- Linux-stable-mirror - lists.linaro.org

[PATCH net v4] virtio-net: fix received length check in big packets

by Bui Quang Minh

Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on negotiated MTU. The number of allocated frags for big packets is stored in vi->big_packets_num_skbfrags. Because the host announced buffer length can be malicious (e.g. the host vhost_net driver's get_rx_bufs is modified to announce incorrect length), we need a check in virtio_net receive path. Currently, the check is not adapted to the new change which can lead to NULL page pointer dereference in the below while loop when receiving length that is larger than the allocated one. This commit fixes the received length check corresponding to the new change. Fixes: 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets") Cc: stable(a)vger.kernel.org Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- Changes in v4: - Remove unrelated changes, add more comments Changes in v3: - Convert BUG_ON to WARN_ON_ONCE Changes in v2: - Remove incorrect give_pages call --- drivers/net/virtio_net.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index a757cbcab87f..0ffe78b3fd8d 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -852,7 +852,7 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, { struct sk_buff *skb; struct virtio_net_common_hdr *hdr; - unsigned int copy, hdr_len, hdr_padded_len; + unsigned int copy, hdr_len, hdr_padded_len, max_remaining_len; struct page *page_to_free = NULL; int tailroom, shinfo_size; char *p, *hdr_p, *buf; @@ -915,13 +915,23 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, * This is here to handle cases when the device erroneously * tries to receive more than is possible. This is usually * the case of a broken device. + * + * The number of allocated pages for big packet is + * vi->big_packets_num_skbfrags + 1, the start of first page is + * for virtio header, the remaining is for data. We need to ensure + * the remaining len does not go out of the allocated pages. + * Please refer to add_recvbuf_big for more details on big packet + * buffer allocation. */ - if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) { + BUG_ON(offset >= PAGE_SIZE); + max_remaining_len = (unsigned int)PAGE_SIZE - offset; + max_remaining_len += vi->big_packets_num_skbfrags * PAGE_SIZE; + if (unlikely(len > max_remaining_len)) { net_dbg_ratelimited("%s: too much data\n", skb->dev->name); dev_kfree_skb(skb); return NULL; } - BUG_ON(offset >= PAGE_SIZE); + while (len) { unsigned int frag_size = min((unsigned)PAGE_SIZE - offset, len); skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page, offset, -- 2.43.0

1 week, 5 days

3
4
0 0

Linux 6.17.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.5 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Documentation/sphinx/kernel_feat.py | 4 Documentation/sphinx/kernel_include.py | 6 Documentation/sphinx/maintainers_include.py | 4 Makefile | 2 arch/Kconfig | 1 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/sysreg.h | 11 arch/arm64/kernel/cpu_errata.c | 1 arch/arm64/kernel/entry-common.c | 8 arch/arm64/kvm/arm.c | 6 arch/powerpc/kernel/fadump.c | 3 arch/riscv/kernel/probes/kprobes.c | 13 arch/x86/kernel/cpu/amd.c | 16 arch/x86/kernel/cpu/resctrl/monitor.c | 44 + arch/x86/mm/tlb.c | 24 - block/blk-cgroup.c | 13 block/blk-mq-sched.c | 2 block/blk-mq-tag.c | 5 block/blk-mq.c | 2 block/blk-mq.h | 3 drivers/accel/qaic/qaic.h | 2 drivers/accel/qaic/qaic_control.c | 2 drivers/accel/qaic/qaic_data.c | 12 drivers/accel/qaic/qaic_debugfs.c | 5 drivers/accel/qaic/qaic_drv.c | 3 drivers/ata/libata-core.c | 11 drivers/cxl/acpi.c | 2 drivers/cxl/core/features.c | 3 drivers/cxl/core/region.c | 7 drivers/cxl/core/trace.h | 2 drivers/dpll/zl3073x/core.c | 228 ++++++---- drivers/dpll/zl3073x/core.h | 3 drivers/dpll/zl3073x/devlink.c | 18 drivers/dpll/zl3073x/regs.h | 3 drivers/gpu/drm/amd/amdgpu/Makefile | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 54 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 2 drivers/gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 ++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 drivers/gpu/drm/amd/amdgpu/nv.h | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/drm_draw.c | 2 drivers/gpu/drm/drm_draw_internal.h | 2 drivers/gpu/drm/i915/display/intel_fb.c | 38 - drivers/gpu/drm/i915/display/intel_frontbuffer.c | 10 drivers/gpu/drm/i915/gem/i915_gem_object_frontbuffer.h | 2 drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/panthor/panthor_fw.c | 1 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 drivers/gpu/drm/xe/display/xe_plane_initial.c | 3 drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 drivers/gpu/drm/xe/xe_assert.h | 4 drivers/gpu/drm/xe/xe_bo.c | 1 drivers/gpu/drm/xe/xe_bo.h | 4 drivers/gpu/drm/xe/xe_bo_evict.c | 8 drivers/gpu/drm/xe/xe_bo_types.h | 1 drivers/gpu/drm/xe/xe_device.c | 22 drivers/gpu/drm/xe/xe_device_types.h | 62 -- drivers/gpu/drm/xe/xe_gt_idle.c | 8 drivers/gpu/drm/xe/xe_gt_pagefault.c | 13 drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 3 drivers/gpu/drm/xe/xe_guc_submit.c | 13 drivers/gpu/drm/xe/xe_migrate.c | 25 - drivers/gpu/drm/xe/xe_pci.c | 8 drivers/gpu/drm/xe/xe_query.c | 5 drivers/gpu/drm/xe/xe_svm.c | 63 +- drivers/gpu/drm/xe/xe_tile.c | 58 +- drivers/gpu/drm/xe/xe_tile.h | 14 drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 10 drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 22 drivers/gpu/drm/xe/xe_ttm_vram_mgr.h | 3 drivers/gpu/drm/xe/xe_vm.c | 32 + drivers/gpu/drm/xe/xe_vm_types.h | 2 drivers/gpu/drm/xe/xe_vram.c | 243 +++++++---- drivers/gpu/drm/xe/xe_vram.h | 12 drivers/gpu/drm/xe/xe_vram_types.h | 85 +++ drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 - drivers/hid/intel-thc-hid/intel-quickspi/quickspi-protocol.c | 3 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 226 ++++------ drivers/net/can/m_can/m_can.c | 62 +- drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/airoha/airoha_eth.c | 16 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 - drivers/net/ethernet/google/gve/gve.h | 2 drivers/net/ethernet/google/gve/gve_desc_dqo.h | 3 drivers/net/ethernet/google/gve/gve_rx_dqo.c | 18 drivers/net/ethernet/intel/idpf/idpf_ptp.c | 3 drivers/net/ethernet/intel/idpf/idpf_virtchnl_ptp.c | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 drivers/net/ethernet/intel/ixgbevf/defines.h | 1 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 + drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 182 ++++++-- drivers/net/ethernet/intel/ixgbevf/vf.h | 1 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 1 drivers/net/ethernet/mediatek/mtk_wed.c | 8 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/netdevsim/netdev.c | 7 drivers/net/phy/broadcom.c | 20 drivers/net/phy/realtek/realtek_main.c | 23 - drivers/net/usb/lan78xx.c | 19 drivers/net/usb/r8152.c | 7 drivers/net/usb/usbnet.c | 2 drivers/nvme/host/auth.c | 6 drivers/nvme/host/multipath.c | 6 drivers/nvme/host/tcp.c | 3 drivers/pci/controller/vmd.c | 13 drivers/phy/cadence/cdns-dphy.c | 131 ++++- drivers/usb/gadget/function/f_acm.c | 42 - drivers/usb/gadget/function/f_ecm.c | 48 -- drivers/usb/gadget/function/f_ncm.c | 78 +-- drivers/usb/gadget/function/f_rndis.c | 85 +-- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 fs/btrfs/ioctl.c | 2 fs/btrfs/relocation.c | 13 fs/btrfs/super.c | 3 fs/btrfs/zoned.c | 2 fs/coredump.c | 2 fs/dax.c | 2 fs/dcache.c | 2 fs/exec.c | 2 fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/f2fs/data.c | 2 fs/file_attr.c | 12 fs/fuse/ioctl.c | 4 fs/hfsplus/unicode.c | 24 + fs/jbd2/transaction.c | 13 fs/nfsd/blocklayout.c | 25 - fs/nfsd/blocklayoutxdr.c | 86 ++- fs/nfsd/blocklayoutxdr.h | 4 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 36 - fs/nfsd/nfs4xdr.c | 25 - fs/nfsd/pnfs.h | 1 fs/nfsd/xdr4.h | 39 + fs/overlayfs/copy_up.c | 2 fs/overlayfs/inode.c | 5 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 fs/smb/client/smb2ops.c | 8 fs/smb/server/mgmt/user_session.c | 7 fs/smb/server/smb2pdu.c | 9 fs/smb/server/transport_ipc.c | 12 fs/xfs/libxfs/xfs_log_format.h | 30 + fs/xfs/libxfs/xfs_ondisk.h | 2 fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 + include/linux/brcmphy.h | 1 include/linux/libata.h | 6 include/linux/suspend.h | 6 include/linux/usb/gadget.h | 25 + include/net/ip_tunnels.h | 15 include/uapi/drm/amdgpu_drm.h | 21 io_uring/register.c | 1 io_uring/rw.c | 2 kernel/events/core.c | 8 kernel/power/hibernate.c | 11 kernel/sched/core.c | 2 kernel/sched/deadline.c | 3 kernel/sched/fair.c | 26 - mm/slub.c | 9 net/can/j1939/main.c | 2 net/core/dev.c | 40 + net/ipv4/ip_tunnel.c | 14 net/ipv4/tcp_output.c | 19 net/ipv6/ip6_tunnel.c | 3 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 31 + rust/kernel/cpufreq.rs | 3 sound/firewire/amdtp-stream.h | 2 sound/hda/codecs/realtek/alc269.c | 1 sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 sound/hda/codecs/side-codecs/hda_component.c | 4 sound/hda/controllers/intel.c | 1 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/codecs/idt821034.c | 12 sound/soc/codecs/nau8821.c | 111 +++-- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 tools/testing/selftests/net/rtnetlink.sh | 2 tools/testing/selftests/net/vlan_bridge_binding.sh | 2 209 files changed, 2368 insertions(+), 1221 deletions(-) Ada Couprie Diaz (1): arm64: debug: always unmask interrupts in el0_softstp() Adrian Hunter (3): perf/core: Fix address filter match with backing files perf/core: Fix MMAP event path names with backing files perf/core: Fix MMAP2 event device with backing files Alex Deucher (6): drm/amdgpu: add ip offset support for cyan skillfish drm/amdgpu: add support for cyan skillfish without IP discovery drm/amdgpu: fix handling of harvesting for ip_discovery firmware drm/amdgpu: handle wrap around in reemit handling drm/amdgpu: set an error on all fences from a bad context drm/amdgpu: drop unused structures in amdgpu_drm.h Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alison Schofield (1): cxl/trace: Subtract to find an hpa_alias0 in cxl_poison events Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrey Albershteyn (1): Revert "fs: make vfs_fileattr_[get|set] return -EOPNOTSUPP" Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Babu Moger (2): x86/resctrl: Refactor resctrl_arch_rmid_read() x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Bhanu Seshu Kumar Valluri (1): net: usb: lan78xx: Fix lost EEPROM write timeout error(-ETIMEDOUT) in lan78xx_write_raw_eeprom Boris Burkov (1): btrfs: fix incorrect readahead expansion length Breno Leitao (1): netdevsim: set the carrier when the device goes up Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christian Brauner (1): coredump: fix core_pattern input validation Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Conor Dooley (1): rust: cfi: only 64-bit arm and x86 support CFI_CLANG Cristian Ciocaltea (4): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Consistently clear interrupts before unmasking ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Damien Le Moal (1): ata: libata-core: relax checks in ata_read_log_directory() Dan Carpenter (1): drm/xe: Fix an IS_ERR() vs NULL bug in xe_tile_alloc_vram() Dave Jiang (3): cxl/acpi: Fix setup of memory resource in cxl_acpi_set_cache_size() cxl/features: Add check for no entries in cxl_feature_info cxl: Fix match_region_by_range() to use region_res_match_cxl_range() Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Denis Arefev (2): ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() ALSA: hda: Fix missing pointer check in hda_component_manager_init function Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Even Xu (1): HID: intel-thc-hid: Intel-quickspi: switch first interrupt from level to edge detection Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Florian Westphal (1): net: core: fix lockdep splat on device unregister Francesco Valla (1): drm/draw: fix color truncation in drm_draw_fill24 Greg Kroah-Hartman (1): Linux 6.17.5 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Hao Ge (1): slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Harshit Mogalapalli (1): Octeontx2-af: Fix missing error code in cgx_probe() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): x86/mm: Fix SMP ordering in switch_mm_irqs_off() Inochi Amaoto (1): PCI: vmd: Override irq_startup()/irq_shutdown() in vmd_init_dev_msi_info() Ivan Vecera (2): dpll: zl3073x: Refactor DPLL initialization dpll: zl3073x: Handle missing or corrupted flash configuration Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jeff Hugo (1): accel/qaic: Fix bootlog initialization ordering Jens Axboe (1): Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Jonathan Corbet (1): docs: kdoc: handle the obsolescensce of docutils.ErrorString() Jonathan Kim (1): drm/amdgpu: fix gfx12 mes packet status return check Kamil Horák - 2N (1): net: phy: bcm54811: Fix GMII/MII/MII-Lite selection Kenneth Graunke (1): drm/xe: Increase global invalidation timeout to 1000us Ketil Johnsen (1): drm/panthor: Ensure MCU is disabled on suspend Koichiro Den (1): ixgbe: fix too early devlink_free() in ixgbe_remove() Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_rndis: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_ncm: Refactor bind path to use __free() Li Qiang (1): ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Lorenzo Bianconi (1): net: airoha: Take into account out-of-order tx completions in airoha_dev_xmit() Lorenzo Pieralisi (1): arm64/sysreg: Fix GIC CDEOI instruction encoding Lucas De Marchi (1): drm/xe: Move rebar to be done earlier Marc Kleine-Budde (4): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active can: m_can: m_can_chip_config(): bring up interface in correct state can: m_can: fix CAN state in system PM Marek Vasut (2): net: phy: realtek: Avoid PHYCR2 access if PHYCR2 not present drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Mario Limonciello (AMD) (2): PM: hibernate: Add pm_hibernation_mode_is_suspend() drm/amd: Fix hybrid sleep Marios Makassikis (1): ksmbd: fix recursive locking in RPC handle list access Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Martin George (1): nvme-auth: update sc_c in host response Matthew Auld (1): drm/xe/evict: drop bogus assert Matthew Brost (1): drm/xe: Don't allow evicting of BOs in same VM in array of VM binds Matthew Schwartz (1): Revert "drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume" Miguel Ojeda (1): rust: cpufreq: fix formatting Milena Olech (1): idpf: cleanup remaining SKBs in PTP flows Ming Lei (1): block: Remove elevator_lock usage from blkg_conf frozen operations Miquel Sabaté Solà (2): btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Nicolas Dichtel (1): doc: fix seg6_flowlabel path Oliver Upton (1): KVM: arm64: Prevent access to vCPU events before init Pavel Begunkov (1): io_uring: protect mem region deregistration Peter Zijlstra (Intel) (1): sched/deadline: Stop dl_server before CPU goes offline Piotr Piórkowski (4): drm/xe: Use devm_ioremap_wc for VRAM mapping and drop manual unmap drm/xe: Use dynamic allocation for tile and device VRAM region structures drm/xe: Move struct xe_vram_region to a dedicated header drm/xe: Unify the initialization of VRAM regions Pranjal Ramajor Asha Kanojiya (1): accel/qaic: Synchronize access to DBC request queue head & tail pointer Qu Wenruo (1): btrfs: only set the device specific options after devices are opened Rafael J. Wysocki (1): PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Rex Lu (1): net: mtk: wed: add dma mask limitation and GFP_DMA32 for device with more than 4GB DRAM Rong Zhang (1): x86/CPU/AMD: Prevent reset reasons from being retained across reboot Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sergey Bashirov (4): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Implement large extent array support in pNFS NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Shuicheng Lin (1): drm/xe/guc: Check GuC running state before deregistering exec queue Sourabh Jain (1): powerpc/fadump: skip parameter area allocation when fadump is disabled Stuart Hayhurst (1): ALSA: hda/intel: Add MSI X870E Tomahawk to denylist Takashi Iwai (1): ALSA: hda/realtek: Add quirk entry for HP ZBook 17 G6 Tetsuo Handa (1): can: j1939: add missing calls in NETDEV_UNREGISTER notification handler Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Tim Hostetler (1): gve: Check valid ts bit on RX descriptor before hw timestamping Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Ville Syrjälä (2): drm/i915/frontbuffer: Move bo refcounting intel_frontbuffer_{get,release}() drm/i915/fb: Fix the set_tiling vs. addfb race, again Vinay Belgaumkar (1): drm/xe: Enable media sampler power gating Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Wang Liang (1): selftests: net: check jq command is supported Wilfred Mallawa (1): nvme/tcp: handle tls partially sent records in write_space() Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yu Kuai (1): blk-mq: fix stale tag depth for shared sched tags in blk_mq_update_nr_requests() Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress Zqiang (1): usbnet: Fix using smp_processor_id() in preemptible code warnings

1 week, 5 days

1
1
0 0

Linux 6.12.55

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.55 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/Kconfig | 1 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/kernel/cpu_errata.c | 1 arch/riscv/kernel/probes/kprobes.c | 13 - arch/x86/kernel/cpu/resctrl/monitor.c | 44 ++- drivers/accel/qaic/qaic.h | 2 drivers/accel/qaic/qaic_control.c | 2 drivers/accel/qaic/qaic_data.c | 12 - drivers/accel/qaic/qaic_debugfs.c | 5 drivers/accel/qaic/qaic_drv.c | 3 drivers/base/power/runtime.c | 44 +++ drivers/cdx/cdx_msi.c | 5 drivers/cpufreq/cppc_cpufreq.c | 14 + drivers/dma/idxd/init.c | 2 drivers/gpu/drm/amd/amdgpu/Makefile | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 ++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 drivers/gpu/drm/amd/amdgpu/nv.h | 1 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/drm_draw.c | 2 drivers/gpu/drm/drm_draw_internal.h | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++------ drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 28 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 drivers/gpu/drm/panthor/panthor_fw.c | 1 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 - drivers/gpu/drm/xe/xe_guc_submit.c | 13 + drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +- drivers/md/md-linear.c | 1 drivers/md/raid0.c | 16 + drivers/md/raid1.c | 37 ++- drivers/md/raid10.c | 55 ++++ drivers/md/raid5.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++------------ drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 drivers/net/can/m_can/m_can.c | 84 ++++--- drivers/net/can/m_can/m_can.h | 1 drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 + drivers/net/ethernet/intel/ixgbevf/defines.h | 6 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 +++ drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/netdevsim/netdev.c | 7 drivers/net/usb/lan78xx.c | 38 ++- drivers/net/usb/r8152.c | 7 drivers/net/wireless/realtek/rtw89/core.c | 39 +-- drivers/net/wireless/realtek/rtw89/core.h | 6 drivers/net/wireless/realtek/rtw89/mac80211.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 2 drivers/nvme/host/multipath.c | 6 drivers/nvme/host/tcp.c | 3 drivers/phy/cadence/cdns-dphy.c | 131 ++++++++--- drivers/usb/gadget/function/f_acm.c | 42 +-- drivers/usb/gadget/function/f_ecm.c | 48 +--- drivers/usb/gadget/function/f_ncm.c | 78 ++---- drivers/usb/gadget/function/f_rndis.c | 85 ++----- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 - fs/btrfs/ioctl.c | 2 fs/btrfs/relocation.c | 13 - fs/btrfs/zoned.c | 2 fs/dax.c | 2 fs/dcache.c | 12 - fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/f2fs/data.c | 2 fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 - fs/nfsd/blocklayout.c | 33 +- fs/nfsd/blocklayoutxdr.c | 171 ++++++++------ fs/nfsd/blocklayoutxdr.h | 8 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 36 +-- fs/nfsd/nfs4xdr.c | 25 -- fs/nfsd/nfsd.h | 1 fs/nfsd/pnfs.h | 1 fs/nfsd/xdr4.h | 39 +++ fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 + fs/smb/client/smb2ops.c | 8 fs/smb/server/mgmt/user_session.c | 7 fs/smb/server/smb2pdu.c | 9 fs/smb/server/transport_ipc.c | 12 + fs/xfs/libxfs/xfs_log_format.h | 30 ++ fs/xfs/libxfs/xfs_ondisk.h | 2 fs/xfs/scrub/reap.c | 9 fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 ++ include/linux/mm.h | 2 include/linux/pci.h | 14 + include/linux/pm_runtime.h | 4 include/linux/usb/gadget.h | 25 ++ include/net/dst.h | 32 ++ include/net/inet6_hashtables.h | 2 include/net/inet_connection_sock.h | 3 include/net/inet_hashtables.h | 2 include/net/ip.h | 11 include/net/ip_tunnels.h | 15 + include/net/route.h | 2 io_uring/rw.c | 2 kernel/events/core.c | 8 kernel/padata.c | 6 kernel/sched/fair.c | 26 +- mm/slub.c | 9 net/core/dst.c | 4 net/core/sock.c | 14 - net/ipv4/icmp.c | 24 +- net/ipv4/igmp.c | 2 net/ipv4/ip_fragment.c | 2 net/ipv4/ip_output.c | 19 + net/ipv4/ip_tunnel.c | 14 - net/ipv4/ip_vti.c | 4 net/ipv4/netfilter.c | 4 net/ipv4/route.c | 8 net/ipv4/tcp_fastopen.c | 4 net/ipv4/tcp_input.c | 3 net/ipv4/tcp_ipv4.c | 12 - net/ipv4/tcp_metrics.c | 8 net/ipv4/tcp_output.c | 19 + net/ipv4/xfrm4_output.c | 2 net/ipv6/ip6_tunnel.c | 3 net/ipv6/tcp_ipv6.c | 22 - net/mptcp/ctrl.c | 9 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 31 ++ rust/bindings/bindings_helper.h | 1 sound/firewire/amdtp-stream.h | 2 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/codecs/idt821034.c | 12 - sound/soc/codecs/nau8821.c | 53 +++- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 - 161 files changed, 1901 insertions(+), 955 deletions(-) Adrian Hunter (3): perf/core: Fix address filter match with backing files perf/core: Fix MMAP event path names with backing files perf/core: Fix MMAP2 event device with backing files Akhil P Oommen (1): drm/msm/a6xx: Fix PDC sleep sequence Al Viro (1): d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier Alex Deucher (3): drm/amdgpu: add ip offset support for cyan skillfish drm/amdgpu: add support for cyan skillfish without IP discovery drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Babu Moger (2): x86/resctrl: Refactor resctrl_arch_rmid_read() x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Boris Burkov (1): btrfs: fix incorrect readahead expansion length Breno Leitao (1): netdevsim: set the carrier when the device goes up Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Conor Dooley (1): rust: cfi: only 64-bit arm and x86 support CFI_CLANG Cristian Ciocaltea (3): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Darrick J. Wong (1): xfs: use deferred intent items for reaping crosslinked blocks Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (5): tcp: fix tcp_tso_should_defer() vs large RTT tcp: convert to dev_net_rcu() tcp: cache RTAX_QUICKACK metric in a hot cache line net: dst: add four helpers to annotate data-races around dst->dev ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Fabian Vogt (1): riscv: kprobes: Fix probe address validation Fedor Pchelkin (1): wifi: rtw89: avoid possible TX wait initialization race Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Francesco Valla (1): drm/draw: fix color truncation in drm_draw_fill24 Greg Kroah-Hartman (1): Linux 6.12.55 Guenter Roeck (1): dmaengine: Add missing cleanup on module unload Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Hao Ge (1): slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jeffrey Hugo (1): accel/qaic: Fix bootlog initialization ordering Jens Axboe (1): Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Jiri Slaby (SUSE) (1): irqdomain: cdx: Switch to of_fwnode_handle() John Garry (3): md/raid0: Handle bio_split() errors md/raid1: Handle bio_split() errors md/raid10: Handle bio_split() errors Jonathan Kim (1): drm/amdgpu: fix gfx12 mes packet status return check Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Ketil Johnsen (1): drm/panthor: Ensure MCU is disabled on suspend Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_rndis: Refactor bind path to use __free() Kuniyuki Iwashima (2): mptcp: Call dst_release() in mptcp_active_enable(). mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). Laurent Pinchart (1): media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Li Qiang (1): ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Marc Kleine-Budde (4): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active can: m_can: m_can_chip_config(): bring up interface in correct state can: m_can: fix CAN state in system PM Marek Vasut (1): drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Marios Makassikis (1): ksmbd: fix recursive locking in RPC handle list access Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Matthieu Baerts (NGI0) (1): mptcp: reset blackhole on success with non-loopback ifaces Miaoqian Lin (1): cdx: Fix device node reference leak in cdx_msi_domain_init Miquel Sabaté Solà (2): btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Nicolas Dichtel (1): doc: fix seg6_flowlabel path Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Piotr Kwapulinski (2): PCI: Add PCI_VDEVICE_SUB helper macro ixgbevf: Add support for Intel(R) E610 device Pranjal Ramajor Asha Kanojiya (1): accel/qaic: Synchronize access to DBC request queue head & tail pointer Rafael J. Wysocki (1): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sean Nyekjaer (4): can: m_can: add deinit callback can: m_can: call deinit/init callback when going into suspend/resume iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sergey Bashirov (6): nfsd: Use correct error code when decoding extents nfsd: Drop dprintk in blocklayout xdr functions NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Implement large extent array support in pNFS NFSD: Fix last write offset handling in layoutcommit Sharath Chandra Vurukala (1): net: Add locking to protect skb->dev access in ip_output Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Shuicheng Lin (1): drm/xe/guc: Check GuC running state before deregistering exec queue Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Wilfred Mallawa (1): nvme/tcp: handle tls partially sent records in write_space() Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yu Kuai (1): md: fix mssing blktrace bio split events Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress

1 week, 5 days

1
1
0 0

Linux 6.6.114

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.114 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/kernel/cpu_errata.c | 1 arch/riscv/kernel/probes/kprobes.c | 13 - block/bdev.c | 17 + block/blk-zoned.c | 5 block/fops.c | 16 + block/ioctl.c | 6 drivers/accel/qaic/qaic_control.c | 2 drivers/base/power/runtime.c | 44 +++ drivers/bluetooth/btusb.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++------ drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 38 +-- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 10 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 - drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++------------ drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 + drivers/net/ethernet/intel/ixgbevf/defines.h | 6 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 +++ drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/usb/lan78xx.c | 38 ++- drivers/net/usb/r8152.c | 7 drivers/nvme/host/multipath.c | 6 drivers/pci/controller/cadence/pci-j721e.c | 64 +++++ drivers/pci/controller/dwc/pcie-tegra194.c | 10 drivers/pci/pci-sysfs.c | 10 drivers/phy/cadence/cdns-dphy.c | 131 ++++++++--- drivers/usb/gadget/function/f_acm.c | 42 +-- drivers/usb/gadget/function/f_ecm.c | 48 +--- drivers/usb/gadget/function/f_ncm.c | 78 ++---- drivers/usb/gadget/function/f_rndis.c | 85 ++----- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 - fs/btrfs/relocation.c | 13 - fs/dax.c | 2 fs/dcache.c | 2 fs/eventpoll.c | 145 ++---------- fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/ext4/super.c | 17 - fs/f2fs/data.c | 2 fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 - fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 fs/nfsd/export.c | 60 ++++- fs/nfsd/export.h | 2 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 +- fs/nfsd/nfs4xdr.c | 14 - fs/nfsd/nfsfh.c | 12 - fs/nfsd/xdr4.h | 36 ++- fs/nilfs2/the_nilfs.c | 3 fs/ocfs2/super.c | 6 fs/quota/dquot.c | 13 - fs/quota/quota_v1.c | 3 fs/quota/quota_v2.c | 9 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 + fs/smb/client/smb2ops.c | 8 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/server.h | 1 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_ipc.c | 1 fs/smb/server/transport_tcp.c | 69 ++--- fs/smb/server/transport_tcp.h | 1 fs/xfs/libxfs/xfs_log_format.h | 30 ++ fs/xfs/scrub/reap.c | 19 + fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 ++ fs/xfs/xfs_ondisk.h | 2 include/linux/cpufreq.h | 3 include/linux/mm.h | 2 include/linux/pci.h | 14 + include/linux/pm_runtime.h | 4 include/linux/quota.h | 2 include/linux/usb/gadget.h | 25 ++ include/net/ip_tunnels.h | 15 + kernel/padata.c | 6 kernel/sched/fair.c | 38 +-- mm/shmem.c | 7 net/ipv4/ip_tunnel.c | 14 - net/ipv4/tcp_output.c | 19 + net/ipv6/ip6_tunnel.c | 3 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 33 ++ rust/bindings/bindings_helper.h | 2 rust/bindings/lib.rs | 1 sound/firewire/amdtp-stream.h | 2 sound/soc/codecs/idt821034.c | 12 - sound/soc/codecs/nau8821.c | 53 +++- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 - 127 files changed, 1542 insertions(+), 923 deletions(-) Akhil P Oommen (1): drm/msm/a6xx: Fix PDC sleep sequence Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Boris Burkov (1): btrfs: fix incorrect readahead expansion length Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Cristian Ciocaltea (3): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Darrick J. Wong (2): block: fix race between set_blocksize and read paths xfs: use deferred intent items for reaping crosslinked blocks Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Greg Kroah-Hartman (1): Linux 6.6.114 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Huang Xiaojia (1): epoll: Remove ep_scan_ready_list() in comments I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: reorganize DMA aligned buffers in structure Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kemeng Shi (1): quota: remove unneeded return value of register_quota_format Konrad Dybcio (1): drm/msm/adreno: De-spaghettify the use of memory barriers Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_rndis: Refactor bind path to use __free() Laurent Pinchart (1): media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Marc Kleine-Budde (1): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Marek Vasut (1): drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Nam Cao (1): eventpoll: Replace rwlock with spinlock Namjae Jeon (1): ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Piotr Kwapulinski (2): PCI: Add PCI_VDEVICE_SUB helper macro ixgbevf: Add support for Intel(R) E610 device Rafael J. Wysocki (1): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Ryusuke Konishi (1): nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Scott Mayhew (1): nfsd: decouple the xprtsec policy check from check_nfsd_access() Sean Nyekjaer (2): iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shashank A P (1): fs: quota: create dedicated workqueue for quota_release_work Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zenm Chen (1): Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress

1 week, 5 days

1
1
0 0

[PATCH net V2] virtio-net: zero unused hash fields

by Jason Wang

When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may leak information to another side. Fixing this by zeroing the unused hash fields. Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Fixes: a2fb4bc4e2a6a ("net: implement virtio helpers to handle UDP GSO tunneling") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- include/linux/virtio_net.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 20e0584db1dd..4d1780848d0e 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -401,6 +401,10 @@ virtio_net_hdr_tnl_from_skb(const struct sk_buff *skb, if (!tnl_hdr_negotiated) return -EINVAL; + vhdr->hash_hdr.hash_value = 0; + vhdr->hash_hdr.hash_report = 0; + vhdr->hash_hdr.padding = 0; + /* Let the basic parsing deal with plain GSO features. */ skb_shinfo(skb)->gso_type &= ~tnl_gso_type; ret = virtio_net_hdr_from_skb(skb, hdr, true, false, vlan_hlen); -- 2.42.0

1 week, 6 days

3
2
0 0

[PATCH v4] media: videobuf2: forbid remove_bufs when legacy fileio is active

by Marek Szyprowski

vb2_ioctl_remove_bufs() call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Forbid that ioctl when fileio is active to protect internal queue state between subsequent read/write calls. CC: stable(a)vger.kernel.org Fixes: a3293a85381e ("media: v4l2: Add REMOVE_BUFS ioctl") Reported-by: Shuangpeng Bai <SJB7183(a)psu.edu> Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v4: - got back to simple vb2_fileio_is_active() check as in v1, as relying on vb2_verify_memory_type() misses some corner cases important to v4l2 compliance v3: https://lore.kernel.org/all/20251023113052.1303082-1-m.szyprowski@samsung.c… - moved vb2_verify_memory_type() check after (d->count == 0) check to pass v4l2 compliance v2: https://lore.kernel.org/all/20251020160121.1985354-1-m.szyprowski@samsung.c… - dropped a change to vb2_ioctl_create_bufs(), as it is already handled by the vb2_verify_memory_type() call - replaced queue->type check in vb2_ioctl_remove_bufs() by a call to vb2_verify_memory_type() which covers all cases v1: https://lore.kernel.org/all/20251016111154.993949-1-m.szyprowski@samsung.co… --- drivers/media/common/videobuf2/videobuf2-v4l2.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c index d911021c1bb0..83862d57b126 100644 --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c @@ -1010,6 +1010,11 @@ int vb2_ioctl_remove_bufs(struct file *file, void *priv, if (vb2_queue_is_busy(vdev->queue, file)) return -EBUSY; + if (vb2_fileio_is_active(vdev->queue)) { + dprintk(vdev->queue, 1, "file io in progress\n"); + return -EBUSY; + } + return vb2_core_remove_bufs(vdev->queue, d->index, d->count); } EXPORT_SYMBOL_GPL(vb2_ioctl_remove_bufs); -- 2.34.1

1 week, 6 days

1
0
0 0

[PATCH net] vsock: fix lock inversion in vsock_assign_transport()

by Stefano Garzarella

From: Stefano Garzarella <sgarzare(a)redhat.com> Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduced by commit 687aa0c5581b ("vsock: Fix transport_* TOCTOU") which added vsock_register_mutex locking in vsock_assign_transport() around the transport->release() call, that can call vsock_linger(). vsock_assign_transport() can be called with sk_lock held. vsock_linger() calls sk_wait_event() that temporarily releases and re-acquires sk_lock. During this window, if another thread hold vsock_register_mutex while trying to acquire sk_lock, a circular dependency is created. Fix this by releasing vsock_register_mutex before calling transport->release() and vsock_deassign_transport(). This is safe because we don't need to hold vsock_register_mutex while releasing the old transport, and we ensure the new transport won't disappear by obtaining a module reference first via try_module_get(). Reported-by: syzbot+10e35716f8e4929681fa(a)syzkaller.appspotmail.com Tested-by: syzbot+10e35716f8e4929681fa(a)syzkaller.appspotmail.com Fixes: 687aa0c5581b ("vsock: Fix transport_* TOCTOU") Cc: mhal(a)rbox.co Cc: stable(a)vger.kernel.org Signed-off-by: Stefano Garzarella <sgarzare(a)redhat.com> --- net/vmw_vsock/af_vsock.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 4c2db6cca557..76763247a377 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -487,12 +487,26 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) goto err; } - if (vsk->transport) { - if (vsk->transport == new_transport) { - ret = 0; - goto err; - } + if (vsk->transport && vsk->transport == new_transport) { + ret = 0; + goto err; + } + /* We increase the module refcnt to prevent the transport unloading + * while there are open sockets assigned to it. + */ + if (!new_transport || !try_module_get(new_transport->module)) { + ret = -ENODEV; + goto err; + } + + /* It's safe to release the mutex after a successful try_module_get(). + * Whichever transport `new_transport` points at, it won't go away until + * the last module_put() below or in vsock_deassign_transport(). + */ + mutex_unlock(&vsock_register_mutex); + + if (vsk->transport) { /* transport->release() must be called with sock lock acquired. * This path can only be taken during vsock_connect(), where we * have already held the sock lock. In the other cases, this @@ -512,20 +526,6 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) vsk->peer_shutdown = 0; } - /* We increase the module refcnt to prevent the transport unloading - * while there are open sockets assigned to it. - */ - if (!new_transport || !try_module_get(new_transport->module)) { - ret = -ENODEV; - goto err; - } - - /* It's safe to release the mutex after a successful try_module_get(). - * Whichever transport `new_transport` points at, it won't go away until - * the last module_put() below or in vsock_deassign_transport(). - */ - mutex_unlock(&vsock_register_mutex); - if (sk->sk_type == SOCK_SEQPACKET) { if (!new_transport->seqpacket_allow || !new_transport->seqpacket_allow(remote_cid)) { -- 2.51.0

1 week, 6 days

2
1
0 0

[PATCH 6.1.y] wifi: iwlwifi: fix debug actions order

by Vasiliy Kovalev

From: Johannes Berg <johannes.berg(a)intel.com> commit eb29b4ffafb20281624dcd2cbb768d6f30edf600 upstream. The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order. Fixes: 1a5daead217c ("iwlwifi: yoyo: support for ROM usniffer") Fixes: f21baf244112 ("iwlwifi: yoyo: fw debug config from context info and preset") Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> Link: https://patch.msgid.link/20250308231427.6de7fa8e63ed.I40632c48e2a67a8aca05d… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> [ kovalev: bp to fix CVE-2025-38045; added Fixes tags ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c index ab80c79e35bc..d6d9f60839db 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause /* - * Copyright (C) 2018-2022 Intel Corporation + * Copyright (C) 2018-2025 Intel Corporation */ #include <linux/firmware.h> #include "iwl-drv.h" @@ -1363,15 +1363,15 @@ void _iwl_dbg_tlv_time_point(struct iwl_fw_runtime *fwrt, switch (tp_id) { case IWL_FW_INI_TIME_POINT_EARLY: iwl_dbg_tlv_init_cfg(fwrt); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_update_drams(fwrt); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; case IWL_FW_INI_TIME_POINT_AFTER_ALIVE: iwl_dbg_tlv_apply_buffers(fwrt); iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; case IWL_FW_INI_TIME_POINT_PERIODIC: iwl_dbg_tlv_set_periodic_trigs(fwrt); @@ -1381,14 +1381,14 @@ void _iwl_dbg_tlv_time_point(struct iwl_fw_runtime *fwrt, case IWL_FW_INI_TIME_POINT_MISSED_BEACONS: case IWL_FW_INI_TIME_POINT_FW_DHC_NOTIFICATION: iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, iwl_dbg_tlv_check_fw_pkt); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; default: iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; } } -- 2.50.1

1 week, 6 days

1
0
0 0

PROBLEM: hwclock busted w/ M48T59 RTC (regression)

by Nick Bowler

Hi, After a stable kernel update, the hwclock command seems no longer functional on my SPARC system with an ST M48T59Y-70PC1 RTC: # hwclock [...long delay...] hwclock: select() to /dev/rtc0 to wait for clock tick timed out On prior kernels, there is no problem: # hwclock 2025-10-22 22:21:04.806992-04:00 I reproduced the same failure on 6.18-rc2 and bisected to this commit: commit 795cda8338eab036013314dbc0b04aae728880ab Author: Esben Haabendal <esben(a)geanix.com> Date: Fri May 16 09:23:35 2025 +0200 rtc: interface: Fix long-standing race when setting alarm This commit was backported to all current 6.x stable branches, as well as 5.15.x, so they all have the same regression. Reverting this commit on top of 6.18-rc2 corrects the problem. Let me know if you need any more info! Thanks, Nick

1 week, 6 days

2
2
0 0

[PATCH 1/2] dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups

by Krzysztof Kozlowski

The "groups" property can hold multiple entries (e.g. toshiba/tmpv7708-rm-mbrc.dts file), so allow that by dropping incorrect type (pinmux-node.yaml schema already defines that as string-array) and adding constraints for items. This fixes dtbs_check warnings like: toshiba/tmpv7708-rm-mbrc.dtb: pinctrl@24190000 (toshiba,tmpv7708-pinctrl): pwm-pins:groups: ['pwm0_gpio16_grp', 'pwm1_gpio17_grp', 'pwm2_gpio18_grp', 'pwm3_gpio19_grp'] is too long Fixes: 1825c1fe0057 ("pinctrl: Add DT bindings for Toshiba Visconti TMPV7700 SoC") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- .../pinctrl/toshiba,visconti-pinctrl.yaml | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml b/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml index 19d47fd414bc..ce04d2eadec9 100644 --- a/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml +++ b/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml @@ -50,18 +50,20 @@ patternProperties: groups: description: Name of the pin group to use for the functions. - $ref: /schemas/types.yaml#/definitions/string - enum: [i2c0_grp, i2c1_grp, i2c2_grp, i2c3_grp, i2c4_grp, - i2c5_grp, i2c6_grp, i2c7_grp, i2c8_grp, - spi0_grp, spi0_cs0_grp, spi0_cs1_grp, spi0_cs2_grp, - spi1_grp, spi2_grp, spi3_grp, spi4_grp, spi5_grp, spi6_grp, - uart0_grp, uart1_grp, uart2_grp, uart3_grp, - pwm0_gpio4_grp, pwm0_gpio8_grp, pwm0_gpio12_grp, - pwm0_gpio16_grp, pwm1_gpio5_grp, pwm1_gpio9_grp, - pwm1_gpio13_grp, pwm1_gpio17_grp, pwm2_gpio6_grp, - pwm2_gpio10_grp, pwm2_gpio14_grp, pwm2_gpio18_grp, - pwm3_gpio7_grp, pwm3_gpio11_grp, pwm3_gpio15_grp, - pwm3_gpio19_grp, pcmif_out_grp, pcmif_in_grp] + items: + enum: [i2c0_grp, i2c1_grp, i2c2_grp, i2c3_grp, i2c4_grp, + i2c5_grp, i2c6_grp, i2c7_grp, i2c8_grp, + spi0_grp, spi0_cs0_grp, spi0_cs1_grp, spi0_cs2_grp, + spi1_grp, spi2_grp, spi3_grp, spi4_grp, spi5_grp, spi6_grp, + uart0_grp, uart1_grp, uart2_grp, uart3_grp, + pwm0_gpio4_grp, pwm0_gpio8_grp, pwm0_gpio12_grp, + pwm0_gpio16_grp, pwm1_gpio5_grp, pwm1_gpio9_grp, + pwm1_gpio13_grp, pwm1_gpio17_grp, pwm2_gpio6_grp, + pwm2_gpio10_grp, pwm2_gpio14_grp, pwm2_gpio18_grp, + pwm3_gpio7_grp, pwm3_gpio11_grp, pwm3_gpio15_grp, + pwm3_gpio19_grp, pcmif_out_grp, pcmif_in_grp] + minItems: 1 + maxItems: 8 drive-strength: enum: [2, 4, 6, 8, 16, 24, 32] -- 2.48.1

1 week, 6 days

3
2
0 0

[PATCH] leds: leds-lp50xx: allow LED 0 to be added to module bank

by Christian Hitz

From: Christian Hitz <christian.hitz(a)bbv.ch> led_banks contains LED module number(s) that should be grouped into the module bank. led_banks is 0-initialized. By checking the led_banks entries for 0, un-set entries are detected. But a 0-entry also indicates that LED module 0 should be grouped into the module bank. By only iterating over the available entries no check for unused entries is required and LED module 0 can be added to bank. Signed-off-by: Christian Hitz <christian.hitz(a)bbv.ch> Cc: stable(a)vger.kernel.org --- drivers/leds/leds-lp50xx.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/leds/leds-lp50xx.c b/drivers/leds/leds-lp50xx.c index 94f8ef6b482c..d50c7f3e8f99 100644 --- a/drivers/leds/leds-lp50xx.c +++ b/drivers/leds/leds-lp50xx.c @@ -341,17 +341,15 @@ static int lp50xx_brightness_set(struct led_classdev *cdev, return ret; } -static int lp50xx_set_banks(struct lp50xx *priv, u32 led_banks[]) +static int lp50xx_set_banks(struct lp50xx *priv, u32 led_banks[], int num_leds) { u8 led_config_lo, led_config_hi; u32 bank_enable_mask = 0; int ret; int i; - for (i = 0; i < priv->chip_info->max_modules; i++) { - if (led_banks[i]) - bank_enable_mask |= (1 << led_banks[i]); - } + for (i = 0; i < num_leds; i++) + bank_enable_mask |= (1 << led_banks[i]); led_config_lo = bank_enable_mask; led_config_hi = bank_enable_mask >> 8; @@ -405,7 +403,7 @@ static int lp50xx_probe_leds(struct fwnode_handle *child, struct lp50xx *priv, return ret; } - ret = lp50xx_set_banks(priv, led_banks); + ret = lp50xx_set_banks(priv, led_banks, num_leds); if (ret) { dev_err(priv->dev, "Cannot setup banked LEDs\n"); return ret; -- 2.51.0

1 week, 6 days

3
4
0 0

FAILED: patch "[PATCH] s390/cio: Update purge function to unregister the unused" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9daa5a8795865f9a3c93d8d1066785b07ded6073 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101905-removal-wistful-dd49@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9daa5a8795865f9a3c93d8d1066785b07ded6073 Mon Sep 17 00:00:00 2001 From: Vineeth Vijayan <vneethv(a)linux.ibm.com> Date: Wed, 1 Oct 2025 15:38:17 +0200 Subject: [PATCH] s390/cio: Update purge function to unregister the unused subchannels Starting with 'commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers")', cio no longer unregisters subchannels when the attached device is invalid or unavailable. As an unintended side-effect, the cio_ignore purge function no longer removes subchannels for devices on the cio_ignore list if no CCW device is attached. This situation occurs when a CCW device is non-operational or unavailable To ensure the same outcome of the purge function as when the current cio_ignore list had been active during boot, update the purge function to remove I/O subchannels without working CCW devices if the associated device number is found on the cio_ignore list. Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") Suggested-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Signed-off-by: Vineeth Vijayan <vneethv(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c index fb2c07cb4d3d..4b2dae6eb376 100644 --- a/drivers/s390/cio/device.c +++ b/drivers/s390/cio/device.c @@ -1316,23 +1316,34 @@ void ccw_device_schedule_recovery(void) spin_unlock_irqrestore(&recovery_lock, flags); } -static int purge_fn(struct device *dev, void *data) +static int purge_fn(struct subchannel *sch, void *data) { - struct ccw_device *cdev = to_ccwdev(dev); - struct ccw_dev_id *id = &cdev->private->dev_id; - struct subchannel *sch = to_subchannel(cdev->dev.parent); + struct ccw_device *cdev; - spin_lock_irq(cdev->ccwlock); - if (is_blacklisted(id->ssid, id->devno) && - (cdev->private->state == DEV_STATE_OFFLINE) && - (atomic_cmpxchg(&cdev->private->onoff, 0, 1) == 0)) { - CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x\n", id->ssid, - id->devno); + spin_lock_irq(&sch->lock); + if (sch->st != SUBCHANNEL_TYPE_IO || !sch->schib.pmcw.dnv) + goto unlock; + + if (!is_blacklisted(sch->schid.ssid, sch->schib.pmcw.dev)) + goto unlock; + + cdev = sch_get_cdev(sch); + if (cdev) { + if (cdev->private->state != DEV_STATE_OFFLINE) + goto unlock; + + if (atomic_cmpxchg(&cdev->private->onoff, 0, 1) != 0) + goto unlock; ccw_device_sched_todo(cdev, CDEV_TODO_UNREG); - css_sched_sch_todo(sch, SCH_TODO_UNREG); atomic_set(&cdev->private->onoff, 0); } - spin_unlock_irq(cdev->ccwlock); + + css_sched_sch_todo(sch, SCH_TODO_UNREG); + CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x%s\n", sch->schid.ssid, + sch->schib.pmcw.dev, cdev ? "" : " (no cdev)"); + +unlock: + spin_unlock_irq(&sch->lock); /* Abort loop in case of pending signal. */ if (signal_pending(current)) return -EINTR; @@ -1348,7 +1359,7 @@ static int purge_fn(struct device *dev, void *data) int ccw_purge_blacklisted(void) { CIO_MSG_EVENT(2, "ccw: purging blacklisted devices\n"); - bus_for_each_dev(&ccw_bus_type, NULL, NULL, purge_fn); + for_each_subchannel_staged(purge_fn, NULL, NULL); return 0; }

1 week, 6 days

2
1
0 0

[PATCH v3] media: videobuf2: forbid remove_bufs when legacy fileio is active

by Marek Szyprowski

vb2_ioctl_remove_bufs() call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Add a vb2_verify_memory_type() check symmetrical to vb2_ioctl_create_bufs() to forbid that ioctl when fileio is active to protect internal queue state between subsequent read/write calls. CC: stable(a)vger.kernel.org Fixes: a3293a85381e ("media: v4l2: Add REMOVE_BUFS ioctl") Reported-by: Shuangpeng Bai<SJB7183(a)psu.edu> Suggested-by: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/media/common/videobuf2/videobuf2-v4l2.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c index d911021c1bb0..a8a5b42a42d0 100644 --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c @@ -1000,13 +1000,15 @@ int vb2_ioctl_remove_bufs(struct file *file, void *priv, struct v4l2_remove_buffers *d) { struct video_device *vdev = video_devdata(file); - - if (vdev->queue->type != d->type) - return -EINVAL; + int res; if (d->count == 0) return 0; + res = vb2_verify_memory_type(vdev->queue, vdev->queue->memory, d->type); + if (res) + return res; + if (vb2_queue_is_busy(vdev->queue, file)) return -EBUSY; -- 2.34.1

1 week, 6 days

2
4
0 0

FAILED: patch "[PATCH] s390/cio: Update purge function to unregister the unused" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9daa5a8795865f9a3c93d8d1066785b07ded6073 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101905-depress-banjo-bc7e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9daa5a8795865f9a3c93d8d1066785b07ded6073 Mon Sep 17 00:00:00 2001 From: Vineeth Vijayan <vneethv(a)linux.ibm.com> Date: Wed, 1 Oct 2025 15:38:17 +0200 Subject: [PATCH] s390/cio: Update purge function to unregister the unused subchannels Starting with 'commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers")', cio no longer unregisters subchannels when the attached device is invalid or unavailable. As an unintended side-effect, the cio_ignore purge function no longer removes subchannels for devices on the cio_ignore list if no CCW device is attached. This situation occurs when a CCW device is non-operational or unavailable To ensure the same outcome of the purge function as when the current cio_ignore list had been active during boot, update the purge function to remove I/O subchannels without working CCW devices if the associated device number is found on the cio_ignore list. Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") Suggested-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Signed-off-by: Vineeth Vijayan <vneethv(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c index fb2c07cb4d3d..4b2dae6eb376 100644 --- a/drivers/s390/cio/device.c +++ b/drivers/s390/cio/device.c @@ -1316,23 +1316,34 @@ void ccw_device_schedule_recovery(void) spin_unlock_irqrestore(&recovery_lock, flags); } -static int purge_fn(struct device *dev, void *data) +static int purge_fn(struct subchannel *sch, void *data) { - struct ccw_device *cdev = to_ccwdev(dev); - struct ccw_dev_id *id = &cdev->private->dev_id; - struct subchannel *sch = to_subchannel(cdev->dev.parent); + struct ccw_device *cdev; - spin_lock_irq(cdev->ccwlock); - if (is_blacklisted(id->ssid, id->devno) && - (cdev->private->state == DEV_STATE_OFFLINE) && - (atomic_cmpxchg(&cdev->private->onoff, 0, 1) == 0)) { - CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x\n", id->ssid, - id->devno); + spin_lock_irq(&sch->lock); + if (sch->st != SUBCHANNEL_TYPE_IO || !sch->schib.pmcw.dnv) + goto unlock; + + if (!is_blacklisted(sch->schid.ssid, sch->schib.pmcw.dev)) + goto unlock; + + cdev = sch_get_cdev(sch); + if (cdev) { + if (cdev->private->state != DEV_STATE_OFFLINE) + goto unlock; + + if (atomic_cmpxchg(&cdev->private->onoff, 0, 1) != 0) + goto unlock; ccw_device_sched_todo(cdev, CDEV_TODO_UNREG); - css_sched_sch_todo(sch, SCH_TODO_UNREG); atomic_set(&cdev->private->onoff, 0); } - spin_unlock_irq(cdev->ccwlock); + + css_sched_sch_todo(sch, SCH_TODO_UNREG); + CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x%s\n", sch->schid.ssid, + sch->schib.pmcw.dev, cdev ? "" : " (no cdev)"); + +unlock: + spin_unlock_irq(&sch->lock); /* Abort loop in case of pending signal. */ if (signal_pending(current)) return -EINTR; @@ -1348,7 +1359,7 @@ static int purge_fn(struct device *dev, void *data) int ccw_purge_blacklisted(void) { CIO_MSG_EVENT(2, "ccw: purging blacklisted devices\n"); - bus_for_each_dev(&ccw_bus_type, NULL, NULL, purge_fn); + for_each_subchannel_staged(purge_fn, NULL, NULL); return 0; }

1 week, 6 days

2
1
0 0

[PATCH] Bluetooth: rfcomm: fix modem control handling

by Johan Hovold

The RFCOMM driver confuses the local and remote modem control signals, which specifically means that the reported DTR and RTS state will instead reflect the remote end (i.e. DSR and CTS). This issue dates back to the original driver (and a follow-on update) merged in 2002, which resulted in a non-standard implementation of TIOCMSET that allowed controlling also the TS07.10 IC and DV signals by mapping them to the RI and DCD input flags, while TIOCMGET failed to return the actual state of DTR and RTS. Note that the bogus control of input signals in tiocmset() is just dead code as those flags will have been masked out by the tty layer since 2003. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- net/bluetooth/rfcomm/tty.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index 376ce6de84be..f20f043cc9b5 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -643,8 +643,8 @@ static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) tty_port_tty_hangup(&dev->port, true); dev->modem_status = - ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | - ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | + ((v24_sig & RFCOMM_V24_RTC) ? TIOCM_DSR : 0) | + ((v24_sig & RFCOMM_V24_RTR) ? TIOCM_CTS : 0) | ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); } @@ -1055,10 +1055,13 @@ static void rfcomm_tty_hangup(struct tty_struct *tty) static int rfcomm_tty_tiocmget(struct tty_struct *tty) { struct rfcomm_dev *dev = tty->driver_data; + u8 v24_sig; BT_DBG("tty %p dev %p", tty, dev); - return dev->modem_status; + rfcomm_dlc_get_modem_status(dlc, &v24_sig); + + return (v24_sig & (TIOCM_DTR | TIOCM_RTS)) | dev->modem_status; } static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) @@ -1071,23 +1074,15 @@ static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigne rfcomm_dlc_get_modem_status(dlc, &v24_sig); - if (set & TIOCM_DSR || set & TIOCM_DTR) + if (set & TIOCM_DTR) v24_sig |= RFCOMM_V24_RTC; - if (set & TIOCM_RTS || set & TIOCM_CTS) + if (set & TIOCM_RTS) v24_sig |= RFCOMM_V24_RTR; - if (set & TIOCM_RI) - v24_sig |= RFCOMM_V24_IC; - if (set & TIOCM_CD) - v24_sig |= RFCOMM_V24_DV; - if (clear & TIOCM_DSR || clear & TIOCM_DTR) + if (clear & TIOCM_DTR) v24_sig &= ~RFCOMM_V24_RTC; - if (clear & TIOCM_RTS || clear & TIOCM_CTS) + if (clear & TIOCM_RTS) v24_sig &= ~RFCOMM_V24_RTR; - if (clear & TIOCM_RI) - v24_sig &= ~RFCOMM_V24_IC; - if (clear & TIOCM_CD) - v24_sig &= ~RFCOMM_V24_DV; rfcomm_dlc_set_modem_status(dlc, v24_sig); -- 2.49.1

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] s390/cio: Update purge function to unregister the unused" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9daa5a8795865f9a3c93d8d1066785b07ded6073 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101904-seltzer-landslide-60b6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9daa5a8795865f9a3c93d8d1066785b07ded6073 Mon Sep 17 00:00:00 2001 From: Vineeth Vijayan <vneethv(a)linux.ibm.com> Date: Wed, 1 Oct 2025 15:38:17 +0200 Subject: [PATCH] s390/cio: Update purge function to unregister the unused subchannels Starting with 'commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers")', cio no longer unregisters subchannels when the attached device is invalid or unavailable. As an unintended side-effect, the cio_ignore purge function no longer removes subchannels for devices on the cio_ignore list if no CCW device is attached. This situation occurs when a CCW device is non-operational or unavailable To ensure the same outcome of the purge function as when the current cio_ignore list had been active during boot, update the purge function to remove I/O subchannels without working CCW devices if the associated device number is found on the cio_ignore list. Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") Suggested-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Signed-off-by: Vineeth Vijayan <vneethv(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c index fb2c07cb4d3d..4b2dae6eb376 100644 --- a/drivers/s390/cio/device.c +++ b/drivers/s390/cio/device.c @@ -1316,23 +1316,34 @@ void ccw_device_schedule_recovery(void) spin_unlock_irqrestore(&recovery_lock, flags); } -static int purge_fn(struct device *dev, void *data) +static int purge_fn(struct subchannel *sch, void *data) { - struct ccw_device *cdev = to_ccwdev(dev); - struct ccw_dev_id *id = &cdev->private->dev_id; - struct subchannel *sch = to_subchannel(cdev->dev.parent); + struct ccw_device *cdev; - spin_lock_irq(cdev->ccwlock); - if (is_blacklisted(id->ssid, id->devno) && - (cdev->private->state == DEV_STATE_OFFLINE) && - (atomic_cmpxchg(&cdev->private->onoff, 0, 1) == 0)) { - CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x\n", id->ssid, - id->devno); + spin_lock_irq(&sch->lock); + if (sch->st != SUBCHANNEL_TYPE_IO || !sch->schib.pmcw.dnv) + goto unlock; + + if (!is_blacklisted(sch->schid.ssid, sch->schib.pmcw.dev)) + goto unlock; + + cdev = sch_get_cdev(sch); + if (cdev) { + if (cdev->private->state != DEV_STATE_OFFLINE) + goto unlock; + + if (atomic_cmpxchg(&cdev->private->onoff, 0, 1) != 0) + goto unlock; ccw_device_sched_todo(cdev, CDEV_TODO_UNREG); - css_sched_sch_todo(sch, SCH_TODO_UNREG); atomic_set(&cdev->private->onoff, 0); } - spin_unlock_irq(cdev->ccwlock); + + css_sched_sch_todo(sch, SCH_TODO_UNREG); + CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x%s\n", sch->schid.ssid, + sch->schib.pmcw.dev, cdev ? "" : " (no cdev)"); + +unlock: + spin_unlock_irq(&sch->lock); /* Abort loop in case of pending signal. */ if (signal_pending(current)) return -EINTR; @@ -1348,7 +1359,7 @@ static int purge_fn(struct device *dev, void *data) int ccw_purge_blacklisted(void) { CIO_MSG_EVENT(2, "ccw: purging blacklisted devices\n"); - bus_for_each_dev(&ccw_bus_type, NULL, NULL, purge_fn); + for_each_subchannel_staged(purge_fn, NULL, NULL); return 0; }

1 week, 6 days

2
1
0 0

Spirit Airlines 24-Hour Cancellation: How to Cancel Your Ticket Hassle-Free

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Spirit Airlines flight, do not worry — the process is fairly straightforward! You can call Spirit Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Spirit Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Spirit Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Spirit Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Spirit Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Spirit Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Spirit Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

1 week, 6 days

1
0
0 0

Aeromexico Airlines Ticket Cancellation: What You Need to Know

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Aeromexico Airlines flight, do not worry — the process is fairly straightforward! You can call Aeromexico Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Aeromexico Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Aeromexico Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Aeromexico Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Aeromexico Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Aeromexico Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Aeromexico Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

1 week, 6 days

1
0
0 0

How to Cancel Avelo Airlines Tickets in the First 24 Hours: A Quick Guide

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Avelo Airlines flight, do not worry — the process is fairly straightforward! You can call Avelo Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Avelo Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Avelo Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Avelo Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Avelo Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Avelo Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Avelo Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

1 week, 6 days

1
0
0 0

Contour Airlines Flight Cancellation: A Quick and Simple Guide

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Contour Airlines flight, do not worry — the process is fairly straightforward! You can call Contour Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Contour Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Contour Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Contour Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Contour Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Contour Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Contour Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

1 week, 6 days

1
0
0 0

Condor Airlines Ticket Cancellation: What You Need to Know

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Condor Airlines flight, do not worry — the process is fairly straightforward! You can call Condor Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Condor Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Condor Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Condor Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Condor Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Condor Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Condor Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

1 week, 6 days

1
0
0 0

Can You Cancel Frontier Airlines Tickets Within 24 Hours? Here’s What You Need to Know

by n79ecl8zyq＠cmhvzylmfc.com

If you need to cancel your Frontier Airlines flight, do not worry — the process is fairly straightforward! You can call Frontier Airlines directly at 📞 1-866-284-3022. Whether you are canceling due to personal reasons, weather disruptions, or a change in plans, this guide will walk you through every step. While cancellations can be made online, calling may provide faster support and more detailed assistance. 📍 Step 1: Find Your Flight Information Before you call or go online, make sure you have the following information ready: ✅ Your booking confirmation number ✅ The name on the reservation ✅ Your flight details (departure date, destination, etc.) Having this information handy will make the process quicker, especially if you are speaking with a Frontier Airlines representative at 📞 1-866-284-3022. 📞 Step 2: Call Frontier Airlines Customer Support The easiest and most direct way to cancel your flight is by calling Frontier Airlines customer service at 1-866-284-3022. This line is available to assist with cancellations, modifications, and refund requests. 🧑‍💼 When you call: • You will be prompted to enter your confirmation number • Select the option for "existing reservation" • Ask to speak to a live representative if needed Pro tip: Call during off-peak hours (early mornings or late evenings) to avoid long wait times. 🌐 Step 3: Cancel Online (Alternative Option) If you prefer to cancel online, follow these steps: 1. Go to the official Volaris Airlines website 2. Click on "My Trips" at the top of the homepage 3. Enter your last name and confirmation code 4. Find the reservation you want to cancel 5. Click on “Cancel” and follow the on-screen instructions However, if you run into any issues or if your fare type does not allow online cancellations, don’t hesitate to call 1-866-284-3022 for support. 💸 Step 4: Check for Refund or Credit Eligibility Frontier Airlines is a low-cost carrier, and refund policies can vary depending on the fare type. Here is a quick breakdown: 🟢 WORKS Bundle or Refundable Tickets: Eligible for a full refund 🟡 Standard Tickets: May not be refundable but can be canceled for a credit (valid for 90 days) 🔴 Basic Fare or Promo Tickets: Often non-refundable To clarify your eligibility, it is best to speak to a Porter representative directly at 📞 1-866-284-3022. They can explain whether you will receive a refund, a travel credit, or incur a cancellation fee. ⏱️ Step 5: Cancel Within 24 Hours (If Possible) ✅ If you booked your ticket less than 24 hours ago AND your flight is at least 7 days away, you are eligible for a full refund with no cancellation fees. To take advantage of this policy, it is strongly advised to call 1-866-284-3022 right away and notify them that you fall within the 24-hour window. 📧 Step 6: Get Confirmation of Cancellation Once your flight is canceled, make sure to: 📨 Check your email for a cancellation confirmation 💳 Verify if any refund or credit has been issued to your account 📅 Note the expiration date of any travel credit issued (typically valid for 90 days) If you have not received confirmation within a few hours, call 📞 1-866-284-3022 again to follow up and ensure your cancellation was processed correctly. 🤔 Need Help? Contact Frontier Airlines Again Porter’s website can sometimes be tricky or limited in functionality, especially for special fares or last-minute cancellations. That is why calling customer service at 📞 1-866-284-3022 is always the most reliable option. Their agents can also assist with: • Modifying your travel dates • Applying travel credits • Rebooking future flights • Answering policy-related questions ✍️ Final Thoughts Canceling a Frontier Airlines flight does not have to be stressful. Whether you are canceling online or over the phone, knowing the process and your rights can save you time and money. Always keep the Porter customer service number 📞 1-866-284-3022 on hand for quick assistance and peace of mind. 🧭 Quick Recap: • Prepare your booking info • Try canceling online or via the Porter app • For best results, call Porter directly at 📞 1-866-284-3022 • Check your eligibility for refunds or travel credits • Always get a cancellation confirmation ✈️ Safe travels — or smooth cancellations — whichever your journey brings next!

1 week, 6 days

1
0
0 0

[PATCH v2 0/3] Fixes/improvements for SM6350 UFS

by Luca Weiss

Fix the order of the freq-table-hz property, then convert to OPP tables and add interconnect support for UFS for the SM6350 SoC. Signed-off-by: Luca Weiss <luca.weiss(a)fairphone.com> --- Changes in v2: - Resend, pick up tags - Link to v1: https://lore.kernel.org/r/20250314-sm6350-ufs-things-v1-0-3600362cc52c@fair… --- Luca Weiss (3): arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS arm64: dts: qcom: sm6350: Add OPP table support to UFSHC arm64: dts: qcom: sm6350: Add interconnect support to UFS arch/arm64/boot/dts/qcom/sm6350.dtsi | 49 ++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 10 deletions(-) --- base-commit: a92c761bcac3d5042559107fa7679470727a4bcb change-id: 20250314-sm6350-ufs-things-53c5de9fec5e Best regards, -- Luca Weiss <luca.weiss(a)fairphone.com>

1 week, 6 days

1
1
0 0

[PATCH net] net: bonding: fix possible peer notify event loss or dup issue

by Tonghao Zhang

If the send_peer_notif counter and the peer event notify are not synchronized. It may cause problems such as the loss or dup of peer notify event. Before this patch: - If should_notify_peers is true and the lock for send_peer_notif-- fails, peer event may be sent again in next mii_monitor loop, because should_notify_peers is still true. - If should_notify_peers is true and the lock for send_peer_notif-- succeeded, but the lock for peer event fails, the peer event will be lost. This patch locks the RTNL for send_peer_notif, events, and commit simultaneously. Fixes: 07a4ddec3ce9 ("bonding: add an option to specify a delay between peer notifications") Cc: Jay Vosburgh <jv(a)jvosburgh.net> Cc: Andrew Lunn <andrew+netdev(a)lunn.ch> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Hangbin Liu <liuhangbin(a)gmail.com> Cc: Nikolay Aleksandrov <razor(a)blackwall.org> Cc: Vincent Bernat <vincent(a)bernat.ch> Cc: <stable(a)vger.kernel.org> Signed-off-by: Tonghao Zhang <tonghao(a)bamaicloud.com> --- drivers/net/bonding/bond_main.c | 40 +++++++++++++++------------------ 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 5791c3e39baa..52b7ac8ddfbc 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -2971,7 +2971,7 @@ static void bond_mii_monitor(struct work_struct *work) { struct bonding *bond = container_of(work, struct bonding, mii_work.work); - bool should_notify_peers = false; + bool should_notify_peers; bool commit; unsigned long delay; struct slave *slave; @@ -2983,30 +2983,33 @@ static void bond_mii_monitor(struct work_struct *work) goto re_arm; rcu_read_lock(); + should_notify_peers = bond_should_notify_peers(bond); commit = !!bond_miimon_inspect(bond); - if (bond->send_peer_notif) { - rcu_read_unlock(); - if (rtnl_trylock()) { - bond->send_peer_notif--; - rtnl_unlock(); - } - } else { - rcu_read_unlock(); - } - if (commit) { + rcu_read_unlock(); + + if (commit || bond->send_peer_notif) { /* Race avoidance with bond_close cancel of workqueue */ if (!rtnl_trylock()) { delay = 1; - should_notify_peers = false; goto re_arm; } - bond_for_each_slave(bond, slave, iter) { - bond_commit_link_state(slave, BOND_SLAVE_NOTIFY_LATER); + if (commit) { + bond_for_each_slave(bond, slave, iter) { + bond_commit_link_state(slave, + BOND_SLAVE_NOTIFY_LATER); + } + bond_miimon_commit(bond); + } + + if (bond->send_peer_notif) { + bond->send_peer_notif--; + if (should_notify_peers) + call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, + bond->dev); } - bond_miimon_commit(bond); rtnl_unlock(); /* might sleep, hold no other locks */ } @@ -3014,13 +3017,6 @@ static void bond_mii_monitor(struct work_struct *work) re_arm: if (bond->params.miimon) queue_delayed_work(bond->wq, &bond->mii_work, delay); - - if (should_notify_peers) { - if (!rtnl_trylock()) - return; - call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, bond->dev); - rtnl_unlock(); - } } static int bond_upper_dev_walk(struct net_device *upper, -- 2.34.1

1 week, 6 days

3
2
0 0

[PATCH v3] i2c: fix reference leak in MP2 PCI device

by Ma Ke

In i2c_amd_probe(), amd_mp2_find_device() utilizes driver_find_next_device() which internally calls driver_find_device() to locate the matching device. driver_find_device() increments the reference count of the found device by calling get_device(), but amd_mp2_find_device() fails to call put_device() to decrement the reference count before returning. This results in a reference count leak of the PCI device each time i2c_amd_probe() is executed, which may prevent the device from being properly released and cause a memory leak. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 529766e0a011 ("i2c: Add drivers for the AMD PCIe MP2 I2C controller") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - kept the temporary variable to store pci_get_drvdata() result before releasing the device reference; Changes in v2: - modified the missing initialization in the patch. Sorry for the omission. --- drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-amd-mp2-pci.c b/drivers/i2c/busses/i2c-amd-mp2-pci.c index ef7370d3dbea..60edbabc2986 100644 --- a/drivers/i2c/busses/i2c-amd-mp2-pci.c +++ b/drivers/i2c/busses/i2c-amd-mp2-pci.c @@ -458,13 +458,16 @@ struct amd_mp2_dev *amd_mp2_find_device(void) { struct device *dev; struct pci_dev *pci_dev; + struct amd_mp2_dev *mp2_dev; dev = driver_find_next_device(&amd_mp2_pci_driver.driver, NULL); if (!dev) return NULL; pci_dev = to_pci_dev(dev); - return (struct amd_mp2_dev *)pci_get_drvdata(pci_dev); + mp2_dev = (struct amd_mp2_dev *)pci_get_drvdata(pci_dev); + put_device(dev); + return mp2_dev; } EXPORT_SYMBOL_GPL(amd_mp2_find_device); -- 2.17.1

1 week, 6 days

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror