- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.94 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/usb/cypress,hx3.yaml | 19 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 15 arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 +- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/renesas/r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 19 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 166 +++++++ arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/include/asm/fpsimd.h | 3 arch/arm64/kernel/entry-common.c | 46 +- arch/arm64/kernel/fpsimd.c | 21 arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/net/bpf_jit_comp.c | 12 arch/x86/include/asm/mwait.h | 9 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/process.c | 15 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/base/power/domain.c | 2 drivers/base/power/main.c | 3 drivers/bluetooth/hci_qca.c | 14 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/dma/ti/k3-udma.c | 3 drivers/edac/i10nm_base.c | 35 - drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 + drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 - drivers/gpu/drm/meson/meson_vclk.c | 226 +++++----- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 + drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 + drivers/hid/hid-hyperv.c | 4 drivers/hid/usbhid/hid-core.c | 25 - drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 49 +- drivers/iio/adc/ad7124.c | 4 drivers/iio/filter/admv8818.c | 224 +++++++-- drivers/infiniband/core/cm.c | 16 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 + drivers/input/rmi4/rmi_f34.c | 135 +++-- drivers/iommu/Kconfig | 1 drivers/iommu/iommu.c | 4 drivers/md/dm-flakey.c | 70 +-- drivers/md/dm.c | 30 - drivers/mfd/exynos-lpass.c | 1 drivers/mfd/stmpe-spi.c | 2 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 25 - drivers/net/dsa/b53/b53_common.c | 23 - drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_main.c | 47 +- drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++++-- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/microchip/lan743x_main.c | 4 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +- drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/macsec.c | 40 + drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 + drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 - drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 62 +- drivers/net/wireless/ath/ath11k/mac.c | 4 drivers/net/wireless/ath/ath11k/wmi.c | 2 drivers/net/wireless/ath/ath12k/core.c | 8 drivers/net/wireless/ath/ath12k/dp_rx.c | 9 drivers/net/wireless/ath/ath12k/wmi.c | 3 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/target/fcloop.c | 31 - drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/pci.c | 2 drivers/pci/pcie/dpc.c | 2 drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/power/reset/at91-reset.c | 5 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 - drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 - drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 - drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thunderbolt/ctl.c | 5 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/jsm/jsm_tty.c | 1 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 81 ++- drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 21 drivers/usb/core/hub.c | 16 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/renesas_usbhs/common.c | 50 +- drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 ++- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/watchdog/exar_wdt.c | 2 drivers/xen/balloon.c | 13 fs/btrfs/scrub.c | 34 + fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/namei.c | 10 fs/f2fs/super.c | 4 fs/filesystems.c | 14 fs/gfs2/inode.c | 3 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/namespace.c | 25 - fs/nfs/super.c | 19 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ocfs2/quota_local.c | 2 fs/smb/client/cifssmb.c | 20 fs/squashfs/super.c | 5 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bvec.h | 7 include/linux/hid.h | 3 include/linux/io_uring_types.h | 3 include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/phy.h | 5 include/net/bluetooth/hci_core.h | 2 include/net/sock.h | 7 io_uring/io_uring.c | 10 io_uring/io_uring.h | 12 io_uring/kbuf.c | 3 io_uring/poll.c | 2 io_uring/rw.c | 26 - kernel/bpf/core.c | 29 - kernel/events/core.c | 50 +- kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 2 kernel/trace/trace.c | 2 kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 ++++- kernel/trace/trace_events_trigger.c | 20 lib/kunit/static_stub.c | 2 mm/kasan/report.c | 4 mm/kasan/shadow.c | 2 net/bluetooth/eir.c | 10 net/bluetooth/hci_core.c | 16 net/bluetooth/hci_sync.c | 20 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 140 ++---- net/bluetooth/mgmt_util.c | 49 +- net/bluetooth/mgmt_util.h | 8 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/skmsg.c | 53 +- net/dsa/tag_brcm.c | 2 net/ipv4/udp_offload.c | 5 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 13 net/ipv6/seg6_local.c | 6 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 - net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_state.c | 2 scripts/Makefile.extrawarn | 12 scripts/gcc-plugins/gcc-common.h | 32 + scripts/gcc-plugins/randomize_layout_plugin.c | 40 - sound/soc/apple/mca.c | 23 + sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 2 sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 tools/arch/x86/kcpuid/kcpuid.c | 47 +- tools/bpf/resolve_btfids/Makefile | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 5 tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 tools/perf/Makefile.config | 2 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 5 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 ++++++++- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/seccomp/seccomp_bpf.c | 7 338 files changed, 3244 insertions(+), 1524 deletions(-) Aaron Kling (1): arm64: tegra: Drop remaining serial clock-names and reset-names Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Al Viro (3): path_overmount(): avoid false negatives fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (1): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (1): dt-bindings: vendor-prefixes: Add Liontron name Andreas Gruenbacher (1): gfs2: gfs2_create_inode error handling fix Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrey Konovalov (1): kasan: use unchecked __memset internally Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access AngeloGioacchino Del Regno (4): drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Anubhav Shelat (1): perf trace: Always print return value for syscalls returning a pid Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Aurabindo Pillai (1): Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Baochen Qiang (3): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started Bartosz Golaszewski (1): Bluetooth: hci_qca: move the SoC type check to the right place Beleswar Padhi (1): arm64: dts: ti: k3-j721e-sk: Add support for multiple CAN instances Benjamin Marzinski (4): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (1): PCI/DPC: Initialize aer_err_info before using it Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Cezary Rojewski (3): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ASoC: Intel: avs: Verify content returned by parse_int_array() Chao Yu (3): f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Chenyuan Yang (1): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Christophe JAILLET (2): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Claudiu Beznea (3): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (1): xfrm: Use xdo.dev instead of xdo.real_dev Dan Carpenter (5): remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Penkler (2): usb: usbtmc: Fix timeout value in get_stb usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Dmitry Antipov (2): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Dmitry Baryshkov (2): ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dr. David Alan Gilbert (1): Bluetooth: MGMT: Remove unused mgmt_pending_find_data Dustin Lundquist (1): serial: jsm: fix NPE during jsm_uart_port_init Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Easwar Hariharan (1): wifi: ath11k: convert timeouts to secs_to_jiffies() Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Eric Dumazet (6): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (3): netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Gabor Juhos (2): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Geert Uytterhoeven (1): spi: sh-msiof: Fix maximum DMA transfer size Greg Kroah-Hartman (3): net: phy: fix up const issues in to_mdio_device() and to_phy_device() Revert "io_uring: ensure deferred completions are posted for multishot" Linux 6.6.94 Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (1): octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Henry Martin (6): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (4): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ian Forbes (1): drm/vmwgfx: Add seqno waiter for sync_files Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jeff Johnson (1): wifi: ath11k: fix soc_dp_stats debugfs file permission Jens Axboe (3): io_uring: add io_file_can_poll() helper io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT io_uring/rw: fix wrong NOWAIT check in io_rw_init_file() Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (1): powerpc: do not build ppc_save_regs.o always Joel Stanley (1): ARM: aspeed: Don't select SRAM Jonas Gorski (2): net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Judith Mendez (2): arm64: dts: ti: k3-am65-main: Fix sdhci node properties arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Julien Massot (2): arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kees Cook (6): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Longfang Liu (3): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (1): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Luca Weiss (5): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Luiz Augusto von Dentz (6): Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: MGMT: Fix sparse errors Lukasz Czechowski (1): dt-bindings: usb: cypress,hx3: Add support for all variants Maharaja Kennadyrajan (1): wifi: ath12k: fix node corruption in ar->arvifs list Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Mark Brown (1): arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland (3): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Do not discard modified SVE state Martin Blumenstingl (4): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (1): ASoC: apple: mca: Constrain channels according to TDM mask Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Wilcox (Oracle) (2): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios Maxime Ripard (1): drm/vc4: tests: Use return instead of assert Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Mirco Barone (1): wireguard: device: enable threaded NAPI Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Namhyung Kim (1): perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Nathan Chancellor (1): kbuild: Disable -Wdefault-const-init-unsafe Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nícolas F. R. A. Prado (2): arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (3): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (1): wifi: ath12k: Add MSDU length validation for TKIP MIC error Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Pan Taixi (1): tracing: Fix compilation warning on arm32 Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Pauli Virtanen (1): Bluetooth: hci_core: fix list_for_each_entry_rcu usage Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peter Chiu (1): wifi: mt76: mt7996: set EHT max ampdu length capability Peter Robinson (1): arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (1): perf: Ensure bpf_perf_link path is properly serialized Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Qasim Ijaz (2): usb: typec: ucsi: fix Clang -Wsign-conversion warning fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shayne Chen (1): wifi: mt76: mt7996: fix RX buffer size of MCU event Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Siddharth Vadapalli (1): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (1): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Steven Rostedt (2): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Tao Chen (2): libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Thangaraj Samynathan (1): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Abort software beacon handling if disabled Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Vaishnav Achath (1): arm64: dts: ti: k3-j721e-sk: Model CSI2RX connector mux Vignesh Raman (1): arm64: defconfig: mediatek: enable PHY drivers Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xu Yang (1): dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yemike Abhilash Chandra (1): arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Yeoreum Yun (1): coresight: prevent deactivate active config while enabling the config Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

2 weeks, 4 days

1
1
0 0

[PATCH] sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

by Jeff Layton

tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash. Cc: stable(a)vger.kernel.org Fixes: 29cd2927fb91 ("SUNRPC: Fix encoding of accepted but unsuccessful RPC replies") Reported-by: tianshuo han <hantianshuo233(a)gmail.com> Reviewed-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Jeff Layton <jlayton(a)kernel.org> --- This should be more correct. Unfortunately, I don't know of any testcases for low-level RPC error handling. That seems like something that would be nice to do with pynfs or similar though. --- net/sunrpc/svc.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index 939b6239df8ab6229ce34836d77d3a6b983fbbb7..99050ab1435148ac5d52b697ab1a771b9e948143 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -1375,7 +1375,8 @@ svc_process_common(struct svc_rqst *rqstp) case SVC_OK: break; case SVC_GARBAGE: - goto err_garbage_args; + rqstp->rq_auth_stat = rpc_autherr_badcred; + goto err_bad_auth; case SVC_SYSERR: goto err_system_err; case SVC_DENIED: @@ -1516,14 +1517,6 @@ svc_process_common(struct svc_rqst *rqstp) *rqstp->rq_accept_statp = rpc_proc_unavail; goto sendit; -err_garbage_args: - svc_printk(rqstp, "failed to decode RPC header\n"); - - if (serv->sv_stats) - serv->sv_stats->rpcbadfmt++; - *rqstp->rq_accept_statp = rpc_garbage_args; - goto sendit; - err_system_err: if (serv->sv_stats) serv->sv_stats->rpcbadfmt++; --- base-commit: 9afe652958c3ee88f24df1e4a97f298afce89407 change-id: 20250617-rpc-6-16-cc7a23e9c961 Best regards, -- Jeff Layton <jlayton(a)kernel.org>

2 weeks, 4 days

2
1
0 0

[PATCH v1 1/2] usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed

by Roy Luo

xhci_reset() currently returns -ENODEV if XHCI_STATE_REMOVING is set, without completing the xhci handshake, unless the reset completes exceptionally quickly. This behavior causes a regression on Synopsys DWC3 USB controllers with dual-role capabilities. Specifically, when a DWC3 controller exits host mode and removes xhci while a reset is still in progress, and then attempts to configure its hardware for device mode, the ongoing, incomplete reset leads to critical register access issues. All register reads return zero, not just within the xHCI register space (which might be expected during a reset), but across the entire DWC3 IP block. This patch addresses the issue by preventing xhci_reset() from being called in xhci_resume() and bailing out early in the reinit flow when XHCI_STATE_REMOVING is set. Cc: stable(a)vger.kernel.org Fixes: 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") Suggested-by: Mathias Nyman <mathias.nyman(a)intel.com> Signed-off-by: Roy Luo <royluo(a)google.com> --- drivers/usb/host/xhci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 90eb491267b5..244b12eafd95 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1084,7 +1084,10 @@ int xhci_resume(struct xhci_hcd *xhci, bool power_lost, bool is_auto_resume) xhci_dbg(xhci, "Stop HCD\n"); xhci_halt(xhci); xhci_zero_64b_regs(xhci); - retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); + if (xhci->xhc_state & XHCI_STATE_REMOVING) + retval = -ENODEV; + else + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); spin_unlock_irq(&xhci->lock); if (retval) return retval; -- 2.49.0.1204.g71687c7c1d-goog

2 weeks, 4 days

4
8
0 0

[PATCH 0/7] KVM: arm64: trap fixes and cleanup

by Mark Rutland

This series fixes some issues with the way KVM manages traps in VHE mode, with some cleanups/simplifications atop. Patch 1 fixes a theoretical issue with debug register manipulation, which has been around forever. This was found by inspection while working on other fixes. Patch 2 fixes an issue with NV where a host may take unexpected traps as a result of a guest hypervisor's configuration of CPTR_EL2. Patch 5 fixes an issue with NV where a guest hypervisor's configuration of CPTR_EL2 may not be taken into account when running a guest guest, incorrectly permitting usage of SVE when this should be trapped to the guest hypervisor. The other patches in the series are prepartory work and cleanup. Originally I intended to simplify/cleanup to kvm_hyp_handle_fpsimd() and kvm_hyp_save_fpsimd_host(), as discussed with Will on an earlier series: https://lore.kernel.org/linux-arm-kernel/20250210161242.GC7568@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6owjEPNaJ55e9LM@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/20250210180637.GA7926@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6pbeIsIMWexiDta@J2N7QTR9R3/ In the process of implementing that, I realised that the CPTR trap management wasn't quite right for NV, and found the potential issue with debug register configuration. I've given the series some light testing on a fast model so far; any further testing and/or review would be much appreciated. The series is based on the 'kvmarm-fixes-6.16-2' tag from the kvmarm tree. Mark. Mark Rutland (7): KVM: arm64: VHE: Synchronize restore of host debug registers KVM: arm64: VHE: Synchronize CPTR trap deactivation KVM: arm64: Reorganise CPTR trap manipulation KVM: arm64: Remove ad-hoc CPTR manipulation from fpsimd_sve_sync() KVM: arm64: Remove ad-hoc CPTR manipulation from kvm_hyp_handle_fpsimd() KVM: arm64: Remove cpacr_clear_set() KVM: arm64: VHE: Centralize ISBs when returning to host arch/arm64/include/asm/kvm_emulate.h | 62 ---------- arch/arm64/include/asm/kvm_host.h | 6 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 147 ++++++++++++++++++++++-- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 5 +- arch/arm64/kvm/hyp/nvhe/switch.c | 59 ---------- arch/arm64/kvm/hyp/vhe/switch.c | 107 +++-------------- 6 files changed, 158 insertions(+), 228 deletions(-) -- 2.30.2

2 weeks, 4 days

2
8
0 0

[PATCH V3 2/2] PCI: Prevent LS7A Bus Master clearing on kexec

by Huacai Chen

This is similar to commit 62b6dee1b44a ("PCI/portdrv: Prevent LS7A Bus Master clearing on shutdown"), which prevents LS7A Bus Master clearing on kexec. The key point of this is to work around the LS7A defect that clearing PCI_COMMAND_MASTER prevents MMIO requests from going downstream, and we may need to do that even after .shutdown(), e.g., to print console messages. And in this case we rely on .shutdown() for the downstream devices to disable interrupts and DMA. Only skip Bus Master clearing on bridges because endpoint devices still need it. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ming Wang <wangming01(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index 602838416e6a..8a1e32367a06 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -517,7 +517,7 @@ static void pci_device_shutdown(struct device *dev) * If it is not a kexec reboot, firmware will hit the PCI * devices with big hammer and stop their DMA any way. */ - if (kexec_in_progress && (pci_dev->current_state <= PCI_D3hot)) + if (kexec_in_progress && !pci_is_bridge(pci_dev) && (pci_dev->current_state <= PCI_D3hot)) pci_clear_master(pci_dev); } -- 2.47.1

2 weeks, 4 days

3
2
0 0

[PATCH V3 1/2] PCI: Use local_pci_probe() when best selected cpu is offline

by Huacai Chen

From: Hongchen Zhang <zhanghongchen(a)loongson.cn> When the best selected CPU is offline, work_on_cpu() will stuck forever. This can be happen if a node is online while all its CPUs are offline (we can use "maxcpus=1" without "nr_cpus=1" to reproduce it), Therefore, in this case, we should call local_pci_probe() instead of work_on_cpu(). Cc: <stable(a)vger.kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index c8bd71a739f7..602838416e6a 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -386,7 +386,7 @@ static int pci_call_probe(struct pci_driver *drv, struct pci_dev *dev, free_cpumask_var(wq_domain_mask); } - if (cpu < nr_cpu_ids) + if ((cpu < nr_cpu_ids) && cpu_online(cpu)) error = work_on_cpu(cpu, local_pci_probe, &ddi); else error = local_pci_probe(&ddi); -- 2.47.1

2 weeks, 4 days

3
2
0 0

[PATCH 0/2] Fixes in snps-phy HDMI PLL algorithm

by Ankit Nautiyal

Fixes/improvement in snps-phy HDMI PLL algorithm. Ankit Nautiyal (2): drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64 drm/i915/snps_hdmi_pll: Use clamp() instead of max(min()) drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.45.2

2 weeks, 4 days

4
5
0 0

[PATCH v2 6.12.y] Kunit to check the longest symbol length

by Sergio González Collado

Hello, Please consider applying the following commits for 6.12.y: c104c16073b7 ("Kunit to check the longest symbol length") 54338750578f ("x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c") They should apply cleanly. Those two commits implement a kunit test to verify that a symbol with KSYM_NAME_LEN of 512 can be read. The first commit implements the test. This commit also includes a fix for the test x86/insn_decoder_test. In the case a symbol exceeds the symbol length limit, an error will happen: arch/x86/tools/insn_decoder_test: error: malformed line 1152000: tBb_+0xf2> ..which overflowed by 10 characters reading this line: ffffffff81458193: 74 3d je ffffffff814581d2 <_RNvXse_NtNtNtCshGpAVYOtgW1_4core4iter8adapters7flattenINtB5_13FlattenCompatINtNtB7_3map3MapNtNtNtBb_3str4iter5CharsNtB1v_17CharEscapeDefaultENtNtBb_4char13EscapeDefaultENtNtBb_3fmt5Debug3fmtBb_+0xf2> The fix was proposed in [1] and initially mentioned at [2]. The second commit fixes a warning when building with clang because there was a definition of unlikely from compiler.h in tools/include/linux, which conflicted with the one in the instruction decoder selftest. [1] https://lore.kernel.org/lkml/Y9ES4UKl%2F+DtvAVS@gmail.com/ [2] https://lore.kernel.org/lkml/320c4dba-9919-404b-8a26-a8af16be1845@app.fastm… I will send something similar to 6.6.y and 6.1.y Thanks! Best regards, Sergio

2 weeks, 4 days

2
3
0 0

[PATCH 6.1 1/1] objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()

by Dmitriy Privalov

If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode() Fixes: 3fe26121dc3a ("spi: amd: Configure device speed") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Josh Poimboeuf <jpoimboe(a)kernel.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Acked-by: Mark Brown <broonie(a)kernel.org> Cc: Raju Rangoju <Raju.Rangoju(a)amd.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/78fef0f2434f35be9095bcc9ffa23dd8cab667b9.17428528… Closes: https://lore.kernel.org/r/202503161828.RUk9EhWx-lkp@intel.com/ Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- drivers/spi/spi-amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-amd.c b/drivers/spi/spi-amd.c index bfc3ab5f39ea..b53301e563bc 100644 --- a/drivers/spi/spi-amd.c +++ b/drivers/spi/spi-amd.c @@ -243,7 +243,7 @@ static int amd_set_spi_freq(struct amd_spi *amd_spi, u32 speed_hz) if (speed_hz < AMD_SPI_MIN_HZ) return -EINVAL; - for (i = 0; i < ARRAY_SIZE(amd_spi_freq); i++) + for (i = 0; i < ARRAY_SIZE(amd_spi_freq)-1; i++) if (speed_hz >= amd_spi_freq[i].speed_hz) break; -- 2.34.1

2 weeks, 4 days

1
1
0 0

[PATCH v 4] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY

by Minas Harutyunyan

For UTMI+ PHY, according to programming guide, first should be set PMUACTV bit then STOPPCLK bit. Otherwise, when the device issues Remote Wakeup, then host notices disconnect instead. For ULPI PHY, above mentioned bits must be set in reversed order: STOPPCLK then PMUACTV. Fixes: 4483ef3c1685 ("usb: dwc2: Add hibernation updates for ULPI PHY") Cc: stable(a)vger.kernel.org Reported-by: Tomasz Mon <tomasz.mon(a)nordicsemi.no> Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> --- Changes in v4: - Rebased on top of Linux 6.15-rc6 Changes in v3: - Rebased on top of 6.15-rc4 Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/dwc2/gadget.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c index 300ea4969f0c..b817002bdee0 100644 --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -5383,20 +5383,33 @@ int dwc2_gadget_enter_hibernation(struct dwc2_hsotg *hsotg) if (gusbcfg & GUSBCFG_ULPI_UTMI_SEL) { /* ULPI interface */ gpwrdn |= GPWRDN_ULPI_LATCH_EN_DURING_HIB_ENTRY; - } - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); - /* Suspend the Phy Clock */ - pcgcctl = dwc2_readl(hsotg, PCGCTL); - pcgcctl |= PCGCTL_STOPPCLK; - dwc2_writel(hsotg, pcgcctl, PCGCTL); - udelay(10); + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); - gpwrdn = dwc2_readl(hsotg, GPWRDN); - gpwrdn |= GPWRDN_PMUACTV; - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + } else { + /* UTMI+ Interface */ + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); + } /* Set flag to indicate that we are in hibernation */ hsotg->hibernated = 1; -- 2.41.0

2 weeks, 4 days

2
1
0 0

temporary hung tasks on XFS since updating to 6.6.92

by Christian Theune

Hi, in the last week, after updating to 6.6.92, we’ve encountered a number of VMs reporting temporarily hung tasks blocking the whole system for a few minutes. They unblock by themselves and have similar tracebacks. The IO PSIs show 100% pressure for that time, but the underlying devices are still processing read and write IO (well within their capacity). I’ve eliminated the underlying storage (Ceph) as the source of problems as I couldn’t find any latency outliers or significant queuing during that time. I’ve seen somewhat similar reports on 6.6.88 and 6.6.77, but those might have been different outliers. I’m attaching 3 logs - my intuition and the data so far leads me to consider this might be a kernel bug. I haven’t found a way to reproduce this, yet. Regards, Christian -- Christian Theune · ct(a)flyingcircus.io · +49 345 219401 0 Flying Circus Internet Operations GmbH · https://flyingcircus.io Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick

2 weeks, 4 days

3
12
0 0

[PATCH stable 6.1-6.12 1/2] net: Fix checksum update for ILA adj-transport

by Paul Chaignon

[ Upstream commit 6043b794c7668c19dabc4a93c75b924a19474d59 ] During ILA address translations, the L4 checksums can be handled in different ways. One of them, adj-transport, consist in parsing the transport layer and updating any found checksum. This logic relies on inet_proto_csum_replace_by_diff and produces an incorrect skb->csum when in state CHECKSUM_COMPLETE. This bug can be reproduced with a simple ILA to SIR mapping, assuming packets are received with CHECKSUM_COMPLETE: $ ip a show dev eth0 14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 62:ae:35:9e:0f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 3333:0:0:1::c078/64 scope global valid_lft forever preferred_lft forever inet6 fd00:10:244:1::c078/128 scope global nodad valid_lft forever preferred_lft forever inet6 fe80::60ae:35ff:fe9e:f8d/64 scope link proto kernel_ll valid_lft forever preferred_lft forever $ ip ila add loc_match fd00:10:244:1 loc 3333:0:0:1 \ csum-mode adj-transport ident-type luid dev eth0 Then I hit [fd00:10:244:1::c078]:8000 with a server listening only on [3333:0:0:1::c078]:8000. With the bug, the SYN packet is dropped with SKB_DROP_REASON_TCP_CSUM after inet_proto_csum_replace_by_diff changed skb->csum. The translation and drop are visible on pwru [1] traces: IFACE TUPLE FUNC eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ipv6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ip6_rcv_core eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) nf_hook_slow eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) inet_proto_csum_replace_by_diff eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_early_demux eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_route_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input_finish eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_protocol_deliver_rcu eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) raw6_local_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ipv6_raw_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) __skb_checksum_complete eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skb_reason(SKB_DROP_REASON_TCP_CSUM) eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_head_state eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_data eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_free_head eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skbmem This is happening because inet_proto_csum_replace_by_diff is updating skb->csum when it shouldn't. The L4 checksum is updated such that it "cancels" the IPv6 address change in terms of checksum computation, so the impact on skb->csum is null. Note this would be different for an IPv4 packet since three fields would be updated: the IPv4 address, the IP checksum, and the L4 checksum. Two would cancel each other and skb->csum would still need to be updated to take the L4 checksum change into account. This patch fixes it by passing an ipv6 flag to inet_proto_csum_replace_by_diff, to skip the skb->csum update if we're in the IPv6 case. Note the behavior of the only other user of inet_proto_csum_replace_by_diff, the BPF subsystem, is left as is in this patch and fixed in the subsequent patch. With the fix, using the reproduction from above, I can confirm skb->csum is not touched by inet_proto_csum_replace_by_diff and the TCP SYN proceeds to the application after the ILA translation. Link: https://github.com/cilium/pwru [1] Fixes: 65d7ab8de582 ("net: Identifier Locator Addressing module") Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://patch.msgid.link/b5539869e3550d46068504feb02d37653d939c0b.174850948… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> --- include/net/checksum.h | 2 +- net/core/filter.c | 2 +- net/core/utils.c | 4 ++-- net/ipv6/ila/ila_common.c | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/checksum.h b/include/net/checksum.h index 1338cb92c8e7..28b101f26636 100644 --- a/include/net/checksum.h +++ b/include/net/checksum.h @@ -158,7 +158,7 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, const __be32 *from, const __be32 *to, bool pseudohdr); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr); + __wsum diff, bool pseudohdr, bool ipv6); static __always_inline void inet_proto_csum_replace2(__sum16 *sum, struct sk_buff *skb, diff --git a/net/core/filter.c b/net/core/filter.c index 99b23fd2f509..e0d978c1a4cd 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1999,7 +1999,7 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset, if (unlikely(from != 0)) return -EINVAL; - inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo); + inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo, false); break; case 2: inet_proto_csum_replace2(ptr, skb, from, to, is_pseudo); diff --git a/net/core/utils.c b/net/core/utils.c index 27f4cffaae05..b8c21a859e27 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -473,11 +473,11 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, EXPORT_SYMBOL(inet_proto_csum_replace16); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr) + __wsum diff, bool pseudohdr, bool ipv6) { if (skb->ip_summed != CHECKSUM_PARTIAL) { csum_replace_by_diff(sum, diff); - if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) + if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr && !ipv6) skb->csum = ~csum_sub(diff, skb->csum); } else if (pseudohdr) { *sum = ~csum_fold(csum_add(diff, csum_unfold(*sum))); diff --git a/net/ipv6/ila/ila_common.c b/net/ipv6/ila/ila_common.c index 95e9146918cc..b8d43ed4689d 100644 --- a/net/ipv6/ila/ila_common.c +++ b/net/ipv6/ila/ila_common.c @@ -86,7 +86,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&th->check, skb, - diff, true); + diff, true, true); } break; case NEXTHDR_UDP: @@ -97,7 +97,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) { diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&uh->check, skb, - diff, true); + diff, true, true); if (!uh->check) uh->check = CSUM_MANGLED_0; } @@ -111,7 +111,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&ih->icmp6_cksum, skb, - diff, true); + diff, true, true); } break; } -- 2.43.0

2 weeks, 4 days

2
3
0 0

[PATCH 6.1.y] scsi: pm80xx: Set phy->enable_completion only when we wait for it

by Xiangyu Chen

From: Igor Pylypiv <ipylypiv(a)google.com> [ Upstream commit e4f949ef1516c0d74745ee54a0f4882c1f6c7aea ] pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash. Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Signed-off-by: Terrence Adams <tadamsjr(a)google.com> Link: https://lore.kernel.org/r/20240627155924.2361370-2-tadamsjr@google.com Acked-by: Jack Wang <jinpu.wang(a)ionos.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Test info: Building OS: Ubuntu 22.04.5 GCC: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) Base Tree: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y Builds: make defconfig; make bzImage make allyesconfig; make bzImage make allmodconfig; make bzImage Boot target: Intel Basking Ridge --- drivers/scsi/pm8001/pm8001_sas.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c index a87c3d7e3e5c..f491edf73e23 100644 --- a/drivers/scsi/pm8001/pm8001_sas.c +++ b/drivers/scsi/pm8001/pm8001_sas.c @@ -168,7 +168,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, unsigned long flags; pm8001_ha = sas_phy->ha->lldd_ha; phy = &pm8001_ha->phy[phy_id]; - pm8001_ha->phy[phy_id].enable_completion = &completion; + switch (func) { case PHY_FUNC_SET_LINK_RATE: rates = funcdata; @@ -181,6 +181,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, rates->maximum_linkrate; } if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -189,6 +190,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_HARD_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -197,6 +199,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_LINK_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } -- 2.34.1

2 weeks, 4 days

2
1
0 0

[PATCH] drm/appletbdrm: Make appletbdrm depend on X86

by Aditya Garg

commit de5fbbe1531f645c8b56098be8d1faf31e46f7f0 upstream The appletbdrm driver is exclusively for Touch Bars on x86 Intel Macs. The M1 Macs have a separate driver. So, lets avoid compiling it for other architectures. Signed-off-by: Aditya Garg <gargaditya08(a)live.com> Reviewed-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> Link: https://lore.kernel.org/r/PN3PR01MB95970778982F28E4A3751392B8B72@PN3PR01MB9… Signed-off-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> --- Sending this since https://lore.kernel.org/stable/20250617152509.019353397@linuxfoundation.org/ was also backported to 6.15 drivers/gpu/drm/tiny/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/tiny/Kconfig b/drivers/gpu/drm/tiny/Kconfig index 95c1457d7..d66681d0e 100644 --- a/drivers/gpu/drm/tiny/Kconfig +++ b/drivers/gpu/drm/tiny/Kconfig @@ -3,6 +3,7 @@ config DRM_APPLETBDRM tristate "DRM support for Apple Touch Bars" depends on DRM && USB && MMU + depends on X86 || COMPILE_TEST select DRM_GEM_SHMEM_HELPER select DRM_KMS_HELPER help -- 2.49.0

2 weeks, 4 days

3
3
0 0

[PATCH 5.15 0/2] fix LTP regression in fanotify22

by Amir Goldstein

Jan, I noticed that fanotify22, the FAN_FS_ERROR test has regressed in the 5.15.y stable tree. This is because commit d3476f3dad4a ("ext4: don't set SB_RDONLY after filesystem errors") was backported to 5.15.y and the later Fixes commit could not be cleanly applied to 5.15.y over the new mount api re-factoring. I am not sure it is critical to fix this regression, because it is mostly a regression in a test feature, but I think the backport is pretty simple, although I could be missing something. Please ACK if you agree that this backport should be applied to 5.15.y. Thanks, Amir. Amir Goldstein (2): ext4: make 'abort' mount option handling standard ext4: avoid remount errors with 'abort' mount option fs/ext4/ext4.h | 1 + fs/ext4/super.c | 15 +++++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) -- 2.47.1

2 weeks, 4 days

3
6
0 0

FAILED: patch "[PATCH] posix-cpu-timers: fix race between handle_posix_cpu_timers()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f90fff1e152dedf52b932240ebbd670d83330eca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061744-precinct-rubble-45c9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f90fff1e152dedf52b932240ebbd670d83330eca Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Fri, 13 Jun 2025 19:26:50 +0200 Subject: [PATCH] posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case. Cc: stable(a)vger.kernel.org Reported-by: Benoît Sevens <bsevens(a)google.com> Fixes: 0bdd2ed4138e ("sched: run_posix_cpu_timers: Don't check ->exit_state, use lock_task_sighand()") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c index 50e8d04ab661..2e5b89d7d866 100644 --- a/kernel/time/posix-cpu-timers.c +++ b/kernel/time/posix-cpu-timers.c @@ -1405,6 +1405,15 @@ void run_posix_cpu_timers(void) lockdep_assert_irqs_disabled(); + /* + * Ensure that release_task(tsk) can't happen while + * handle_posix_cpu_timers() is running. Otherwise, a concurrent + * posix_cpu_timer_del() may fail to lock_task_sighand(tsk) and + * miss timer->it.cpu.firing != 0. + */ + if (tsk->exit_state) + return; + /* * If the actual expiry is deferred to task work context and the * work is already scheduled there is no point to do anything here.

2 weeks, 4 days

3
2
0 0

[PATCH 6.12.y] cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update

by jetlan9＠163.com

From: Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> [ Upstream commit 426db24d4db2e4f0d6720aeb7795eafcb9e82640 ] Check if policy is NULL before dereferencing it in amd_pstate_update. Fixes: e8f555daacd3 ("cpufreq/amd-pstate: fix setting policy current frequency value") Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Gautham R. Shenoy <gautham.shenoy(a)amd.com> Link: https://lore.kernel.org/r/20250205112523.201101-11-dhananjay.ugwekar@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> [Minor context change fixed.] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/cpufreq/amd-pstate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c index 7a16d1932228..62dbc5701e99 100644 --- a/drivers/cpufreq/amd-pstate.c +++ b/drivers/cpufreq/amd-pstate.c @@ -482,6 +482,9 @@ static void amd_pstate_update(struct amd_cpudata *cpudata, u32 min_perf, u32 nominal_perf = READ_ONCE(cpudata->nominal_perf); u64 value = prev; + if (!policy) + return; + min_perf = clamp_t(unsigned long, min_perf, cpudata->min_limit_perf, cpudata->max_limit_perf); max_perf = clamp_t(unsigned long, max_perf, cpudata->min_limit_perf, -- 2.34.1

2 weeks, 4 days

2
1
0 0

[PATCH 2/2] mmc: core: sd: Fix and simplify SD card current limit handling

by Avri Altman

The SD spec says: "In UHS-I mode, after selecting one of SDR50, SDR104, or DDR50 mode by Function Group 1, host needs to change the Power Limit to enable the card to operate in higher performance". The driver previously determined SD card current limits incorrectly by checking capability bits before bus speed was established, and by using support bits in function group 4 (bytes 6 & 7) rather than the actual current requirement (bytes 0 & 1). This is wrong because the card responds for a given bus speed. This patch queries the card's current requirement after setting the bus speed, and uses the reported value to select the appropriate current limit. while at it, remove some unused constants and the misleading comment in the code. Fixes: d9812780a020 ("mmc: sd: limit SD card power limit according to cards capabilities") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 36 +++++++++++++----------------------- include/linux/mmc/card.h | 6 ------ 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index cf92c5b2059a..357edfb910df 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -365,7 +365,6 @@ static int mmc_read_switch(struct mmc_card *card) card->sw_caps.sd3_bus_mode = status[13]; /* Driver Strengths supported by the card */ card->sw_caps.sd3_drv_type = status[9]; - card->sw_caps.sd3_curr_limit = status[7] | status[6] << 8; } out: @@ -556,7 +555,7 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) { int current_limit = SD_SET_CURRENT_LIMIT_200; int err; - u32 max_current; + u32 max_current, card_needs; /* * Current limit switch is only defined for SDR50, SDR104, and DDR50 @@ -575,33 +574,24 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) max_current = sd_get_host_max_current(card->host); /* - * We only check host's capability here, if we set a limit that is - * higher than the card's maximum current, the card will be using its - * maximum current, e.g. if the card's maximum current is 300ma, and - * when we set current limit to 200ma, the card will draw 200ma, and - * when we set current limit to 400/600/800ma, the card will draw its - * maximum 300ma from the host. - * - * The above is incorrect: if we try to set a current limit that is - * not supported by the card, the card can rightfully error out the - * attempt, and remain at the default current limit. This results - * in a 300mA card being limited to 200mA even though the host - * supports 800mA. Failures seen with SanDisk 8GB UHS cards with - * an iMX6 host. --rmk + * query the card of its maximun current/power consumption given the + * bus speed mode */ - if (max_current >= 800 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_800) + err = mmc_sd_switch(card, 0, 0, card->sd_bus_speed, status); + if (err) + return err; + + card_needs = status[1] | status[0] << 8; + + if (max_current >= 800 && card_needs > 600) current_limit = SD_SET_CURRENT_LIMIT_800; - else if (max_current >= 600 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_600) + else if (max_current >= 600 && card_needs > 400) current_limit = SD_SET_CURRENT_LIMIT_600; - else if (max_current >= 400 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) + else if (max_current >= 400 && card_needs > 200) current_limit = SD_SET_CURRENT_LIMIT_400; if (current_limit != SD_SET_CURRENT_LIMIT_200) { - err = mmc_sd_switch(card, SD_SWITCH_SET, 3, - current_limit, status); + err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) return err; diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index e9e964c20e53..67c1386ca574 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -177,17 +177,11 @@ struct sd_switch_caps { #define SD_DRIVER_TYPE_A 0x02 #define SD_DRIVER_TYPE_C 0x04 #define SD_DRIVER_TYPE_D 0x08 - unsigned int sd3_curr_limit; #define SD_SET_CURRENT_LIMIT_200 0 #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) -#define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -#define SD_MAX_CURRENT_600 (1 << SD_SET_CURRENT_LIMIT_600) -#define SD_MAX_CURRENT_800 (1 << SD_SET_CURRENT_LIMIT_800) - #define SD4_SET_POWER_LIMIT_0_72W 0 #define SD4_SET_POWER_LIMIT_1_44W 1 #define SD4_SET_POWER_LIMIT_2_16W 2 -- 2.25.1

2 weeks, 4 days

1
0
0 0

[PATCH 1/2] mmc: core sd: Simplify current limit logic for 200mA default

by Avri Altman

The SD current limit logic is updated to avoid explicitly setting the current limit when the maximum power is 200mA (0.72W) or less, as this is already the default value. The code now only issues a current limit switch if a higher limit is required, and the unused SD_SET_CURRENT_NO_CHANGE constant is removed. This reduces unnecessary commands and simplifies the logic. Fixes: 0aa6770000ba ("mmc: sdhci: only set 200mA support for 1.8v if 200mA is available") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 7 ++----- include/linux/mmc/card.h | 1 - 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index ec02067f03c5..cf92c5b2059a 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -554,7 +554,7 @@ static u32 sd_get_host_max_current(struct mmc_host *host) static int sd_set_current_limit(struct mmc_card *card, u8 *status) { - int current_limit = SD_SET_CURRENT_NO_CHANGE; + int current_limit = SD_SET_CURRENT_LIMIT_200; int err; u32 max_current; @@ -598,11 +598,8 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) else if (max_current >= 400 && card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) current_limit = SD_SET_CURRENT_LIMIT_400; - else if (max_current >= 200 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_200) - current_limit = SD_SET_CURRENT_LIMIT_200; - if (current_limit != SD_SET_CURRENT_NO_CHANGE) { + if (current_limit != SD_SET_CURRENT_LIMIT_200) { err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index ddcdf23d731c..e9e964c20e53 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -182,7 +182,6 @@ struct sd_switch_caps { #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_SET_CURRENT_NO_CHANGE (-1) #define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) #define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -- 2.25.1

2 weeks, 4 days

1
0
0 0

[PATCH] arm64/ptdump: Ensure memory hotplug is prevented during ptdump_check_wx()

by Anshuman Khandual

The arm64 page table dump code can race with concurrent modification of the kernel page tables. When a leaf entries are modified concurrently, the dump code may log stale or inconsistent information for a VA range, but this is otherwise not harmful. When intermediate levels of table are freed, the dump code will continue to use memory which has been freed and potentially reallocated for another purpose. In such cases, the dump code may dereference bogus addresses, leading to a number of potential problems. This problem was fixed for ptdump_show() earlier via commit 'bf2b59f60ee1 ("arm64/mm: Hold memory hotplug lock while walking for kernel page table dump")' but a same was missed for ptdump_check_wx() which faced the race condition as well. Let's just take the memory hotplug lock while executing ptdump_check_wx(). Cc: stable(a)vger.kernel.org Fixes: bbd6ec605c0f ("arm64/mm: Enable memory hot remove") Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-kernel(a)vger.kernel.org Reported-by: Dev Jain <dev.jain(a)arm.com> Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> --- This patch applies on v6.16-rc1 Dev Jain found this via code inspection. arch/arm64/mm/ptdump.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/ptdump.c b/arch/arm64/mm/ptdump.c index 421a5de806c62..551f80d41e8d2 100644 --- a/arch/arm64/mm/ptdump.c +++ b/arch/arm64/mm/ptdump.c @@ -328,7 +328,7 @@ static struct ptdump_info kernel_ptdump_info __ro_after_init = { .mm = &init_mm, }; -bool ptdump_check_wx(void) +static bool __ptdump_check_wx(void) { struct ptdump_pg_state st = { .seq = NULL, @@ -367,6 +367,16 @@ bool ptdump_check_wx(void) } } +bool ptdump_check_wx(void) +{ + bool ret; + + get_online_mems(); + ret = __ptdump_check_wx(); + put_online_mems(); + return ret; +} + static int __init ptdump_init(void) { u64 page_offset = _PAGE_OFFSET(vabits_actual); -- 2.30.2

2 weeks, 4 days

5
7
0 0

[PATCH] Revert "platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1"

by Kurt Borja

This reverts commit 5ff79cabb23a2f14d2ed29e9596aec908905a0e6. Although the Alienware m16 R1 AMD model supports G-Mode, it actually has a lower power ceiling than plain "performance" profile, which results in lower performance. Reported-by: Cihan Ozakca <cozakca(a)outlook.com> Cc: stable(a)vger.kernel.org # 6.15.x Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> --- Hi all, Contrary to (my) intuition, imitating Windows behavior actually results in LOWER performance. I was having second thoughts about this revert because users will notice that "performance" not longer turns on the G-Mode key found in this laptop. Some users may think this is actually a regression, but IMO lower performance is worse. --- drivers/platform/x86/dell/alienware-wmi-wmax.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index c42f9228b0b255fe962b735ac96486824e83945f..20ec122a9fe0571a1ecd2ccf630615564ab30481 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -119,7 +119,7 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m16 R1 AMD"), }, - .driver_data = &g_series_quirks, + .driver_data = &generic_quirks, }, { .ident = "Alienware m16 R2", --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250611-m16-rev-8109b82dee30 -- ~ Kurt

2 weeks, 4 days

3
2
0 0

[PATCH] thunderbolt: Fix wake on connect at runtime

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> commit 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") fixated on the USB4 port sysfs wakeup file not working properly to control policy, but it had an unintended side effect that the sysfs file controls policy both at runtime and at suspend time. The sysfs file is supposed to only control behavior while system is suspended. Pass whether programming a port for runtime into usb4_switch_set_wake() and if runtime then ignore the value in the sysfs file. Cc: stable(a)vger.kernel.org Reported-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Tested-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Fixes: 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/thunderbolt/switch.c | 8 ++++---- drivers/thunderbolt/tb.h | 2 +- drivers/thunderbolt/usb4.c | 9 ++++----- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index 28febb95f8fa1..e9809fb57c354 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -3437,7 +3437,7 @@ void tb_sw_set_unplugged(struct tb_switch *sw) } } -static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) +static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { if (flags) tb_sw_dbg(sw, "enabling wakeup: %#x\n", flags); @@ -3445,7 +3445,7 @@ static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) tb_sw_dbg(sw, "disabling wakeup\n"); if (tb_switch_is_usb4(sw)) - return usb4_switch_set_wake(sw, flags); + return usb4_switch_set_wake(sw, flags, runtime); return tb_lc_set_wake(sw, flags); } @@ -3521,7 +3521,7 @@ int tb_switch_resume(struct tb_switch *sw, bool runtime) tb_switch_check_wakes(sw); /* Disable wakes */ - tb_switch_set_wake(sw, 0); + tb_switch_set_wake(sw, 0, true); err = tb_switch_tmu_init(sw); if (err) @@ -3603,7 +3603,7 @@ void tb_switch_suspend(struct tb_switch *sw, bool runtime) flags |= TB_WAKE_ON_USB4 | TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE; } - tb_switch_set_wake(sw, flags); + tb_switch_set_wake(sw, flags, runtime); if (tb_switch_is_usb4(sw)) usb4_switch_set_sleep(sw); diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h index 87afd5a7c504b..f503bad864130 100644 --- a/drivers/thunderbolt/tb.h +++ b/drivers/thunderbolt/tb.h @@ -1317,7 +1317,7 @@ int usb4_switch_read_uid(struct tb_switch *sw, u64 *uid); int usb4_switch_drom_read(struct tb_switch *sw, unsigned int address, void *buf, size_t size); bool usb4_switch_lane_bonding_possible(struct tb_switch *sw); -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags); +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime); int usb4_switch_set_sleep(struct tb_switch *sw); int usb4_switch_nvm_sector_size(struct tb_switch *sw); int usb4_switch_nvm_read(struct tb_switch *sw, unsigned int address, void *buf, diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index fce3c0f2354a7..e7d8cf0c1da1b 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -406,7 +406,7 @@ bool usb4_switch_lane_bonding_possible(struct tb_switch *sw) * * Enables/disables router to wake up from sleep. */ -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { struct usb4_port *usb4; struct tb_port *port; @@ -438,13 +438,12 @@ int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) val |= PORT_CS_19_WOU4; } else { bool configured = val & PORT_CS_19_PC; + bool wakeup = runtime || device_may_wakeup(&usb4->dev); usb4 = port->usb4; - if (((flags & TB_WAKE_ON_CONNECT) && - device_may_wakeup(&usb4->dev)) && !configured) + if ((flags & TB_WAKE_ON_CONNECT) && wakeup && !configured) val |= PORT_CS_19_WOC; - if (((flags & TB_WAKE_ON_DISCONNECT) && - device_may_wakeup(&usb4->dev)) && configured) + if ((flags & TB_WAKE_ON_DISCONNECT) && wakeup && configured) val |= PORT_CS_19_WOD; if ((flags & TB_WAKE_ON_USB4) && configured) val |= PORT_CS_19_WOU4; -- 2.43.0

2 weeks, 4 days

2
1
0 0

[PATCH v2] usb: cdnsp: Fix issue with CV Bad Descriptor test

by Pawel Laszczak

The SSP2 controller has extra endpoint state preserve bit (ESP) which setting causes that endpoint state will be preserved during Halt Endpoint command. It is used only for EP0. Without this bit the Command Verifier "TD 9.10 Bad Descriptor Test" failed. Setting this bit doesn't have any impact for SSP controller. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - removed some typos - added pep variable initialization - updated TRB_ESP description drivers/usb/cdns3/cdnsp-debug.h | 5 +++-- drivers/usb/cdns3/cdnsp-ep0.c | 19 ++++++++++++++++--- drivers/usb/cdns3/cdnsp-gadget.h | 6 ++++++ drivers/usb/cdns3/cdnsp-ring.c | 3 ++- 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-debug.h b/drivers/usb/cdns3/cdnsp-debug.h index cd138acdcce1..86860686d836 100644 --- a/drivers/usb/cdns3/cdnsp-debug.h +++ b/drivers/usb/cdns3/cdnsp-debug.h @@ -327,12 +327,13 @@ static inline const char *cdnsp_decode_trb(char *str, size_t size, u32 field0, case TRB_RESET_EP: case TRB_HALT_ENDPOINT: ret = scnprintf(str, size, - "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c", + "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c %c", cdnsp_trb_type_string(type), ep_num, ep_id % 2 ? "out" : "in", TRB_TO_EP_INDEX(field3), field1, field0, TRB_TO_SLOT_ID(field3), - field3 & TRB_CYCLE ? 'C' : 'c'); + field3 & TRB_CYCLE ? 'C' : 'c', + field3 & TRB_ESP ? 'P' : 'p'); break; case TRB_STOP_RING: ret = scnprintf(str, size, diff --git a/drivers/usb/cdns3/cdnsp-ep0.c b/drivers/usb/cdns3/cdnsp-ep0.c index f317d3c84781..9280a7b97e20 100644 --- a/drivers/usb/cdns3/cdnsp-ep0.c +++ b/drivers/usb/cdns3/cdnsp-ep0.c @@ -414,6 +414,7 @@ static int cdnsp_ep0_std_request(struct cdnsp_device *pdev, void cdnsp_setup_analyze(struct cdnsp_device *pdev) { struct usb_ctrlrequest *ctrl = &pdev->setup; + struct cdnsp_ep *pep; int ret = -EINVAL; u16 len; @@ -427,10 +428,22 @@ void cdnsp_setup_analyze(struct cdnsp_device *pdev) goto out; } + pep = &pdev->eps[0]; + /* Restore the ep0 to Stopped/Running state. */ - if (pdev->eps[0].ep_state & EP_HALTED) { - trace_cdnsp_ep0_halted("Restore to normal state"); - cdnsp_halt_endpoint(pdev, &pdev->eps[0], 0); + if (pep->ep_state & EP_HALTED) { + /* + * Halt Endpoint Command for SSP2 for ep0 preserve current + * endpoint state and driver has to synchronize the + * software endpoint state with endpoint output context + * state. + */ + if (GET_EP_CTX_STATE(pep->out_ctx) == EP_STATE_HALTED) { + cdnsp_halt_endpoint(pdev, pep, 0); + } else { + pep->ep_state &= ~EP_HALTED; + pep->ep_state |= EP_STOPPED; + } } /* diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 2afa3e558f85..b1665f9e9ee5 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -987,6 +987,12 @@ enum cdnsp_setup_dev { #define STREAM_ID_FOR_TRB(p) ((((p)) << 16) & GENMASK(31, 16)) #define SCT_FOR_TRB(p) (((p) << 1) & 0x7) +/* + * Halt Endpoint Command TRB field. + * The ESP bit only exists in the SSP2 controller. + */ +#define TRB_ESP BIT(9) + /* Link TRB specific fields. */ #define TRB_TC BIT(1) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..d397d28efc6e 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -2483,7 +2483,8 @@ void cdnsp_queue_halt_endpoint(struct cdnsp_device *pdev, unsigned int ep_index) { cdnsp_queue_command(pdev, 0, 0, 0, TRB_TYPE(TRB_HALT_ENDPOINT) | SLOT_ID_FOR_TRB(pdev->slot_id) | - EP_ID_FOR_TRB(ep_index)); + EP_ID_FOR_TRB(ep_index) | + (!ep_index ? TRB_ESP : 0)); } void cdnsp_force_header_wakeup(struct cdnsp_device *pdev, int intf_num) -- 2.43.0

2 weeks, 4 days

2
1
0 0

[PATCH v1] mm/gup: Revert "mm: gup: fix infinite loop within __get_longterm_locked"

by David Hildenbrand

After commit 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") we are able to longterm pin folios that are not supposed to get longterm pinned, simply because they temporarily have the LRU flag cleared (esp. temporarily isolated). For example, two __get_longterm_locked() callers can race, or __get_longterm_locked() can race with anything else that temporarily isolates folios. The introducing commit mentions the use case of a driver that uses vm_ops->fault to insert pages allocated through cma_alloc() into the page tables, assuming they can later get longterm pinned. These pages/ folios would never have the LRU flag set and consequently cannot get isolated. There is no known in-tree user making use of that so far, fortunately. To handle that in the future -- and avoid retrying forever to isolate/migrate them -- we will need a different mechanism for the CMA area *owner* to indicate that it actually already allocated the page and is fine with longterm pinning it. The LRU flag is not suitable for that. Probably we can lookup the relevant CMA area and query the bitmap; we only have have to care about some races, probably. If already allocated, we could just allow longterm pinning) Anyhow, let's fix the "must not be longterm pinned" problem first by reverting the original commit. Fixes: 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") Closes: https://lore.kernel.org/all/20250522092755.GA3277597@tiffany/ Reported-by: Hyesoo Yu <hyesoo.yu(a)samsung.com> Cc: <Stable(a)vger.kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Peter Xu <peterx(a)redhat.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/gup.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/mm/gup.c b/mm/gup.c index e065a49842a87..3c39cbbeebef1 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2303,13 +2303,13 @@ static void pofs_unpin(struct pages_or_folios *pofs) /* * Returns the number of collected folios. Return value is always >= 0. */ -static void collect_longterm_unpinnable_folios( +static unsigned long collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { + unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; - unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2321,6 +2321,8 @@ static void collect_longterm_unpinnable_folios( if (folio_is_longterm_pinnable(folio)) continue; + collected++; + if (folio_is_device_coherent(folio)) continue; @@ -2342,6 +2344,8 @@ static void collect_longterm_unpinnable_folios( NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } + + return collected; } /* @@ -2418,9 +2422,11 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); + unsigned long collected; - collect_longterm_unpinnable_folios(&movable_folio_list, pofs); - if (list_empty(&movable_folio_list)) + collected = collect_longterm_unpinnable_folios(&movable_folio_list, + pofs); + if (!collected) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs); -- 2.49.0

2 weeks, 4 days

2
1
0 0

[PATCH 1/1] usb: cdnsp: do not disable slot for disabled slot

by Peter Chen

It doesn't need to do it, and the related command event returns 'Slot Not Enabled Error' status. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Suggested-by: Hongliang Yang <hongliang.yang(a)cixtech.com> Reviewed-by: Fugang Duan <fugang.duan(a)cixtech.com> Signed-off-by: Peter Chen <peter.chen(a)cixtech.com> --- drivers/usb/cdns3/cdnsp-ring.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..757fdd918286 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -772,7 +772,9 @@ static int cdnsp_update_port_id(struct cdnsp_device *pdev, u32 port_id) } if (port_id != old_port) { - cdnsp_disable_slot(pdev); + if (pdev->slot_id) + cdnsp_disable_slot(pdev); + pdev->active_port = port; cdnsp_enable_slot(pdev); } -- 2.25.1

2 weeks, 4 days

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror