- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.12 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/serial/renesas,rsci.yaml | 2 Documentation/process/2.Process.rst | 6 Makefile | 2 arch/arm64/include/asm/alternative.h | 7 arch/arm64/kernel/alternative.c | 19 +- arch/arm64/kernel/module.c | 9 - arch/loongarch/kernel/machine_kexec.c | 2 arch/x86/include/asm/kvm_host.h | 9 + arch/x86/kvm/svm/svm.c | 24 +-- arch/x86/kvm/x86.c | 21 ++ crypto/zstd.c | 7 drivers/acpi/acpi_mrrm.c | 43 ++++- drivers/bluetooth/btrtl.c | 24 +-- drivers/comedi/comedi_fops.c | 42 +++++ drivers/comedi/drivers/c6xdigio.c | 46 ++++-- drivers/comedi/drivers/multiq3.c | 9 + drivers/comedi/drivers/pcl818.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 - drivers/hid/hid-apple.c | 1 drivers/hid/hid-elecom.c | 6 drivers/hid/hid-ids.h | 4 drivers/hid/hid-input.c | 5 drivers/hid/hid-lenovo.c | 17 ++ drivers/hid/hid-quirks.c | 3 drivers/iio/adc/ad4080.c | 9 - drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 drivers/nvme/host/core.c | 3 drivers/pinctrl/qcom/pinctrl-msm.c | 2 drivers/platform/x86/acer-wmi.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 25 +++ drivers/platform/x86/amd/pmc/pmc.c | 3 drivers/platform/x86/amd/pmc/pmc.h | 1 drivers/platform/x86/hp/hp-wmi.c | 6 drivers/platform/x86/huawei-wmi.c | 4 drivers/platform/x86/intel/hid.c | 1 drivers/platform/x86/intel/uncore-frequency/uncore-frequency.c | 4 drivers/spi/spi-imx.c | 15 +- drivers/spi/spi-xilinx.c | 2 drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 + drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 + drivers/tty/serial/8250/8250_pci.c | 37 +++++ drivers/tty/serial/sh-sci.c | 12 + drivers/usb/serial/belkin_sa.c | 28 ++- drivers/usb/serial/ftdi_sio.c | 72 +++------- drivers/usb/serial/kobil_sct.c | 18 +- drivers/usb/serial/option.c | 22 ++- fs/bfs/inode.c | 19 ++ fs/ext4/inline.c | 14 + fs/jbd2/transaction.c | 19 +- fs/smb/client/fs_context.c | 2 fs/smb/server/transport_ipc.c | 7 kernel/locking/spinlock_debug.c | 4 kernel/sched/ext.c | 4 kernel/trace/ftrace.c | 40 ++++- samples/vfs/test-statx.c | 6 samples/watch_queue/watch_test.c | 6 sound/hda/codecs/realtek/alc269.c | 9 + sound/soc/sdca/sdca_functions.c | 3 sound/usb/quirks.c | 6 61 files changed, 559 insertions(+), 207 deletions(-) Adrian Barnaś (1): arm64: Reject modules with internal alternative callbacks Alexander Sverdlin (1): locking/spinlock/debug: Fix data-race in do_raw_write_lock Alexey Nepomnyashih (1): ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alvaro Gamez Machado (1): spi: xilinx: increase number of retries before declaring stall Antheas Kapenekakis (3): platform/x86/amd/pmc: Add support for Van Gogh SoC platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally Antoniu Miclaus (1): iio: adc: ad4080: fix chip identification April Grimoire (1): HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf (1): platform/x86: acer-wmi: Ignore backlight event Bagas Sanjaya (1): Documentation: process: Also mention Sasha Levin as stable tree maintainer Baojun Xu (1): ALSA: hda/tas2781: Add new quirk for HP new projects Biju Das (2): dt-bindings: serial: rsci: Drop "uart-has-rtscts: false" serial: sh-sci: Fix deadlock during RSCI FIFO overrun error Deepanshu Kartikey (1): ext4: refresh inline data size before write operations Edip Hazuri (1): platform/x86: hp-wmi: mark Victus 16-r0 and 16-s0 for victus_s fan and thermal profile support Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FE910C04 new compositions USB: serial: option: move Telit 0x10c7 composition in the right place Giovanni Cabiddu (1): crypto: zstd - fix double-free in per-CPU stream cleanup Greg Kroah-Hartman (1): Linux 6.17.12 Harish Kasiviswanathan (1): drm/amdkfd: Fix GPU mappings for APU after prefetch Huacai Chen (1): LoongArch: Mask all interrupts during kexec/kdump Ian Abbott (1): comedi: c6xdigio: Fix invalid PNP driver unregistration Ian Forbes (1): drm/vmwgfx: Use kref in vmw_bo_dirty Jia Ston (1): platform/x86: huawei-wmi: add keys for HONOR models Johan Hovold (3): USB: serial: ftdi_sio: match on interface number for jtag USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Kaushlendra Kumar (1): ACPI: MRRM: Fix memory leaks and improve error handling Keith Busch (1): nvme: fix admin request_queue lifetime Krishna Chomal (1): platform/x86: hp-wmi: Add Omen 16-wf1xxx fan support Kuppuswamy Sathyanarayanan (1): platform/x86: intel-uncore-freq: Add additional client processors Lauri Tirkkonen (1): HID: lenovo: fixup Lenovo Yoga Slim 7x Keyboard rdesc Linus Torvalds (1): samples: work around glibc redefining some of our defines wrong Lushih Hsieh (1): ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Magne Bruno (1): serial: add support of CPCI cards Marcos Vega (1): platform/x86: hp-wmi: Add Omen MAX 16-ah0xx fan support and thermal profile Mario Limonciello (AMD) (1): HID: hid-input: Extend Elan ignore battery quirk to USB Max Chou (1): Bluetooth: btrtl: Avoid loading the config file on security chips Naoki Ueki (1): HID: elecom: Add support for ELECOM M-XT3URBK (018F) Navaneeth K (3): staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Nikita Zhandarovich (3): comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() comedi: multiq3: sanitize config options in multiq3_attach() comedi: check device's attached status in compat ioctls Niranjan H Y (1): ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list Omar Sandoval (1): KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Praveen Talari (1): pinctrl: qcom: msm: Fix deadlock in pinmux configuration Qianchang Zhao (1): ksmbd: ipc: fix use-after-free in ipc_msg_send_request Robin Gong (1): spi: imx: keep dma request disabled before dma transfer setup Slark Xiao (1): USB: serial: option: add Foxconn T99W760 Song Liu (1): ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Srinivas Pandruvada (1): platform/x86/intel/hid: Add Nova Lake support Tetsuo Handa (1): bfs: Reconstruct file type when loading from disk Ye Bin (1): jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Yiqi Sun (1): smb: fix invalid username check in smb3_fs_context_parse_param() Zenm Chen (2): wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Zqiang (2): sched_ext: Fix possible deadlock in the deferred_irq_workfn() sched_ext: Use IRQ_WORK_INIT_HARD() to initialize rq->scx.kick_cpus_irq_work

6 days

1
1
0 0

Linux 6.12.62

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.62 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/process/2.Process.rst | 6 +- Makefile | 2 arch/loongarch/kernel/machine_kexec.c | 2 arch/x86/include/asm/kvm_host.h | 9 +++ arch/x86/kvm/svm/svm.c | 24 ++++---- arch/x86/kvm/x86.c | 21 +++++++ drivers/bluetooth/btrtl.c | 24 ++++---- drivers/bus/mhi/host/pci_generic.c | 52 ++++++++++++++++++ drivers/comedi/comedi_fops.c | 42 ++++++++++++-- drivers/comedi/drivers/c6xdigio.c | 46 ++++++++++++--- drivers/comedi/drivers/multiq3.c | 9 +++ drivers/comedi/drivers/pcl818.c | 5 - drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 +--- drivers/hid/hid-apple.c | 1 drivers/hid/hid-elecom.c | 6 +- drivers/hid/hid-ids.h | 3 - drivers/hid/hid-input.c | 5 + drivers/hid/hid-quirks.c | 3 - drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 drivers/nvme/host/core.c | 3 - drivers/pinctrl/qcom/pinctrl-msm.c | 2 drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/amd/pmc/pmc-quirks.c | 25 ++++++++ drivers/platform/x86/huawei-wmi.c | 4 + drivers/spi/spi-imx.c | 15 +++-- drivers/spi/spi-xilinx.c | 2 drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 ++-- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 +++- drivers/tty/serial/8250/8250_pci.c | 37 ++++++++++++ drivers/usb/serial/belkin_sa.c | 28 +++++---- drivers/usb/serial/ftdi_sio.c | 72 ++++++++----------------- drivers/usb/serial/kobil_sct.c | 18 +++--- drivers/usb/serial/option.c | 22 ++++++- fs/bfs/inode.c | 19 ++++++ fs/ext4/inline.c | 14 ++++ fs/jbd2/transaction.c | 19 ++++-- fs/smb/client/fs_context.c | 2 fs/smb/server/transport_ipc.c | 7 +- include/net/xfrm.h | 13 +--- kernel/locking/spinlock_debug.c | 4 - kernel/trace/ftrace.c | 40 ++++++++++--- net/ipv4/ipcomp.c | 2 net/ipv6/ipcomp6.c | 2 net/ipv6/xfrm6_tunnel.c | 2 net/key/af_key.c | 2 net/xfrm/xfrm_ipcomp.c | 1 net/xfrm/xfrm_state.c | 41 +++++--------- net/xfrm/xfrm_user.c | 2 samples/vfs/test-statx.c | 6 ++ samples/watch_queue/watch_test.c | 6 ++ sound/usb/quirks.c | 6 ++ 53 files changed, 520 insertions(+), 206 deletions(-) Alexander Sverdlin (1): locking/spinlock/debug: Fix data-race in do_raw_write_lock Alexey Nepomnyashih (1): ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alvaro Gamez Machado (1): spi: xilinx: increase number of retries before declaring stall Antheas Kapenekakis (2): platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally April Grimoire (1): HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf (1): platform/x86: acer-wmi: Ignore backlight event Bagas Sanjaya (1): Documentation: process: Also mention Sasha Levin as stable tree maintainer Daniele Palmas (2): bus: mhi: host: pci_generic: Add Telit FN920C04 modem support bus: mhi: host: pci_generic: Add Telit FN990B40 modem support Deepanshu Kartikey (1): ext4: refresh inline data size before write operations Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FE910C04 new compositions USB: serial: option: move Telit 0x10c7 composition in the right place Greg Kroah-Hartman (1): Linux 6.12.62 Harish Kasiviswanathan (1): drm/amdkfd: Fix GPU mappings for APU after prefetch Huacai Chen (1): LoongArch: Mask all interrupts during kexec/kdump Ian Abbott (1): comedi: c6xdigio: Fix invalid PNP driver unregistration Ian Forbes (1): drm/vmwgfx: Use kref in vmw_bo_dirty Jia Ston (1): platform/x86: huawei-wmi: add keys for HONOR models Johan Hovold (3): USB: serial: ftdi_sio: match on interface number for jtag USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Keith Busch (1): nvme: fix admin request_queue lifetime Linus Torvalds (1): samples: work around glibc redefining some of our defines wrong Lushih Hsieh (1): ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Magne Bruno (1): serial: add support of CPCI cards Mario Limonciello (AMD) (1): HID: hid-input: Extend Elan ignore battery quirk to USB Max Chou (1): Bluetooth: btrtl: Avoid loading the config file on security chips Naoki Ueki (1): HID: elecom: Add support for ELECOM M-XT3URBK (018F) Navaneeth K (3): staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Nikita Zhandarovich (3): comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() comedi: multiq3: sanitize config options in multiq3_attach() comedi: check device's attached status in compat ioctls Omar Sandoval (1): KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Praveen Talari (1): pinctrl: qcom: msm: Fix deadlock in pinmux configuration Qianchang Zhao (1): ksmbd: ipc: fix use-after-free in ipc_msg_send_request Robin Gong (1): spi: imx: keep dma request disabled before dma transfer setup Sabrina Dubroca (4): xfrm: delete x->tunnel as we delete x Revert "xfrm: destroy xfrm_state synchronously on net exit path" xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added xfrm: flush all states in xfrm_state_fini Slark Xiao (1): USB: serial: option: add Foxconn T99W760 Song Liu (1): ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Tetsuo Handa (1): bfs: Reconstruct file type when loading from disk Ye Bin (1): jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Yiqi Sun (1): smb: fix invalid username check in smb3_fs_context_parse_param() Zenm Chen (2): wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1

6 days

1
1
0 0

[PATCH 5.15.y] mmc: core: use sysfs_emit() instead of sprintf()

by Chen Yu

From: Sergey Shtylyov <s.shtylyov(a)omp.ru> [ Upstream commit f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11 ] sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/717729b2-d65b-c72e-9fac-471d28d00b5a@omp.ru Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Chen Yu <xnguchen(a)sina.cn> --- drivers/mmc/core/bus.c | 9 +++++---- drivers/mmc/core/bus.h | 3 ++- drivers/mmc/core/mmc.c | 16 ++++++++-------- drivers/mmc/core/sd.c | 25 ++++++++++++------------- drivers/mmc/core/sdio.c | 5 +++-- drivers/mmc/core/sdio_bus.c | 7 ++++--- 6 files changed, 34 insertions(+), 31 deletions(-) diff --git a/drivers/mmc/core/bus.c b/drivers/mmc/core/bus.c index c25c58473a91..c80d61780ea9 100644 --- a/drivers/mmc/core/bus.c +++ b/drivers/mmc/core/bus.c @@ -15,6 +15,7 @@ #include <linux/stat.h> #include <linux/of.h> #include <linux/pm_runtime.h> +#include <linux/sysfs.h> #include <linux/mmc/card.h> #include <linux/mmc/host.h> @@ -34,13 +35,13 @@ static ssize_t type_show(struct device *dev, switch (card->type) { case MMC_TYPE_MMC: - return sprintf(buf, "MMC\n"); + return sysfs_emit(buf, "MMC\n"); case MMC_TYPE_SD: - return sprintf(buf, "SD\n"); + return sysfs_emit(buf, "SD\n"); case MMC_TYPE_SDIO: - return sprintf(buf, "SDIO\n"); + return sysfs_emit(buf, "SDIO\n"); case MMC_TYPE_SD_COMBO: - return sprintf(buf, "SDcombo\n"); + return sysfs_emit(buf, "SDcombo\n"); default: return -EFAULT; } diff --git a/drivers/mmc/core/bus.h b/drivers/mmc/core/bus.h index 8105852c4b62..3996b191b68d 100644 --- a/drivers/mmc/core/bus.h +++ b/drivers/mmc/core/bus.h @@ -9,6 +9,7 @@ #define _MMC_CORE_BUS_H #include <linux/device.h> +#include <linux/sysfs.h> struct mmc_host; struct mmc_card; @@ -17,7 +18,7 @@ struct mmc_card; static ssize_t mmc_##name##_show (struct device *dev, struct device_attribute *attr, char *buf) \ { \ struct mmc_card *card = mmc_dev_to_card(dev); \ - return sprintf(buf, fmt, args); \ + return sysfs_emit(buf, fmt, args); \ } \ static DEVICE_ATTR(name, S_IRUGO, mmc_##name##_show, NULL) diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c index a56906633ddf..958bd901a136 100644 --- a/drivers/mmc/core/mmc.c +++ b/drivers/mmc/core/mmc.c @@ -12,6 +12,7 @@ #include <linux/slab.h> #include <linux/stat.h> #include <linux/pm_runtime.h> +#include <linux/sysfs.h> #include <linux/mmc/host.h> #include <linux/mmc/card.h> @@ -812,12 +813,11 @@ static ssize_t mmc_fwrev_show(struct device *dev, { struct mmc_card *card = mmc_dev_to_card(dev); - if (card->ext_csd.rev < 7) { - return sprintf(buf, "0x%x\n", card->cid.fwrev); - } else { - return sprintf(buf, "0x%*phN\n", MMC_FIRMWARE_LEN, - card->ext_csd.fwrev); - } + if (card->ext_csd.rev < 7) + return sysfs_emit(buf, "0x%x\n", card->cid.fwrev); + else + return sysfs_emit(buf, "0x%*phN\n", MMC_FIRMWARE_LEN, + card->ext_csd.fwrev); } static DEVICE_ATTR(fwrev, S_IRUGO, mmc_fwrev_show, NULL); @@ -830,10 +830,10 @@ static ssize_t mmc_dsr_show(struct device *dev, struct mmc_host *host = card->host; if (card->csd.dsr_imp && host->dsr_req) - return sprintf(buf, "0x%x\n", host->dsr); + return sysfs_emit(buf, "0x%x\n", host->dsr); else /* return default DSR value */ - return sprintf(buf, "0x%x\n", 0x404); + return sysfs_emit(buf, "0x%x\n", 0x404); } static DEVICE_ATTR(dsr, S_IRUGO, mmc_dsr_show, NULL); diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index 592166e53dce..46ca73c17c4c 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -12,6 +12,7 @@ #include <linux/slab.h> #include <linux/stat.h> #include <linux/pm_runtime.h> +#include <linux/sysfs.h> #include <linux/mmc/host.h> #include <linux/mmc/card.h> @@ -707,18 +708,16 @@ MMC_DEV_ATTR(ocr, "0x%08x\n", card->ocr); MMC_DEV_ATTR(rca, "0x%04x\n", card->rca); -static ssize_t mmc_dsr_show(struct device *dev, - struct device_attribute *attr, - char *buf) +static ssize_t mmc_dsr_show(struct device *dev, struct device_attribute *attr, + char *buf) { - struct mmc_card *card = mmc_dev_to_card(dev); - struct mmc_host *host = card->host; - - if (card->csd.dsr_imp && host->dsr_req) - return sprintf(buf, "0x%x\n", host->dsr); - else - /* return default DSR value */ - return sprintf(buf, "0x%x\n", 0x404); + struct mmc_card *card = mmc_dev_to_card(dev); + struct mmc_host *host = card->host; + + if (card->csd.dsr_imp && host->dsr_req) + return sysfs_emit(buf, "0x%x\n", host->dsr); + /* return default DSR value */ + return sysfs_emit(buf, "0x%x\n", 0x404); } static DEVICE_ATTR(dsr, S_IRUGO, mmc_dsr_show, NULL); @@ -734,9 +733,9 @@ static ssize_t info##num##_show(struct device *dev, struct device_attribute *att \ if (num > card->num_info) \ return -ENODATA; \ - if (!card->info[num-1][0]) \ + if (!card->info[num - 1][0]) \ return 0; \ - return sprintf(buf, "%s\n", card->info[num-1]); \ + return sysfs_emit(buf, "%s\n", card->info[num - 1]); \ } \ static DEVICE_ATTR_RO(info##num) diff --git a/drivers/mmc/core/sdio.c b/drivers/mmc/core/sdio.c index cbc9ca0dd56e..53c8f71af966 100644 --- a/drivers/mmc/core/sdio.c +++ b/drivers/mmc/core/sdio.c @@ -7,6 +7,7 @@ #include <linux/err.h> #include <linux/pm_runtime.h> +#include <linux/sysfs.h> #include <linux/mmc/host.h> #include <linux/mmc/card.h> @@ -40,9 +41,9 @@ static ssize_t info##num##_show(struct device *dev, struct device_attribute *att \ if (num > card->num_info) \ return -ENODATA; \ - if (!card->info[num-1][0]) \ + if (!card->info[num - 1][0]) \ return 0; \ - return sprintf(buf, "%s\n", card->info[num-1]); \ + return sysfs_emit(buf, "%s\n", card->info[num - 1]); \ } \ static DEVICE_ATTR_RO(info##num) diff --git a/drivers/mmc/core/sdio_bus.c b/drivers/mmc/core/sdio_bus.c index f6cdec00e97e..f191a2a76f3b 100644 --- a/drivers/mmc/core/sdio_bus.c +++ b/drivers/mmc/core/sdio_bus.c @@ -14,6 +14,7 @@ #include <linux/pm_runtime.h> #include <linux/pm_domain.h> #include <linux/acpi.h> +#include <linux/sysfs.h> #include <linux/mmc/card.h> #include <linux/mmc/host.h> @@ -35,7 +36,7 @@ field##_show(struct device *dev, struct device_attribute *attr, char *buf) \ struct sdio_func *func; \ \ func = dev_to_sdio_func (dev); \ - return sprintf(buf, format_string, args); \ + return sysfs_emit(buf, format_string, args); \ } \ static DEVICE_ATTR_RO(field) @@ -52,9 +53,9 @@ static ssize_t info##num##_show(struct device *dev, struct device_attribute *att \ if (num > func->num_info) \ return -ENODATA; \ - if (!func->info[num-1][0]) \ + if (!func->info[num - 1][0]) \ return 0; \ - return sprintf(buf, "%s\n", func->info[num-1]); \ + return sysfs_emit(buf, "%s\n", func->info[num - 1]); \ } \ static DEVICE_ATTR_RO(info##num) -- 2.17.1

6 days, 1 hour

2
1
0 0

[PATCHSET v2 sched_ext/for-6.19-fixes] sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq()

by Tejun Heo

Hello, move_local_task_to_local_dsq() was missing post-enqueue handling which matters now that scx_bpf_dsq_move() can be called while the CPU is busy. v2: Updated commit messages and added Cc stable. v1: http://lkml.kernel.org/r/20251211224809.3383633-1-tj@kernel.org 0001-sched_ext-Factor-out-local_dsq_post_enq-from-dispatc.patch 0002-sched_ext-Fix-missing-post-enqueue-handling-in-move_.patch Based on sched_ext/for-6.19-fixes (9f769637a93f). diffstat: kernel/sched/ext.c | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) -- tejun

6 days, 2 hours

2
5
0 0

Follow-Up: LDI 2025 Attendee List + 20% Discount

by Juanita Garcia

Hi, Just checking in to see if you had a moment to review my earlier message. As you have been an exhibitor at Live Design International 2025 We have the final updated attendee list of verified contacts 16,537 of people including last-minute registers and walk-ins to the show, and all are confirmed Opt-in and Verified contacts Special :20% reduction on our compliant contact data. If you’d like more details, just let me know or reply “Send me pricing.” Best regards, Juanita Garcia Sr. Marketing Manager If you prefer not to receive updates, reply “Not Interested.”

6 days, 2 hours

1
0
0 0

[PATCH 5/5] drm/tests: shmem: Hold reservation lock around purge

by Thomas Zimmermann

Acquire and release the GEM object's reservation lock around calls to the object's purge operation. The tests use drm_gem_shmem_purge_locked(), which led to errors such as show below. [ 58.709128] WARNING: CPU: 1 PID: 1354 at drivers/gpu/drm/drm_gem_shmem_helper.c:515 drm_gem_shmem_purge_locked+0x51c/0x740 Only export the new helper drm_gem_shmem_purge() for Kunit tests. This is not an interface for regular drivers. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 954907f7147d ("drm/shmem-helper: Refactor locked/unlocked functions") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.16+ --- drivers/gpu/drm/drm_gem_shmem_helper.c | 15 +++++++++++++++ drivers/gpu/drm/tests/drm_gem_shmem_test.c | 4 +++- include/drm/drm_gem_shmem_helper.h | 1 + 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c index 4ffcf6ed46f5..dfc24392cb61 100644 --- a/drivers/gpu/drm/drm_gem_shmem_helper.c +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -939,6 +939,21 @@ int drm_gem_shmem_madvise(struct drm_gem_shmem_object *shmem, int madv) return ret; } EXPORT_SYMBOL_IF_KUNIT(drm_gem_shmem_madvise); + +int drm_gem_shmem_purge(struct drm_gem_shmem_object *shmem) +{ + struct drm_gem_object *obj = &shmem->base; + int ret; + + ret = dma_resv_lock_interruptible(obj->resv, NULL); + if (ret) + return ret; + drm_gem_shmem_purge_locked(shmem); + dma_resv_unlock(obj->resv); + + return 0; +} +EXPORT_SYMBOL_IF_KUNIT(drm_gem_shmem_purge); #endif MODULE_DESCRIPTION("DRM SHMEM memory-management helpers"); diff --git a/drivers/gpu/drm/tests/drm_gem_shmem_test.c b/drivers/gpu/drm/tests/drm_gem_shmem_test.c index d639848e3c8e..4b459f21acfd 100644 --- a/drivers/gpu/drm/tests/drm_gem_shmem_test.c +++ b/drivers/gpu/drm/tests/drm_gem_shmem_test.c @@ -340,7 +340,9 @@ static void drm_gem_shmem_test_purge(struct kunit *test) ret = drm_gem_shmem_is_purgeable(shmem); KUNIT_EXPECT_TRUE(test, ret); - drm_gem_shmem_purge_locked(shmem); + ret = drm_gem_shmem_purge(shmem); + KUNIT_ASSERT_EQ(test, ret, 0); + KUNIT_EXPECT_NULL(test, shmem->pages); KUNIT_EXPECT_NULL(test, shmem->sgt); KUNIT_EXPECT_EQ(test, shmem->madv, -1); diff --git a/include/drm/drm_gem_shmem_helper.h b/include/drm/drm_gem_shmem_helper.h index 3dd93e2df709..8d56970d7eed 100644 --- a/include/drm/drm_gem_shmem_helper.h +++ b/include/drm/drm_gem_shmem_helper.h @@ -311,6 +311,7 @@ struct drm_gem_object *drm_gem_shmem_prime_import_no_map(struct drm_device *dev, int drm_gem_shmem_vmap(struct drm_gem_shmem_object *shmem, struct iosys_map *map); void drm_gem_shmem_vunmap(struct drm_gem_shmem_object *shmem, struct iosys_map *map); int drm_gem_shmem_madvise(struct drm_gem_shmem_object *shmem, int madv); +int drm_gem_shmem_purge(struct drm_gem_shmem_object *shmem); #endif #endif /* __DRM_GEM_SHMEM_HELPER_H__ */ -- 2.52.0

6 days, 2 hours

1
0
0 0

[PATCH 4/5] drm/tests: shmem: Hold reservation lock around madvise

by Thomas Zimmermann

Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drm_gem_shmem_madvise_locked(), which led to errors such as show below. [ 58.339389] WARNING: CPU: 1 PID: 1352 at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140 Only export the new helper drm_gem_shmem_madvise() for Kunit tests. This is not an interface for regular drivers. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 954907f7147d ("drm/shmem-helper: Refactor locked/unlocked functions") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.16+ --- drivers/gpu/drm/drm_gem_shmem_helper.c | 15 +++++++++++++++ drivers/gpu/drm/tests/drm_gem_shmem_test.c | 8 ++++---- include/drm/drm_gem_shmem_helper.h | 1 + 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c index 06ef4e5adb7d..4ffcf6ed46f5 100644 --- a/drivers/gpu/drm/drm_gem_shmem_helper.c +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -924,6 +924,21 @@ void drm_gem_shmem_vunmap(struct drm_gem_shmem_object *shmem, struct iosys_map * dma_resv_unlock(obj->resv); } EXPORT_SYMBOL_IF_KUNIT(drm_gem_shmem_vunmap); + +int drm_gem_shmem_madvise(struct drm_gem_shmem_object *shmem, int madv) +{ + struct drm_gem_object *obj = &shmem->base; + int ret; + + ret = dma_resv_lock_interruptible(obj->resv, NULL); + if (ret) + return ret; + ret = drm_gem_shmem_madvise_locked(shmem, madv); + dma_resv_unlock(obj->resv); + + return ret; +} +EXPORT_SYMBOL_IF_KUNIT(drm_gem_shmem_madvise); #endif MODULE_DESCRIPTION("DRM SHMEM memory-management helpers"); diff --git a/drivers/gpu/drm/tests/drm_gem_shmem_test.c b/drivers/gpu/drm/tests/drm_gem_shmem_test.c index 3e7c6f20fbcc..d639848e3c8e 100644 --- a/drivers/gpu/drm/tests/drm_gem_shmem_test.c +++ b/drivers/gpu/drm/tests/drm_gem_shmem_test.c @@ -292,17 +292,17 @@ static void drm_gem_shmem_test_madvise(struct kunit *test) ret = kunit_add_action_or_reset(test, drm_gem_shmem_free_wrapper, shmem); KUNIT_ASSERT_EQ(test, ret, 0); - ret = drm_gem_shmem_madvise_locked(shmem, 1); + ret = drm_gem_shmem_madvise(shmem, 1); KUNIT_EXPECT_TRUE(test, ret); KUNIT_ASSERT_EQ(test, shmem->madv, 1); /* Set madv to a negative value */ - ret = drm_gem_shmem_madvise_locked(shmem, -1); + ret = drm_gem_shmem_madvise(shmem, -1); KUNIT_EXPECT_FALSE(test, ret); KUNIT_ASSERT_EQ(test, shmem->madv, -1); /* Check that madv cannot be set back to a positive value */ - ret = drm_gem_shmem_madvise_locked(shmem, 0); + ret = drm_gem_shmem_madvise(shmem, 0); KUNIT_EXPECT_FALSE(test, ret); KUNIT_ASSERT_EQ(test, shmem->madv, -1); } @@ -330,7 +330,7 @@ static void drm_gem_shmem_test_purge(struct kunit *test) ret = drm_gem_shmem_is_purgeable(shmem); KUNIT_EXPECT_FALSE(test, ret); - ret = drm_gem_shmem_madvise_locked(shmem, 1); + ret = drm_gem_shmem_madvise(shmem, 1); KUNIT_EXPECT_TRUE(test, ret); /* The scatter/gather table will be freed by drm_gem_shmem_free */ diff --git a/include/drm/drm_gem_shmem_helper.h b/include/drm/drm_gem_shmem_helper.h index 6924ee226655..3dd93e2df709 100644 --- a/include/drm/drm_gem_shmem_helper.h +++ b/include/drm/drm_gem_shmem_helper.h @@ -310,6 +310,7 @@ struct drm_gem_object *drm_gem_shmem_prime_import_no_map(struct drm_device *dev, #if IS_ENABLED(CONFIG_KUNIT) int drm_gem_shmem_vmap(struct drm_gem_shmem_object *shmem, struct iosys_map *map); void drm_gem_shmem_vunmap(struct drm_gem_shmem_object *shmem, struct iosys_map *map); +int drm_gem_shmem_madvise(struct drm_gem_shmem_object *shmem, int madv); #endif #endif /* __DRM_GEM_SHMEM_HELPER_H__ */ -- 2.52.0

6 days, 2 hours

1
0
0 0

[PATCH 3/5] drm/tests: shmem: Hold reservation lock around vmap/vunmap

by Thomas Zimmermann

Acquire and release the GEM object's reservation lock around vmap and vunmap operations. The tests use vmap_locked, which led to errors such as show below. [ 122.292030] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:390 drm_gem_shmem_vmap_locked+0x3a3/0x6f0 [ 122.468066] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:293 drm_gem_shmem_pin_locked+0x1fe/0x350 [ 122.563504] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:234 drm_gem_shmem_get_pages_locked+0x23c/0x370 [ 122.662248] WARNING: CPU: 2 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:452 drm_gem_shmem_vunmap_locked+0x101/0x330 Only export the new vmap/vunmap helpers for Kunit tests. These are not interfaces for regular drivers. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 954907f7147d ("drm/shmem-helper: Refactor locked/unlocked functions") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.16+ --- drivers/gpu/drm/drm_gem_shmem_helper.c | 33 ++++++++++++++++++++++ drivers/gpu/drm/tests/drm_gem_shmem_test.c | 6 ++-- include/drm/drm_gem_shmem_helper.h | 9 ++++++ 3 files changed, 46 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c index dc94a27710e5..06ef4e5adb7d 100644 --- a/drivers/gpu/drm/drm_gem_shmem_helper.c +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -15,6 +15,8 @@ #include <asm/set_memory.h> #endif +#include <kunit/visibility.h> + #include <drm/drm.h> #include <drm/drm_device.h> #include <drm/drm_drv.h> @@ -893,6 +895,37 @@ struct drm_gem_object *drm_gem_shmem_prime_import_no_map(struct drm_device *dev, } EXPORT_SYMBOL_GPL(drm_gem_shmem_prime_import_no_map); +/* + * Kunit helpers + */ + +#if IS_ENABLED(CONFIG_KUNIT) +int drm_gem_shmem_vmap(struct drm_gem_shmem_object *shmem, struct iosys_map *map) +{ + struct drm_gem_object *obj = &shmem->base; + int ret; + + ret = dma_resv_lock_interruptible(obj->resv, NULL); + if (ret) + return ret; + ret = drm_gem_shmem_vmap_locked(shmem, map); + dma_resv_unlock(obj->resv); + + return ret; +} +EXPORT_SYMBOL_IF_KUNIT(drm_gem_shmem_vmap); + +void drm_gem_shmem_vunmap(struct drm_gem_shmem_object *shmem, struct iosys_map *map) +{ + struct drm_gem_object *obj = &shmem->base; + + dma_resv_lock_interruptible(obj->resv, NULL); + drm_gem_shmem_vunmap_locked(shmem, map); + dma_resv_unlock(obj->resv); +} +EXPORT_SYMBOL_IF_KUNIT(drm_gem_shmem_vunmap); +#endif + MODULE_DESCRIPTION("DRM SHMEM memory-management helpers"); MODULE_IMPORT_NS("DMA_BUF"); MODULE_LICENSE("GPL v2"); diff --git a/drivers/gpu/drm/tests/drm_gem_shmem_test.c b/drivers/gpu/drm/tests/drm_gem_shmem_test.c index 1d50bab51ef3..3e7c6f20fbcc 100644 --- a/drivers/gpu/drm/tests/drm_gem_shmem_test.c +++ b/drivers/gpu/drm/tests/drm_gem_shmem_test.c @@ -19,6 +19,8 @@ #include <drm/drm_gem_shmem_helper.h> #include <drm/drm_kunit_helpers.h> +MODULE_IMPORT_NS("EXPORTED_FOR_KUNIT_TESTING"); + #define TEST_SIZE SZ_1M #define TEST_BYTE 0xae @@ -176,7 +178,7 @@ static void drm_gem_shmem_test_vmap(struct kunit *test) ret = kunit_add_action_or_reset(test, drm_gem_shmem_free_wrapper, shmem); KUNIT_ASSERT_EQ(test, ret, 0); - ret = drm_gem_shmem_vmap_locked(shmem, &map); + ret = drm_gem_shmem_vmap(shmem, &map); KUNIT_ASSERT_EQ(test, ret, 0); KUNIT_ASSERT_NOT_NULL(test, shmem->vaddr); KUNIT_ASSERT_FALSE(test, iosys_map_is_null(&map)); @@ -186,7 +188,7 @@ static void drm_gem_shmem_test_vmap(struct kunit *test) for (i = 0; i < TEST_SIZE; i++) KUNIT_EXPECT_EQ(test, iosys_map_rd(&map, i, u8), TEST_BYTE); - drm_gem_shmem_vunmap_locked(shmem, &map); + drm_gem_shmem_vunmap(shmem, &map); KUNIT_EXPECT_NULL(test, shmem->vaddr); KUNIT_EXPECT_EQ(test, refcount_read(&shmem->vmap_use_count), 0); } diff --git a/include/drm/drm_gem_shmem_helper.h b/include/drm/drm_gem_shmem_helper.h index 589f7bfe7506..6924ee226655 100644 --- a/include/drm/drm_gem_shmem_helper.h +++ b/include/drm/drm_gem_shmem_helper.h @@ -303,4 +303,13 @@ struct drm_gem_object *drm_gem_shmem_prime_import_no_map(struct drm_device *dev, .gem_prime_import = drm_gem_shmem_prime_import_no_map, \ .dumb_create = drm_gem_shmem_dumb_create +/* + * Kunit helpers + */ + +#if IS_ENABLED(CONFIG_KUNIT) +int drm_gem_shmem_vmap(struct drm_gem_shmem_object *shmem, struct iosys_map *map); +void drm_gem_shmem_vunmap(struct drm_gem_shmem_object *shmem, struct iosys_map *map); +#endif + #endif /* __DRM_GEM_SHMEM_HELPER_H__ */ -- 2.52.0

6 days, 2 hours

1
0
0 0

[PATCH 2/5] drm/tests: shmem: Add clean-up action to unpin pages

by Thomas Zimmermann

Automatically unpin pages on cleanup. The test currently fails with the error [ 58.246263] drm-kunit-mock-device drm_gem_shmem_test_get_sg_table.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) while cleaning up the GEM object. The pin count has to be zero at this point. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: d586b535f144 ("drm/shmem-helper: Add and use pages_pin_count") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.16+ --- drivers/gpu/drm/tests/drm_gem_shmem_test.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/tests/drm_gem_shmem_test.c b/drivers/gpu/drm/tests/drm_gem_shmem_test.c index 872881ec9c30..1d50bab51ef3 100644 --- a/drivers/gpu/drm/tests/drm_gem_shmem_test.c +++ b/drivers/gpu/drm/tests/drm_gem_shmem_test.c @@ -34,6 +34,9 @@ KUNIT_DEFINE_ACTION_WRAPPER(sg_free_table_wrapper, sg_free_table, KUNIT_DEFINE_ACTION_WRAPPER(drm_gem_shmem_free_wrapper, drm_gem_shmem_free, struct drm_gem_shmem_object *); +KUNIT_DEFINE_ACTION_WRAPPER(drm_gem_shmem_unpin_wrapper, drm_gem_shmem_unpin, + struct drm_gem_shmem_object *); + /* * Test creating a shmem GEM object backed by shmem buffer. The test * case succeeds if the GEM object is successfully allocated with the @@ -212,6 +215,9 @@ static void drm_gem_shmem_test_get_sg_table(struct kunit *test) ret = drm_gem_shmem_pin(shmem); KUNIT_ASSERT_EQ(test, ret, 0); + ret = kunit_add_action_or_reset(test, drm_gem_shmem_unpin_wrapper, shmem); + KUNIT_ASSERT_EQ(test, ret, 0); + sgt = drm_gem_shmem_get_sg_table(shmem); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, sgt); KUNIT_EXPECT_NULL(test, shmem->sgt); -- 2.52.0

6 days, 2 hours

1
0
0 0

[PATCH 1/5] drm/tests: shmem: Swap names of export tests

by Thomas Zimmermann

GEM SHMEM has 2 helpers for exporting S/G tables. Swap the names of the rsp. tests, so that each matches the helper it tests. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 93032ae634d4 ("drm/test: add a test suite for GEM objects backed by shmem") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/tests/drm_gem_shmem_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/tests/drm_gem_shmem_test.c b/drivers/gpu/drm/tests/drm_gem_shmem_test.c index 68f2c3162354..872881ec9c30 100644 --- a/drivers/gpu/drm/tests/drm_gem_shmem_test.c +++ b/drivers/gpu/drm/tests/drm_gem_shmem_test.c @@ -194,7 +194,7 @@ static void drm_gem_shmem_test_vmap(struct kunit *test) * scatter/gather table large enough to accommodate the backing memory * is successfully exported. */ -static void drm_gem_shmem_test_get_pages_sgt(struct kunit *test) +static void drm_gem_shmem_test_get_sg_table(struct kunit *test) { struct drm_device *drm_dev = test->priv; struct drm_gem_shmem_object *shmem; @@ -236,7 +236,7 @@ static void drm_gem_shmem_test_get_pages_sgt(struct kunit *test) * backing pages are pinned and a scatter/gather table large enough to * accommodate the backing memory is successfully exported. */ -static void drm_gem_shmem_test_get_sg_table(struct kunit *test) +static void drm_gem_shmem_test_get_pages_sgt(struct kunit *test) { struct drm_device *drm_dev = test->priv; struct drm_gem_shmem_object *shmem; @@ -366,8 +366,8 @@ static struct kunit_case drm_gem_shmem_test_cases[] = { KUNIT_CASE(drm_gem_shmem_test_obj_create_private), KUNIT_CASE(drm_gem_shmem_test_pin_pages), KUNIT_CASE(drm_gem_shmem_test_vmap), - KUNIT_CASE(drm_gem_shmem_test_get_pages_sgt), KUNIT_CASE(drm_gem_shmem_test_get_sg_table), + KUNIT_CASE(drm_gem_shmem_test_get_pages_sgt), KUNIT_CASE(drm_gem_shmem_test_madvise), KUNIT_CASE(drm_gem_shmem_test_purge), {} -- 2.52.0

6 days, 2 hours

1
0
0 0

[PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock()

by Jinhui Guo

Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in pci_slot_trylock(), but it forgets to remove the corresponding pci_dev_unlock() when pci_bus_trylock() fails. Before the commit, the code did: if (!pci_dev_trylock(dev)) /* <- lock bridge device */ goto unlock; if (dev->subordinate) { if (!pci_bus_trylock(dev->subordinate)) { pci_dev_unlock(dev); /* <- unlock bridge device */ goto unlock; } } After the commit the bridge-device lock is no longer taken, but the pci_dev_unlock(dev) on the failure path was left in place, leading to the bug. This yields one of two errors: 1. A warning that the lock is being unlocked when no one holds it. 2. An incorrect unlock of a lock that belongs to another thread. Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure path. Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") Cc: stable(a)vger.kernel.org Signed-off-by: Jinhui Guo <guojinhui.liam(a)bytedance.com> Acked-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- Hi, all v1: https://lore.kernel.org/all/20251211123635.2215-1-guojinhui.liam@bytedance.… Changelog in v1 -> v2 - The v1 commit message was too brief, so I’ve sent v2 with more detail. - Remove the braces from the if (!pci_bus_trylock(dev->subordinate)) statement. Sorry for the noise. Best Regards, Jinhui drivers/pci/pci.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 13dbb405dc31..59319e08fca6 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5346,10 +5346,8 @@ static int pci_slot_trylock(struct pci_slot *slot) if (!dev->slot || dev->slot != slot) continue; if (dev->subordinate) { - if (!pci_bus_trylock(dev->subordinate)) { - pci_dev_unlock(dev); + if (!pci_bus_trylock(dev->subordinate)) goto unlock; - } } else if (!pci_dev_trylock(dev)) goto unlock; } -- 2.20.1

6 days, 3 hours

2
2
0 0

[PATCH] PCI: Remove redundant pci_dev_unlock() in pci_slot_trylock()

by Jinhui Guo

Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in pci_slot_trylock(), but it leaves a redundant pci_dev_unlock() when pci_bus_trylock() fails. Remove the redundant bridge-device pci_dev_unlock() in pci_slot_trylock(), since that lock is no longer taken there. Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") Cc: stable(a)vger.kernel.org Signed-off-by: Jinhui Guo <guojinhui.liam(a)bytedance.com> --- drivers/pci/pci.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 13dbb405dc31..75a98819db6f 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5347,7 +5347,6 @@ static int pci_slot_trylock(struct pci_slot *slot) continue; if (dev->subordinate) { if (!pci_bus_trylock(dev->subordinate)) { - pci_dev_unlock(dev); goto unlock; } } else if (!pci_dev_trylock(dev)) -- 2.20.1

6 days, 4 hours

2
2
0 0

[PATCH v3] drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE

by Karol Wachowski

Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers. Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Cc: <stable(a)vger.kernel.org> # v6.18+ Signed-off-by: Karol Wachowski <karol.wachowski(a)linux.intel.com> --- Changes between v3 and v2: - correctly add CC: tag this time Changes between v1 and v2: - move setting ret value under if branch as suggested in review - add Cc: stable 6.18+ --- drivers/gpu/drm/drm_gem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..bcc08a6aebf8 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1010,8 +1010,10 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, if (!obj) return -ENOENT; - if (args->handle == args->new_handle) - return 0; + if (args->handle == args->new_handle) { + ret = 0; + goto out; + } mutex_lock(&file_priv->prime.lock); @@ -1043,6 +1045,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, out_unlock: mutex_unlock(&file_priv->prime.lock); +out: + drm_gem_object_put(obj); return ret; } -- 2.43.0

6 days, 4 hours

2
1
0 0

[PATCH v2] drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE

by Karol Wachowski

Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers. Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Signed-off-by: Karol Wachowski <karol.wachowski(a)linux.intel.com> --- Changes between v1 and v2: - move setting ret value under if branch as suggested in review - add Cc: stable 6.18+ --- drivers/gpu/drm/drm_gem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..bcc08a6aebf8 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1010,8 +1010,10 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, if (!obj) return -ENOENT; - if (args->handle == args->new_handle) - return 0; + if (args->handle == args->new_handle) { + ret = 0; + goto out; + } mutex_lock(&file_priv->prime.lock); @@ -1043,6 +1045,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, out_unlock: mutex_unlock(&file_priv->prime.lock); +out: + drm_gem_object_put(obj); return ret; } -- 2.43.0

6 days, 5 hours

2
1
0 0

[PATCH] drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE

by Karol Wachowski

Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers. Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Signed-off-by: Karol Wachowski <karol.wachowski(a)linux.intel.com> --- drivers/gpu/drm/drm_gem.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..e150bc1ce65a 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1001,7 +1001,7 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, { struct drm_gem_change_handle *args = data; struct drm_gem_object *obj; - int ret; + int ret = 0; if (!drm_core_check_feature(dev, DRIVER_GEM)) return -EOPNOTSUPP; @@ -1011,7 +1011,7 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, return -ENOENT; if (args->handle == args->new_handle) - return 0; + goto out; mutex_lock(&file_priv->prime.lock); @@ -1043,6 +1043,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, out_unlock: mutex_unlock(&file_priv->prime.lock); +out: + drm_gem_object_put(obj); return ret; } -- 2.43.0

6 days, 5 hours

3
3
0 0

[PATCH net 0/2] mptcp: fix warn on bad status

by Matthieu Baerts (NGI0)

Two somewhat related fixes addressing different issues found by syzkaller, and producing the exact same splat: a WARNING in subflow_data_ready(). - Patch 1: fallback earlier on simultaneous connections to avoid a warning. A fix for v5.19. - Patch 2: ensure context reset on disconnect, also to avoid a similar warning. A fix for v6.2. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Paolo Abeni (2): mptcp: fallback earlier on simult connection mptcp: ensure context reset on disconnect() net/mptcp/options.c | 10 ++++++++++ net/mptcp/protocol.c | 8 +++++--- net/mptcp/protocol.h | 9 ++++----- net/mptcp/subflow.c | 6 ------ 4 files changed, 19 insertions(+), 14 deletions(-) --- base-commit: 885bebac9909994050bbbeed0829c727e42bd1b7 change-id: 20251212-net-mptcp-subflow_data_ready-warn-fd8126208c90 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

6 days, 5 hours

1
2
0 0

[PATCH v4 02/22] drm/pagemap, drm/xe: Ensure that the devmem allocation is idle before use

by Thomas Hellström

In situations where no system memory is migrated to devmem, and in upcoming patches where another GPU is performing the migration to the newly allocated devmem buffer, there is nothing to ensure any ongoing clear to the devmem allocation or async eviction from the devmem allocation is complete. Address that by passing a struct dma_fence down to the copy functions, and ensure it is waited for before migration is marked complete. v3: - New patch. v4: - Update the logic used for determining when to wait for the pre_migrate_fence. - Update the logic used for determining when to warn for the pre_migrate_fence since the scheduler fences apparently can signal out-of-order. Fixes: c5b3eb5a906c ("drm/xe: Add GPUSVM device memory copy vfunc functions") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/drm_pagemap.c | 13 ++++--- drivers/gpu/drm/xe/xe_svm.c | 67 ++++++++++++++++++++++++++++++----- include/drm/drm_pagemap.h | 17 +++++++-- 3 files changed, 81 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/drm_pagemap.c b/drivers/gpu/drm/drm_pagemap.c index 22c44807e3fe..864a73d019ed 100644 --- a/drivers/gpu/drm/drm_pagemap.c +++ b/drivers/gpu/drm/drm_pagemap.c @@ -408,7 +408,8 @@ int drm_pagemap_migrate_to_devmem(struct drm_pagemap_devmem *devmem_allocation, drm_pagemap_get_devmem_page(page, zdd); } - err = ops->copy_to_devmem(pages, pagemap_addr, npages); + err = ops->copy_to_devmem(pages, pagemap_addr, npages, + devmem_allocation->pre_migrate_fence); if (err) goto err_finalize; @@ -596,7 +597,7 @@ int drm_pagemap_evict_to_ram(struct drm_pagemap_devmem *devmem_allocation) for (i = 0; i < npages; ++i) pages[i] = migrate_pfn_to_page(src[i]); - err = ops->copy_to_ram(pages, pagemap_addr, npages); + err = ops->copy_to_ram(pages, pagemap_addr, npages, NULL); if (err) goto err_finalize; @@ -732,7 +733,7 @@ static int __drm_pagemap_migrate_to_ram(struct vm_area_struct *vas, for (i = 0; i < npages; ++i) pages[i] = migrate_pfn_to_page(migrate.src[i]); - err = ops->copy_to_ram(pages, pagemap_addr, npages); + err = ops->copy_to_ram(pages, pagemap_addr, npages, NULL); if (err) goto err_finalize; @@ -813,11 +814,14 @@ EXPORT_SYMBOL_GPL(drm_pagemap_pagemap_ops_get); * @ops: Pointer to the operations structure for GPU SVM device memory * @dpagemap: The struct drm_pagemap we're allocating from. * @size: Size of device memory allocation + * @pre_migrate_fence: Fence to wait for or pipeline behind before migration starts. + * (May be NULL). */ void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, struct device *dev, struct mm_struct *mm, const struct drm_pagemap_devmem_ops *ops, - struct drm_pagemap *dpagemap, size_t size) + struct drm_pagemap *dpagemap, size_t size, + struct dma_fence *pre_migrate_fence) { init_completion(&devmem_allocation->detached); devmem_allocation->dev = dev; @@ -825,6 +829,7 @@ void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, devmem_allocation->ops = ops; devmem_allocation->dpagemap = dpagemap; devmem_allocation->size = size; + devmem_allocation->pre_migrate_fence = pre_migrate_fence; } EXPORT_SYMBOL_GPL(drm_pagemap_devmem_init); diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index 36634c84d148..2152d20049e4 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -483,11 +483,12 @@ static void xe_svm_copy_us_stats_incr(struct xe_gt *gt, static int xe_svm_copy(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages, const enum xe_svm_copy_dir dir) + unsigned long npages, const enum xe_svm_copy_dir dir, + struct dma_fence *pre_migrate_fence) { struct xe_vram_region *vr = NULL; struct xe_gt *gt = NULL; - struct xe_device *xe; + struct xe_device *xe = NULL; struct dma_fence *fence = NULL; unsigned long i; #define XE_VRAM_ADDR_INVALID ~0x0ull @@ -496,6 +497,18 @@ static int xe_svm_copy(struct page **pages, bool sram = dir == XE_SVM_COPY_TO_SRAM; ktime_t start = xe_svm_stats_ktime_get(); + if (pre_migrate_fence && (sram || dma_fence_is_container(pre_migrate_fence))) { + /* + * This would typically be a p2p migration from source, or + * a composite fence operation on the destination memory. + * Ensure that any other GPU operation on the destination + * is complete. + */ + err = dma_fence_wait(pre_migrate_fence, true); + if (err) + return err; + } + /* * This flow is complex: it locates physically contiguous device pages, * derives the starting physical address, and performs a single GPU copy @@ -632,10 +645,28 @@ static int xe_svm_copy(struct page **pages, err_out: /* Wait for all copies to complete */ - if (fence) { + if (fence) dma_fence_wait(fence, false); - dma_fence_put(fence); + + /* + * If migrating to devmem, we should have pipelined the migration behind + * the pre_migrate_fence. Verify that this is indeed likely. If we + * didn't perform any copying, just wait for the pre_migrate_fence. + */ + if (!sram && pre_migrate_fence && !dma_fence_is_signaled(pre_migrate_fence)) { + if (xe && fence && + (pre_migrate_fence->context != fence->context || + dma_fence_is_later(pre_migrate_fence, fence))) { + drm_WARN(&xe->drm, true, "Unsignaled pre-migrate fence"); + drm_warn(&xe->drm, "fence contexts: %llu %llu. container %d\n", + (unsigned long long)fence->context, + (unsigned long long)pre_migrate_fence->context, + dma_fence_is_container(pre_migrate_fence)); + } + + dma_fence_wait(pre_migrate_fence, false); } + dma_fence_put(fence); /* * XXX: We can't derive the GT here (or anywhere in this functions, but @@ -652,16 +683,20 @@ static int xe_svm_copy(struct page **pages, static int xe_svm_copy_to_devmem(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages) + unsigned long npages, + struct dma_fence *pre_migrate_fence) { - return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_VRAM); + return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_VRAM, + pre_migrate_fence); } static int xe_svm_copy_to_ram(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages) + unsigned long npages, + struct dma_fence *pre_migrate_fence) { - return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_SRAM); + return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_SRAM, + pre_migrate_fence); } static struct xe_bo *to_xe_bo(struct drm_pagemap_devmem *devmem_allocation) @@ -676,6 +711,7 @@ static void xe_svm_devmem_release(struct drm_pagemap_devmem *devmem_allocation) xe_bo_put_async(bo); xe_pm_runtime_put(xe); + dma_fence_put(devmem_allocation->pre_migrate_fence); } static u64 block_offset_to_pfn(struct xe_vram_region *vr, u64 offset) @@ -868,6 +904,7 @@ static int xe_drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, unsigned long timeslice_ms) { struct xe_vram_region *vr = container_of(dpagemap, typeof(*vr), dpagemap); + struct dma_fence *pre_migrate_fence = NULL; struct xe_device *xe = vr->xe; struct device *dev = xe->drm.dev; struct drm_buddy_block *block; @@ -894,8 +931,20 @@ static int xe_drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, break; } + /* Ensure that any clearing or async eviction will complete before migration. */ + if (!dma_resv_test_signaled(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL)) { + err = dma_resv_get_singleton(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL, + &pre_migrate_fence); + if (err) + dma_resv_wait_timeout(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL, + false, MAX_SCHEDULE_TIMEOUT); + else if (pre_migrate_fence) + dma_fence_enable_sw_signaling(pre_migrate_fence); + } + drm_pagemap_devmem_init(&bo->devmem_allocation, dev, mm, - &dpagemap_devmem_ops, dpagemap, end - start); + &dpagemap_devmem_ops, dpagemap, end - start, + pre_migrate_fence); blocks = &to_xe_ttm_vram_mgr_resource(bo->ttm.resource)->blocks; list_for_each_entry(block, blocks, link) diff --git a/include/drm/drm_pagemap.h b/include/drm/drm_pagemap.h index f6e7e234c089..70a7991f784f 100644 --- a/include/drm/drm_pagemap.h +++ b/include/drm/drm_pagemap.h @@ -8,6 +8,7 @@ #define NR_PAGES(order) (1U << (order)) +struct dma_fence; struct drm_pagemap; struct drm_pagemap_zdd; struct device; @@ -174,6 +175,8 @@ struct drm_pagemap_devmem_ops { * @pages: Pointer to array of device memory pages (destination) * @pagemap_addr: Pointer to array of DMA information (source) * @npages: Number of pages to copy + * @pre_migrate_fence: dma-fence to wait for before migration start. + * May be NULL. * * Copy pages to device memory. If the order of a @pagemap_addr entry * is greater than 0, the entry is populated but subsequent entries @@ -183,13 +186,16 @@ struct drm_pagemap_devmem_ops { */ int (*copy_to_devmem)(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages); + unsigned long npages, + struct dma_fence *pre_migrate_fence); /** * @copy_to_ram: Copy to system RAM (required for migration) * @pages: Pointer to array of device memory pages (source) * @pagemap_addr: Pointer to array of DMA information (destination) * @npages: Number of pages to copy + * @pre_migrate_fence: dma-fence to wait for before migration start. + * May be NULL. * * Copy pages to system RAM. If the order of a @pagemap_addr entry * is greater than 0, the entry is populated but subsequent entries @@ -199,7 +205,8 @@ struct drm_pagemap_devmem_ops { */ int (*copy_to_ram)(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages); + unsigned long npages, + struct dma_fence *pre_migrate_fence); }; /** @@ -212,6 +219,8 @@ struct drm_pagemap_devmem_ops { * @dpagemap: The struct drm_pagemap of the pages this allocation belongs to. * @size: Size of device memory allocation * @timeslice_expiration: Timeslice expiration in jiffies + * @pre_migrate_fence: Fence to wait for or pipeline behind before migration starts. + * (May be NULL). */ struct drm_pagemap_devmem { struct device *dev; @@ -221,6 +230,7 @@ struct drm_pagemap_devmem { struct drm_pagemap *dpagemap; size_t size; u64 timeslice_expiration; + struct dma_fence *pre_migrate_fence; }; int drm_pagemap_migrate_to_devmem(struct drm_pagemap_devmem *devmem_allocation, @@ -238,7 +248,8 @@ struct drm_pagemap *drm_pagemap_page_to_dpagemap(struct page *page); void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, struct device *dev, struct mm_struct *mm, const struct drm_pagemap_devmem_ops *ops, - struct drm_pagemap *dpagemap, size_t size); + struct drm_pagemap *dpagemap, size_t size, + struct dma_fence *pre_migrate_fence); int drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, unsigned long start, unsigned long end, -- 2.51.1

6 days, 8 hours

2
4
0 0

[PATCH 6.18 00/29] 6.18.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.1 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Dec 2025 07:29:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.1-rc1 Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: adc: ad4080: fix chip identification Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 Gopi Krishna Menon <krishnagopi487(a)gmail.com> Documentation/rtla: rename common_xxx.rst files to common_xxx.txt Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Biju Das <biju.das.jz(a)bp.renesas.com> serial: sh-sci: Fix deadlock during RSCI FIFO overrun error Biju Das <biju.das.jz(a)bp.renesas.com> dt-bindings: serial: rsci: Drop "uart-has-rtscts: false" Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alice Ryhl <aliceryhl(a)google.com> rust_binder: fix race condition on death_list Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: zstd - fix double-free in per-CPU stream cleanup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer ------------- Diffstat: .../devicetree/bindings/serial/renesas,rsci.yaml | 2 - Documentation/process/2.Process.rst | 6 +- .../{common_appendix.rst => common_appendix.txt} | 0 ...on_hist_options.rst => common_hist_options.txt} | 0 .../{common_options.rst => common_options.txt} | 0 ...cription.rst => common_osnoise_description.txt} | 0 ...oise_options.rst => common_osnoise_options.txt} | 0 ...mmon_timerlat_aa.rst => common_timerlat_aa.txt} | 0 ...ription.rst => common_timerlat_description.txt} | 0 ...lat_options.rst => common_timerlat_options.txt} | 0 ...mmon_top_options.rst => common_top_options.txt} | 0 Documentation/tools/rtla/rtla-hwnoise.rst | 8 +-- Documentation/tools/rtla/rtla-osnoise-hist.rst | 10 +-- Documentation/tools/rtla/rtla-osnoise-top.rst | 10 +-- Documentation/tools/rtla/rtla-osnoise.rst | 4 +- Documentation/tools/rtla/rtla-timerlat-hist.rst | 12 ++-- Documentation/tools/rtla/rtla-timerlat-top.rst | 12 ++-- Documentation/tools/rtla/rtla-timerlat.rst | 4 +- Documentation/tools/rtla/rtla.rst | 2 +- Makefile | 4 +- arch/x86/include/asm/kvm_host.h | 9 +++ arch/x86/kvm/svm/svm.c | 24 ++++---- arch/x86/kvm/x86.c | 21 +++++++ crypto/zstd.c | 7 +-- drivers/android/binder/node.rs | 6 +- drivers/comedi/comedi_fops.c | 42 +++++++++++-- drivers/comedi/drivers/c6xdigio.c | 46 ++++++++++---- drivers/comedi/drivers/multiq3.c | 9 +++ drivers/comedi/drivers/pcl818.c | 5 +- drivers/iio/adc/ad4080.c | 9 ++- drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 + drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +++-- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 ++-- drivers/tty/serial/8250/8250_pci.c | 37 +++++++++++ drivers/tty/serial/sh-sci.c | 12 +++- drivers/usb/serial/belkin_sa.c | 28 +++++---- drivers/usb/serial/ftdi_sio.c | 72 ++++++++-------------- drivers/usb/serial/kobil_sct.c | 18 +++--- drivers/usb/serial/option.c | 22 ++++++- fs/ext4/inline.c | 14 ++++- fs/jbd2/transaction.c | 19 ++++-- fs/smb/server/transport_ipc.c | 7 ++- kernel/locking/spinlock_debug.c | 4 +- 44 files changed, 343 insertions(+), 174 deletions(-)

6 days, 9 hours

14
42
0 0

[PATCH] docs: rust: rbtree: fix incorrect description for `peek_next`

by WeiKang Guo

The documentation for `Cursor::peek_next` incorrectly describes it as "Access the previous node without moving the cursor" when it actually accesses the next node. Update the description to correctly state "Access the next node without moving the cursor" to match the function name and implementation. Reported-by: Miguel Ojeda <ojeda(a)kernel.org> Closes: https://github.com/Rust-for-Linux/linux/issues/1205 Fixes: 98c14e40e07a0 ("rust: rbtree: add cursor") Cc: stable(a)vger.kernel.org Signed-off-by: WeiKang Guo <guoweikang.kernel(a)outlook.com> --- rust/kernel/rbtree.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/kernel/rbtree.rs b/rust/kernel/rbtree.rs index 4729eb56827a..cd187e2ca328 100644 --- a/rust/kernel/rbtree.rs +++ b/rust/kernel/rbtree.rs @@ -985,7 +985,7 @@ pub fn peek_prev(&self) -> Option<(&K, &V)> { self.peek(Direction::Prev) } - /// Access the previous node without moving the cursor. + /// Access the next node without moving the cursor. pub fn peek_next(&self) -> Option<(&K, &V)> { self.peek(Direction::Next) } -- 2.52.0

6 days, 9 hours

1
0
0 0

[PATCH 6.17 00/60] 6.17.12-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.12 release. There are 60 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Dec 2025 07:29:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.12-rc1 Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: adc: ad4080: fix chip identification Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 Marcos Vega <marcosmola2(a)gmail.com> platform/x86: hp-wmi: Add Omen MAX 16-ah0xx fan support and thermal profile Krishna Chomal <krishna.chomal108(a)gmail.com> platform/x86: hp-wmi: Add Omen 16-wf1xxx fan support Linus Torvalds <torvalds(a)linux-foundation.org> samples: work around glibc redefining some of our defines wrong Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mask all interrupts during kexec/kdump Zqiang <qiang.zhang(a)linux.dev> sched_ext: Use IRQ_WORK_INIT_HARD() to initialize rq->scx.kick_cpus_irq_work Naoki Ueki <naoki25519(a)gmail.com> HID: elecom: Add support for ELECOM M-XT3URBK (018F) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/hid: Add Nova Lake support Zqiang <qiang.zhang(a)linux.dev> sched_ext: Fix possible deadlock in the deferred_irq_workfn() Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> platform/x86: intel-uncore-freq: Add additional client processors Jia Ston <ston.jia(a)outlook.com> platform/x86: huawei-wmi: add keys for HONOR models April Grimoire <april(a)aprilg.moe> HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore backlight event Praveen Talari <praveen.talari(a)oss.qualcomm.com> pinctrl: qcom: msm: Fix deadlock in pinmux configuration Keith Busch <kbusch(a)kernel.org> nvme: fix admin request_queue lifetime Edip Hazuri <edip(a)medip.dev> platform/x86: hp-wmi: mark Victus 16-r0 and 16-s0 for victus_s fan and thermal profile support Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd/pmc: Add support for Van Gogh SoC Mario Limonciello (AMD) <superm1(a)kernel.org> HID: hid-input: Extend Elan ignore battery quirk to USB Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> bfs: Reconstruct file type when loading from disk Lauri Tirkkonen <lauri(a)hacktheplanet.fi> HID: lenovo: fixup Lenovo Yoga Slim 7x Keyboard rdesc Lushih Hsieh <bruce(a)mail.kh.edu.tw> ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Fix GPU mappings for APU after prefetch Yiqi Sun <sunyiqixm(a)gmail.com> smb: fix invalid username check in smb3_fs_context_parse_param() Niranjan H Y <niranjan.hy(a)ti.com> ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list Max Chou <max.chou(a)realtek.com> Bluetooth: btrtl: Avoid loading the config file on security chips Baojun Xu <baojun.xu(a)ti.com> ALSA: hda/tas2781: Add new quirk for HP new projects Adrian Barnaś <abarnas(a)google.com> arm64: Reject modules with internal alternative callbacks Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Use kref in vmw_bo_dirty Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> ACPI: MRRM: Fix memory leaks and improve error handling Robin Gong <yibin.gong(a)nxp.com> spi: imx: keep dma request disabled before dma transfer setup Alvaro Gamez Machado <alvaro.gamez(a)hazent.com> spi: xilinx: increase number of retries before declaring stall Song Liu <song(a)kernel.org> ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Biju Das <biju.das.jz(a)bp.renesas.com> serial: sh-sci: Fix deadlock during RSCI FIFO overrun error Biju Das <biju.das.jz(a)bp.renesas.com> dt-bindings: serial: rsci: Drop "uart-has-rtscts: false" Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: zstd - fix double-free in per-CPU stream cleanup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer ------------- Diffstat: .../devicetree/bindings/serial/renesas,rsci.yaml | 2 - Documentation/process/2.Process.rst | 6 +- Makefile | 4 +- arch/arm64/include/asm/alternative.h | 7 ++- arch/arm64/kernel/alternative.c | 19 +++--- arch/arm64/kernel/module.c | 9 ++- arch/loongarch/kernel/machine_kexec.c | 2 + arch/x86/include/asm/kvm_host.h | 9 +++ arch/x86/kvm/svm/svm.c | 24 ++++---- arch/x86/kvm/x86.c | 21 +++++++ crypto/zstd.c | 7 +-- drivers/acpi/acpi_mrrm.c | 51 ++++++++++----- drivers/bluetooth/btrtl.c | 24 ++++---- drivers/comedi/comedi_fops.c | 42 +++++++++++-- drivers/comedi/drivers/c6xdigio.c | 46 ++++++++++---- drivers/comedi/drivers/multiq3.c | 9 +++ drivers/comedi/drivers/pcl818.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 ++-- drivers/hid/hid-apple.c | 1 + drivers/hid/hid-elecom.c | 6 +- drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-input.c | 5 +- drivers/hid/hid-lenovo.c | 17 +++++ drivers/hid/hid-quirks.c | 3 +- drivers/iio/adc/ad4080.c | 9 ++- drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 + drivers/nvme/host/core.c | 3 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/platform/x86/acer-wmi.c | 4 ++ drivers/platform/x86/amd/pmc/pmc-quirks.c | 25 ++++++++ drivers/platform/x86/amd/pmc/pmc.c | 3 + drivers/platform/x86/amd/pmc/pmc.h | 1 + drivers/platform/x86/hp/hp-wmi.c | 6 +- drivers/platform/x86/huawei-wmi.c | 4 ++ drivers/platform/x86/intel/hid.c | 1 + .../x86/intel/uncore-frequency/uncore-frequency.c | 4 ++ drivers/spi/spi-imx.c | 15 +++-- drivers/spi/spi-xilinx.c | 2 +- drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +++-- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 ++-- drivers/tty/serial/8250/8250_pci.c | 37 +++++++++++ drivers/tty/serial/sh-sci.c | 12 +++- drivers/usb/serial/belkin_sa.c | 28 +++++---- drivers/usb/serial/ftdi_sio.c | 72 ++++++++-------------- drivers/usb/serial/kobil_sct.c | 18 +++--- drivers/usb/serial/option.c | 22 ++++++- fs/bfs/inode.c | 19 +++++- fs/ext4/inline.c | 14 ++++- fs/jbd2/transaction.c | 19 ++++-- fs/smb/client/fs_context.c | 2 +- fs/smb/server/transport_ipc.c | 7 ++- kernel/locking/spinlock_debug.c | 4 +- kernel/sched/ext.c | 4 +- kernel/trace/ftrace.c | 40 +++++++++--- samples/vfs/test-statx.c | 6 ++ samples/watch_queue/watch_test.c | 6 ++ sound/hda/codecs/realtek/alc269.c | 9 +++ sound/soc/sdca/sdca_functions.c | 3 +- sound/usb/quirks.c | 6 ++ 61 files changed, 564 insertions(+), 212 deletions(-)

6 days, 9 hours

11
76
0 0

[PATCH] leds: led-class: Only Add LED to leds_list when it is fully ready

by Hans de Goede

Before this change the LED was added to leds_list before led_init_core() gets called adding it the list before led_classdev.set_brightness_work gets initialized. This leaves a window where led_trigger_register() of a LED's default trigger will call led_trigger_set() which calls led_set_brightness() which in turn will end up queueing the *uninitialized* led_classdev.set_brightness_work. This race gets hit by the lenovo-thinkpad-t14s EC driver which registers 2 LEDs with a default trigger provided by snd_ctl_led.ko in quick succession. The first led_classdev_register() causes an async modprobe of snd_ctl_led to run and that async modprobe manages to exactly hit the window where the second LED is on the leds_list without led_init_core() being called for it, resulting in: ------------[ cut here ]------------ WARNING: CPU: 11 PID: 5608 at kernel/workqueue.c:4234 __flush_work+0x344/0x390 Hardware name: LENOVO 21N2S01F0B/21N2S01F0B, BIOS N42ET93W (2.23 ) 09/01/2025 ... Call trace: __flush_work+0x344/0x390 (P) flush_work+0x2c/0x50 led_trigger_set+0x1c8/0x340 led_trigger_register+0x17c/0x1c0 led_trigger_register_simple+0x84/0xe8 snd_ctl_led_init+0x40/0xf88 [snd_ctl_led] do_one_initcall+0x5c/0x318 do_init_module+0x9c/0x2b8 load_module+0x7e0/0x998 Close the race window by moving the adding of the LED to leds_list to after the led_init_core() call. Cc: Sebastian Reichel <sre(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <johannes.goede(a)oss.qualcomm.com> --- Note no Fixes tag as this problem has been around for a long long time, so I could not really find a good commit for the Fixes tag. --- drivers/leds/led-class.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/leds/led-class.c b/drivers/leds/led-class.c index f3faf37f9a08..6b9fa060c3a1 100644 --- a/drivers/leds/led-class.c +++ b/drivers/leds/led-class.c @@ -560,11 +560,6 @@ int led_classdev_register_ext(struct device *parent, #ifdef CONFIG_LEDS_BRIGHTNESS_HW_CHANGED led_cdev->brightness_hw_changed = -1; #endif - /* add to the list of leds */ - down_write(&leds_list_lock); - list_add_tail(&led_cdev->node, &leds_list); - up_write(&leds_list_lock); - if (!led_cdev->max_brightness) led_cdev->max_brightness = LED_FULL; @@ -574,6 +569,11 @@ int led_classdev_register_ext(struct device *parent, led_init_core(led_cdev); + /* add to the list of leds */ + down_write(&leds_list_lock); + list_add_tail(&led_cdev->node, &leds_list); + up_write(&leds_list_lock); + #ifdef CONFIG_LEDS_TRIGGERS led_trigger_set_default(led_cdev); #endif -- 2.52.0

6 days, 9 hours

2
2
0 0

[PATCH] powerpc/pasemi: Fix error handling in pasemi_dma_init

by Miaoqian Lin

Add missing pci_dev_put(iob_pdev) to drop the reference count obtained by pci_get_device() in case of error. Found via static analysis and code review. Fixes: 8ee9d8577935 ("pasemi: DMA engine management library") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/powerpc/platforms/pasemi/dma_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/platforms/pasemi/dma_lib.c b/arch/powerpc/platforms/pasemi/dma_lib.c index 1be1f18f6f09..b824bfe97ce8 100644 --- a/arch/powerpc/platforms/pasemi/dma_lib.c +++ b/arch/powerpc/platforms/pasemi/dma_lib.c @@ -530,6 +530,7 @@ int pasemi_dma_init(void) BUG(); pr_warn("Can't find DMA controller\n"); err = -ENODEV; + pci_dev_put(iob_pdev); goto out; } dma_regs = map_onedev(dma_pdev, 0); -- 2.25.1

6 days, 9 hours

1
0
0 0

[PATCH] input: lkkbd: cancel pending work before freeing device

by Minseong Kim

lkkbd_interrupt() schedules lk->tq with schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure and its serio/input_dev fields. lkkbd_disconnect() frees the lkkbd structure without cancelling this work, so the work can run after the structure has been freed, leading to a potential use-after-free. Cancel the pending work in lkkbd_disconnect() before unregistering and freeing the device, following the same pattern as sunkbd. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Minseong Kim <ii4gsp(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Minseong Kim <ii4gsp(a)gmail.com> --- drivers/input/keyboard/lkkbd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/input/keyboard/lkkbd.c b/drivers/input/keyboard/lkkbd.c index c035216dd27c..72c477aab1fc 100644 --- a/drivers/input/keyboard/lkkbd.c +++ b/drivers/input/keyboard/lkkbd.c @@ -684,6 +684,8 @@ static void lkkbd_disconnect(struct serio *serio) { struct lkkbd *lk = serio_get_drvdata(serio); + cancel_work_sync(&lk->tq); + input_get_device(lk->dev); input_unregister_device(lk->dev); serio_close(serio); -- 2.39.5

6 days, 9 hours

2
5
0 0

[tip: x86/urgent] x86/acpi/boot: Correct acpi_is_processor_usable() check again

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 4368a3b96c427ea3299be8cedb28684ba4157529 Gitweb: https://git.kernel.org/tip/4368a3b96c427ea3299be8cedb28684ba4157529 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 11 Nov 2025 14:53:57 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Fri, 12 Dec 2025 09:38:30 +01:00 x86/acpi/boot: Correct acpi_is_processor_usable() check again ACPI v6.3 defined a new "Online Capable" MADT LAPIC flag. This bit is used in conjunction with the "Enabled" MADT LAPIC flag to determine if a CPU can be enabled/hotplugged by the OS after boot. Before the new bit was defined, the "Enabled" bit was explicitly described like this (ACPI v6.0 wording provided): "If zero, this processor is unusable, and the operating system support will not attempt to use it" This means that CPU hotplug (based on MADT) is not possible. Many BIOS implementations follow this guidance. They may include LAPIC entries in MADT for unavailable CPUs, but since these entries are marked with "Enabled=0" it is expected that the OS will completely ignore these entries. However, QEMU will do the same (include entries with "Enabled=0") for the purpose of allowing CPU hotplug within the guest. Comment from QEMU function pc_madt_cpu_entry(): /* ACPI spec says that LAPIC entry for non present * CPU may be omitted from MADT or it must be marked * as disabled. However omitting non present CPU from * MADT breaks hotplug on linux. So possible CPUs * should be put in MADT but kept disabled. */ Recent Linux topology changes broke the QEMU use case. A following fix for the QEMU use case broke bare metal topology enumeration. Rework the Linux MADT LAPIC flags check to allow the QEMU use case only for guests and to maintain the ACPI spec behavior for bare metal. Remove an unnecessary check added to fix a bare metal case introduced by the QEMU "fix". [ bp: Change logic as Michal suggested. ] Fixes: fed8d8773b8e ("x86/acpi/boot: Correct acpi_is_processor_usable() check") Fixes: f0551af02130 ("x86/topology: Ignore non-present APIC IDs in a present package") Closes: https://lore.kernel.org/r/20251024204658.3da9bf3f.michal.pecio@gmail.com Reported-by: Michal Pecio <michal.pecio(a)gmail.com> Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Michal Pecio <michal.pecio(a)gmail.com> Tested-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20251111145357.4031846-1-yazen.ghannam@amd.com --- arch/x86/kernel/acpi/boot.c | 12 ++++++++---- arch/x86/kernel/cpu/topology.c | 15 --------------- 2 files changed, 8 insertions(+), 19 deletions(-) diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c index 9fa321a..d6138b2 100644 --- a/arch/x86/kernel/acpi/boot.c +++ b/arch/x86/kernel/acpi/boot.c @@ -35,6 +35,7 @@ #include <asm/smp.h> #include <asm/i8259.h> #include <asm/setup.h> +#include <asm/hypervisor.h> #include "sleep.h" /* To include x86_acpi_suspend_lowlevel */ static int __initdata acpi_force = 0; @@ -164,11 +165,14 @@ static bool __init acpi_is_processor_usable(u32 lapic_flags) if (lapic_flags & ACPI_MADT_ENABLED) return true; - if (!acpi_support_online_capable || - (lapic_flags & ACPI_MADT_ONLINE_CAPABLE)) - return true; + if (acpi_support_online_capable) + return lapic_flags & ACPI_MADT_ONLINE_CAPABLE; - return false; + /* + * QEMU expects legacy "Enabled=0" LAPIC entries to be counted as usable + * in order to support CPU hotplug in guests. + */ + return !hypervisor_is_type(X86_HYPER_NATIVE); } static int __init diff --git a/arch/x86/kernel/cpu/topology.c b/arch/x86/kernel/cpu/topology.c index f55ea3c..23190a7 100644 --- a/arch/x86/kernel/cpu/topology.c +++ b/arch/x86/kernel/cpu/topology.c @@ -27,7 +27,6 @@ #include <xen/xen.h> #include <asm/apic.h> -#include <asm/hypervisor.h> #include <asm/io_apic.h> #include <asm/mpspec.h> #include <asm/msr.h> @@ -236,20 +235,6 @@ static __init void topo_register_apic(u32 apic_id, u32 acpi_id, bool present) cpuid_to_apicid[cpu] = apic_id; topo_set_cpuids(cpu, apic_id, acpi_id); } else { - u32 pkgid = topo_apicid(apic_id, TOPO_PKG_DOMAIN); - - /* - * Check for present APICs in the same package when running - * on bare metal. Allow the bogosity in a guest. - */ - if (hypervisor_is_type(X86_HYPER_NATIVE) && - topo_unit_count(pkgid, TOPO_PKG_DOMAIN, phys_cpu_present_map)) { - pr_info_once("Ignoring hot-pluggable APIC ID %x in present package.\n", - apic_id); - topo_info.nr_rejected_cpus++; - return; - } - topo_info.nr_disabled_cpus++; }

6 days, 9 hours

1
0
0 0

[PATCH v4 0/2] Enable 1GHz OPP am335x-bonegreen-eco

by Kory Maincent (TI.com)

The vdd_mpu regulator maximum voltage was previously limited to 1.2985V, which prevented the CPU from reaching the 1GHz operating point. This limitation was put in place because voltage changes were not working correctly, causing the board to stall when attempting higher frequencies. Increase the maximum voltage to 1.3515V to allow the full 1GHz OPP to be used. Add a TPS65219 PMIC driver fixes that properly implement the LOCK register handling, to make voltage transitions work reliably. Changes in v4: - Move the registers unlock in the probe instead of a custom regmap write operation. - Link to v3: https://lore.kernel.org/r/20251112-fix_tps65219-v3-0-e49bab4c01ce@bootlin.c… Changes in v3: - Remove an unused variable - Link to v2: https://lore.kernel.org/r/20251106-fix_tps65219-v2-0-a7d608c4272f@bootlin.c… Changes in v2: - Setup a custom regmap_bus only for the TPS65214 instead of checking the chip_id every time reg_write is called. - Add the am335x-bonegreen-eco devicetree change in the same patch series. Signed-off-by: Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> --- Kory Maincent (TI.com) (2): mfd: tps65219: Implement LOCK register handling for TPS65214 ARM: dts: am335x-bonegreen-eco: Enable 1GHz OPP by increasing vdd_mpu voltage arch/arm/boot/dts/ti/omap/am335x-bonegreen-eco.dts | 2 +- drivers/mfd/tps65219.c | 7 +++++++ include/linux/mfd/tps65219.h | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) --- base-commit: 1c353dc8d962de652bc7ad2ba2e63f553331391c change-id: 20251106-fix_tps65219-dd62141d22cf Best regards, -- Köry Maincent, Bootlin Embedded Linux and kernel engineering https://bootlin.com

6 days, 11 hours

5
7
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror