change-id: 20251001-gs101-pd-d4dc97d70a84 Best regards, -- André Draszik <andre.draszik(a)linaro.org>

3 weeks, 1 day

3
3
0 0

FAILED: patch "[PATCH] drm/amdgpu: use atomic functions with memory barriers for vm" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6df8e84aa6b5b1812cc2cacd6b3f5ccbb18cda2b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102012-cranberry-chimp-891a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6df8e84aa6b5b1812cc2cacd6b3f5ccbb18cda2b Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <hanguidong02(a)gmail.com> Date: Wed, 8 Oct 2025 03:43:27 +0000 Subject: [PATCH] drm/amdgpu: use atomic functions with memory barriers for vm fault info The atomic variable vm_fault_info_updated is used to synchronize access to adev->gmc.vm_fault_info between the interrupt handler and get_vm_fault_info(). The default atomic functions like atomic_set() and atomic_read() do not provide memory barriers. This allows for CPU instruction reordering, meaning the memory accesses to vm_fault_info and the vm_fault_info_updated flag are not guaranteed to occur in the intended order. This creates a race condition that can lead to inconsistent or stale data being used. The previous implementation, which used an explicit mb(), was incomplete and inefficient. It failed to account for all potential CPU reorderings, such as the access of vm_fault_info being reordered before the atomic_read of the flag. This approach is also more verbose and less performant than using the proper atomic functions with acquire/release semantics. Fix this by switching to atomic_set_release() and atomic_read_acquire(). These functions provide the necessary acquire and release semantics, which act as memory barriers to ensure the correct order of operations. It is also more efficient and idiomatic than using explicit full memory barriers. Fixes: b97dfa27ef3a ("drm/amdgpu: save vm fault information for amdkfd") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)gmail.com> Signed-off-by: Felix Kuehling <felix.kuehling(a)amd.com> Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c index 83020963dfde..a2ca9acf8c4e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c @@ -2329,10 +2329,9 @@ void amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel(struct kgd_mem *mem) int amdgpu_amdkfd_gpuvm_get_vm_fault_info(struct amdgpu_device *adev, struct kfd_vm_fault_info *mem) { - if (atomic_read(&adev->gmc.vm_fault_info_updated) == 1) { + if (atomic_read_acquire(&adev->gmc.vm_fault_info_updated) == 1) { *mem = *adev->gmc.vm_fault_info; - mb(); /* make sure read happened */ - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); } return 0; } diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c index 93d7ccb7d013..0e5e54d0a9a5 100644 --- a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c @@ -1068,7 +1068,7 @@ static int gmc_v7_0_sw_init(struct amdgpu_ip_block *ip_block) GFP_KERNEL); if (!adev->gmc.vm_fault_info) return -ENOMEM; - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); return 0; } @@ -1290,7 +1290,7 @@ static int gmc_v7_0_process_interrupt(struct amdgpu_device *adev, vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID); if (amdgpu_amdkfd_is_kfd_vmid(adev, vmid) - && !atomic_read(&adev->gmc.vm_fault_info_updated)) { + && !atomic_read_acquire(&adev->gmc.vm_fault_info_updated)) { struct kfd_vm_fault_info *info = adev->gmc.vm_fault_info; u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, @@ -1306,8 +1306,7 @@ static int gmc_v7_0_process_interrupt(struct amdgpu_device *adev, info->prot_read = protections & 0x8 ? true : false; info->prot_write = protections & 0x10 ? true : false; info->prot_exec = protections & 0x20 ? true : false; - mb(); - atomic_set(&adev->gmc.vm_fault_info_updated, 1); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 1); } return 0; diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c index c5e2a2c41e06..e1509480dfc2 100644 --- a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c @@ -1183,7 +1183,7 @@ static int gmc_v8_0_sw_init(struct amdgpu_ip_block *ip_block) GFP_KERNEL); if (!adev->gmc.vm_fault_info) return -ENOMEM; - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); return 0; } @@ -1478,7 +1478,7 @@ static int gmc_v8_0_process_interrupt(struct amdgpu_device *adev, vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID); if (amdgpu_amdkfd_is_kfd_vmid(adev, vmid) - && !atomic_read(&adev->gmc.vm_fault_info_updated)) { + && !atomic_read_acquire(&adev->gmc.vm_fault_info_updated)) { struct kfd_vm_fault_info *info = adev->gmc.vm_fault_info; u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, @@ -1494,8 +1494,7 @@ static int gmc_v8_0_process_interrupt(struct amdgpu_device *adev, info->prot_read = protections & 0x8 ? true : false; info->prot_write = protections & 0x10 ? true : false; info->prot_exec = protections & 0x20 ? true : false; - mb(); - atomic_set(&adev->gmc.vm_fault_info_updated, 1); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 1); } return 0;

3 weeks, 1 day

2
1
0 0

[PATCH] acpica: Work around bogus -Wstringop-overread warning since GCC 11

by Xi Ruoyao

When ACPI_MISALIGNMENT_NOT_SUPPORTED, GCC can produce a bogus -Wstringop-overread warning, see https://gcc.gnu.org/PR122073. To me it's very clear that we have a compiler bug here, thus just disable the warning. Cc: stable(a)vger.kernel.org Fixes: a9d13433fe17 ("LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled") Link: https://lore.kernel.org/all/899f2dec-e8b9-44f4-ab8d-001e160a2aed@roeck-us.n… Link: https://github.com/acpica/acpica/commit/abf5b573 Co-developed-by: Saket Dumbre <saket.dumbre(a)intel.com> Signed-off-by: Saket Dumbre <saket.dumbre(a)intel.com> Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> --- drivers/acpi/acpica/tbprint.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/acpi/acpica/tbprint.c b/drivers/acpi/acpica/tbprint.c index 049f6c2f1e32..e5631027f7f1 100644 --- a/drivers/acpi/acpica/tbprint.c +++ b/drivers/acpi/acpica/tbprint.c @@ -95,6 +95,11 @@ acpi_tb_print_table_header(acpi_physical_address address, { struct acpi_table_header local_header; +#pragma GCC diagnostic push +#if defined(__GNUC__) && __GNUC__ >= 11 +#pragma GCC diagnostic ignored "-Wstringop-overread" +#endif + if (ACPI_COMPARE_NAMESEG(header->signature, ACPI_SIG_FACS)) { /* FACS only has signature and length fields */ @@ -143,4 +148,5 @@ acpi_tb_print_table_header(acpi_physical_address address, local_header.asl_compiler_id, local_header.asl_compiler_revision)); } +#pragma GCC diagnostic pop } -- 2.51.1

3 weeks, 1 day

3
3
0 0

FAILED: patch "[PATCH] drm/amdgpu: use atomic functions with memory barriers for vm" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6df8e84aa6b5b1812cc2cacd6b3f5ccbb18cda2b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102010-body-overnight-fcad@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6df8e84aa6b5b1812cc2cacd6b3f5ccbb18cda2b Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <hanguidong02(a)gmail.com> Date: Wed, 8 Oct 2025 03:43:27 +0000 Subject: [PATCH] drm/amdgpu: use atomic functions with memory barriers for vm fault info The atomic variable vm_fault_info_updated is used to synchronize access to adev->gmc.vm_fault_info between the interrupt handler and get_vm_fault_info(). The default atomic functions like atomic_set() and atomic_read() do not provide memory barriers. This allows for CPU instruction reordering, meaning the memory accesses to vm_fault_info and the vm_fault_info_updated flag are not guaranteed to occur in the intended order. This creates a race condition that can lead to inconsistent or stale data being used. The previous implementation, which used an explicit mb(), was incomplete and inefficient. It failed to account for all potential CPU reorderings, such as the access of vm_fault_info being reordered before the atomic_read of the flag. This approach is also more verbose and less performant than using the proper atomic functions with acquire/release semantics. Fix this by switching to atomic_set_release() and atomic_read_acquire(). These functions provide the necessary acquire and release semantics, which act as memory barriers to ensure the correct order of operations. It is also more efficient and idiomatic than using explicit full memory barriers. Fixes: b97dfa27ef3a ("drm/amdgpu: save vm fault information for amdkfd") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)gmail.com> Signed-off-by: Felix Kuehling <felix.kuehling(a)amd.com> Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c index 83020963dfde..a2ca9acf8c4e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c @@ -2329,10 +2329,9 @@ void amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel(struct kgd_mem *mem) int amdgpu_amdkfd_gpuvm_get_vm_fault_info(struct amdgpu_device *adev, struct kfd_vm_fault_info *mem) { - if (atomic_read(&adev->gmc.vm_fault_info_updated) == 1) { + if (atomic_read_acquire(&adev->gmc.vm_fault_info_updated) == 1) { *mem = *adev->gmc.vm_fault_info; - mb(); /* make sure read happened */ - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); } return 0; } diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c index 93d7ccb7d013..0e5e54d0a9a5 100644 --- a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c @@ -1068,7 +1068,7 @@ static int gmc_v7_0_sw_init(struct amdgpu_ip_block *ip_block) GFP_KERNEL); if (!adev->gmc.vm_fault_info) return -ENOMEM; - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); return 0; } @@ -1290,7 +1290,7 @@ static int gmc_v7_0_process_interrupt(struct amdgpu_device *adev, vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID); if (amdgpu_amdkfd_is_kfd_vmid(adev, vmid) - && !atomic_read(&adev->gmc.vm_fault_info_updated)) { + && !atomic_read_acquire(&adev->gmc.vm_fault_info_updated)) { struct kfd_vm_fault_info *info = adev->gmc.vm_fault_info; u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, @@ -1306,8 +1306,7 @@ static int gmc_v7_0_process_interrupt(struct amdgpu_device *adev, info->prot_read = protections & 0x8 ? true : false; info->prot_write = protections & 0x10 ? true : false; info->prot_exec = protections & 0x20 ? true : false; - mb(); - atomic_set(&adev->gmc.vm_fault_info_updated, 1); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 1); } return 0; diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c index c5e2a2c41e06..e1509480dfc2 100644 --- a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c @@ -1183,7 +1183,7 @@ static int gmc_v8_0_sw_init(struct amdgpu_ip_block *ip_block) GFP_KERNEL); if (!adev->gmc.vm_fault_info) return -ENOMEM; - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); return 0; } @@ -1478,7 +1478,7 @@ static int gmc_v8_0_process_interrupt(struct amdgpu_device *adev, vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID); if (amdgpu_amdkfd_is_kfd_vmid(adev, vmid) - && !atomic_read(&adev->gmc.vm_fault_info_updated)) { + && !atomic_read_acquire(&adev->gmc.vm_fault_info_updated)) { struct kfd_vm_fault_info *info = adev->gmc.vm_fault_info; u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, @@ -1494,8 +1494,7 @@ static int gmc_v8_0_process_interrupt(struct amdgpu_device *adev, info->prot_read = protections & 0x8 ? true : false; info->prot_write = protections & 0x10 ? true : false; info->prot_exec = protections & 0x20 ? true : false; - mb(); - atomic_set(&adev->gmc.vm_fault_info_updated, 1); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 1); } return 0;

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] drm/xe: Move rebar to be done earlier" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x d30203739be798d3de5c84db3060e96f00c54e82 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102055-prayer-clock-414f@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d30203739be798d3de5c84db3060e96f00c54e82 Mon Sep 17 00:00:00 2001 From: Lucas De Marchi <lucas.demarchi(a)intel.com> Date: Thu, 18 Sep 2025 13:58:57 -0700 Subject: [PATCH] drm/xe: Move rebar to be done earlier MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There may be cases in which the BAR0 also needs to move to accommodate the bigger BAR2. However if it's not released, the BAR2 resize fails. During the vram probe it can't be released as it's already in use by xe_mmio for early register access. Add a new function in xe_vram and let xe_pci call it directly before even early device probe. This allows the BAR2 to resize in cases BAR0 also needs to move, assuming there aren't other reasons to hold that move: [] xe 0000:03:00.0: vgaarb: deactivate vga console [] xe 0000:03:00.0: [drm] Attempting to resize bar from 8192MiB -> 16384MiB [] xe 0000:03:00.0: BAR 0 [mem 0x83000000-0x83ffffff 64bit]: releasing [] xe 0000:03:00.0: BAR 2 [mem 0x4000000000-0x41ffffffff 64bit pref]: releasing [] pcieport 0000:02:01.0: bridge window [mem 0x4000000000-0x41ffffffff 64bit pref]: releasing [] pcieport 0000:01:00.0: bridge window [mem 0x4000000000-0x41ffffffff 64bit pref]: releasing [] pcieport 0000:01:00.0: bridge window [mem 0x4000000000-0x43ffffffff 64bit pref]: assigned [] pcieport 0000:02:01.0: bridge window [mem 0x4000000000-0x43ffffffff 64bit pref]: assigned [] xe 0000:03:00.0: BAR 2 [mem 0x4000000000-0x43ffffffff 64bit pref]: assigned [] xe 0000:03:00.0: BAR 0 [mem 0x83000000-0x83ffffff 64bit]: assigned [] pcieport 0000:00:01.0: PCI bridge to [bus 01-04] [] pcieport 0000:00:01.0: bridge window [mem 0x83000000-0x840fffff] [] pcieport 0000:00:01.0: bridge window [mem 0x4000000000-0x44007fffff 64bit pref] [] pcieport 0000:01:00.0: PCI bridge to [bus 02-04] [] pcieport 0000:01:00.0: bridge window [mem 0x83000000-0x840fffff] [] pcieport 0000:01:00.0: bridge window [mem 0x4000000000-0x43ffffffff 64bit pref] [] pcieport 0000:02:01.0: PCI bridge to [bus 03] [] pcieport 0000:02:01.0: bridge window [mem 0x83000000-0x83ffffff] [] pcieport 0000:02:01.0: bridge window [mem 0x4000000000-0x43ffffffff 64bit pref] [] xe 0000:03:00.0: [drm] BAR2 resized to 16384M [] xe 0000:03:00.0: [drm:xe_pci_probe [xe]] BATTLEMAGE e221:0000 dgfx:1 gfx:Xe2_HPG (20.02) ... For BMG there are additional fix needed in the PCI side, but this helps getting it to a working resize. All the rebar logic is more pci-specific than xe-specific and can be done very early in the probe sequence. In future it would be good to move it out of xe_vram.c, but this refactor is left for later. Cc: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org # 6.12+ Link: https://lore.kernel.org/intel-xe/fafda2a3-fc63-ce97-d22b-803f771a4d19@linux… Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Link: https://lore.kernel.org/r/20250918-xe-pci-rebar-2-v1-2-6c094702a074@intel.c… Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 45e33f220fd625492c11e15733d8e9b4f9db82a4) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_pci.c b/drivers/gpu/drm/xe/xe_pci.c index be91343829dd..9a6df79fc5b6 100644 --- a/drivers/gpu/drm/xe/xe_pci.c +++ b/drivers/gpu/drm/xe/xe_pci.c @@ -867,6 +867,8 @@ static int xe_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) if (err) return err; + xe_vram_resize_bar(xe); + err = xe_device_probe_early(xe); /* * In Boot Survivability mode, no drm card is exposed and driver diff --git a/drivers/gpu/drm/xe/xe_vram.c b/drivers/gpu/drm/xe/xe_vram.c index b44ebf50fedb..652df7a5f4f6 100644 --- a/drivers/gpu/drm/xe/xe_vram.c +++ b/drivers/gpu/drm/xe/xe_vram.c @@ -26,15 +26,35 @@ #define BAR_SIZE_SHIFT 20 -static void -_resize_bar(struct xe_device *xe, int resno, resource_size_t size) +/* + * Release all the BARs that could influence/block LMEMBAR resizing, i.e. + * assigned IORESOURCE_MEM_64 BARs + */ +static void release_bars(struct pci_dev *pdev) +{ + struct resource *res; + int i; + + pci_dev_for_each_resource(pdev, res, i) { + /* Resource already un-assigned, do not reset it */ + if (!res->parent) + continue; + + /* No need to release unrelated BARs */ + if (!(res->flags & IORESOURCE_MEM_64)) + continue; + + pci_release_resource(pdev, i); + } +} + +static void resize_bar(struct xe_device *xe, int resno, resource_size_t size) { struct pci_dev *pdev = to_pci_dev(xe->drm.dev); int bar_size = pci_rebar_bytes_to_size(size); int ret; - if (pci_resource_len(pdev, resno)) - pci_release_resource(pdev, resno); + release_bars(pdev); ret = pci_resize_resource(pdev, resno, bar_size); if (ret) { @@ -50,7 +70,7 @@ _resize_bar(struct xe_device *xe, int resno, resource_size_t size) * if force_vram_bar_size is set, attempt to set to the requested size * else set to maximum possible size */ -static void resize_vram_bar(struct xe_device *xe) +void xe_vram_resize_bar(struct xe_device *xe) { int force_vram_bar_size = xe_modparam.force_vram_bar_size; struct pci_dev *pdev = to_pci_dev(xe->drm.dev); @@ -119,7 +139,7 @@ static void resize_vram_bar(struct xe_device *xe) pci_read_config_dword(pdev, PCI_COMMAND, &pci_cmd); pci_write_config_dword(pdev, PCI_COMMAND, pci_cmd & ~PCI_COMMAND_MEMORY); - _resize_bar(xe, LMEM_BAR, rebar_size); + resize_bar(xe, LMEM_BAR, rebar_size); pci_assign_unassigned_bus_resources(pdev->bus); pci_write_config_dword(pdev, PCI_COMMAND, pci_cmd); @@ -148,8 +168,6 @@ static int determine_lmem_bar_size(struct xe_device *xe, struct xe_vram_region * return -ENXIO; } - resize_vram_bar(xe); - lmem_bar->io_start = pci_resource_start(pdev, LMEM_BAR); lmem_bar->io_size = pci_resource_len(pdev, LMEM_BAR); if (!lmem_bar->io_size) diff --git a/drivers/gpu/drm/xe/xe_vram.h b/drivers/gpu/drm/xe/xe_vram.h index 72860f714fc6..13505cfb184d 100644 --- a/drivers/gpu/drm/xe/xe_vram.h +++ b/drivers/gpu/drm/xe/xe_vram.h @@ -11,6 +11,7 @@ struct xe_device; struct xe_vram_region; +void xe_vram_resize_bar(struct xe_device *xe); int xe_vram_probe(struct xe_device *xe); struct xe_vram_region *xe_vram_region_alloc(struct xe_device *xe, u8 id, u32 placement);

3 weeks, 1 day

2
5
0 0

[PATCH v3] slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts

by Hao Ge

From: Hao Ge <gehao(a)kylinos.cn> If two competing threads enter alloc_slab_obj_exts() and one of them fails to allocate the object extension vector, it might override the valid slab->obj_exts allocated by the other thread with OBJEXTS_ALLOC_FAIL. This will cause the thread that lost this race and expects a valid pointer to dereference a NULL pointer later on. Update slab->obj_exts atomically using cmpxchg() to avoid slab->obj_exts overrides by racing threads. Thanks for Vlastimil and Suren's help with debugging. Fixes: f7381b911640 ("slab: mark slab->obj_exts allocation failures unconditionally") Cc: <stable(a)vger.kernel.org> Suggested-by: Suren Baghdasaryan <surenb(a)google.com> Signed-off-by: Hao Ge <gehao(a)kylinos.cn> --- v3: According to Suren's suggestion, simplify the commit message and the code comments. Thanks for Suren. v2: Incorporate handling for the scenario where, if mark_failed_objexts_alloc wins the race, the other process (that previously succeeded in allocation) will lose the race, based on Suren's suggestion. Add Suggested-by: Suren Baghdasaryan <surenb(a)google.com> --- mm/slub.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 2e4340c75be2..d4403341c9df 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2054,7 +2054,7 @@ static inline void mark_objexts_empty(struct slabobj_ext *obj_exts) static inline void mark_failed_objexts_alloc(struct slab *slab) { - slab->obj_exts = OBJEXTS_ALLOC_FAIL; + cmpxchg(&slab->obj_exts, 0, OBJEXTS_ALLOC_FAIL); } static inline void handle_failed_objexts_alloc(unsigned long obj_exts, @@ -2136,6 +2136,7 @@ int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s, #ifdef CONFIG_MEMCG new_exts |= MEMCG_DATA_OBJEXTS; #endif +retry: old_exts = READ_ONCE(slab->obj_exts); handle_failed_objexts_alloc(old_exts, vec, objects); if (new_slab) { @@ -2145,8 +2146,7 @@ int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s, * be simply assigned. */ slab->obj_exts = new_exts; - } else if ((old_exts & ~OBJEXTS_FLAGS_MASK) || - cmpxchg(&slab->obj_exts, old_exts, new_exts) != old_exts) { + } else if (old_exts & ~OBJEXTS_FLAGS_MASK) { /* * If the slab is already in use, somebody can allocate and * assign slabobj_exts in parallel. In this case the existing @@ -2158,6 +2158,9 @@ int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s, else kfree(vec); return 0; + } else if (cmpxchg(&slab->obj_exts, old_exts, new_exts) != old_exts) { + /* Retry if a racing thread changed slab->obj_exts from under us. */ + goto retry; } if (allow_spin) -- 2.25.1

3 weeks, 1 day

4
3
0 0

New October Order. 10938 Tuesday, October 21, 2025 at 03:14:23 PM

by Purchase - PathnSitu 737

Hi Stable, Please provide a quote for your products: Include: 1.Pricing (per unit) 2.Delivery cost & timeline 3.Quote expiry date Deadline: October Thanks! Danny Peddinti PathnSitu Trading

3 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: use atomic functions with memory barriers for vm" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6df8e84aa6b5b1812cc2cacd6b3f5ccbb18cda2b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102009-dominion-underfeed-6f4b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6df8e84aa6b5b1812cc2cacd6b3f5ccbb18cda2b Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <hanguidong02(a)gmail.com> Date: Wed, 8 Oct 2025 03:43:27 +0000 Subject: [PATCH] drm/amdgpu: use atomic functions with memory barriers for vm fault info The atomic variable vm_fault_info_updated is used to synchronize access to adev->gmc.vm_fault_info between the interrupt handler and get_vm_fault_info(). The default atomic functions like atomic_set() and atomic_read() do not provide memory barriers. This allows for CPU instruction reordering, meaning the memory accesses to vm_fault_info and the vm_fault_info_updated flag are not guaranteed to occur in the intended order. This creates a race condition that can lead to inconsistent or stale data being used. The previous implementation, which used an explicit mb(), was incomplete and inefficient. It failed to account for all potential CPU reorderings, such as the access of vm_fault_info being reordered before the atomic_read of the flag. This approach is also more verbose and less performant than using the proper atomic functions with acquire/release semantics. Fix this by switching to atomic_set_release() and atomic_read_acquire(). These functions provide the necessary acquire and release semantics, which act as memory barriers to ensure the correct order of operations. It is also more efficient and idiomatic than using explicit full memory barriers. Fixes: b97dfa27ef3a ("drm/amdgpu: save vm fault information for amdkfd") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)gmail.com> Signed-off-by: Felix Kuehling <felix.kuehling(a)amd.com> Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c index 83020963dfde..a2ca9acf8c4e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c @@ -2329,10 +2329,9 @@ void amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel(struct kgd_mem *mem) int amdgpu_amdkfd_gpuvm_get_vm_fault_info(struct amdgpu_device *adev, struct kfd_vm_fault_info *mem) { - if (atomic_read(&adev->gmc.vm_fault_info_updated) == 1) { + if (atomic_read_acquire(&adev->gmc.vm_fault_info_updated) == 1) { *mem = *adev->gmc.vm_fault_info; - mb(); /* make sure read happened */ - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); } return 0; } diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c index 93d7ccb7d013..0e5e54d0a9a5 100644 --- a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c @@ -1068,7 +1068,7 @@ static int gmc_v7_0_sw_init(struct amdgpu_ip_block *ip_block) GFP_KERNEL); if (!adev->gmc.vm_fault_info) return -ENOMEM; - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); return 0; } @@ -1290,7 +1290,7 @@ static int gmc_v7_0_process_interrupt(struct amdgpu_device *adev, vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID); if (amdgpu_amdkfd_is_kfd_vmid(adev, vmid) - && !atomic_read(&adev->gmc.vm_fault_info_updated)) { + && !atomic_read_acquire(&adev->gmc.vm_fault_info_updated)) { struct kfd_vm_fault_info *info = adev->gmc.vm_fault_info; u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, @@ -1306,8 +1306,7 @@ static int gmc_v7_0_process_interrupt(struct amdgpu_device *adev, info->prot_read = protections & 0x8 ? true : false; info->prot_write = protections & 0x10 ? true : false; info->prot_exec = protections & 0x20 ? true : false; - mb(); - atomic_set(&adev->gmc.vm_fault_info_updated, 1); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 1); } return 0; diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c index c5e2a2c41e06..e1509480dfc2 100644 --- a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c @@ -1183,7 +1183,7 @@ static int gmc_v8_0_sw_init(struct amdgpu_ip_block *ip_block) GFP_KERNEL); if (!adev->gmc.vm_fault_info) return -ENOMEM; - atomic_set(&adev->gmc.vm_fault_info_updated, 0); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 0); return 0; } @@ -1478,7 +1478,7 @@ static int gmc_v8_0_process_interrupt(struct amdgpu_device *adev, vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID); if (amdgpu_amdkfd_is_kfd_vmid(adev, vmid) - && !atomic_read(&adev->gmc.vm_fault_info_updated)) { + && !atomic_read_acquire(&adev->gmc.vm_fault_info_updated)) { struct kfd_vm_fault_info *info = adev->gmc.vm_fault_info; u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, @@ -1494,8 +1494,7 @@ static int gmc_v8_0_process_interrupt(struct amdgpu_device *adev, info->prot_read = protections & 0x8 ? true : false; info->prot_write = protections & 0x10 ? true : false; info->prot_exec = protections & 0x20 ? true : false; - mb(); - atomic_set(&adev->gmc.vm_fault_info_updated, 1); + atomic_set_release(&adev->gmc.vm_fault_info_updated, 1); } return 0;

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] drm/sched: Fix potential double free in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5801e65206b065b0b2af032f7f1eef222aa2fd83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102034-voltage-truck-aeff@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5801e65206b065b0b2af032f7f1eef222aa2fd83 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Wed, 15 Oct 2025 09:40:15 +0100 Subject: [PATCH] drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure, so in the latter case the dma_fence_put() on the error path (xarray failed to expand) is a double free. Interestingly this bug appears to have been present ever since commit ebd5f74255b9 ("drm/sched: Add dependency tracking"), since the code back then looked like this: drm_sched_job_add_implicit_dependencies(): ... for (i = 0; i < fence_count; i++) { ret = drm_sched_job_add_dependency(job, fences[i]); if (ret) break; } for (; i < fence_count; i++) dma_fence_put(fences[i]); Which means for the failing 'i' the dma_fence_put was already a double free. Possibly there were no users at that time, or the test cases were insufficient to hit it. The bug was then only noticed and fixed after commit 9c2ba265352a ("drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2") landed, with its fixup of commit 4eaf02d6076c ("drm/scheduler: fix drm_sched_job_add_implicit_dependencies"). At that point it was a slightly different flavour of a double free, which commit 963d0b356935 ("drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder") noticed and attempted to fix. But it only moved the double free from happening inside the drm_sched_job_add_dependency(), when releasing the reference not yet obtained, to the caller, when releasing the reference already released by the former in the failure case. As such it is not easy to identify the right target for the fixes tag so lets keep it simple and just continue the chain. While fixing we also improve the comment and explain the reason for taking the reference and not dropping it. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 963d0b356935 ("drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder") Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/dri-devel/aNFbXq8OeYl3QSdm@stanley.mountain/ Cc: Christian König <christian.koenig(a)amd.com> Cc: Rob Clark <robdclark(a)chromium.org> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Philipp Stanner <phasta(a)kernel.org> Cc: Christian König <ckoenig.leichtzumerken(a)gmail.com> Cc: dri-devel(a)lists.freedesktop.org Cc: stable(a)vger.kernel.org # v5.16+ Signed-off-by: Philipp Stanner <phasta(a)kernel.org> Link: https://lore.kernel.org/r/20251015084015.6273-1-tvrtko.ursulin@igalia.com diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c index 46119aacb809..c39f0245e3a9 100644 --- a/drivers/gpu/drm/scheduler/sched_main.c +++ b/drivers/gpu/drm/scheduler/sched_main.c @@ -965,13 +965,14 @@ int drm_sched_job_add_resv_dependencies(struct drm_sched_job *job, dma_resv_assert_held(resv); dma_resv_for_each_fence(&cursor, resv, usage, fence) { - /* Make sure to grab an additional ref on the added fence */ - dma_fence_get(fence); - ret = drm_sched_job_add_dependency(job, fence); - if (ret) { - dma_fence_put(fence); + /* + * As drm_sched_job_add_dependency always consumes the fence + * reference (even when it fails), and dma_resv_for_each_fence + * is not obtaining one, we need to grab one before calling. + */ + ret = drm_sched_job_add_dependency(job, dma_fence_get(fence)); + if (ret) return ret; - } } return 0; }

3 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] ext4: detect invalid INLINE_DATA + EXTENTS flag combination" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1d3ad183943b38eec2acf72a0ae98e635dc8456b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102009-dares-negligent-77e3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d3ad183943b38eec2acf72a0ae98e635dc8456b Mon Sep 17 00:00:00 2001 From: Deepanshu Kartikey <kartikey406(a)gmail.com> Date: Tue, 30 Sep 2025 16:58:10 +0530 Subject: [PATCH] ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an inode with both the INLINE_DATA and EXTENTS flags set: EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15: comm syz.0.17: corrupted extent tree: lblk 0 < prev 66 Investigation revealed that the inode has both flags set: DEBUG: inode 15 - flag=1, i_inline_off=164, has_inline=1, extents_flag=1 This is an invalid combination since an inode should have either: - INLINE_DATA: data stored directly in the inode - EXTENTS: data stored in extent-mapped blocks Having both flags causes ext4_has_inline_data() to return true, skipping extent tree validation in __ext4_iget(). The unvalidated out-of-order extents then trigger a BUG_ON in ext4_es_cache_extent() due to integer underflow when calculating hole sizes. Fix this by detecting this invalid flag combination early in ext4_iget() and rejecting the corrupted inode. Cc: stable(a)kernel.org Reported-and-tested-by: syzbot+038b7bf43423e132b308(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=038b7bf43423e132b308 Suggested-by: Zhang Yi <yi.zhang(a)huawei.com> Signed-off-by: Deepanshu Kartikey <kartikey406(a)gmail.com> Reviewed-by: Zhang Yi <yi.zhang(a)huawei.com> Message-ID: <20250930112810.315095-1-kartikey406(a)gmail.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index f9e4ac87211e..e99306a8f47c 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -5319,6 +5319,14 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino, } ei->i_flags = le32_to_cpu(raw_inode->i_flags); ext4_set_inode_flags(inode, true); + /* Detect invalid flag combination - can't have both inline data and extents */ + if (ext4_test_inode_flag(inode, EXT4_INODE_INLINE_DATA) && + ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) { + ext4_error_inode(inode, function, line, 0, + "inode has both inline data and extents flags"); + ret = -EFSCORRUPTED; + goto bad_inode; + } inode->i_blocks = ext4_inode_blocks(raw_inode, ei); ei->i_file_acl = le32_to_cpu(raw_inode->i_file_acl_lo); if (ext4_has_feature_64bit(sb))

3 weeks, 1 day

2
1
0 0

[PATCH v3] s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump

by Gerd Bayer

Do not block PCI config accesses through pci_cfg_access_lock() when executing the s390 variant of PCI error recovery: Acquire just device_lock() instead of pci_dev_lock() as powerpc's EEH and generig PCI AER processing do. During error recovery testing a pair of tasks was reported to be hung: mlx5_core 0000:00:00.1: mlx5_health_try_recover:338:(pid 5553): health recovery flow aborted, PCI reads still not working INFO: task kmcheck:72 blocked for more than 122 seconds. Not tainted 5.14.0-570.12.1.bringup7.el9.s390x #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kmcheck state:D stack:0 pid:72 tgid:72 ppid:2 flags:0x00000000 Call Trace: [<000000065256f030>] __schedule+0x2a0/0x590 [<000000065256f356>] schedule+0x36/0xe0 [<000000065256f572>] schedule_preempt_disabled+0x22/0x30 [<0000000652570a94>] __mutex_lock.constprop.0+0x484/0x8a8 [<000003ff800673a4>] mlx5_unload_one+0x34/0x58 [mlx5_core] [<000003ff8006745c>] mlx5_pci_err_detected+0x94/0x140 [mlx5_core] [<0000000652556c5a>] zpci_event_attempt_error_recovery+0xf2/0x398 [<0000000651b9184a>] __zpci_event_error+0x23a/0x2c0 INFO: task kworker/u1664:6:1514 blocked for more than 122 seconds. Not tainted 5.14.0-570.12.1.bringup7.el9.s390x #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u1664:6 state:D stack:0 pid:1514 tgid:1514 ppid:2 flags:0x00000000 Workqueue: mlx5_health0000:00:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core] Call Trace: [<000000065256f030>] __schedule+0x2a0/0x590 [<000000065256f356>] schedule+0x36/0xe0 [<0000000652172e28>] pci_wait_cfg+0x80/0xe8 [<0000000652172f94>] pci_cfg_access_lock+0x74/0x88 [<000003ff800916b6>] mlx5_vsc_gw_lock+0x36/0x178 [mlx5_core] [<000003ff80098824>] mlx5_crdump_collect+0x34/0x1c8 [mlx5_core] [<000003ff80074b62>] mlx5_fw_fatal_reporter_dump+0x6a/0xe8 [mlx5_core] [<0000000652512242>] devlink_health_do_dump.part.0+0x82/0x168 [<0000000652513212>] devlink_health_report+0x19a/0x230 [<000003ff80075a12>] mlx5_fw_fatal_reporter_err_work+0xba/0x1b0 [mlx5_core] No kernel log of the exact same error with an upstream kernel is available - but the very same deadlock situation can be constructed there, too: - task: kmcheck mlx5_unload_one() tries to acquire devlink lock while the PCI error recovery code has set pdev->block_cfg_access by way of pci_cfg_access_lock() - task: kworker mlx5_crdump_collect() tries to set block_cfg_access through pci_cfg_access_lock() while devlink_health_report() had acquired the devlink lock. A similar deadlock situation can be reproduced by requesting a crdump with > devlink health dump show pci/<BDF> reporter fw_fatal while PCI error recovery is executed on the same <BDF> physical function by mlx5_core's pci_error_handlers. On s390 this can be injected with > zpcictl --reset-fw <BDF> Tests with this patch failed to reproduce that second deadlock situation, the devlink command is rejected with "kernel answers: Permission denied" - and we get a kernel log message of: mlx5_core 1ed0:00:00.1: mlx5_crdump_collect:50:(pid 254382): crdump: failed to lock vsc gw err -5 because the config read of VSC_SEMAPHORE is rejected by the underlying hardware. Two prior attempts to address this issue have been discussed and ultimately rejected [see link], with the primary argument that s390's implementation of PCI error recovery is imposing restrictions that neither powerpc's EEH nor PCI AER handling need. Tests show that PCI error recovery on s390 is running to completion even without blocking access to PCI config space. Link: https://lore.kernel.org/all/20251007144826.2825134-1-gbayer@linux.ibm.com/ Cc: stable(a)vger.kernel.org Fixes: 4cdf2f4e24ff ("s390/pci: implement minimal PCI error recovery") Reviewed-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Gerd Bayer <gbayer(a)linux.ibm.com> --- Hi Niklas, Shay, Jason, by now I believe fixing this in s390/pci is the right way to go, since the other PCI error recovery implementations apparently don't require this strict blocking of accesses to the PCI config space. Hi Alexander, Vasily, Heiko, while I sent this to netdev since prior versions were discussed there, I assume this patch will go through the s390 tree, right? Thanks, Gerd --- Changes in v3: - Incorporate changes to commit message as suggested by Niklas. - Link to v2: https://lore.kernel.org/r/20251015-fix_pcirecov_master-v2-1-e07962fe9558@li… Changes in v2: - Rebase to upstream master --- arch/s390/pci/pci_event.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index b95376041501f479eee20705d45fb8c68553da71..27db1e72c623f8a289cae457e87f0a9896ed241d 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -188,7 +188,7 @@ static pci_ers_result_t zpci_event_attempt_error_recovery(struct pci_dev *pdev) * is unbound or probed and that userspace can't access its * configuration space while we perform recovery. */ - pci_dev_lock(pdev); + device_lock(&pdev->dev); if (pdev->error_state == pci_channel_io_perm_failure) { ers_res = PCI_ERS_RESULT_DISCONNECT; goto out_unlock; @@ -257,7 +257,7 @@ static pci_ers_result_t zpci_event_attempt_error_recovery(struct pci_dev *pdev) driver->err_handler->resume(pdev); pci_uevent_ers(pdev, PCI_ERS_RESULT_RECOVERED); out_unlock: - pci_dev_unlock(pdev); + device_unlock(&pdev->dev); zpci_report_status(zdev, "recovery", status_str); return ers_res; --- base-commit: 9b332cece987ee1790b2ed4c989e28162fa47860 change-id: 20251015-fix_pcirecov_master-55fe3705c6c6 Best regards, -- Gerd Bayer <gbayer(a)linux.ibm.com>

3 weeks, 1 day

2
1
0 0

[PATCH 0/6] drm/panic: Fixes found with kunit.

by Jocelyn Falempe

A few fixes for drm panic, that I found when writing unit tests with kunit. Jocelyn Falempe (6): drm/panic: Fix drawing the logo on a small narrow screen drm/panic: Fix overlap between qr code and logo drm/panic: Fix qr_code, ensure vmargin is positive drm/panic: Fix kmsg text drawing rectangle drm/panic: Fix divide by 0 if the screen width < font width drm/panic: Fix 24bit pixel crossing page boundaries drivers/gpu/drm/drm_panic.c | 60 +++++++++++++++++++++++++++++++++---- 1 file changed, 54 insertions(+), 6 deletions(-) base-commit: e4bea919584ff292c9156cf7d641a2ab3cbe27b0 -- 2.51.0

3 weeks, 1 day

4
16
0 0

[PATCH] fs: Fix uninitialized 'offp' in statmount_string()

by Zhen Ni

In statmount_string(), most flags assign an output offset pointer (offp) which is later updated with the string offset. However, the STATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP cases directly set the struct fields instead of using offp. This leaves offp uninitialized, leading to a possible uninitialized dereference when *offp is updated. Fix it by assigning offp for UIDMAP and GIDMAP as well, keeping the code path consistent. Fixes: 37c4a9590e1e ("statmount: allow to retrieve idmappings") Cc: stable(a)vger.kernel.org Signed-off-by: Zhen Ni <zhen.ni(a)easystack.cn> --- fs/namespace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index d82910f33dc4..5b5ab2ae238b 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -5454,11 +5454,11 @@ static int statmount_string(struct kstatmount *s, u64 flag) ret = statmount_sb_source(s, seq); break; case STATMOUNT_MNT_UIDMAP: - sm->mnt_uidmap = start; + offp = &sm->mnt_uidmap; ret = statmount_mnt_uidmap(s, seq); break; case STATMOUNT_MNT_GIDMAP: - sm->mnt_gidmap = start; + offp = &sm->mnt_gidmap; ret = statmount_mnt_gidmap(s, seq); break; default: -- 2.20.1

3 weeks, 1 day

3
3
0 0

[PATCH 6.12.y] mm/ksm: fix flag-dropping behavior in ksm_madvise

by Jakub Acs

[ Upstream commit f04aad36a07cc17b7a5d5b9a2d386ce6fae63e93 ] syzkaller discovered the following crash: (kernel BUG) [ 44.607039] ------------[ cut here ]------------ [ 44.607422] kernel BUG at mm/userfaultfd.c:2067! [ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI [ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none) [ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460 <snip other registers, drop unreliable trace> [ 44.617726] Call Trace: [ 44.617926] <TASK> [ 44.619284] userfaultfd_release+0xef/0x1b0 [ 44.620976] __fput+0x3f9/0xb60 [ 44.621240] fput_close_sync+0x110/0x210 [ 44.622222] __x64_sys_close+0x8f/0x120 [ 44.622530] do_syscall_64+0x5b/0x2f0 [ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 44.623244] RIP: 0033:0x7f365bb3f227 Kernel panics because it detects UFFD inconsistency during userfaultfd_release_all(). Specifically, a VMA which has a valid pointer to vma->vm_userfaultfd_ctx, but no UFFD flags in vma->vm_flags. The inconsistency is caused in ksm_madvise(): when user calls madvise() with MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode, it accidentally clears all flags stored in the upper 32 bits of vma->vm_flags. Assuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and int are 32-bit wide. This setup causes the following mishap during the &= ~VM_MERGEABLE assignment. VM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000'0000. After ~ is applied, it becomes 0x7fff'ffff unsigned int, which is then promoted to unsigned long before the & operation. This promotion fills upper 32 bits with leading 0s, as we're doing unsigned conversion (and even for a signed conversion, this wouldn't help as the leading bit is 0). & operation thus ends up AND-ing vm_flags with 0x0000'0000'7fff'ffff instead of intended 0xffff'ffff'7fff'ffff and hence accidentally clears the upper 32-bits of its value. Fix it by changing `VM_MERGEABLE` constant to unsigned long, using the BIT() macro. Note: other VM_* flags are not affected: This only happens to the VM_MERGEABLE flag, as the other VM_* flags are all constants of type int and after ~ operation, they end up with leading 1 and are thus converted to unsigned long with leading 1s. Note 2: After commit 31defc3b01d9 ("userfaultfd: remove (VM_)BUG_ON()s"), this is no longer a kernel BUG, but a WARNING at the same place: [ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067 but the root-cause (flag-drop) remains the same. [akpm(a)linux-foundation.org: rust bindgen wasn't able to handle BIT(), from Miguel] Link: https://lore.kernel.org/oe-kbuild-all/202510030449.VfSaAjvd-lkp@intel.com/ Link: https://lkml.kernel.org/r/20251001090353.57523-2-acsjakub@amazon.de Fixes: 7677f7fd8be7 ("userfaultfd: add minor fault registration mode") Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: SeongJae Park <sj(a)kernel.org> Tested-by: Alice Ryhl <aliceryhl(a)google.com> Tested-by: Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> Cc: Xu Xin <xu.xin16(a)zte.com.cn> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [acsjakub(a)amazon.de: adjust context in bindgings_helper.h] Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> --- Tested that CONFIG_RUST=y builds with LLVM=1 with toolchain from https://mirrors.edge.kernel.org/pub/tools/llvm/rust/. include/linux/mm.h | 2 +- rust/bindings/bindings_helper.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index f0fa8404957d..13b4bd7355c1 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -320,7 +320,7 @@ extern unsigned int kobjsize(const void *objp); #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ #define VM_HUGEPAGE 0x20000000 /* MADV_HUGEPAGE marked this vma */ #define VM_NOHUGEPAGE 0x40000000 /* MADV_NOHUGEPAGE marked this vma */ -#define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ +#define VM_MERGEABLE BIT(31) /* KSM may merge identical pages */ #ifdef CONFIG_ARCH_USES_HIGH_VMA_FLAGS #define VM_HIGH_ARCH_BIT_0 32 /* bit only usable on 64-bit architectures */ diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h index a80783fcbe04..8b97919a86e2 100644 --- a/rust/bindings/bindings_helper.h +++ b/rust/bindings/bindings_helper.h @@ -33,3 +33,4 @@ const gfp_t RUST_CONST_HELPER___GFP_ZERO = __GFP_ZERO; const gfp_t RUST_CONST_HELPER___GFP_HIGHMEM = ___GFP_HIGHMEM; const gfp_t RUST_CONST_HELPER___GFP_NOWARN = ___GFP_NOWARN; const blk_features_t RUST_CONST_HELPER_BLK_FEAT_ROTATIONAL = BLK_FEAT_ROTATIONAL; +const vm_flags_t RUST_CONST_HELPER_VM_MERGEABLE = VM_MERGEABLE; -- 2.47.3 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

3 weeks, 1 day

1
0
0 0

[PATCH 6.6.y] mm/ksm: fix flag-dropping behavior in ksm_madvise

by Jakub Acs

[ Upstream commit f04aad36a07cc17b7a5d5b9a2d386ce6fae63e93 ] syzkaller discovered the following crash: (kernel BUG) [ 44.607039] ------------[ cut here ]------------ [ 44.607422] kernel BUG at mm/userfaultfd.c:2067! [ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI [ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none) [ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460 <snip other registers, drop unreliable trace> [ 44.617726] Call Trace: [ 44.617926] <TASK> [ 44.619284] userfaultfd_release+0xef/0x1b0 [ 44.620976] __fput+0x3f9/0xb60 [ 44.621240] fput_close_sync+0x110/0x210 [ 44.622222] __x64_sys_close+0x8f/0x120 [ 44.622530] do_syscall_64+0x5b/0x2f0 [ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 44.623244] RIP: 0033:0x7f365bb3f227 Kernel panics because it detects UFFD inconsistency during userfaultfd_release_all(). Specifically, a VMA which has a valid pointer to vma->vm_userfaultfd_ctx, but no UFFD flags in vma->vm_flags. The inconsistency is caused in ksm_madvise(): when user calls madvise() with MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode, it accidentally clears all flags stored in the upper 32 bits of vma->vm_flags. Assuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and int are 32-bit wide. This setup causes the following mishap during the &= ~VM_MERGEABLE assignment. VM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000'0000. After ~ is applied, it becomes 0x7fff'ffff unsigned int, which is then promoted to unsigned long before the & operation. This promotion fills upper 32 bits with leading 0s, as we're doing unsigned conversion (and even for a signed conversion, this wouldn't help as the leading bit is 0). & operation thus ends up AND-ing vm_flags with 0x0000'0000'7fff'ffff instead of intended 0xffff'ffff'7fff'ffff and hence accidentally clears the upper 32-bits of its value. Fix it by changing `VM_MERGEABLE` constant to unsigned long, using the BIT() macro. Note: other VM_* flags are not affected: This only happens to the VM_MERGEABLE flag, as the other VM_* flags are all constants of type int and after ~ operation, they end up with leading 1 and are thus converted to unsigned long with leading 1s. Note 2: After commit 31defc3b01d9 ("userfaultfd: remove (VM_)BUG_ON()s"), this is no longer a kernel BUG, but a WARNING at the same place: [ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067 but the root-cause (flag-drop) remains the same. [akpm(a)linux-foundation.org: rust bindgen wasn't able to handle BIT(), from Miguel] Link: https://lore.kernel.org/oe-kbuild-all/202510030449.VfSaAjvd-lkp@intel.com/ Link: https://lkml.kernel.org/r/20251001090353.57523-2-acsjakub@amazon.de Fixes: 7677f7fd8be7 ("userfaultfd: add minor fault registration mode") Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: SeongJae Park <sj(a)kernel.org> Tested-by: Alice Ryhl <aliceryhl(a)google.com> Tested-by: Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> Cc: Xu Xin <xu.xin16(a)zte.com.cn> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [acsjakub(a)amazon.de: adapt rust bindgen const to older versions] Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> --- I inferred the rust adaptation from the neighboring definitions. Could rust folks please also check that it makes sense? Tested that CONFIG_RUST=y builds with LLVM=1 with toolchain from https://mirrors.edge.kernel.org/pub/tools/llvm/rust/. include/linux/mm.h | 2 +- rust/bindings/bindings_helper.h | 2 ++ rust/bindings/lib.rs | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index ba77f08900ca..fa5b11452ae6 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -315,7 +315,7 @@ extern unsigned int kobjsize(const void *objp); #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ #define VM_HUGEPAGE 0x20000000 /* MADV_HUGEPAGE marked this vma */ #define VM_NOHUGEPAGE 0x40000000 /* MADV_NOHUGEPAGE marked this vma */ -#define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ +#define VM_MERGEABLE BIT(31) /* KSM may merge identical pages */ #ifdef CONFIG_ARCH_USES_HIGH_VMA_FLAGS #define VM_HIGH_ARCH_BIT_0 32 /* bit only usable on 64-bit architectures */ diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h index c91a3c24f607..5416f21918e0 100644 --- a/rust/bindings/bindings_helper.h +++ b/rust/bindings/bindings_helper.h @@ -12,8 +12,10 @@ #include <linux/refcount.h> #include <linux/wait.h> #include <linux/sched.h> +#include <linux/mm.h> /* `bindgen` gets confused at certain things. */ const size_t BINDINGS_ARCH_SLAB_MINALIGN = ARCH_SLAB_MINALIGN; const gfp_t BINDINGS_GFP_KERNEL = GFP_KERNEL; const gfp_t BINDINGS___GFP_ZERO = __GFP_ZERO; +const vm_flags_t BINDINGS_VM_MERGEABLE = VM_MERGEABLE; diff --git a/rust/bindings/lib.rs b/rust/bindings/lib.rs index 9bcbea04dac3..7d9078b94a8f 100644 --- a/rust/bindings/lib.rs +++ b/rust/bindings/lib.rs @@ -51,3 +51,4 @@ mod bindings_helper { pub const GFP_KERNEL: gfp_t = BINDINGS_GFP_KERNEL; pub const __GFP_ZERO: gfp_t = BINDINGS___GFP_ZERO; +pub const VM_MERGEABLE: vm_flags_t = BINDINGS_VM_MERGEABLE; -- 2.47.3 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

3 weeks, 1 day

1
0
0 0

[PATCH 6.1.y] mm/ksm: fix flag-dropping behavior in ksm_madvise

by Jakub Acs

[ Upstream commit f04aad36a07cc17b7a5d5b9a2d386ce6fae63e93 ] syzkaller discovered the following crash: (kernel BUG) [ 44.607039] ------------[ cut here ]------------ [ 44.607422] kernel BUG at mm/userfaultfd.c:2067! [ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI [ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none) [ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460 <snip other registers, drop unreliable trace> [ 44.617726] Call Trace: [ 44.617926] <TASK> [ 44.619284] userfaultfd_release+0xef/0x1b0 [ 44.620976] __fput+0x3f9/0xb60 [ 44.621240] fput_close_sync+0x110/0x210 [ 44.622222] __x64_sys_close+0x8f/0x120 [ 44.622530] do_syscall_64+0x5b/0x2f0 [ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 44.623244] RIP: 0033:0x7f365bb3f227 Kernel panics because it detects UFFD inconsistency during userfaultfd_release_all(). Specifically, a VMA which has a valid pointer to vma->vm_userfaultfd_ctx, but no UFFD flags in vma->vm_flags. The inconsistency is caused in ksm_madvise(): when user calls madvise() with MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode, it accidentally clears all flags stored in the upper 32 bits of vma->vm_flags. Assuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and int are 32-bit wide. This setup causes the following mishap during the &= ~VM_MERGEABLE assignment. VM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000'0000. After ~ is applied, it becomes 0x7fff'ffff unsigned int, which is then promoted to unsigned long before the & operation. This promotion fills upper 32 bits with leading 0s, as we're doing unsigned conversion (and even for a signed conversion, this wouldn't help as the leading bit is 0). & operation thus ends up AND-ing vm_flags with 0x0000'0000'7fff'ffff instead of intended 0xffff'ffff'7fff'ffff and hence accidentally clears the upper 32-bits of its value. Fix it by changing `VM_MERGEABLE` constant to unsigned long, using the BIT() macro. Note: other VM_* flags are not affected: This only happens to the VM_MERGEABLE flag, as the other VM_* flags are all constants of type int and after ~ operation, they end up with leading 1 and are thus converted to unsigned long with leading 1s. Note 2: After commit 31defc3b01d9 ("userfaultfd: remove (VM_)BUG_ON()s"), this is no longer a kernel BUG, but a WARNING at the same place: [ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067 but the root-cause (flag-drop) remains the same. [akpm(a)linux-foundation.org: rust bindgen wasn't able to handle BIT(), from Miguel] Link: https://lore.kernel.org/oe-kbuild-all/202510030449.VfSaAjvd-lkp@intel.com/ Link: https://lkml.kernel.org/r/20251001090353.57523-2-acsjakub@amazon.de Fixes: 7677f7fd8be7 ("userfaultfd: add minor fault registration mode") Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: SeongJae Park <sj(a)kernel.org> Tested-by: Alice Ryhl <aliceryhl(a)google.com> Tested-by: Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> Cc: Xu Xin <xu.xin16(a)zte.com.cn> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [acsjakub(a)amazon.de: adapt rust bindgen to older versions] Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> --- I inferred the rust adaptation from the neighboring definitions. Could rust folks please also check that it makes sense? Tested that CONFIG_RUST=y builds with LLVM=1 with toolchain from https://mirrors.edge.kernel.org/pub/tools/llvm/rust/ (used bindgen 0.56.0 from github, as it's no longer available at crates.io) include/linux/mm.h | 2 +- rust/bindings/bindings_helper.h | 2 ++ rust/bindings/lib.rs | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index 3bf7823e1097..44381ffaf34b 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -316,7 +316,7 @@ extern unsigned int kobjsize(const void *objp); #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ #define VM_HUGEPAGE 0x20000000 /* MADV_HUGEPAGE marked this vma */ #define VM_NOHUGEPAGE 0x40000000 /* MADV_NOHUGEPAGE marked this vma */ -#define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ +#define VM_MERGEABLE BIT(31) /* KSM may merge identical pages */ #ifdef CONFIG_ARCH_USES_HIGH_VMA_FLAGS #define VM_HIGH_ARCH_BIT_0 32 /* bit only usable on 64-bit architectures */ diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h index fdb4e11df3bd..2f5fd797955a 100644 --- a/rust/bindings/bindings_helper.h +++ b/rust/bindings/bindings_helper.h @@ -7,8 +7,10 @@ */ #include <linux/slab.h> +#include <linux/mm.h> /* `bindgen` gets confused at certain things. */ const size_t BINDINGS_ARCH_SLAB_MINALIGN = ARCH_SLAB_MINALIGN; const gfp_t BINDINGS_GFP_KERNEL = GFP_KERNEL; const gfp_t BINDINGS___GFP_ZERO = __GFP_ZERO; +const vm_flags_t BINDINGS_VM_MERGEABLE = VM_MERGEABLE; diff --git a/rust/bindings/lib.rs b/rust/bindings/lib.rs index 6c50ee62c56b..8cf84e899817 100644 --- a/rust/bindings/lib.rs +++ b/rust/bindings/lib.rs @@ -51,3 +51,4 @@ pub use bindings_raw::*; pub const GFP_KERNEL: gfp_t = BINDINGS_GFP_KERNEL; pub const __GFP_ZERO: gfp_t = BINDINGS___GFP_ZERO; +pub const VM_MERGEABLE: vm_flags_t = BINDINGS_VM_MERGEABLE; -- 2.47.3 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

3 weeks, 1 day

1
0
0 0

[tip: locking/core] locking/spinlock/debug: Fix data-race in do_raw_write_lock

by tip-bot2 for Alexander Sverdlin

The following commit has been merged into the locking/core branch of tip: Commit-ID: c14ecb555c3ee80eeb030a4e46d00e679537f03a Gitweb: https://git.kernel.org/tip/c14ecb555c3ee80eeb030a4e46d00e679537f03a Author: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> AuthorDate: Fri, 19 Sep 2025 11:12:38 +02:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Tue, 21 Oct 2025 12:31:55 +02:00 locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: do_raw_write_lock+0x120/0x204 _raw_write_lock_irq do_exit call_usermodehelper_exec_async ret_from_fork read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0: do_raw_write_lock+0x88/0x204 _raw_write_lock_irq do_exit call_usermodehelper_exec_async ret_from_fork value changed: 0xffffffff -> 0x00000001 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111 Commit 1a365e822372 ("locking/spinlock/debug: Fix various data races") has adressed most of these races, but seems to be not consistent/not complete. >From do_raw_write_lock() only debug_write_lock_after() part has been converted to WRITE_ONCE(), but not debug_write_lock_before() part. Do it now. Fixes: 1a365e822372 ("locking/spinlock/debug: Fix various data races") Reported-by: Adrian Freihofer <adrian.freihofer(a)siemens.com> Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Paul E. McKenney <paulmck(a)kernel.org> Acked-by: Waiman Long <longman(a)redhat.com> Cc: stable(a)vger.kernel.org --- kernel/locking/spinlock_debug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/locking/spinlock_debug.c b/kernel/locking/spinlock_debug.c index 87b03d2..2338b3a 100644 --- a/kernel/locking/spinlock_debug.c +++ b/kernel/locking/spinlock_debug.c @@ -184,8 +184,8 @@ void do_raw_read_unlock(rwlock_t *lock) static inline void debug_write_lock_before(rwlock_t *lock) { RWLOCK_BUG_ON(lock->magic != RWLOCK_MAGIC, lock, "bad magic"); - RWLOCK_BUG_ON(lock->owner == current, lock, "recursion"); - RWLOCK_BUG_ON(lock->owner_cpu == raw_smp_processor_id(), + RWLOCK_BUG_ON(READ_ONCE(lock->owner) == current, lock, "recursion"); + RWLOCK_BUG_ON(READ_ONCE(lock->owner_cpu) == raw_smp_processor_id(), lock, "cpu recursion"); }

3 weeks, 1 day

1
0
0 0

[PATCH 6.1 0/8] Backporting CVE-2025-38073 fix patch

by Mahmoud Adam

This series aims to fix the CVE-2025-38073 for 6.1 LTS. Which is fixed by c0e473a0d226 ("block: fix race between set_blocksize and read paths"). This patch is built on top multiple refactors that where merged on 6.6. The needed dependecies are: - e003f74afbd2 ("filemap: add a kiocb_invalidate_pages helper") - c402a9a9430b ("filemap: add a kiocb_invalidate_post_direct_write helper") - 182c25e9c157 ("filemap: update ki_pos in generic_perform_write") - 44fff0fa08ec ("fs: factor out a direct_write_fallback helper") - 727cfe976758 ("block: open code __generic_file_write_iter for blkdev writes") Also backport follow up fixes: - fb881cd76045 ("nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs()"). - 8287474aa5ff ("direct_write_fallback(): on error revert the ->ki_pos update from buffered write") Thanks, MNAdam Al Viro (1): direct_write_fallback(): on error revert the ->ki_pos update from buffered write Christoph Hellwig (5): filemap: add a kiocb_invalidate_pages helper filemap: add a kiocb_invalidate_post_direct_write helper filemap: update ki_pos in generic_perform_write fs: factor out a direct_write_fallback helper block: open code __generic_file_write_iter for blkdev writes Darrick J. Wong (1): block: fix race between set_blocksize and read paths Ryusuke Konishi (1): nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() block/bdev.c | 17 +++++ block/blk-zoned.c | 5 +- block/fops.c | 61 +++++++++++++++- block/ioctl.c | 6 ++ fs/ceph/file.c | 2 - fs/direct-io.c | 10 +-- fs/ext4/file.c | 9 +-- fs/f2fs/file.c | 1 - fs/iomap/direct-io.c | 12 +--- fs/libfs.c | 42 +++++++++++ fs/nfs/file.c | 1 - fs/nilfs2/the_nilfs.c | 3 - include/linux/fs.h | 7 +- include/linux/pagemap.h | 2 + mm/filemap.c | 154 +++++++++++++++++----------------------- 15 files changed, 205 insertions(+), 127 deletions(-) -- 2.47.3 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

3 weeks, 1 day

3
12
0 0

[PATCH v1 2/2] powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages

by David Hildenbrand

Let's properly adjust BALLOON_MIGRATE like the other drivers. Note that the INFLATE/DEFLATE events are triggered from the core when enqueueing/dequeueing pages. Not completely sure whether really is stable material, but the fix is trivial so let's just CC stable. This was found by code inspection. Fixes: fe030c9b85e6 ("powerpc/pseries/cmm: Implement balloon compaction") Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- arch/powerpc/platforms/pseries/cmm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/platforms/pseries/cmm.c b/arch/powerpc/platforms/pseries/cmm.c index 688f5fa1c7245..310dab4bc8679 100644 --- a/arch/powerpc/platforms/pseries/cmm.c +++ b/arch/powerpc/platforms/pseries/cmm.c @@ -532,6 +532,7 @@ static int cmm_migratepage(struct balloon_dev_info *b_dev_info, spin_lock_irqsave(&b_dev_info->pages_lock, flags); balloon_page_insert(b_dev_info, newpage); + __count_vm_event(BALLOON_MIGRATE); b_dev_info->isolated_pages--; spin_unlock_irqrestore(&b_dev_info->pages_lock, flags); -- 2.51.0

3 weeks, 1 day

1
0
0 0

[PATCH v1 1/2] powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION

by David Hildenbrand

We always have to initialize the balloon_dev_info, even when compaction is not configured in: otherwise the containing list and the lock are left uninitialized. Likely not many such configs exist in practice, but let's CC stable to be sure. This was found by code inspection. Fixes: fe030c9b85e6 ("powerpc/pseries/cmm: Implement balloon compaction") Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- arch/powerpc/platforms/pseries/cmm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/cmm.c b/arch/powerpc/platforms/pseries/cmm.c index 0823fa2da1516..688f5fa1c7245 100644 --- a/arch/powerpc/platforms/pseries/cmm.c +++ b/arch/powerpc/platforms/pseries/cmm.c @@ -550,7 +550,6 @@ static int cmm_migratepage(struct balloon_dev_info *b_dev_info, static void cmm_balloon_compaction_init(void) { - balloon_devinfo_init(&b_dev_info); b_dev_info.migratepage = cmm_migratepage; } #else /* CONFIG_BALLOON_COMPACTION */ @@ -572,6 +571,7 @@ static int cmm_init(void) if (!firmware_has_feature(FW_FEATURE_CMO) && !simulate) return -EOPNOTSUPP; + balloon_devinfo_init(&b_dev_info); cmm_balloon_compaction_init(); rc = register_oom_notifier(&cmm_oom_nb); -- 2.51.0

3 weeks, 1 day

1
0
0 0

[PATCH] rtc: amlogic-a4: fix double free caused by devm

by Haotian Zhang

The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the redundant clk_disable_unprepare() calls from the probe error path and aml_rtc_remove(), allowing the devm framework to automatically manage the clock lifecycle. Fixes: c89ac9182ee2 ("rtc: support for the Amlogic on-chip RTC") Signed-off-by: Haotian Zhang <vulab(a)iscas.ac.cn> --- drivers/rtc/rtc-amlogic-a4.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/rtc/rtc-amlogic-a4.c b/drivers/rtc/rtc-amlogic-a4.c index 1928b29c1045..ed36b649c057 100644 --- a/drivers/rtc/rtc-amlogic-a4.c +++ b/drivers/rtc/rtc-amlogic-a4.c @@ -390,7 +390,6 @@ static int aml_rtc_probe(struct platform_device *pdev) return 0; err_clk: - clk_disable_unprepare(rtc->sys_clk); device_init_wakeup(dev, false); return ret; @@ -425,7 +424,6 @@ static void aml_rtc_remove(struct platform_device *pdev) { struct aml_rtc_data *rtc = dev_get_drvdata(&pdev->dev); - clk_disable_unprepare(rtc->sys_clk); device_init_wakeup(&pdev->dev, false); } -- 2.25.1

3 weeks, 1 day

2
2
0 0

[PATCH 6.6.y] ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL

by Namjae Jeon

[ Upstream commit b2d99376c5d61eb60ffdb6c503e4b6c8f9712ddd ] ksmbd.mount will give each interfaces list and bind_interfaces_only flags to ksmbd server. Previously, the interfaces list was sent only when bind_interfaces_only was enabled. ksmbd server browse only interfaces list given from ksmbd.conf on FSCTL_QUERY_INTERFACE_INFO IOCTL. Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> --- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/server.h | 1 + fs/smb/server/smb2pdu.c | 4 ++ fs/smb/server/transport_ipc.c | 1 + fs/smb/server/transport_tcp.c | 69 ++++++++++++++++------------------- fs/smb/server/transport_tcp.h | 1 + 6 files changed, 41 insertions(+), 38 deletions(-) diff --git a/fs/smb/server/ksmbd_netlink.h b/fs/smb/server/ksmbd_netlink.h index c6c1844d4448..363501fc308a 100644 --- a/fs/smb/server/ksmbd_netlink.h +++ b/fs/smb/server/ksmbd_netlink.h @@ -108,8 +108,9 @@ struct ksmbd_startup_request { __u32 smb2_max_credits; /* MAX credits */ __u32 smbd_max_io_size; /* smbd read write size */ __u32 max_connections; /* Number of maximum simultaneous connections */ + __s8 bind_interfaces_only; __u32 max_ip_connections; /* Number of maximum connection per ip address */ - __u32 reserved[125]; /* Reserved room */ + __s8 reserved[499]; /* Reserved room */ __u32 ifc_list_sz; /* interfaces list size */ __s8 ____payload[]; } __packed; diff --git a/fs/smb/server/server.h b/fs/smb/server/server.h index d0744498ceed..48bd203abb44 100644 --- a/fs/smb/server/server.h +++ b/fs/smb/server/server.h @@ -46,6 +46,7 @@ struct ksmbd_server_config { unsigned int max_ip_connections; char *conf[SERVER_CONF_WORK_GROUP + 1]; + bool bind_interfaces_only; }; extern struct ksmbd_server_config server_conf; diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 93c31feab356..9a58c5a6f986 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -38,6 +38,7 @@ #include "mgmt/user_session.h" #include "mgmt/ksmbd_ida.h" #include "ndr.h" +#include "transport_tcp.h" static void __wbuf(struct ksmbd_work *work, void **req, void **rsp) { @@ -7790,6 +7791,9 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, if (netdev->type == ARPHRD_LOOPBACK) continue; + if (!ksmbd_find_netdev_name_iface_list(netdev->name)) + continue; + flags = dev_get_flags(netdev); if (!(flags & IFF_RUNNING)) continue; diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c index 80581a7bc1bc..354f7144c590 100644 --- a/fs/smb/server/transport_ipc.c +++ b/fs/smb/server/transport_ipc.c @@ -327,6 +327,7 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req) ret = ksmbd_set_netbios_name(req->netbios_name); ret |= ksmbd_set_server_string(req->server_string); ret |= ksmbd_set_work_group(req->work_group); + server_conf.bind_interfaces_only = req->bind_interfaces_only; ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req), req->ifc_list_sz); out: diff --git a/fs/smb/server/transport_tcp.c b/fs/smb/server/transport_tcp.c index c43a46511428..665d21d40e7a 100644 --- a/fs/smb/server/transport_tcp.c +++ b/fs/smb/server/transport_tcp.c @@ -551,30 +551,37 @@ static int create_socket(struct interface *iface) return ret; } +struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name) +{ + struct interface *iface; + + list_for_each_entry(iface, &iface_list, entry) + if (!strcmp(iface->name, netdev_name)) + return iface; + return NULL; +} + static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, void *ptr) { struct net_device *netdev = netdev_notifier_info_to_dev(ptr); struct interface *iface; - int ret, found = 0; + int ret; switch (event) { case NETDEV_UP: if (netif_is_bridge_port(netdev)) return NOTIFY_OK; - list_for_each_entry(iface, &iface_list, entry) { - if (!strcmp(iface->name, netdev->name)) { - found = 1; - if (iface->state != IFACE_STATE_DOWN) - break; - ret = create_socket(iface); - if (ret) - return NOTIFY_OK; - break; - } + iface = ksmbd_find_netdev_name_iface_list(netdev->name); + if (iface && iface->state == IFACE_STATE_DOWN) { + ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", + iface->name); + ret = create_socket(iface); + if (ret) + return NOTIFY_OK; } - if (!found && bind_additional_ifaces) { + if (!iface && bind_additional_ifaces) { iface = alloc_iface(kstrdup(netdev->name, GFP_KERNEL)); if (!iface) return NOTIFY_OK; @@ -584,19 +591,19 @@ static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, } break; case NETDEV_DOWN: - list_for_each_entry(iface, &iface_list, entry) { - if (!strcmp(iface->name, netdev->name) && - iface->state == IFACE_STATE_CONFIGURED) { - tcp_stop_kthread(iface->ksmbd_kthread); - iface->ksmbd_kthread = NULL; - mutex_lock(&iface->sock_release_lock); - tcp_destroy_socket(iface->ksmbd_socket); - iface->ksmbd_socket = NULL; - mutex_unlock(&iface->sock_release_lock); - - iface->state = IFACE_STATE_DOWN; - break; - } + iface = ksmbd_find_netdev_name_iface_list(netdev->name); + if (iface && iface->state == IFACE_STATE_CONFIGURED) { + ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", + iface->name); + tcp_stop_kthread(iface->ksmbd_kthread); + iface->ksmbd_kthread = NULL; + mutex_lock(&iface->sock_release_lock); + tcp_destroy_socket(iface->ksmbd_socket); + iface->ksmbd_socket = NULL; + mutex_unlock(&iface->sock_release_lock); + + iface->state = IFACE_STATE_DOWN; + break; } break; } @@ -665,18 +672,6 @@ int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) int sz = 0; if (!ifc_list_sz) { - struct net_device *netdev; - - rtnl_lock(); - for_each_netdev(&init_net, netdev) { - if (netif_is_bridge_port(netdev)) - continue; - if (!alloc_iface(kstrdup(netdev->name, GFP_KERNEL))) { - rtnl_unlock(); - return -ENOMEM; - } - } - rtnl_unlock(); bind_additional_ifaces = 1; return 0; } diff --git a/fs/smb/server/transport_tcp.h b/fs/smb/server/transport_tcp.h index 5925ec5df475..bf6a3d71f7a0 100644 --- a/fs/smb/server/transport_tcp.h +++ b/fs/smb/server/transport_tcp.h @@ -8,6 +8,7 @@ int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz); void ksmbd_free_transport(struct ksmbd_transport *kt); +struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name); int ksmbd_tcp_init(void); void ksmbd_tcp_destroy(void); -- 2.25.1

3 weeks, 1 day

1
1
0 0

+ crash-let-architecture-decide-crash-memory-export-to-iomem_resource.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: crash: let architecture decide crash memory export to iomem_resource has been added to the -mm mm-nonmm-unstable branch. Its filename is crash-let-architecture-decide-crash-memory-export-to-iomem_resource.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sourabh Jain <sourabhjain(a)linux.ibm.com> Subject: crash: let architecture decide crash memory export to iomem_resource Date: Thu, 16 Oct 2025 19:58:31 +0530 With the generic crashkernel reservation, the kernel emits the following warning on powerpc: WARNING: CPU: 0 PID: 1 at arch/powerpc/mm/mem.c:341 add_system_ram_resources+0xfc/0x180 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-auto-12607-g5472d60c129f #1 VOLUNTARY Hardware name: IBM,9080-HEX Power11 (architected) 0x820200 0xf000007 of:IBM,FW1110.01 (NH1110_069) hv:phyp pSeries NIP: c00000000201de3c LR: c00000000201de34 CTR: 0000000000000000 REGS: c000000127cef8a0 TRAP: 0700 Not tainted (6.17.0-auto-12607-g5472d60c129f) MSR: 8000000002029033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 84000840 XER: 20040010 CFAR: c00000000017eed0 IRQMASK: 0 GPR00: c00000000201de34 c000000127cefb40 c0000000016a8100 0000000000000001 GPR04: c00000012005aa00 0000000020000000 c000000002b705c8 0000000000000000 GPR08: 000000007fffffff fffffffffffffff0 c000000002db8100 000000011fffffff GPR12: c00000000201dd40 c000000002ff0000 c0000000000112bc 0000000000000000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 c0000000015a3808 GPR24: c00000000200468c c000000001699888 0000000000000106 c0000000020d1950 GPR28: c0000000014683f8 0000000081000200 c0000000015c1868 c000000002b9f710 NIP [c00000000201de3c] add_system_ram_resources+0xfc/0x180 LR [c00000000201de34] add_system_ram_resources+0xf4/0x180 Call Trace: add_system_ram_resources+0xf4/0x180 (unreliable) do_one_initcall+0x60/0x36c do_initcalls+0x120/0x220 kernel_init_freeable+0x23c/0x390 kernel_init+0x34/0x26c ret_from_kernel_user_thread+0x14/0x1c This warning occurs due to a conflict between crashkernel and System RAM iomem resources. The generic crashkernel reservation adds the crashkernel memory range to /proc/iomem during early initialization. Later, all memblock ranges are added to /proc/iomem as System RAM. If the crashkernel region overlaps with any memblock range, it causes a conflict while adding those memblock regions as iomem resources, triggering the above warning. The conflicting memblock regions are then omitted from /proc/iomem. For example, if the following crashkernel region is added to /proc/iomem: 20000000-11fffffff : Crash kernel then the following memblock regions System RAM regions fail to be inserted: 00000000-7fffffff : System RAM 80000000-257fffffff : System RAM Fix this by not adding the crashkernel memory to /proc/iomem on powerpc. Introduce an architecture hook to let each architecture decide whether to export the crashkernel region to /proc/iomem. For more info checkout commit c40dd2f766440 ("powerpc: Add System RAM to /proc/iomem") and commit bce074bdbc36 ("powerpc: insert System RAM resource to prevent crashkernel conflict") Note: Before switching to the generic crashkernel reservation, powerpc never exported the crashkernel region to /proc/iomem. Link: https://lkml.kernel.org/r/20251016142831.144515-1-sourabhjain@linux.ibm.com Fixes: e3185ee438c2 ("powerpc/crash: use generic crashkernel reservation"). Signed-off-by: Sourabh Jain <sourabhjain(a)linux.ibm.com> Reported-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Closes: https://lore.kernel.org/all/90937fe0-2e76-4c82-b27e-7b8a7fe3ac69@linux.ibm.… Cc: Baoquan he <bhe(a)redhat.com> Cc: Hari Bathini <hbathini(a)linux.ibm.com> Cc: Madhavan Srinivasan <maddy(a)linux.ibm.com> Cc: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/powerpc/include/asm/crash_reserve.h | 8 ++++++++ include/linux/crash_reserve.h | 6 ++++++ kernel/crash_reserve.c | 3 +++ 3 files changed, 17 insertions(+) --- a/arch/powerpc/include/asm/crash_reserve.h~crash-let-architecture-decide-crash-memory-export-to-iomem_resource +++ a/arch/powerpc/include/asm/crash_reserve.h @@ -5,4 +5,12 @@ /* crash kernel regions are Page size agliged */ #define CRASH_ALIGN PAGE_SIZE +#ifdef CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION +static inline bool arch_add_crash_res_to_iomem(void) +{ + return false; +} +#define arch_add_crash_res_to_iomem arch_add_crash_res_to_iomem +#endif + #endif /* _ASM_POWERPC_CRASH_RESERVE_H */ --- a/include/linux/crash_reserve.h~crash-let-architecture-decide-crash-memory-export-to-iomem_resource +++ a/include/linux/crash_reserve.h @@ -32,6 +32,12 @@ int __init parse_crashkernel(char *cmdli void __init reserve_crashkernel_cma(unsigned long long cma_size); #ifdef CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION +#ifndef arch_add_crash_res_to_iomem +static inline bool arch_add_crash_res_to_iomem(void) +{ + return true; +} +#endif #ifndef DEFAULT_CRASH_KERNEL_LOW_SIZE #define DEFAULT_CRASH_KERNEL_LOW_SIZE (128UL << 20) #endif --- a/kernel/crash_reserve.c~crash-let-architecture-decide-crash-memory-export-to-iomem_resource +++ a/kernel/crash_reserve.c @@ -524,6 +524,9 @@ void __init reserve_crashkernel_cma(unsi #ifndef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY static __init int insert_crashkernel_resources(void) { + if (!arch_add_crash_res_to_iomem()) + return 0; + if (crashk_res.start < crashk_res.end) insert_resource(&iomem_resource, &crashk_res); _ Patches currently in -mm which might be from sourabhjain(a)linux.ibm.com are crash-let-architecture-decide-crash-memory-export-to-iomem_resource.patch

3 weeks, 1 day

2
1
0 0

[PATCH rtw-next] wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1

by Zenm Chen

Add USB ID 2001:3328 for D-Link AN3U rev. A1 which is a RTL8192FU-based Wi-Fi adapter. Compile tested only. Cc: stable(a)vger.kernel.org # 6.6.x Signed-off-by: Zenm Chen <zenmchen(a)gmail.com> --- Link to the Windows driver for D-Link AN3U rev. A1 https://www.dlinktw.com.tw/techsupport/ProductInfo.aspx?m=AN3U --- drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/realtek/rtl8xxxu/core.c b/drivers/net/wireless/realtek/rtl8xxxu/core.c index 3ded59527..be39463bd 100644 --- a/drivers/net/wireless/realtek/rtl8xxxu/core.c +++ b/drivers/net/wireless/realtek/rtl8xxxu/core.c @@ -8136,6 +8136,9 @@ static const struct usb_device_id dev_table[] = { /* TP-Link TL-WN823N V2 */ {USB_DEVICE_AND_INTERFACE_INFO(0x2357, 0x0135, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192fu_fops}, +/* D-Link AN3U rev. A1 */ +{USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x3328, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192fu_fops}, #ifdef CONFIG_RTL8XXXU_UNTESTED /* Still supported by rtlwifi */ {USB_DEVICE_AND_INTERFACE_INFO(USB_VENDOR_ID_REALTEK, 0x8176, 0xff, 0xff, 0xff), -- 2.51.0

3 weeks, 1 day

2
7
0 0

[PATCH] scsi: wd33c93: fix buffer overflow in SCSI message-in handling

by Yuhao Jiang

A buffer overflow vulnerability exists in the wd33c93 SCSI driver's message handling where missing bounds checking allows a malicious SCSI device to overflow the incoming_msg[] buffer and corrupt kernel memory. The issue occurs because: - incoming_msg[] is a fixed 8-byte buffer (line 235 in wd33c93.h) - wd33c93_intr() writes to incoming_msg[incoming_ptr] without validating incoming_ptr is within bounds (line 935) - For EXTENDED_MESSAGE, incoming_ptr increments based on the device- supplied length field (line 1085) with no maximum check - The validation at line 1001 only checks if the message is complete, not if it exceeds buffer size This allows an attacker controlling a SCSI device to craft an extended message with length field 0xFF, causing the driver to write 256 bytes into an 8-byte buffer. This can corrupt adjacent fields in the WD33C93_hostdata structure including function pointers, potentially leading to arbitrary code execution. Add bounds checking in the MESSAGE_IN handler to ensure incoming_ptr does not exceed buffer capacity before writing. Reject oversized messages per SCSI protocol by sending MESSAGE_REJECT. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- drivers/scsi/wd33c93.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/scsi/wd33c93.c b/drivers/scsi/wd33c93.c index dd1fef9226f2..2d50a0a01726 100644 --- a/drivers/scsi/wd33c93.c +++ b/drivers/scsi/wd33c93.c @@ -932,6 +932,19 @@ wd33c93_intr(struct Scsi_Host *instance) sr = read_wd33c93(regs, WD_SCSI_STATUS); /* clear interrupt */ udelay(7); + /* Prevent buffer overflow from malicious extended messages */ + if (hostdata->incoming_ptr >= sizeof(hostdata->incoming_msg)) { + printk("wd33c93: Incoming message too long, rejecting\n"); + hostdata->incoming_ptr = 0; + write_wd33c93_cmd(regs, WD_CMD_ASSERT_ATN); + hostdata->outgoing_msg[0] = MESSAGE_REJECT; + hostdata->outgoing_len = 1; + write_wd33c93_cmd(regs, WD_CMD_NEGATE_ACK); + hostdata->state = S_CONNECTED; + spin_unlock_irqrestore(&hostdata->lock, flags); + break; + } + hostdata->incoming_msg[hostdata->incoming_ptr] = msg; if (hostdata->incoming_msg[0] == EXTENDED_MESSAGE) msg = EXTENDED_MESSAGE; -- 2.34.1

3 weeks, 1 day

2
1
0 0

【年に一度】SBIポイントで豪華賞品を交換 — 在庫がなくなり次第終了No.11641

by SBI証券

平素よりSBI証券をご利用いただき、誠にありがとうございます。SBI証券では、日頃のご愛顧に感謝を込めて、年に一度だけの「ポイント交換キャンペーン」を開催しております。お客様の現在の保有ポイントは以下のとおりです。保有ポイント28,810ポイント本キャンペーンでは、貯まったポイントを豪華賞品と交換いただけます。交換は先着順で、在庫がなくなり次第終了となります。交換は以下のページからお手続きください。ポイント交換ページhttps://www.sbisec.co.jp/member/point/交換可能賞品の一例キャンペーン終了日：2025年10月21日・Apple iPad（第9世代 Wi-Fiモデル 64GB）【限定100台／残り15台】・Dyson コードレス掃除機【限定200台／残り90台】・Apple Watch SE（GPSモデル）・BALMUDA The Toaster（バルミューダトースター）・JCBギフトカード（5,000円分）・SBIオリジナル記念グッズ（非売品）この「年に一度の特別企画」は、例年多くのお客様にご参加いただいております。人気商品の在庫はすでに残りわずかです。ご注意・本キャンペーンは年に一度のみの開催です。・在庫がなくなり次第、予告なく終了いたします。・ポイント交換後の変更・キャンセルはお受けできません。一年に一度の特別なチャンスを、ぜひお見逃しなく。この機会にポイント交換をご利用ください。 SBI証券株式会社東京都港区六本木1-6-1 泉ガーデンタワーhttps://www.sbisec.co.jp/ © 2025 SBI SECURITIES Co., Ltd.

3 weeks, 1 day

1
0
0 0

ksmbd: add max ip connections parameter: backport problem 6.6

by Hauke Mehrtens

Hi, I think the backport of "ksmbd: add max ip connections parameter" to kernel 6.6 breaks the ksmbd ABI. See here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… The "struct ksmbd_startup_request" is part of the ABI. The user space tool expects there the additional attribute: __s8 bind_interfaces_only; See: https://github.com/cifsd-team/ksmbd-tools/commit/3b7d4b4c02ddeb81ed3e68b623… Which was added in b2d99376c5d6 "ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL". Hauke

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] jbd2: ensure that all ongoing I/O complete before freeing" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 3c652c3a71de1d30d72dc82c3bead8deb48eb749 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102030-hurt-surplus-ab8e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3c652c3a71de1d30d72dc82c3bead8deb48eb749 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Tue, 16 Sep 2025 17:33:36 +0800 Subject: [PATCH] jbd2: ensure that all ongoing I/O complete before freeing blocks When releasing file system metadata blocks in jbd2_journal_forget(), if this buffer has not yet been checkpointed, it may have already been written back, currently be in the process of being written back, or has not yet written back. jbd2_journal_forget() calls jbd2_journal_try_remove_checkpoint() to check the buffer's status and add it to the current transaction if it has not been written back. This buffer can only be reallocated after the transaction is committed. jbd2_journal_try_remove_checkpoint() attempts to lock the buffer and check its dirty status while holding the buffer lock. If the buffer has already been written back, everything proceeds normally. However, there are two issues. First, the function returns immediately if the buffer is locked by the write-back process. It does not wait for the write-back to complete. Consequently, until the current transaction is committed and the block is reallocated, there is no guarantee that the I/O will complete. This means that ongoing I/O could write stale metadata to the newly allocated block, potentially corrupting data. Second, the function unlocks the buffer as soon as it detects that the buffer is still dirty. If a concurrent write-back occurs immediately after this unlocking and before clear_buffer_dirty() is called in jbd2_journal_forget(), data corruption can theoretically still occur. Although these two issues are unlikely to occur in practice since the undergoing metadata writeback I/O does not take this long to complete, it's better to explicitly ensure that all ongoing I/O operations are completed. Fixes: 597599268e3b ("jbd2: discard dirty data when forgetting an un-journalled buffer") Cc: stable(a)kernel.org Suggested-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Message-ID: <20250916093337.3161016-2-yi.zhang(a)huaweicloud.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index c7867139af69..3e510564de6e 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -1659,6 +1659,7 @@ int jbd2_journal_forget(handle_t *handle, struct buffer_head *bh) int drop_reserve = 0; int err = 0; int was_modified = 0; + int wait_for_writeback = 0; if (is_handle_aborted(handle)) return -EROFS; @@ -1782,18 +1783,22 @@ int jbd2_journal_forget(handle_t *handle, struct buffer_head *bh) } /* - * The buffer is still not written to disk, we should - * attach this buffer to current transaction so that the - * buffer can be checkpointed only after the current - * transaction commits. + * The buffer has not yet been written to disk. We should + * either clear the buffer or ensure that the ongoing I/O + * is completed, and attach this buffer to current + * transaction so that the buffer can be checkpointed only + * after the current transaction commits. */ clear_buffer_dirty(bh); + wait_for_writeback = 1; __jbd2_journal_file_buffer(jh, transaction, BJ_Forget); spin_unlock(&journal->j_list_lock); } drop: __brelse(bh); spin_unlock(&jh->b_state_lock); + if (wait_for_writeback) + wait_on_buffer(bh); jbd2_journal_put_journal_head(jh); if (drop_reserve) { /* no need to reserve log space for this block -bzzz */

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] vfs: Don't leak disconnected dentries on umount" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 56094ad3eaa21e6621396cc33811d8f72847a834 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102042-tactical-subtract-5775@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 56094ad3eaa21e6621396cc33811d8f72847a834 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Thu, 2 Oct 2025 17:55:07 +0200 Subject: [PATCH] vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail to find the dentry we are trying to reconnect and instead create a new dentry under the parent. Now this dentry will not be marked as disconnected although the parent still may well be disconnected (at least in case this inconsistency happened because the fs is corrupted and .. doesn't point to the real parent directory). This creates inconsistency in disconnected flags but AFAICS it was mostly harmless. At least until commit f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") which removed adding of most disconnected dentries to sb->s_anon list. Thus after this commit cleanup of disconnected dentries implicitely relies on the fact that dput() will immediately reclaim such dentries. However when some leaf dentry isn't marked as disconnected, as in the scenario described above, the reclaim doesn't happen and the dentries are "leaked". Memory reclaim can eventually reclaim them but otherwise they stay in memory and if umount comes first, we hit infamous "Busy inodes after unmount" bug. Make sure all dentries created under a disconnected parent are marked as disconnected as well. Reported-by: syzbot+1d79ebe5383fc016cf07(a)syzkaller.appspotmail.com Fixes: f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/dcache.c b/fs/dcache.c index a067fa0a965a..035cccbc9276 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2557,6 +2557,8 @@ struct dentry *d_alloc_parallel(struct dentry *parent, spin_lock(&parent->d_lock); new->d_parent = dget_dlock(parent); hlist_add_head(&new->d_sib, &parent->d_children); + if (parent->d_flags & DCACHE_DISCONNECTED) + new->d_flags |= DCACHE_DISCONNECTED; spin_unlock(&parent->d_lock); retry:

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] vfs: Don't leak disconnected dentries on umount" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 56094ad3eaa21e6621396cc33811d8f72847a834 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102041-bonus-amid-8eda@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 56094ad3eaa21e6621396cc33811d8f72847a834 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Thu, 2 Oct 2025 17:55:07 +0200 Subject: [PATCH] vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail to find the dentry we are trying to reconnect and instead create a new dentry under the parent. Now this dentry will not be marked as disconnected although the parent still may well be disconnected (at least in case this inconsistency happened because the fs is corrupted and .. doesn't point to the real parent directory). This creates inconsistency in disconnected flags but AFAICS it was mostly harmless. At least until commit f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") which removed adding of most disconnected dentries to sb->s_anon list. Thus after this commit cleanup of disconnected dentries implicitely relies on the fact that dput() will immediately reclaim such dentries. However when some leaf dentry isn't marked as disconnected, as in the scenario described above, the reclaim doesn't happen and the dentries are "leaked". Memory reclaim can eventually reclaim them but otherwise they stay in memory and if umount comes first, we hit infamous "Busy inodes after unmount" bug. Make sure all dentries created under a disconnected parent are marked as disconnected as well. Reported-by: syzbot+1d79ebe5383fc016cf07(a)syzkaller.appspotmail.com Fixes: f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/dcache.c b/fs/dcache.c index a067fa0a965a..035cccbc9276 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2557,6 +2557,8 @@ struct dentry *d_alloc_parallel(struct dentry *parent, spin_lock(&parent->d_lock); new->d_parent = dget_dlock(parent); hlist_add_head(&new->d_sib, &parent->d_children); + if (parent->d_flags & DCACHE_DISCONNECTED) + new->d_flags |= DCACHE_DISCONNECTED; spin_unlock(&parent->d_lock); retry:

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4b47a8601b71ad98833b447d465592d847b4dc77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102009-buckskin-tweet-87b7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b47a8601b71ad98833b447d465592d847b4dc77 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Thu, 11 Sep 2025 11:12:06 -0400 Subject: [PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. Reported-by: Robert Morris <rtm(a)csail.mit.edu> Closes: https://lore.kernel.org/linux-nfs/152f99b2-ba35-4dec-93a9-4690e625dccd@orac… Cc: Thomas Haynes <loghyr(a)hammerspace.com> Cc: stable(a)vger.kernel.org Fixes: 9b9960a0ca47 ("nfsd: Add a super simple flex file server") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/flexfilelayout.c b/fs/nfsd/flexfilelayout.c index c318cf74e388..0f1a35400cd5 100644 --- a/fs/nfsd/flexfilelayout.c +++ b/fs/nfsd/flexfilelayout.c @@ -125,6 +125,13 @@ nfsd4_ff_proc_getdeviceinfo(struct super_block *sb, struct svc_rqst *rqstp, return 0; } +static __be32 +nfsd4_ff_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, + struct nfsd4_layoutcommit *lcp) +{ + return nfs_ok; +} + const struct nfsd4_layout_ops ff_layout_ops = { .notify_types = NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, @@ -133,4 +140,5 @@ const struct nfsd4_layout_ops ff_layout_ops = { .encode_getdeviceinfo = nfsd4_ff_encode_getdeviceinfo, .proc_layoutget = nfsd4_ff_proc_layoutget, .encode_layoutget = nfsd4_ff_encode_layoutget, + .proc_layoutcommit = nfsd4_ff_proc_layoutcommit, };

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] vfs: Don't leak disconnected dentries on umount" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 56094ad3eaa21e6621396cc33811d8f72847a834 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102040-uninstall-uneatable-a789@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 56094ad3eaa21e6621396cc33811d8f72847a834 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Thu, 2 Oct 2025 17:55:07 +0200 Subject: [PATCH] vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail to find the dentry we are trying to reconnect and instead create a new dentry under the parent. Now this dentry will not be marked as disconnected although the parent still may well be disconnected (at least in case this inconsistency happened because the fs is corrupted and .. doesn't point to the real parent directory). This creates inconsistency in disconnected flags but AFAICS it was mostly harmless. At least until commit f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") which removed adding of most disconnected dentries to sb->s_anon list. Thus after this commit cleanup of disconnected dentries implicitely relies on the fact that dput() will immediately reclaim such dentries. However when some leaf dentry isn't marked as disconnected, as in the scenario described above, the reclaim doesn't happen and the dentries are "leaked". Memory reclaim can eventually reclaim them but otherwise they stay in memory and if umount comes first, we hit infamous "Busy inodes after unmount" bug. Make sure all dentries created under a disconnected parent are marked as disconnected as well. Reported-by: syzbot+1d79ebe5383fc016cf07(a)syzkaller.appspotmail.com Fixes: f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/dcache.c b/fs/dcache.c index a067fa0a965a..035cccbc9276 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2557,6 +2557,8 @@ struct dentry *d_alloc_parallel(struct dentry *parent, spin_lock(&parent->d_lock); new->d_parent = dget_dlock(parent); hlist_add_head(&new->d_sib, &parent->d_children); + if (parent->d_flags & DCACHE_DISCONNECTED) + new->d_flags |= DCACHE_DISCONNECTED; spin_unlock(&parent->d_lock); retry:

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4b47a8601b71ad98833b447d465592d847b4dc77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102040-always-thirty-b345@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b47a8601b71ad98833b447d465592d847b4dc77 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Thu, 11 Sep 2025 11:12:06 -0400 Subject: [PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. Reported-by: Robert Morris <rtm(a)csail.mit.edu> Closes: https://lore.kernel.org/linux-nfs/152f99b2-ba35-4dec-93a9-4690e625dccd@orac… Cc: Thomas Haynes <loghyr(a)hammerspace.com> Cc: stable(a)vger.kernel.org Fixes: 9b9960a0ca47 ("nfsd: Add a super simple flex file server") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/flexfilelayout.c b/fs/nfsd/flexfilelayout.c index c318cf74e388..0f1a35400cd5 100644 --- a/fs/nfsd/flexfilelayout.c +++ b/fs/nfsd/flexfilelayout.c @@ -125,6 +125,13 @@ nfsd4_ff_proc_getdeviceinfo(struct super_block *sb, struct svc_rqst *rqstp, return 0; } +static __be32 +nfsd4_ff_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, + struct nfsd4_layoutcommit *lcp) +{ + return nfs_ok; +} + const struct nfsd4_layout_ops ff_layout_ops = { .notify_types = NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, @@ -133,4 +140,5 @@ const struct nfsd4_layout_ops ff_layout_ops = { .encode_getdeviceinfo = nfsd4_ff_encode_getdeviceinfo, .proc_layoutget = nfsd4_ff_proc_layoutget, .encode_layoutget = nfsd4_ff_encode_layoutget, + .proc_layoutcommit = nfsd4_ff_proc_layoutcommit, };

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4b47a8601b71ad98833b447d465592d847b4dc77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102023-trade-spud-e81a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b47a8601b71ad98833b447d465592d847b4dc77 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Thu, 11 Sep 2025 11:12:06 -0400 Subject: [PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. Reported-by: Robert Morris <rtm(a)csail.mit.edu> Closes: https://lore.kernel.org/linux-nfs/152f99b2-ba35-4dec-93a9-4690e625dccd@orac… Cc: Thomas Haynes <loghyr(a)hammerspace.com> Cc: stable(a)vger.kernel.org Fixes: 9b9960a0ca47 ("nfsd: Add a super simple flex file server") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/flexfilelayout.c b/fs/nfsd/flexfilelayout.c index c318cf74e388..0f1a35400cd5 100644 --- a/fs/nfsd/flexfilelayout.c +++ b/fs/nfsd/flexfilelayout.c @@ -125,6 +125,13 @@ nfsd4_ff_proc_getdeviceinfo(struct super_block *sb, struct svc_rqst *rqstp, return 0; } +static __be32 +nfsd4_ff_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, + struct nfsd4_layoutcommit *lcp) +{ + return nfs_ok; +} + const struct nfsd4_layout_ops ff_layout_ops = { .notify_types = NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, @@ -133,4 +140,5 @@ const struct nfsd4_layout_ops ff_layout_ops = { .encode_getdeviceinfo = nfsd4_ff_encode_getdeviceinfo, .proc_layoutget = nfsd4_ff_proc_layoutget, .encode_layoutget = nfsd4_ff_encode_layoutget, + .proc_layoutcommit = nfsd4_ff_proc_layoutcommit, };

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] vfs: Don't leak disconnected dentries on umount" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 56094ad3eaa21e6621396cc33811d8f72847a834 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102039-unmasking-zero-2258@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 56094ad3eaa21e6621396cc33811d8f72847a834 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Thu, 2 Oct 2025 17:55:07 +0200 Subject: [PATCH] vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail to find the dentry we are trying to reconnect and instead create a new dentry under the parent. Now this dentry will not be marked as disconnected although the parent still may well be disconnected (at least in case this inconsistency happened because the fs is corrupted and .. doesn't point to the real parent directory). This creates inconsistency in disconnected flags but AFAICS it was mostly harmless. At least until commit f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") which removed adding of most disconnected dentries to sb->s_anon list. Thus after this commit cleanup of disconnected dentries implicitely relies on the fact that dput() will immediately reclaim such dentries. However when some leaf dentry isn't marked as disconnected, as in the scenario described above, the reclaim doesn't happen and the dentries are "leaked". Memory reclaim can eventually reclaim them but otherwise they stay in memory and if umount comes first, we hit infamous "Busy inodes after unmount" bug. Make sure all dentries created under a disconnected parent are marked as disconnected as well. Reported-by: syzbot+1d79ebe5383fc016cf07(a)syzkaller.appspotmail.com Fixes: f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/dcache.c b/fs/dcache.c index a067fa0a965a..035cccbc9276 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2557,6 +2557,8 @@ struct dentry *d_alloc_parallel(struct dentry *parent, spin_lock(&parent->d_lock); new->d_parent = dget_dlock(parent); hlist_add_head(&new->d_sib, &parent->d_children); + if (parent->d_flags & DCACHE_DISCONNECTED) + new->d_flags |= DCACHE_DISCONNECTED; spin_unlock(&parent->d_lock); retry:

3 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4b47a8601b71ad98833b447d465592d847b4dc77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102006-approach-hesitancy-3614@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b47a8601b71ad98833b447d465592d847b4dc77 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Thu, 11 Sep 2025 11:12:06 -0400 Subject: [PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. Reported-by: Robert Morris <rtm(a)csail.mit.edu> Closes: https://lore.kernel.org/linux-nfs/152f99b2-ba35-4dec-93a9-4690e625dccd@orac… Cc: Thomas Haynes <loghyr(a)hammerspace.com> Cc: stable(a)vger.kernel.org Fixes: 9b9960a0ca47 ("nfsd: Add a super simple flex file server") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/flexfilelayout.c b/fs/nfsd/flexfilelayout.c index c318cf74e388..0f1a35400cd5 100644 --- a/fs/nfsd/flexfilelayout.c +++ b/fs/nfsd/flexfilelayout.c @@ -125,6 +125,13 @@ nfsd4_ff_proc_getdeviceinfo(struct super_block *sb, struct svc_rqst *rqstp, return 0; } +static __be32 +nfsd4_ff_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, + struct nfsd4_layoutcommit *lcp) +{ + return nfs_ok; +} + const struct nfsd4_layout_ops ff_layout_ops = { .notify_types = NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, @@ -133,4 +140,5 @@ const struct nfsd4_layout_ops ff_layout_ops = { .encode_getdeviceinfo = nfsd4_ff_encode_getdeviceinfo, .proc_layoutget = nfsd4_ff_proc_layoutget, .encode_layoutget = nfsd4_ff_encode_layoutget, + .proc_layoutcommit = nfsd4_ff_proc_layoutcommit, };

3 weeks, 2 days

2
1
0 0