- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] io_uring/rsrc: fix folio unpinning" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 5afb4bf9fc62d828647647ec31745083637132e4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062950-football-lifting-1443@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5afb4bf9fc62d828647647ec31745083637132e4 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Tue, 24 Jun 2025 14:40:33 +0100 Subject: [PATCH] io_uring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: [ 108.070381][ T14] kernel BUG at mm/gup.c:71! [ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025 [ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work [ 108.174205][ T14] Call trace: [ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P) [ 108.178138][ T14] unpin_user_page+0x80/0x10c [ 108.180189][ T14] io_release_ubuf+0x84/0xf8 [ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c [ 108.184345][ T14] io_rsrc_data_free+0x148/0x298 [ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0 [ 108.188991][ T14] io_ring_ctx_free+0x48/0x480 [ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8 [ 108.193207][ T14] process_one_work+0x7e8/0x155c [ 108.195431][ T14] worker_thread+0x958/0xed8 [ 108.197561][ T14] kthread+0x5fc/0x75c [ 108.199362][ T14] ret_from_fork+0x10/0x20 We can pin a tail page of a folio, but then io_uring will try to unpin the head page of the folio. While it should be fine in terms of keeping the page actually alive, mm folks say it's wrong and triggers a debug warning. Use unpin_user_folio() instead of unpin_user_page*. Cc: stable(a)vger.kernel.org Debugged-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+1d335893772467199ab6(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/683f1551.050a0220.55ceb.0017.GAE@google.com Fixes: a8edbb424b139 ("io_uring/rsrc: enable multi-hugepage buffer coalescing") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/io-uring/a28b0f87339ac2acf14a645dad1e95bbcbf18acd.1… [axboe: adapt to current tree, massage commit message] Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c index d724602697e7..0c09e38784c9 100644 --- a/io_uring/rsrc.c +++ b/io_uring/rsrc.c @@ -112,8 +112,11 @@ static void io_release_ubuf(void *priv) struct io_mapped_ubuf *imu = priv; unsigned int i; - for (i = 0; i < imu->nr_bvecs; i++) - unpin_user_page(imu->bvec[i].bv_page); + for (i = 0; i < imu->nr_bvecs; i++) { + struct folio *folio = page_folio(imu->bvec[i].bv_page); + + unpin_user_folio(folio, 1); + } } static struct io_mapped_ubuf *io_alloc_imu(struct io_ring_ctx *ctx, @@ -840,8 +843,10 @@ static struct io_rsrc_node *io_sqe_buffer_register(struct io_ring_ctx *ctx, if (ret) { if (imu) io_free_imu(ctx, imu); - if (pages) - unpin_user_pages(pages, nr_pages); + if (pages) { + for (i = 0; i < nr_pages; i++) + unpin_user_folio(page_folio(pages[i]), 1); + } io_cache_free(&ctx->node_cache, node); node = ERR_PTR(ret); }

1 day, 16 hours

2
1
0 0

Re: arch/x86/Makefile REALMODE_CFLAGS needs -std=gnu11 with recent GCC versions

by Borislav Petkov

+ stable folks. On Sun, Jun 29, 2025 at 11:15:13AM -0400, Dennis Clarke wrote: > > Code fix for due to https://bugzilla.kernel.org/show_bug.cgi?id=220294 > > The summary is that recent GCC versions ( 15.1.0 today ) will assume C23 > spec compliance and get upset with ye old A20 address line code bits. > > This problem exists previous to the 6.12.35 release tarballs and is > fixed with commit b3bee1e7c3f2b1b77182302c7b2131c804175870 applied. > > The newer GCC revisions will be quite popular soon enough and this may > bite people when that happens. I don't know what the rules are for building 6.1-stable with gcc-15 but if they do that, then 6.1 will need to pick up the abovementioned commit: b3bee1e7c3f2 ("x86/boot: Compile boot code with -std=gnu11 too") Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette

1 day, 17 hours

1
0
0 0

Re: Patch "smb: client: make use of common smbdirect_socket_parameters" has been added to the 6.12-stable tree

by Stefan Metzmacher

Hi, if these patches are backported to stable then 1944f6ab4967db7ad8d4db527dceae8c77de76e9 "smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data" can also be backported as is. I just added the "Cc: <stable+noautosel(a)kernel.org> # sp->max_send_size should be info->max_send_size in backports" because I thought they would not be backported. I'm fine with backporting the header changes... @Steve: Do you agree? Thanks! metze Am 29.06.25 um 16:28 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > smb: client: make use of common smbdirect_socket_parameters > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > smb-client-make-use-of-common-smbdirect_socket_param.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit a1fa1698297356797d7a0379b7e056744fd133ac > Author: Stefan Metzmacher <metze(a)samba.org> > Date: Wed May 28 18:01:40 2025 +0200 > > smb: client: make use of common smbdirect_socket_parameters > > [ Upstream commit cc55f65dd352bdb7bdf8db1c36fb348c294c3b66 ] > > Cc: Steve French <smfrench(a)gmail.com> > Cc: Tom Talpey <tom(a)talpey.com> > Cc: Long Li <longli(a)microsoft.com> > Cc: Namjae Jeon <linkinjeon(a)kernel.org> > Cc: Hyunchul Lee <hyc.lee(a)gmail.com> > Cc: Meetakshi Setiya <meetakshisetiyaoss(a)gmail.com> > Cc: linux-cifs(a)vger.kernel.org > Cc: samba-technical(a)lists.samba.org > Signed-off-by: Stefan Metzmacher <metze(a)samba.org> > Signed-off-by: Steve French <stfrench(a)microsoft.com> > Stable-dep-of: 43e7e284fc77 ("cifs: Fix the smbd_response slab to allow usercopy") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/smb/client/cifs_debug.c b/fs/smb/client/cifs_debug.c > index 56b0b5c82dd19..c0196be0e65fc 100644 > --- a/fs/smb/client/cifs_debug.c > +++ b/fs/smb/client/cifs_debug.c > @@ -362,6 +362,10 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) > c = 0; > spin_lock(&cifs_tcp_ses_lock); > list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) { > +#ifdef CONFIG_CIFS_SMB_DIRECT > + struct smbdirect_socket_parameters *sp; > +#endif > + > /* channel info will be printed as a part of sessions below */ > if (SERVER_IS_CHAN(server)) > continue; > @@ -383,6 +387,7 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) > seq_printf(m, "\nSMBDirect transport not available"); > goto skip_rdma; > } > + sp = &server->smbd_conn->socket.parameters; > > seq_printf(m, "\nSMBDirect (in hex) protocol version: %x " > "transport status: %x", > @@ -390,18 +395,18 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) > server->smbd_conn->socket.status); > seq_printf(m, "\nConn receive_credit_max: %x " > "send_credit_target: %x max_send_size: %x", > - server->smbd_conn->receive_credit_max, > - server->smbd_conn->send_credit_target, > - server->smbd_conn->max_send_size); > + sp->recv_credit_max, > + sp->send_credit_target, > + sp->max_send_size); > seq_printf(m, "\nConn max_fragmented_recv_size: %x " > "max_fragmented_send_size: %x max_receive_size:%x", > - server->smbd_conn->max_fragmented_recv_size, > - server->smbd_conn->max_fragmented_send_size, > - server->smbd_conn->max_receive_size); > + sp->max_fragmented_recv_size, > + sp->max_fragmented_send_size, > + sp->max_recv_size); > seq_printf(m, "\nConn keep_alive_interval: %x " > "max_readwrite_size: %x rdma_readwrite_threshold: %x", > - server->smbd_conn->keep_alive_interval, > - server->smbd_conn->max_readwrite_size, > + sp->keepalive_interval_msec * 1000, > + sp->max_read_write_size, > server->smbd_conn->rdma_readwrite_threshold); > seq_printf(m, "\nDebug count_get_receive_buffer: %x " > "count_put_receive_buffer: %x count_send_empty: %x", > diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c > index 74bcc51ccd32f..e596bc4837b68 100644 > --- a/fs/smb/client/smb2ops.c > +++ b/fs/smb/client/smb2ops.c > @@ -504,6 +504,9 @@ smb3_negotiate_wsize(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) > wsize = min_t(unsigned int, wsize, server->max_write); > #ifdef CONFIG_CIFS_SMB_DIRECT > if (server->rdma) { > + struct smbdirect_socket_parameters *sp = > + &server->smbd_conn->socket.parameters; > + > if (server->sign) > /* > * Account for SMB2 data transfer packet header and > @@ -511,12 +514,12 @@ smb3_negotiate_wsize(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) > */ > wsize = min_t(unsigned int, > wsize, > - server->smbd_conn->max_fragmented_send_size - > + sp->max_fragmented_send_size - > SMB2_READWRITE_PDU_HEADER_SIZE - > sizeof(struct smb2_transform_hdr)); > else > wsize = min_t(unsigned int, > - wsize, server->smbd_conn->max_readwrite_size); > + wsize, sp->max_read_write_size); > } > #endif > if (!(server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU)) > @@ -552,6 +555,9 @@ smb3_negotiate_rsize(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) > rsize = min_t(unsigned int, rsize, server->max_read); > #ifdef CONFIG_CIFS_SMB_DIRECT > if (server->rdma) { > + struct smbdirect_socket_parameters *sp = > + &server->smbd_conn->socket.parameters; > + > if (server->sign) > /* > * Account for SMB2 data transfer packet header and > @@ -559,12 +565,12 @@ smb3_negotiate_rsize(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) > */ > rsize = min_t(unsigned int, > rsize, > - server->smbd_conn->max_fragmented_recv_size - > + sp->max_fragmented_recv_size - > SMB2_READWRITE_PDU_HEADER_SIZE - > sizeof(struct smb2_transform_hdr)); > else > rsize = min_t(unsigned int, > - rsize, server->smbd_conn->max_readwrite_size); > + rsize, sp->max_read_write_size); > } > #endif > > diff --git a/fs/smb/client/smbdirect.c b/fs/smb/client/smbdirect.c > index ac489df8151a1..cbc85bca006f7 100644 > --- a/fs/smb/client/smbdirect.c > +++ b/fs/smb/client/smbdirect.c > @@ -320,6 +320,8 @@ static bool process_negotiation_response( > struct smbd_response *response, int packet_length) > { > struct smbd_connection *info = response->info; > + struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct smbdirect_negotiate_resp *packet = smbd_response_payload(response); > > if (packet_length < sizeof(struct smbdirect_negotiate_resp)) { > @@ -349,20 +351,20 @@ static bool process_negotiation_response( > > atomic_set(&info->receive_credits, 0); > > - if (le32_to_cpu(packet->preferred_send_size) > info->max_receive_size) { > + if (le32_to_cpu(packet->preferred_send_size) > sp->max_recv_size) { > log_rdma_event(ERR, "error: preferred_send_size=%d\n", > le32_to_cpu(packet->preferred_send_size)); > return false; > } > - info->max_receive_size = le32_to_cpu(packet->preferred_send_size); > + sp->max_recv_size = le32_to_cpu(packet->preferred_send_size); > > if (le32_to_cpu(packet->max_receive_size) < SMBD_MIN_RECEIVE_SIZE) { > log_rdma_event(ERR, "error: max_receive_size=%d\n", > le32_to_cpu(packet->max_receive_size)); > return false; > } > - info->max_send_size = min_t(int, info->max_send_size, > - le32_to_cpu(packet->max_receive_size)); > + sp->max_send_size = min_t(u32, sp->max_send_size, > + le32_to_cpu(packet->max_receive_size)); > > if (le32_to_cpu(packet->max_fragmented_size) < > SMBD_MIN_FRAGMENTED_SIZE) { > @@ -370,18 +372,18 @@ static bool process_negotiation_response( > le32_to_cpu(packet->max_fragmented_size)); > return false; > } > - info->max_fragmented_send_size = > + sp->max_fragmented_send_size = > le32_to_cpu(packet->max_fragmented_size); > info->rdma_readwrite_threshold = > - rdma_readwrite_threshold > info->max_fragmented_send_size ? > - info->max_fragmented_send_size : > + rdma_readwrite_threshold > sp->max_fragmented_send_size ? > + sp->max_fragmented_send_size : > rdma_readwrite_threshold; > > > - info->max_readwrite_size = min_t(u32, > + sp->max_read_write_size = min_t(u32, > le32_to_cpu(packet->max_readwrite_size), > info->max_frmr_depth * PAGE_SIZE); > - info->max_frmr_depth = info->max_readwrite_size / PAGE_SIZE; > + info->max_frmr_depth = sp->max_read_write_size / PAGE_SIZE; > > return true; > } > @@ -689,6 +691,7 @@ static int smbd_ia_open( > static int smbd_post_send_negotiate_req(struct smbd_connection *info) > { > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct ib_send_wr send_wr; > int rc = -ENOMEM; > struct smbd_request *request; > @@ -704,11 +707,11 @@ static int smbd_post_send_negotiate_req(struct smbd_connection *info) > packet->min_version = cpu_to_le16(SMBDIRECT_V1); > packet->max_version = cpu_to_le16(SMBDIRECT_V1); > packet->reserved = 0; > - packet->credits_requested = cpu_to_le16(info->send_credit_target); > - packet->preferred_send_size = cpu_to_le32(info->max_send_size); > - packet->max_receive_size = cpu_to_le32(info->max_receive_size); > + packet->credits_requested = cpu_to_le16(sp->send_credit_target); > + packet->preferred_send_size = cpu_to_le32(sp->max_send_size); > + packet->max_receive_size = cpu_to_le32(sp->max_recv_size); > packet->max_fragmented_size = > - cpu_to_le32(info->max_fragmented_recv_size); > + cpu_to_le32(sp->max_fragmented_recv_size); > > request->num_sge = 1; > request->sge[0].addr = ib_dma_map_single( > @@ -800,6 +803,7 @@ static int smbd_post_send(struct smbd_connection *info, > struct smbd_request *request) > { > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct ib_send_wr send_wr; > int rc, i; > > @@ -831,7 +835,7 @@ static int smbd_post_send(struct smbd_connection *info, > } else > /* Reset timer for idle connection after packet is sent */ > mod_delayed_work(info->workqueue, &info->idle_timer_work, > - info->keep_alive_interval*HZ); > + msecs_to_jiffies(sp->keepalive_interval_msec)); > > return rc; > } > @@ -841,6 +845,7 @@ static int smbd_post_send_iter(struct smbd_connection *info, > int *_remaining_data_length) > { > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > int i, rc; > int header_length; > int data_length; > @@ -868,7 +873,7 @@ static int smbd_post_send_iter(struct smbd_connection *info, > > wait_send_queue: > wait_event(info->wait_post_send, > - atomic_read(&info->send_pending) < info->send_credit_target || > + atomic_read(&info->send_pending) < sp->send_credit_target || > sc->status != SMBDIRECT_SOCKET_CONNECTED); > > if (sc->status != SMBDIRECT_SOCKET_CONNECTED) { > @@ -878,7 +883,7 @@ static int smbd_post_send_iter(struct smbd_connection *info, > } > > if (unlikely(atomic_inc_return(&info->send_pending) > > - info->send_credit_target)) { > + sp->send_credit_target)) { > atomic_dec(&info->send_pending); > goto wait_send_queue; > } > @@ -917,7 +922,7 @@ static int smbd_post_send_iter(struct smbd_connection *info, > > /* Fill in the packet header */ > packet = smbd_request_payload(request); > - packet->credits_requested = cpu_to_le16(info->send_credit_target); > + packet->credits_requested = cpu_to_le16(sp->send_credit_target); > > new_credits = manage_credits_prior_sending(info); > atomic_add(new_credits, &info->receive_credits); > @@ -1017,16 +1022,17 @@ static int smbd_post_recv( > struct smbd_connection *info, struct smbd_response *response) > { > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct ib_recv_wr recv_wr; > int rc = -EIO; > > response->sge.addr = ib_dma_map_single( > sc->ib.dev, response->packet, > - info->max_receive_size, DMA_FROM_DEVICE); > + sp->max_recv_size, DMA_FROM_DEVICE); > if (ib_dma_mapping_error(sc->ib.dev, response->sge.addr)) > return rc; > > - response->sge.length = info->max_receive_size; > + response->sge.length = sp->max_recv_size; > response->sge.lkey = sc->ib.pd->local_dma_lkey; > > response->cqe.done = recv_done; > @@ -1274,6 +1280,8 @@ static void idle_connection_timer(struct work_struct *work) > struct smbd_connection *info = container_of( > work, struct smbd_connection, > idle_timer_work.work); > + struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > > if (info->keep_alive_requested != KEEP_ALIVE_NONE) { > log_keep_alive(ERR, > @@ -1288,7 +1296,7 @@ static void idle_connection_timer(struct work_struct *work) > > /* Setup the next idle timeout work */ > queue_delayed_work(info->workqueue, &info->idle_timer_work, > - info->keep_alive_interval*HZ); > + msecs_to_jiffies(sp->keepalive_interval_msec)); > } > > /* > @@ -1300,6 +1308,7 @@ void smbd_destroy(struct TCP_Server_Info *server) > { > struct smbd_connection *info = server->smbd_conn; > struct smbdirect_socket *sc; > + struct smbdirect_socket_parameters *sp; > struct smbd_response *response; > unsigned long flags; > > @@ -1308,6 +1317,7 @@ void smbd_destroy(struct TCP_Server_Info *server) > return; > } > sc = &info->socket; > + sp = &sc->parameters; > > log_rdma_event(INFO, "destroying rdma session\n"); > if (sc->status != SMBDIRECT_SOCKET_DISCONNECTED) { > @@ -1349,7 +1359,7 @@ void smbd_destroy(struct TCP_Server_Info *server) > log_rdma_event(INFO, "free receive buffers\n"); > wait_event(info->wait_receive_queues, > info->count_receive_queue + info->count_empty_packet_queue > - == info->receive_credit_max); > + == sp->recv_credit_max); > destroy_receive_buffers(info); > > /* > @@ -1437,6 +1447,8 @@ static void destroy_caches_and_workqueue(struct smbd_connection *info) > #define MAX_NAME_LEN 80 > static int allocate_caches_and_workqueue(struct smbd_connection *info) > { > + struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > char name[MAX_NAME_LEN]; > int rc; > > @@ -1451,7 +1463,7 @@ static int allocate_caches_and_workqueue(struct smbd_connection *info) > return -ENOMEM; > > info->request_mempool = > - mempool_create(info->send_credit_target, mempool_alloc_slab, > + mempool_create(sp->send_credit_target, mempool_alloc_slab, > mempool_free_slab, info->request_cache); > if (!info->request_mempool) > goto out1; > @@ -1461,13 +1473,13 @@ static int allocate_caches_and_workqueue(struct smbd_connection *info) > kmem_cache_create( > name, > sizeof(struct smbd_response) + > - info->max_receive_size, > + sp->max_recv_size, > 0, SLAB_HWCACHE_ALIGN, NULL); > if (!info->response_cache) > goto out2; > > info->response_mempool = > - mempool_create(info->receive_credit_max, mempool_alloc_slab, > + mempool_create(sp->recv_credit_max, mempool_alloc_slab, > mempool_free_slab, info->response_cache); > if (!info->response_mempool) > goto out3; > @@ -1477,7 +1489,7 @@ static int allocate_caches_and_workqueue(struct smbd_connection *info) > if (!info->workqueue) > goto out4; > > - rc = allocate_receive_buffers(info, info->receive_credit_max); > + rc = allocate_receive_buffers(info, sp->recv_credit_max); > if (rc) { > log_rdma_event(ERR, "failed to allocate receive buffers\n"); > goto out5; > @@ -1505,6 +1517,7 @@ static struct smbd_connection *_smbd_get_connection( > int rc; > struct smbd_connection *info; > struct smbdirect_socket *sc; > + struct smbdirect_socket_parameters *sp; > struct rdma_conn_param conn_param; > struct ib_qp_init_attr qp_attr; > struct sockaddr_in *addr_in = (struct sockaddr_in *) dstaddr; > @@ -1515,6 +1528,7 @@ static struct smbd_connection *_smbd_get_connection( > if (!info) > return NULL; > sc = &info->socket; > + sp = &sc->parameters; > > sc->status = SMBDIRECT_SOCKET_CONNECTING; > rc = smbd_ia_open(info, dstaddr, port); > @@ -1541,12 +1555,12 @@ static struct smbd_connection *_smbd_get_connection( > goto config_failed; > } > > - info->receive_credit_max = smbd_receive_credit_max; > - info->send_credit_target = smbd_send_credit_target; > - info->max_send_size = smbd_max_send_size; > - info->max_fragmented_recv_size = smbd_max_fragmented_recv_size; > - info->max_receive_size = smbd_max_receive_size; > - info->keep_alive_interval = smbd_keep_alive_interval; > + sp->recv_credit_max = smbd_receive_credit_max; > + sp->send_credit_target = smbd_send_credit_target; > + sp->max_send_size = smbd_max_send_size; > + sp->max_fragmented_recv_size = smbd_max_fragmented_recv_size; > + sp->max_recv_size = smbd_max_receive_size; > + sp->keepalive_interval_msec = smbd_keep_alive_interval * 1000; > > if (sc->ib.dev->attrs.max_send_sge < SMBDIRECT_MAX_SEND_SGE || > sc->ib.dev->attrs.max_recv_sge < SMBDIRECT_MAX_RECV_SGE) { > @@ -1561,7 +1575,7 @@ static struct smbd_connection *_smbd_get_connection( > > sc->ib.send_cq = > ib_alloc_cq_any(sc->ib.dev, info, > - info->send_credit_target, IB_POLL_SOFTIRQ); > + sp->send_credit_target, IB_POLL_SOFTIRQ); > if (IS_ERR(sc->ib.send_cq)) { > sc->ib.send_cq = NULL; > goto alloc_cq_failed; > @@ -1569,7 +1583,7 @@ static struct smbd_connection *_smbd_get_connection( > > sc->ib.recv_cq = > ib_alloc_cq_any(sc->ib.dev, info, > - info->receive_credit_max, IB_POLL_SOFTIRQ); > + sp->recv_credit_max, IB_POLL_SOFTIRQ); > if (IS_ERR(sc->ib.recv_cq)) { > sc->ib.recv_cq = NULL; > goto alloc_cq_failed; > @@ -1578,8 +1592,8 @@ static struct smbd_connection *_smbd_get_connection( > memset(&qp_attr, 0, sizeof(qp_attr)); > qp_attr.event_handler = smbd_qp_async_error_upcall; > qp_attr.qp_context = info; > - qp_attr.cap.max_send_wr = info->send_credit_target; > - qp_attr.cap.max_recv_wr = info->receive_credit_max; > + qp_attr.cap.max_send_wr = sp->send_credit_target; > + qp_attr.cap.max_recv_wr = sp->recv_credit_max; > qp_attr.cap.max_send_sge = SMBDIRECT_MAX_SEND_SGE; > qp_attr.cap.max_recv_sge = SMBDIRECT_MAX_RECV_SGE; > qp_attr.cap.max_inline_data = 0; > @@ -1654,7 +1668,7 @@ static struct smbd_connection *_smbd_get_connection( > init_waitqueue_head(&info->wait_send_queue); > INIT_DELAYED_WORK(&info->idle_timer_work, idle_connection_timer); > queue_delayed_work(info->workqueue, &info->idle_timer_work, > - info->keep_alive_interval*HZ); > + msecs_to_jiffies(sp->keepalive_interval_msec)); > > init_waitqueue_head(&info->wait_send_pending); > atomic_set(&info->send_pending, 0); > @@ -1971,6 +1985,7 @@ int smbd_send(struct TCP_Server_Info *server, > { > struct smbd_connection *info = server->smbd_conn; > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct smb_rqst *rqst; > struct iov_iter iter; > unsigned int remaining_data_length, klen; > @@ -1988,10 +2003,10 @@ int smbd_send(struct TCP_Server_Info *server, > for (i = 0; i < num_rqst; i++) > remaining_data_length += smb_rqst_len(server, &rqst_array[i]); > > - if (unlikely(remaining_data_length > info->max_fragmented_send_size)) { > + if (unlikely(remaining_data_length > sp->max_fragmented_send_size)) { > /* assertion: payload never exceeds negotiated maximum */ > log_write(ERR, "payload size %d > max size %d\n", > - remaining_data_length, info->max_fragmented_send_size); > + remaining_data_length, sp->max_fragmented_send_size); > return -EINVAL; > } > > diff --git a/fs/smb/client/smbdirect.h b/fs/smb/client/smbdirect.h > index 4b559a4147af1..3d552ab27e0f3 100644 > --- a/fs/smb/client/smbdirect.h > +++ b/fs/smb/client/smbdirect.h > @@ -69,15 +69,7 @@ struct smbd_connection { > spinlock_t lock_new_credits_offered; > int new_credits_offered; > > - /* Connection parameters defined in [MS-SMBD] 3.1.1.1 */ > - int receive_credit_max; > - int send_credit_target; > - int max_send_size; > - int max_fragmented_recv_size; > - int max_fragmented_send_size; > - int max_receive_size; > - int keep_alive_interval; > - int max_readwrite_size; > + /* dynamic connection parameters defined in [MS-SMBD] 3.1.1.1 */ > enum keep_alive_status keep_alive_requested; > int protocol; > atomic_t send_credits;

1 day, 18 hours

1
0
0 0

FAILED: patch "[PATCH] drm/xe: move DPT l2 flush to a more sensible place" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f16873f42a06b620669d48a4b5c3f888cb3653a1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062931-astride-stoneware-df77@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f16873f42a06b620669d48a4b5c3f888cb3653a1 Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Fri, 6 Jun 2025 11:45:48 +0100 Subject: [PATCH] drm/xe: move DPT l2 flush to a more sensible place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only need the flush for DPT host updates here. Normal GGTT updates don't need special flush. Fixes: 01570b446939 ("drm/xe/bmg: implement Wa_16023588340") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: stable(a)vger.kernel.org # v6.12+ Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> Link: https://lore.kernel.org/r/20250606104546.1996818-4-matthew.auld@intel.com Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 35db1da40c8cfd7511dc42f342a133601eb45449) Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> diff --git a/drivers/gpu/drm/xe/display/xe_fb_pin.c b/drivers/gpu/drm/xe/display/xe_fb_pin.c index d918ae1c8061..55259969480b 100644 --- a/drivers/gpu/drm/xe/display/xe_fb_pin.c +++ b/drivers/gpu/drm/xe/display/xe_fb_pin.c @@ -164,6 +164,9 @@ static int __xe_pin_fb_vma_dpt(const struct intel_framebuffer *fb, vma->dpt = dpt; vma->node = dpt->ggtt_node[tile0->id]; + + /* Ensure DPT writes are flushed */ + xe_device_l2_flush(xe); return 0; } @@ -333,8 +336,6 @@ static struct i915_vma *__xe_pin_fb_vma(const struct intel_framebuffer *fb, if (ret) goto err_unpin; - /* Ensure DPT writes are flushed */ - xe_device_l2_flush(xe); return vma; err_unpin:

1 day, 20 hours

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Move DSB l2 flush to a more sensible place" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a4b1b51ae132ac199412028a2df7b6c267888190 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062922-dictate-payphone-2af2@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4b1b51ae132ac199412028a2df7b6c267888190 Mon Sep 17 00:00:00 2001 From: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Date: Fri, 6 Jun 2025 11:45:47 +0100 Subject: [PATCH] drm/xe: Move DSB l2 flush to a more sensible place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flushing l2 is only needed after all data has been written. Fixes: 01570b446939 ("drm/xe/bmg: implement Wa_16023588340") Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: stable(a)vger.kernel.org # v6.12+ Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://lore.kernel.org/r/20250606104546.1996818-3-matthew.auld@intel.com Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 0dd2dd0182bc444a62652e89d08c7f0e4fde15ba) Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> diff --git a/drivers/gpu/drm/xe/display/xe_dsb_buffer.c b/drivers/gpu/drm/xe/display/xe_dsb_buffer.c index f95375451e2f..9f941fc2e36b 100644 --- a/drivers/gpu/drm/xe/display/xe_dsb_buffer.c +++ b/drivers/gpu/drm/xe/display/xe_dsb_buffer.c @@ -17,10 +17,7 @@ u32 intel_dsb_buffer_ggtt_offset(struct intel_dsb_buffer *dsb_buf) void intel_dsb_buffer_write(struct intel_dsb_buffer *dsb_buf, u32 idx, u32 val) { - struct xe_device *xe = dsb_buf->vma->bo->tile->xe; - iosys_map_wr(&dsb_buf->vma->bo->vmap, idx * 4, u32, val); - xe_device_l2_flush(xe); } u32 intel_dsb_buffer_read(struct intel_dsb_buffer *dsb_buf, u32 idx) @@ -30,12 +27,9 @@ u32 intel_dsb_buffer_read(struct intel_dsb_buffer *dsb_buf, u32 idx) void intel_dsb_buffer_memset(struct intel_dsb_buffer *dsb_buf, u32 idx, u32 val, size_t size) { - struct xe_device *xe = dsb_buf->vma->bo->tile->xe; - WARN_ON(idx > (dsb_buf->buf_size - size) / sizeof(*dsb_buf->cmd_buf)); iosys_map_memset(&dsb_buf->vma->bo->vmap, idx * 4, val, size); - xe_device_l2_flush(xe); } bool intel_dsb_buffer_create(struct intel_crtc *crtc, struct intel_dsb_buffer *dsb_buf, size_t size) @@ -74,9 +68,12 @@ void intel_dsb_buffer_cleanup(struct intel_dsb_buffer *dsb_buf) void intel_dsb_buffer_flush_map(struct intel_dsb_buffer *dsb_buf) { + struct xe_device *xe = dsb_buf->vma->bo->tile->xe; + /* * The memory barrier here is to ensure coherency of DSB vs MMIO, * both for weak ordering archs and discrete cards. */ - xe_device_wmb(dsb_buf->vma->bo->tile->xe); + xe_device_wmb(xe); + xe_device_l2_flush(xe); }

1 day, 20 hours

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: remove unnecessary holding of hugetlb_lock" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 344ef45b03336e7f74658814f66483b5417c9cf1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062948-cape-pebble-cad9@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 344ef45b03336e7f74658814f66483b5417c9cf1 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Tue, 27 May 2025 11:36:50 +0800 Subject: [PATCH] mm/hugetlb: remove unnecessary holding of hugetlb_lock In isolate_or_dissolve_huge_folio(), after acquiring the hugetlb_lock, it is only for the purpose of obtaining the correct hstate, which is then passed to alloc_and_dissolve_hugetlb_folio(). alloc_and_dissolve_hugetlb_folio() itself also acquires the hugetlb_lock. We can have alloc_and_dissolve_hugetlb_folio() obtain the hstate by itself, so that isolate_or_dissolve_huge_folio() no longer needs to acquire the hugetlb_lock. In addition, we keep the folio_test_hugetlb() check within isolate_or_dissolve_huge_folio(). By doing so, we can avoid disrupting the normal path by vainly holding the hugetlb_lock. replace_free_hugepage_folios() has the same issue, and we should address it as well. Addresses a possible performance problem which was added by the hotfix 113ed54ad276 ("mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios"). Link: https://lkml.kernel.org/r/1748317010-16272-1-git-send-email-yangge1116@126.… Fixes: 113ed54ad276 ("mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios") Signed-off-by: Ge Yang <yangge1116(a)126.com> Suggested-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 8746ed2fec13..9dc95eac558c 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2787,20 +2787,24 @@ void restore_reserve_on_error(struct hstate *h, struct vm_area_struct *vma, /* * alloc_and_dissolve_hugetlb_folio - Allocate a new folio and dissolve * the old one - * @h: struct hstate old page belongs to * @old_folio: Old folio to dissolve * @list: List to isolate the page in case we need to * Returns 0 on success, otherwise negated error. */ -static int alloc_and_dissolve_hugetlb_folio(struct hstate *h, - struct folio *old_folio, struct list_head *list) +static int alloc_and_dissolve_hugetlb_folio(struct folio *old_folio, + struct list_head *list) { - gfp_t gfp_mask = htlb_alloc_mask(h) | __GFP_THISNODE; + gfp_t gfp_mask; + struct hstate *h; int nid = folio_nid(old_folio); struct folio *new_folio = NULL; int ret = 0; retry: + /* + * The old_folio might have been dissolved from under our feet, so make sure + * to carefully check the state under the lock. + */ spin_lock_irq(&hugetlb_lock); if (!folio_test_hugetlb(old_folio)) { /* @@ -2829,8 +2833,10 @@ static int alloc_and_dissolve_hugetlb_folio(struct hstate *h, cond_resched(); goto retry; } else { + h = folio_hstate(old_folio); if (!new_folio) { spin_unlock_irq(&hugetlb_lock); + gfp_mask = htlb_alloc_mask(h) | __GFP_THISNODE; new_folio = alloc_buddy_hugetlb_folio(h, gfp_mask, nid, NULL, NULL); if (!new_folio) @@ -2874,35 +2880,24 @@ static int alloc_and_dissolve_hugetlb_folio(struct hstate *h, int isolate_or_dissolve_huge_folio(struct folio *folio, struct list_head *list) { - struct hstate *h; int ret = -EBUSY; - /* - * The page might have been dissolved from under our feet, so make sure - * to carefully check the state under the lock. - * Return success when racing as if we dissolved the page ourselves. - */ - spin_lock_irq(&hugetlb_lock); - if (folio_test_hugetlb(folio)) { - h = folio_hstate(folio); - } else { - spin_unlock_irq(&hugetlb_lock); + /* Not to disrupt normal path by vainly holding hugetlb_lock */ + if (!folio_test_hugetlb(folio)) return 0; - } - spin_unlock_irq(&hugetlb_lock); /* * Fence off gigantic pages as there is a cyclic dependency between * alloc_contig_range and them. Return -ENOMEM as this has the effect * of bailing out right away without further retrying. */ - if (hstate_is_gigantic(h)) + if (folio_order(folio) > MAX_PAGE_ORDER) return -ENOMEM; if (folio_ref_count(folio) && folio_isolate_hugetlb(folio, list)) ret = 0; else if (!folio_ref_count(folio)) - ret = alloc_and_dissolve_hugetlb_folio(h, folio, list); + ret = alloc_and_dissolve_hugetlb_folio(folio, list); return ret; } @@ -2916,7 +2911,6 @@ int isolate_or_dissolve_huge_folio(struct folio *folio, struct list_head *list) */ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) { - struct hstate *h; struct folio *folio; int ret = 0; @@ -2925,23 +2919,9 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) while (start_pfn < end_pfn) { folio = pfn_folio(start_pfn); - /* - * The folio might have been dissolved from under our feet, so make sure - * to carefully check the state under the lock. - */ - spin_lock_irq(&hugetlb_lock); - if (folio_test_hugetlb(folio)) { - h = folio_hstate(folio); - } else { - spin_unlock_irq(&hugetlb_lock); - start_pfn++; - continue; - } - spin_unlock_irq(&hugetlb_lock); - - if (!folio_ref_count(folio)) { - ret = alloc_and_dissolve_hugetlb_folio(h, folio, - &isolate_list); + /* Not to disrupt normal path by vainly holding hugetlb_lock */ + if (folio_test_hugetlb(folio) && !folio_ref_count(folio)) { + ret = alloc_and_dissolve_hugetlb_folio(folio, &isolate_list); if (ret) break;

1 day, 20 hours

1
0
0 0

FAILED: patch "[PATCH] io_uring/rsrc: don't rely on user vaddr alignment" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062902-emphasize-calzone-a702@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Tue, 24 Jun 2025 14:40:34 +0100 Subject: [PATCH] io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of it. Cc: stable(a)vger.kernel.org Reported-by: David Hildenbrand <david(a)redhat.com> Fixes: a8edbb424b139 ("io_uring/rsrc: enable multi-hugepage buffer coalescing") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/io-uring/e387b4c78b33f231105a601d84eefd8301f57954.1… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c index 0c09e38784c9..afc67530f912 100644 --- a/io_uring/rsrc.c +++ b/io_uring/rsrc.c @@ -734,6 +734,7 @@ bool io_check_coalesce_buffer(struct page **page_array, int nr_pages, data->nr_pages_mid = folio_nr_pages(folio); data->folio_shift = folio_shift(folio); + data->first_folio_page_idx = folio_page_idx(folio, page_array[0]); /* * Check if pages are contiguous inside a folio, and all folios have @@ -827,7 +828,11 @@ static struct io_rsrc_node *io_sqe_buffer_register(struct io_ring_ctx *ctx, if (coalesced) imu->folio_shift = data.folio_shift; refcount_set(&imu->refs, 1); - off = (unsigned long) iov->iov_base & ((1UL << imu->folio_shift) - 1); + + off = (unsigned long)iov->iov_base & ~PAGE_MASK; + if (coalesced) + off += data.first_folio_page_idx << PAGE_SHIFT; + node->buf = imu; ret = 0; diff --git a/io_uring/rsrc.h b/io_uring/rsrc.h index 0d2138f16322..25e7e998dcfd 100644 --- a/io_uring/rsrc.h +++ b/io_uring/rsrc.h @@ -49,6 +49,7 @@ struct io_imu_folio_data { unsigned int nr_pages_mid; unsigned int folio_shift; unsigned int nr_folios; + unsigned long first_folio_page_idx; }; bool io_rsrc_cache_init(struct io_ring_ctx *ctx);

1 day, 20 hours

1
0
0 0

Linux 6.15.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.4 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/i2c/nvidia,tegra20-i2c.yaml | 24 Documentation/gpu/nouveau.rst | 5 Makefile | 2 arch/arm/mach-omap2/clockdomain.h | 1 arch/arm/mach-omap2/clockdomains33xx_data.c | 2 arch/arm/mach-omap2/cm33xx.c | 14 arch/arm/mach-omap2/pmic-cpcap.c | 6 arch/arm/mm/ioremap.c | 4 arch/arm64/include/asm/tlbflush.h | 9 arch/arm64/kernel/ptrace.c | 2 arch/arm64/kvm/hyp/include/hyp/debug-sr.h | 3 arch/arm64/mm/mmu.c | 3 arch/loongarch/include/asm/irqflags.h | 16 arch/loongarch/include/asm/vdso/getrandom.h | 2 arch/loongarch/include/asm/vdso/gettimeofday.h | 6 arch/loongarch/mm/hugetlbpage.c | 3 arch/mips/vdso/Makefile | 1 arch/nios2/include/asm/pgtable.h | 16 arch/parisc/boot/compressed/Makefile | 1 arch/parisc/kernel/unaligned.c | 2 arch/powerpc/include/asm/ppc_asm.h | 2 arch/powerpc/kernel/eeh.c | 2 arch/powerpc/kernel/trace/ftrace_entry.S | 2 arch/powerpc/kernel/vdso/Makefile | 2 arch/powerpc/net/bpf_jit.h | 20 arch/powerpc/net/bpf_jit_comp.c | 33 arch/powerpc/net/bpf_jit_comp32.c | 6 arch/powerpc/net/bpf_jit_comp64.c | 15 arch/powerpc/platforms/pseries/msi.c | 7 arch/riscv/kvm/vcpu_sbi_replace.c | 8 arch/s390/kvm/gaccess.c | 8 arch/s390/pci/pci.c | 45 arch/s390/pci/pci_bus.h | 7 arch/s390/pci/pci_event.c | 22 arch/s390/pci/pci_mmio.c | 2 arch/x86/Kconfig | 2 arch/x86/events/intel/core.c | 2 arch/x86/include/asm/module.h | 8 arch/x86/include/asm/tdx.h | 2 arch/x86/kernel/alternative.c | 79 - arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/sgx/main.c | 2 arch/x86/kvm/svm/svm.c | 2 arch/x86/kvm/vmx/vmx.c | 5 arch/x86/mm/init_32.c | 3 arch/x86/mm/init_64.c | 3 arch/x86/mm/pat/set_memory.c | 3 arch/x86/mm/pti.c | 5 arch/x86/virt/vmx/tdx/tdx.c | 5 block/blk-merge.c | 26 block/blk-zoned.c | 1 drivers/accel/ivpu/ivpu_fw.c | 12 drivers/accel/ivpu/ivpu_gem.c | 89 - drivers/accel/ivpu/ivpu_gem.h | 2 drivers/accel/ivpu/ivpu_job.c | 6 drivers/accel/ivpu/ivpu_jsm_msg.c | 9 drivers/acpi/acpica/amlresrc.h | 8 drivers/acpi/acpica/dsutils.c | 9 drivers/acpi/acpica/psobject.c | 52 drivers/acpi/acpica/rsaddr.c | 13 drivers/acpi/acpica/rscalc.c | 22 drivers/acpi/acpica/rslist.c | 12 drivers/acpi/acpica/utprint.c | 7 drivers/acpi/acpica/utresrc.c | 14 drivers/acpi/battery.c | 19 drivers/acpi/bus.c | 6 drivers/ata/ahci.c | 35 drivers/ata/pata_via.c | 3 drivers/atm/atmtcp.c | 4 drivers/base/platform-msi.c | 1 drivers/base/power/runtime.c | 2 drivers/base/swnode.c | 2 drivers/block/aoe/aoedev.c | 8 drivers/block/ublk_drv.c | 3 drivers/bluetooth/btmrvl_sdio.c | 4 drivers/bluetooth/btmtksdio.c | 2 drivers/bluetooth/btusb.c | 5 drivers/bus/fsl-mc/fsl-mc-uapi.c | 4 drivers/bus/fsl-mc/mc-io.c | 19 drivers/bus/fsl-mc/mc-sys.c | 2 drivers/bus/mhi/ep/ring.c | 16 drivers/bus/mhi/host/pm.c | 18 drivers/bus/ti-sysc.c | 49 drivers/char/ipmi/ipmi_ssif.c | 6 drivers/clk/meson/g12a.c | 1 drivers/clk/qcom/gcc-sm8650.c | 2 drivers/clk/qcom/gcc-sm8750.c | 3 drivers/clk/qcom/gcc-x1e80100.c | 4 drivers/clk/rockchip/clk-rk3036.c | 1 drivers/cpufreq/scmi-cpufreq.c | 36 drivers/crypto/intel/qat/qat_420xx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_c62x/adf_drv.c | 8 drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c | 8 drivers/crypto/marvell/cesa/cesa.c | 2 drivers/crypto/marvell/cesa/cesa.h | 9 drivers/crypto/marvell/cesa/tdma.c | 53 drivers/dma-buf/udmabuf.c | 5 drivers/edac/altera_edac.c | 6 drivers/edac/amd64_edac.c | 1 drivers/edac/igen6_edac.c | 100 + drivers/firmware/arm_scmi/driver.c | 76 - drivers/firmware/arm_scmi/protocols.h | 2 drivers/firmware/cirrus/test/cs_dsp_mock_bin.c | 3 drivers/firmware/cirrus/test/cs_dsp_mock_wmfw.c | 3 drivers/firmware/cirrus/test/cs_dsp_test_control_cache.c | 1 drivers/firmware/sysfb.c | 26 drivers/firmware/ti_sci.c | 14 drivers/gpio/gpio-loongson-64bit.c | 2 drivers/gpio/gpio-mlxbf3.c | 54 drivers/gpio/gpio-pca953x.c | 2 drivers/gpio/gpiolib-of.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 12 drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 9 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 14 drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 17 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 17 drivers/gpu/drm/amd/amdgpu/mmhub_v1_8.c | 63 drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 20 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/Makefile | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 170 -- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 17 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_quirks.c | 178 ++ drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 38 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 1 drivers/gpu/drm/amd/display/dc/dml/dcn31/display_mode_vba_31.c | 1 drivers/gpu/drm/amd/display/dc/dml/dcn314/display_mode_vba_314.c | 1 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 2 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 5 drivers/gpu/drm/amd/display/dc/dpp/dcn35/dcn35_dpp.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 14 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 drivers/gpu/drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 3 drivers/gpu/drm/amd/display/dc/irq/dcn32/irq_service_dcn32.c | 61 drivers/gpu/drm/amd/display/dc/irq/dcn401/irq_service_dcn401.c | 60 drivers/gpu/drm/amd/display/dc/irq_types.h | 9 drivers/gpu/drm/amd/display/dc/mpc/dcn32/dcn32_mpc.c | 380 ++--- drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn36/dcn36_resource.c | 2 drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c | 4 drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 1 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 13 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 10 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 4 drivers/gpu/drm/bridge/Kconfig | 1 drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 5 drivers/gpu/drm/bridge/analogix/anx7625.c | 26 drivers/gpu/drm/display/drm_dp_helper.c | 39 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/i915_pmu.c | 4 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 14 drivers/gpu/drm/msm/adreno/a6xx_hfi.c | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 17 drivers/gpu/drm/msm/dp/dp_display.c | 7 drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c | 7 drivers/gpu/drm/msm/hdmi/hdmi_i2c.c | 14 drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 3 drivers/gpu/drm/nouveau/Kbuild | 1 drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 45 drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 drivers/gpu/drm/nouveau/nouveau_drm.c | 8 drivers/gpu/drm/nouveau/nvkm/subdev/bar/r535.c | 2 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/Kbuild | 2 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 673 --------- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/Kbuild | 5 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/Kbuild | 6 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rm.c | 10 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c | 699 ++++++++++ drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/rm.h | 20 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/rpc.h | 18 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/r535.c | 2 drivers/gpu/drm/panel/panel-sharp-ls043t1le01.c | 41 drivers/gpu/drm/panel/panel-simple.c | 29 drivers/gpu/drm/panthor/panthor_mmu.c | 1 drivers/gpu/drm/rockchip/inno_hdmi.c | 36 drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 1 drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 5 drivers/gpu/drm/solomon/ssd130x.c | 2 drivers/gpu/drm/tiny/Kconfig | 1 drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 2 drivers/gpu/drm/v3d/v3d_sched.c | 8 drivers/gpu/drm/xe/xe_bo.c | 4 drivers/gpu/drm/xe/xe_eu_stall.c | 4 drivers/gpu/drm/xe/xe_exec.c | 4 drivers/gpu/drm/xe/xe_exec_queue.c | 9 drivers/gpu/drm/xe/xe_gt.c | 2 drivers/gpu/drm/xe/xe_gt_freq.c | 82 - drivers/gpu/drm/xe/xe_gt_idle.c | 28 drivers/gpu/drm/xe/xe_gt_throttle.c | 90 - drivers/gpu/drm/xe/xe_guc.c | 44 drivers/gpu/drm/xe/xe_oa.c | 6 drivers/gpu/drm/xe/xe_svm.c | 2 drivers/gpu/drm/xe/xe_uc_fw.c | 2 drivers/gpu/drm/xe/xe_vm.c | 6 drivers/hid/hid-asus.c | 107 + drivers/hv/connection.c | 23 drivers/hwmon/ftsteutates.c | 9 drivers/hwmon/ltc4282.c | 7 drivers/hwmon/occ/common.c | 240 +-- drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-k1.c | 2 drivers/i2c/busses/i2c-npcm7xx.c | 12 drivers/i2c/busses/i2c-pasemi-core.c | 2 drivers/i2c/busses/i2c-tegra.c | 5 drivers/i3c/master/mipi-i3c-hci/core.c | 6 drivers/iio/accel/fxls8962af-core.c | 15 drivers/iio/adc/Kconfig | 6 drivers/iio/adc/ad7173.c | 15 drivers/iio/adc/ad7606.c | 21 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/ad7944.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 drivers/infiniband/core/iwcm.c | 29 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 2 drivers/input/keyboard/gpio_keys.c | 6 drivers/input/misc/ims-pcu.c | 6 drivers/iommu/amd/iommu.c | 41 drivers/iommu/intel/iommu.c | 11 drivers/iommu/intel/iommu.h | 1 drivers/iommu/intel/nested.c | 4 drivers/iommu/iommu.c | 21 drivers/md/dm-raid1.c | 5 drivers/md/dm-table.c | 14 drivers/md/dm-verity-fec.c | 4 drivers/md/dm-verity-target.c | 8 drivers/md/dm-verity-verify-sig.c | 17 drivers/media/cec/usb/extron-da-hd-4k-plus/extron-da-hd-4k-plus.c | 4 drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 drivers/media/i2c/ccs-pll.c | 23 drivers/media/i2c/ds90ub913.c | 4 drivers/media/i2c/imx334.c | 18 drivers/media/i2c/imx335.c | 5 drivers/media/i2c/lt6911uxe.c | 4 drivers/media/i2c/ov08x40.c | 2 drivers/media/i2c/ov2740.c | 4 drivers/media/i2c/ov5675.c | 5 drivers/media/i2c/ov8856.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/pci/intel/ipu6/ipu6-dma.c | 4 drivers/media/pci/intel/ipu6/ipu6.c | 5 drivers/media/platform/imagination/e5010-jpeg-enc.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/nuvoton/npcm-video.c | 15 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h | 1 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 90 - drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 14 drivers/media/platform/qcom/camss/camss-csid.c | 4 drivers/media/platform/qcom/camss/camss-vfe.c | 4 drivers/media/platform/qcom/iris/iris_firmware.c | 4 drivers/media/platform/qcom/venus/core.c | 16 drivers/media/platform/qcom/venus/vdec.c | 4 drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 18 drivers/media/platform/renesas/rcar-vin/rcar-v4l2.c | 8 drivers/media/platform/renesas/vsp1/vsp1_rwpf.c | 13 drivers/media/platform/samsung/exynos4-is/fimc-is-regs.c | 1 drivers/media/platform/ti/cal/cal-video.c | 4 drivers/media/platform/ti/davinci/vpif.c | 4 drivers/media/platform/ti/omap3isp/ispccdc.c | 8 drivers/media/platform/ti/omap3isp/ispstat.c | 6 drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 20 drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 3 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 drivers/media/usb/uvc/uvc_ctrl.c | 23 drivers/media/usb/uvc/uvc_driver.c | 27 drivers/media/v4l2-core/v4l2-dev.c | 14 drivers/mmc/core/card.h | 6 drivers/mmc/core/quirks.h | 10 drivers/mmc/core/sd.c | 32 drivers/mtd/nand/qpic_common.c | 8 drivers/mtd/nand/raw/qcom_nandc.c | 18 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/mtd/nand/spi/alliancememory.c | 12 drivers/mtd/nand/spi/ato.c | 6 drivers/mtd/nand/spi/esmt.c | 8 drivers/mtd/nand/spi/foresee.c | 8 drivers/mtd/nand/spi/gigadevice.c | 48 drivers/mtd/nand/spi/macronix.c | 8 drivers/mtd/nand/spi/micron.c | 20 drivers/mtd/nand/spi/paragon.c | 12 drivers/mtd/nand/spi/skyhigh.c | 12 drivers/mtd/nand/spi/toshiba.c | 8 drivers/mtd/nand/spi/winbond.c | 34 drivers/mtd/nand/spi/xtx.c | 12 drivers/net/can/kvaser_pciefd.c | 3 drivers/net/can/m_can/tcan4x5x-core.c | 9 drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 87 + drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 29 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h | 1 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/cortina/gemini.c | 37 drivers/net/ethernet/dlink/dl2k.c | 14 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/faraday/Kconfig | 1 drivers/net/ethernet/intel/e1000e/netdev.c | 14 drivers/net/ethernet/intel/e1000e/ptp.c | 8 drivers/net/ethernet/intel/i40e/i40e_common.c | 7 drivers/net/ethernet/intel/ice/ice_arfs.c | 48 drivers/net/ethernet/intel/ice/ice_eswitch.c | 6 drivers/net/ethernet/intel/ice/ice_switch.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 9 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 4 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 10 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c | 78 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 6 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 5 drivers/net/ethernet/microchip/lan743x_ethtool.c | 18 drivers/net/ethernet/microchip/lan743x_ptp.h | 4 drivers/net/ethernet/pensando/ionic/ionic_main.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 7 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 24 drivers/net/ethernet/ti/icssg/icssg_common.c | 19 drivers/net/ethernet/vertexcom/mse102x.c | 15 drivers/net/hyperv/netvsc_bpf.c | 2 drivers/net/hyperv/netvsc_drv.c | 4 drivers/net/netdevsim/netdev.c | 2 drivers/net/phy/marvell-88q2xxx.c | 103 - drivers/net/phy/mediatek/mtk-ge-soc.c | 10 drivers/net/usb/asix.h | 1 drivers/net/usb/asix_common.c | 22 drivers/net/usb/asix_devices.c | 17 drivers/net/usb/ch9200.c | 7 drivers/net/vxlan/vxlan_core.c | 22 drivers/net/wireless/ath/ath11k/ce.c | 11 drivers/net/wireless/ath/ath11k/core.c | 55 drivers/net/wireless/ath/ath11k/core.h | 7 drivers/net/wireless/ath/ath11k/dp_rx.c | 25 drivers/net/wireless/ath/ath11k/hal.c | 4 drivers/net/wireless/ath/ath11k/qmi.c | 9 drivers/net/wireless/ath/ath12k/ce.c | 11 drivers/net/wireless/ath/ath12k/ce.h | 6 drivers/net/wireless/ath/ath12k/dp.c | 77 - drivers/net/wireless/ath/ath12k/dp.h | 5 drivers/net/wireless/ath/ath12k/dp_mon.c | 2 drivers/net/wireless/ath/ath12k/dp_rx.c | 15 drivers/net/wireless/ath/ath12k/hal.c | 12 drivers/net/wireless/ath/ath12k/hal.h | 6 drivers/net/wireless/ath/ath12k/hal_desc.h | 2 drivers/net/wireless/ath/ath12k/hw.c | 2 drivers/net/wireless/ath/ath12k/hw.h | 3 drivers/net/wireless/ath/ath12k/mac.c | 55 drivers/net/wireless/ath/ath12k/pci.c | 3 drivers/net/wireless/ath/ath12k/peer.c | 5 drivers/net/wireless/ath/ath12k/peer.h | 3 drivers/net/wireless/ath/ath12k/wmi.c | 28 drivers/net/wireless/ath/ath12k/wmi.h | 1 drivers/net/wireless/ath/carl9170/usb.c | 19 drivers/net/wireless/intel/iwlwifi/cfg/22000.c | 3 drivers/net/wireless/intel/iwlwifi/dvm/main.c | 6 drivers/net/wireless/intel/iwlwifi/mld/d3.c | 2 drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 2 drivers/net/wireless/intel/iwlwifi/mld/mld.c | 3 drivers/net/wireless/intel/iwlwifi/mld/thermal.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 4 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 6 drivers/net/wireless/intersil/p54/fwio.c | 2 drivers/net/wireless/intersil/p54/p54.h | 1 drivers/net/wireless/intersil/p54/txrx.c | 13 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 5 drivers/net/wireless/mediatek/mt76/mt7925/init.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 20 drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 1 drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 3 drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 8 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 4 drivers/net/wireless/purelifi/plfxlc/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/pci.c | 10 drivers/net/wireless/realtek/rtw88/hci.h | 8 drivers/net/wireless/realtek/rtw88/mac.c | 11 drivers/net/wireless/realtek/rtw88/mac.h | 2 drivers/net/wireless/realtek/rtw88/mac80211.c | 2 drivers/net/wireless/realtek/rtw88/main.c | 32 drivers/net/wireless/realtek/rtw88/main.h | 3 drivers/net/wireless/realtek/rtw88/pci.c | 2 drivers/net/wireless/realtek/rtw88/rtw8703b.c | 1 drivers/net/wireless/realtek/rtw88/rtw8723d.c | 1 drivers/net/wireless/realtek/rtw88/rtw8812a.c | 1 drivers/net/wireless/realtek/rtw88/rtw8814a.c | 11 drivers/net/wireless/realtek/rtw88/rtw8821a.c | 1 drivers/net/wireless/realtek/rtw88/rtw8821c.c | 1 drivers/net/wireless/realtek/rtw88/rtw8822b.c | 1 drivers/net/wireless/realtek/rtw88/rtw8822bu.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 1 drivers/net/wireless/realtek/rtw88/sdio.c | 2 drivers/net/wireless/realtek/rtw88/usb.c | 57 drivers/net/wireless/realtek/rtw89/cam.c | 3 drivers/net/wireless/realtek/rtw89/rtw8922a_rfk.c | 5 drivers/net/wireless/virtual/mac80211_hwsim.c | 5 drivers/nvme/host/ioctl.c | 21 drivers/nvme/host/tcp.c | 2 drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 drivers/pci/controller/dwc/pcie-designware-ep.c | 5 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 6 drivers/pci/controller/pcie-apple.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 2 drivers/pci/hotplug/s390_pci_hpc.c | 2 drivers/pci/pci.c | 3 drivers/pci/quirks.c | 23 drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 10 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 21 drivers/pinctrl/pinctrl-mcp23s08.c | 8 drivers/platform/loongarch/loongson-laptop.c | 87 - drivers/platform/x86/amd/pmc/pmc.c | 2 drivers/platform/x86/amd/pmf/core.c | 3 drivers/platform/x86/amd/pmf/tee-if.c | 67 drivers/platform/x86/dell/alienware-wmi-wmax.c | 2 drivers/platform/x86/dell/dell_rbu.c | 6 drivers/platform/x86/ideapad-laptop.c | 19 drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 9 drivers/pmdomain/core.c | 4 drivers/power/supply/bq27xxx_battery.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 13 drivers/power/supply/collie_battery.c | 1 drivers/power/supply/gpio-charger.c | 4 drivers/power/supply/max17040_battery.c | 5 drivers/ptp/ptp_clock.c | 3 drivers/ptp/ptp_private.h | 22 drivers/pwm/pwm-axi-pwmgen.c | 23 drivers/rapidio/rio_cm.c | 3 drivers/regulator/max14577-regulator.c | 5 drivers/regulator/max20086-regulator.c | 4 drivers/remoteproc/remoteproc_core.c | 6 drivers/remoteproc/ti_k3_m4_remoteproc.c | 2 drivers/s390/scsi/zfcp_sysfs.c | 2 drivers/scsi/elx/efct/efct_hw.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 4 drivers/scsi/smartpqi/smartpqi_init.c | 84 + drivers/scsi/storvsc_drv.c | 10 drivers/soc/qcom/pmic_glink_altmode.c | 30 drivers/spi/spi-qpic-snand.c | 1 drivers/staging/iio/impedance-analyzer/ad5933.c | 2 drivers/staging/media/rkvdec/rkvdec.c | 14 drivers/tee/tee_core.c | 11 drivers/uio/uio_hv_generic.c | 7 drivers/video/console/dummycon.c | 18 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcon.c | 7 drivers/video/fbdev/core/fbmem.c | 22 drivers/video/screen_info_pci.c | 79 - drivers/virt/coco/tsm.c | 31 drivers/watchdog/da9052_wdt.c | 1 drivers/watchdog/stm32_iwdg.c | 2 fs/anon_inodes.c | 45 fs/ceph/addr.c | 9 fs/ceph/super.c | 1 fs/configfs/dir.c | 2 fs/dlm/lowcomms.c | 5 fs/erofs/zmap.c | 10 fs/exfat/nls.c | 1 fs/exfat/super.c | 30 fs/ext4/ext4.h | 7 fs/ext4/extents.c | 39 fs/ext4/file.c | 7 fs/ext4/inline.c | 2 fs/ext4/inode.c | 24 fs/ext4/ioctl.c | 8 fs/f2fs/compress.c | 23 fs/f2fs/f2fs.h | 5 fs/f2fs/inode.c | 10 fs/f2fs/namei.c | 9 fs/f2fs/node.c | 8 fs/f2fs/segment.c | 12 fs/f2fs/super.c | 12 fs/file.c | 8 fs/gfs2/lock_dlm.c | 3 fs/internal.h | 5 fs/ioctl.c | 7 fs/isofs/inode.c | 7 fs/isofs/isofs.h | 4 fs/isofs/rock.c | 40 fs/isofs/rock.h | 6 fs/isofs/util.c | 49 fs/jbd2/transaction.c | 5 fs/jffs2/erase.c | 4 fs/jffs2/scan.c | 4 fs/jffs2/summary.c | 7 fs/jfs/jfs_discard.c | 3 fs/jfs/jfs_dmap.c | 6 fs/jfs/jfs_dtree.c | 18 fs/libfs.c | 10 fs/nfs/client.c | 2 fs/nfs/flexfilelayout/flexfilelayoutdev.c | 2 fs/nfs/internal.h | 1 fs/nfs/localio.c | 6 fs/nfs/nfs4proc.c | 5 fs/nfs/read.c | 3 fs/nfsd/export.c | 3 fs/nfsd/nfs4proc.c | 3 fs/nfsd/nfs4xdr.c | 19 fs/nfsd/nfsctl.c | 26 fs/nfsd/nfssvc.c | 6 fs/overlayfs/file.c | 4 fs/overlayfs/overlayfs.h | 8 fs/pidfs.c | 2 fs/smb/client/cached_dir.c | 14 fs/smb/client/cached_dir.h | 8 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 17 fs/smb/client/namespace.c | 3 fs/smb/client/readdir.c | 28 fs/smb/client/reparse.c | 1 fs/smb/client/sess.c | 7 fs/smb/client/smb2pdu.c | 33 fs/smb/client/smbdirect.c | 5 fs/smb/client/transport.c | 14 fs/smb/server/connection.c | 2 fs/smb/server/connection.h | 1 fs/smb/server/smb2pdu.c | 11 fs/smb/server/transport_rdma.c | 10 fs/smb/server/transport_tcp.c | 3 fs/xattr.c | 1 include/acpi/actypes.h | 2 include/drm/display/drm_dp_helper.h | 5 include/linux/acpi.h | 9 include/linux/atmdev.h | 6 include/linux/bus/stm32_firewall_device.h | 15 include/linux/codetag.h | 8 include/linux/execmem.h | 8 include/linux/f2fs_fs.h | 1 include/linux/fs.h | 2 include/linux/hugetlb.h | 3 include/linux/mmc/card.h | 1 include/linux/module.h | 5 include/linux/mtd/nand-qpic-common.h | 4 include/linux/mtd/spinand.h | 72 - include/linux/tcp.h | 2 include/net/mac80211.h | 16 include/trace/events/erofs.h | 18 include/uapi/linux/videodev2.h | 12 io_uring/io-wq.c | 4 io_uring/io_uring.c | 2 io_uring/kbuf.c | 7 io_uring/net.c | 6 io_uring/rsrc.c | 8 io_uring/sqpoll.c | 5 ipc/shm.c | 5 kernel/bpf/bpf_struct_ops.c | 2 kernel/bpf/btf.c | 4 kernel/bpf/helpers.c | 3 kernel/cgroup/legacy_freezer.c | 3 kernel/events/core.c | 80 - kernel/exit.c | 17 kernel/module/main.c | 5 kernel/sched/core.c | 4 kernel/sched/ext.c | 5 kernel/sched/ext.h | 2 kernel/sched/fair.c | 4 kernel/sched/rt.c | 54 kernel/time/clocksource.c | 2 kernel/trace/ftrace.c | 10 kernel/trace/trace.c | 5 kernel/trace/trace_events_filter.c | 184 +- kernel/trace/trace_functions_graph.c | 6 kernel/watchdog.c | 41 kernel/workqueue.c | 7 lib/Kconfig | 1 lib/alloc_tag.c | 12 lib/codetag.c | 34 mm/execmem.c | 40 mm/hugetlb.c | 67 mm/madvise.c | 7 mm/page-writeback.c | 2 mm/readahead.c | 20 mm/vma.c | 49 mm/vma.h | 7 net/atm/common.c | 1 net/atm/lec.c | 12 net/atm/raw.c | 2 net/bridge/br_mst.c | 4 net/bridge/br_multicast.c | 103 + net/bridge/br_private.h | 11 net/core/dev.c | 1 net/core/filter.c | 19 net/core/page_pool.c | 4 net/core/skbuff.c | 3 net/core/skmsg.c | 3 net/core/sock.c | 4 net/ipv4/route.c | 4 net/ipv4/tcp_fastopen.c | 3 net/ipv4/tcp_input.c | 79 - net/ipv6/calipso.c | 8 net/mac80211/cfg.c | 2 net/mac80211/debugfs_sta.c | 6 net/mac80211/mesh_hwmp.c | 6 net/mac80211/rate.c | 2 net/mac80211/sta_info.c | 28 net/mac80211/sta_info.h | 11 net/mac80211/tx.c | 15 net/mpls/af_mpls.c | 4 net/netfilter/nft_set_pipapo.c | 6 net/nfc/nci/uart.c | 8 net/sched/sch_sfq.c | 10 net/sched/sch_taprio.c | 6 net/sctp/socket.c | 3 net/sunrpc/cache.c | 17 net/sunrpc/svc.c | 11 net/sunrpc/xprtrdma/svc_rdma_transport.c | 1 net/sunrpc/xprtsock.c | 5 net/tipc/crypto.c | 2 net/tipc/udp_media.c | 4 net/xfrm/xfrm_user.c | 52 scripts/Makefile.compiler | 4 security/selinux/xfrm.c | 2 sound/pci/hda/cs35l41_hda_property.c | 6 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 15 sound/soc/amd/acp/acp-sdw-legacy-mach.c | 2 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/amd/yc/acp6x-mach.c | 9 sound/soc/codecs/tas2770.c | 30 sound/soc/codecs/wcd937x.c | 7 sound/soc/generic/simple-card-utils.c | 23 sound/soc/meson/meson-card-utils.c | 2 sound/soc/qcom/sdm845.c | 4 sound/soc/sdw_utils/soc_sdw_rt_amp.c | 2 sound/soc/tegra/tegra210_ahub.c | 2 sound/usb/mixer_maps.c | 12 tools/bpf/bpftool/cgroup.c | 12 tools/lib/bpf/btf.c | 18 tools/lib/bpf/libbpf.c | 6 tools/net/ynl/pyynl/lib/ynl.py | 67 tools/perf/tests/tests-scripts.c | 1 tools/perf/util/print-events.c | 1 tools/testing/selftests/x86/Makefile | 2 tools/testing/selftests/x86/sigtrap_loop.c | 101 + tools/testing/vma/vma_internal.h | 2 tools/tracing/rtla/src/utils.c | 2 660 files changed, 6737 insertions(+), 3756 deletions(-) Aditya Dutt (1): jfs: fix array-index-out-of-bounds read in add_missing_indices Aditya Garg (1): drm/appletbdrm: Make appletbdrm depend on X86 Aditya Kumar Singh (2): wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping Ahmed Salem (1): ACPICA: Avoid sequence overread in call to strncmp() Akhil P Oommen (1): drm/msm/a6xx: Increase HFI response timeout Akhil R (2): i2c: tegra: check msg length in SMBUS block read dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties Alan Maguire (2): libbpf/btf: Fix string handling to support multi-split BTF libbpf: Add identical pointer detection to btf_dedup_is_equiv() Alex Deucher (6): drm/amdgpu/gfx6: fix CSIB handling drm/amdgpu/gfx11: fix CSIB handling drm/amdgpu/gfx10: fix CSIB handling drm/amdgpu/gfx7: fix CSIB handling drm/amdgpu/gfx8: fix CSIB handling drm/amdgpu/gfx9: fix CSIB handling Alex Elder (1): i2c: k1: check for transfer error Alexander Aring (2): gfs2: move msleep to sleepable context dlm: use SHUT_RDWR for SCTP shutdown Alexander Sverdlin (1): Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Alexey Kodanev (1): net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Alok Tiwari (1): emulex/benet: correct command version selection in be_cmd_get_stats() Amber Lin (1): drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB Amir Goldstein (1): ovl: fix debug print in case of mkdir error Andreas Kemnade (1): ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Andrew Morton (1): drivers/rapidio/rio_cm.c: prevent possible heap overwrite Andrew Zaborowski (1): x86/sgx: Prevent attempts to reclaim poisoned pages André Almeida (1): ovl: Fix nested backing file paths Andy Yan (2): drm/rockchip: inno-hdmi: Fix video timing HSYNC/VSYNC polarity setting for rk3036 drm/rockchip: vop2: Make overlay layer select register configuration take effect by vsync Antonin Godard (1): drm/panel: simple: Add POWERTIP PH128800T004-ZZA01 panel entry Anup Patel (2): RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs Anusha Srivatsa (1): drm/panel/sharp-ls043t1le01: Use _multi variants Apurv Mishra (1): drm/amdkfd: Drop workaround for GC v9.4.3 revID 0 Armin Wolf (1): ACPI: bus: Bail out if acpi_kobj registration fails Arnd Bergmann (3): parisc: fix building with gcc-15 hwmon: (occ) Rework attribute registration for stack usage hwmon: (occ) fix unaligned accesses Artem Sadovnikov (1): jffs2: check that raw node were preallocated before writing summary Arthur-Prince (1): iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build Arvind Yadav (1): drm/amdgpu: fix MES GFX mask Avadhut Naik (1): EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh Ayushi Makhija (2): drm/bridge: anx7625: enable HPD interrupts drm/bridge: anx7625: change the gpiod_set_value API Bagas Sanjaya (1): Documentation: nouveau: Update GSP message queue kernel-doc reference Balamurugan S (1): wifi: ath12k: fix incorrect CE addresses Baochen Qiang (3): wifi: ath12k: fix a possible dead lock caused by ab->base_lock wifi: ath12k: make assoc link associate first wifi: ath11k: determine PM policy based on machine model Beleswar Padhi (1): remoteproc: k3-m4: Don't assert reset in detach routine Ben Skeggs (2): drm/nouveau/gsp: fix rm shutdown wait condition drm/nouveau/gsp: split rpc handling out on its own Benjamin Berg (2): wifi: iwlwifi: mld: call thermal exit without wiphy lock held wifi: mac80211: do not offer a mesh path if forwarding is disabled Benjamin Lin (1): wifi: mt76: mt7996: drop fragments with multicast or broadcast RA Benjamin Marzinski (1): dm-table: check BLK_FEAT_ATOMIC_WRITES inside limits_lock Bharath SM (2): smb: improve directory cache reuse for readdir operations smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels Binbin Zhou (1): gpio: loongson-64bit: Correct Loongson-7A2000 ACPI GPIO access mode Bitterblue Smith (3): wifi: rtw88: usb: Upload the firmware in bigger chunks wifi: rtw88: usb: Reduce control message timeout to 500 ms wifi: rtw88: Set AMPDU factor to hardware for RTL8814A Boris Brezillon (1): drm/panthor: Don't update MMU_INT_MASK in panthor_mmu_irq_handler() Brett Creeley (1): ionic: Prevent driver/fw getting out of sync on devcmd(s) Brett Werling (1): can: tcan4x5x: fix power regulator retrieval during probe Brian Foster (1): ext4: only dirty folios when data journaling regular files Chao Gao (1): KVM: VMX: Flush shadow VMCS on emergency reboot Chao Yu (6): f2fs: fix to do sanity check on ino and xnid f2fs: fix to do sanity check on sit_bitmap_size f2fs: fix to return correct error number in f2fs_sync_node_pages() f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx f2fs: fix to bail out in get_new_segment() f2fs: fix to set atomic write status more clear Charan Teja Kalla (1): PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Charlene Liu (2): drm/amd/display: disable DPP RCG before DPP CLK enable drm/amd/display: fix zero value for APU watermark_c Chen Linxuan (1): RDMA/hns: initialize db in update_srq_db() Chen Ridong (1): cgroup,freezer: fix incomplete freezing when attaching tasks Chris Chiu (1): ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA Christian Brauner (4): anon_inode: use a proper mode internally anon_inode: explicitly block ->setattr() anon_inode: raise SB_I_NODEV and SB_I_NOEXEC fs: add S_ANON_INODE Christian Lamparter (1): wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Christoph Rudorff (1): drm/nouveau: fix hibernate on disabled GPU Christophe Leroy (1): powerpc/vdso: Fix build of VDSO32 with pcrel Chuck Lever (3): NFSD: Implement FATTR4_CLONE_BLKSIZE attribute SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls svcrdma: Unregister the device if svc_rdma_accept() fails Chuyi Zhou (1): workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() Connor Abbott (2): drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Corey Minyard (1): ipmi:ssif: Fix a shutdown race Da Xue (1): clk: meson-g12a: add missing fclk_div2 to spicc Damien Le Moal (1): block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion Damon Ding (1): drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() Dan Carpenter (2): media: iris: fix error code in iris_load_fw_to_memory() Input: ims-pcu - check record size in ims_pcu_flash_firmware() Dan Williams (1): configfs-tsm-report: Fix NULL dereference of tsm_ops Daniel Wagner (1): scsi: lpfc: Use memcpy() for BIOS version Daniele Ceraolo Spurio (1): drm/xe/vf: Fix guc_info debugfs for VFs Dave Airlie (1): drm/dp: add option to disable zero sized address only transactions. Dave Hansen (1): x86/mm: Disable INVLPGB when PTI is enabled David Lechner (5): pwm: axi-pwmgen: fix missing separate external clock iio: adc: ad7944: mask high bits on direct read iio: adc: ad7606_spi: fix reg write value mask iio: adc: ad7173: fix compiling without gpiolib iio: adc: ad7606: fix raw read for 18-bit chips David Strahan (1): scsi: smartpqi: Add new PCI IDs David Thompson (2): mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available gpio: mlxbf3: only get IRQ for device instance 0 David Wei (1): tcp: fix passive TFO socket having invalid NAPI ID Denis Arefev (1): media: vivid: Change the siize of the composing Dennis Marttinen (1): ceph: set superblock s_magic for IMA fsmagic matching Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dexuan Cui (1): scsi: storvsc: Increase the timeouts to storvsc_timeout Dian-Syuan Yang (1): wifi: rtw89: leave idle mode when setting WEP encryption for AP mode Diederik de Haas (1): PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() Dillon Varone (3): drm/amd/display: Fix Vertical Interrupt definitions for dcn32, dcn401 drm/amd/display: Fix VUpdate offset calculations for dcn401 Revert "drm/amd/display: Fix VUpdate offset calculations for dcn401" Dimitri Fedrau (1): net: phy: marvell-88q2xxx: Enable temperature measurement in probe again Dmitry Antipov (1): wifi: carl9170: do not ping device which has failed to load firmware Dmitry Baryshkov (3): drm/bridge: select DRM_KMS_HELPER for AUX_BRIDGE drm/msm/hdmi: add runtime PM calls to DDC transfer function drm/msm/dpu: don't select single flush for active CTL blocks Dmitry Nikiforov (1): media: davinci: vpif: Fix memory leak in probe error path Donald Hunter (1): tools: ynl: parse extack for sub-messages Dongcheng Yan (1): media: i2c: change lt6911uxe irq_gpio name to "hpd" Dylan Wolff (1): jfs: Fix null-ptr-deref in jfs_ioc_trim Edip Hazuri (1): ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx Edward Adam Davis (3): media: cxusb: no longer judge rbuf when the write fails media: vidtv: Terminating the subsequent process of initialization failure wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled Eric Dumazet (7): tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: remove zero TCP TS samples for autotuning tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows tcp: add receive queue awareness in tcp_rcv_space_adjust() net_sched: sch_sfq: reject invalid perturb period net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling Erick Shepherd (1): mmc: Add quirk to disable DDR50 tuning Fabrice Gasnier (1): Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT Fangzhi Zuo (1): drm/amd/display: Do Not Consider DSC if Valid Config Not Found Fedor Pchelkin (2): can: kvaser_pciefd: refine error prone echo_skb_max handling logic jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fei Shao (1): media: mediatek: vcodec: Correct vsi_core framebuffer size Frank Li (1): platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() Frank Wunderlich (1): net: phy: mediatek: do not require syscon compatible for pio property GONG Ruiqi (1): vgacon: Add check for vc_origin address range in vgacon_scroll() Gabor Juhos (4): pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabriel Shahrouzi (1): staging: iio: ad5933: Correct settling cycles encoding per datasheet Gao Xiang (3): erofs: remove unused trace event erofs_destroy_inode erofs: refuse crafted out-of-file-range encoded extents erofs: remove a superfluous check for encoded extents Gatien Chevallier (1): Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() Gautam Menghani (1): powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states Giovanni Cabiddu (5): crypto: qat - add shutdown handler to qat_c3xxx crypto: qat - add shutdown handler to qat_420xx crypto: qat - add shutdown handler to qat_4xxx crypto: qat - add shutdown handler to qat_c62x crypto: qat - add shutdown handler to qat_dh895xcc Greg Kroah-Hartman (1): Linux 6.15.4 Grzegorz Nitka (1): ice: fix eswitch code memory leak in reset scenario Gui-Dong Han (1): hwmon: (ftsteutates) Fix TOCTOU race in fts_read() Guilherme G. Piccoli (1): clocksource: Fix the CPUs' choice in the watchdog per CPU verification Haixia Qu (1): tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hans Verkuil (2): media: cec: extron-da-hd-4k-plus: Fix Wformat-truncation media: tc358743: ignore video while HPD is low Hans de Goede (2): media: ov2740: Move pm-runtime cleanup on probe-errors to proper place media: ov08x40: Extend sleep after reset to 5 ms Hao Yao (1): media: ipu6: Remove workaround for Meteor Lake ES2 Haoxiang Li (1): media: imagination: fix a potential memory leak in e5010_probe() Hari Bathini (2): powerpc64/ftrace: fix clobbered r15 during livepatching powerpc/bpf: fix JIT code size calculation of bpf trampoline Hari Chandrakanthan (1): wifi: ath12k: fix link valid field initialization in the monitor Rx Hariprasad Kelam (1): Octeontx2-pf: Fix Backpresure configuration Harish Chegondi (1): drm/xe: Use copy_from_user() instead of __copy_from_user() Harshit Agarwal (1): sched/rt: Fix race in push_rt_task Hector Martin (2): ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change i2c: pasemi: Enable the unjam machine Heiko Carstens (1): s390/pci: Fix __pcilg_mio_inuser() inline assembly Heiko Stuebner (1): clk: rockchip: rk3036: mark ddrphy as critical Heiner Kallweit (1): net: ftgmac100: select FIXED_PHY Helge Deller (1): parisc/unaligned: Fix hex output to show 8 hex chars Henk Vergonet (1): wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Herbert Xu (1): crypto: marvell/cesa - Do not chain submitted requests Hou Tao (1): bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() Huacai Chen (2): PCI: Add ACS quirk for Loongson PCIe LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg Hyunwoo Kim (1): net/sched: fix use-after-free in taprio_dev_notifier I Hsin Cheng (1): ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init() Ian Rogers (2): perf evsel: Missed close() when probing hybrid core PMUs perf test: Directory file descriptor leak Ido Schimmel (2): vxlan: Do not treat dst cache initialization errors as fatal vxlan: Add RCU read-side critical sections in the Tx path Ilpo Järvinen (1): PCI: Fix lock symmetry in pci_slot_unlock() Ilya Leoshkevich (1): bpf: Pass the same orig_call value to trampoline functions Ioana Ciornei (1): bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Jacek Lawrynowicz (4): accel/ivpu: Improve buffer object logging accel/ivpu: Use firmware names from upstream repo accel/ivpu: Use dma_resv_lock() instead of a custom mutex accel/ivpu: Fix warning in ivpu_gem_bo_free() Jacob Keller (1): drm/nouveau/bl: increase buffer size to avoid truncate warning Jaegeuk Kim (1): f2fs: prevent kernel warning due to negative i_nlink from corrupted image Jakub Kicinski (3): net: clear the dst when changing skb protocol eth: fbnic: avoid double free when failing to DMA-map FW msg tools: ynl: fix mixing ops and notifications on one socket James A. MacInnes (2): drm/msm/dp: Disable wide bus support for SDM845 drm/msm/disp: Correct porch timing for SDM845 Jan Kara (1): ext4: fix calculation of credits for extent tree modification Jann Horn (3): mm/hugetlb: unshare page tables during VMA split, not before mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race tee: Prevent size calculation wraparound on 32-bit kernels Janne Grunau (1): PCI: apple: Set only available ports up Jarkko Nikula (1): i3c: mipi-i3c-hci: Fix handling status of i3c_hci_irq_handler() Jaroslav Kysela (3): firmware: cs_dsp: Fix OOB memory read access in KUnit test firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) Jason Xing (3): net: atlantic: generate software timestamp just before the doorbell net: stmmac: generate software timestamp just before the doorbell net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Jeevaka Prabu Badrappan (1): drm/xe: Fix CFI violation when accessing sysfs files Jeff Hugo (1): bus: mhi: host: Fix conflict between power_up and SYSERR Jeff Layton (2): nfsd: use threads array as-is in netlink interface sunrpc: handle SVC_GARBAGE during svc auth processing as auth error Jens Axboe (7): block: use plug request list tail for one-shot backmerge attempt io_uring/net: only consider msg_inq if larger than 1 io_uring/kbuf: don't truncate end buffer for multiple buffer peeks io_uring/rsrc: validate buffer count with offset for cloning nvme: always punt polled uring_cmd end_io work to task_work io_uring/net: always use current transfer count for buffer put io_uring/sqpoll: don't put task_struct on tctx setup failure Jeongjun Park (2): jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() ipc: fix to protect IPCS lookups using RCU Jerry Lv (1): power: supply: bq27xxx: Retrieve again when busy Jesse.Zhang (2): drm/amdgpu: Fix API status offset for MES queue reset drm/amdkfd: move SDMA queue reset capability check to node_show Jiande Lu (1): Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925 Jiayuan Chen (2): workqueue: Fix race condition in wq->stats incrementation bpf, sockmap: Fix data lost during EAGAIN retries Jinliang Zheng (1): mm: fix ratelimit_pages update error in dirty_ratio_handler() Joe Damato (1): netdevsim: Mark NAPI ID on skb in nsim_rcv Johan Hovold (8): wifi: ath11k: fix rx completion meta data corruption wifi: ath11k: fix ring-buffer corruption wifi: ath12k: fix ring-buffer corruption media: ov8856: suppress probe deferral errors media: ov5675: suppress probe deferral errors media: qcom: camss: csid: suppress CSID log spam media: qcom: camss: vfe: suppress VFE version log spam soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events Johannes Berg (2): wifi: iwlwifi: mvm: fix beacon CCK flag wifi: iwlwifi: dvm: pair transport op-mode enter/leave John Garry (1): dm-table: Set BLK_FEAT_ATOMIC_WRITES for target queue limits John Keeping (1): drm/ssd130x: fix ssd132x_clear_screen() columns Jonas 'Sortie' Termansen (1): isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry Jonathan Lane (1): ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged João Paulo Gonçalves (2): regulator: max20086: Fix MAX200086 chip id regulator: max20086: Change enable gpio to optional Juergen Gross (1): x86/mm/pat: don't collapse pages without PSE set Justin Sanders (1): aoe: clean device rq_list in aoedev_downdev() Justin Tee (1): scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands Kai Huang (1): x86/virt/tdx: Avoid indirect calls to TDX assembly functions Kalesh AP (2): bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Kan Liang (1): perf/x86/intel: Fix crash in icl_update_topdown_event() Kang Yang (1): wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET Karol Wachowski (1): accel/ivpu: Trigger device recovery on engine reset/resume failure Kees Cook (2): fbcon: Make sure modelist not set on unregistered console wifi: iwlwifi: mld: Work around Clang loop unrolling bug Kendall Willis (1): firmware: ti_sci: Convert CPU latency constraint from us to ms Kevin Gao (1): drm/amd/display: Correct SSC enable detection for DCN351 Khem Raj (1): mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Kieran Bingham (1): media: i2c: imx335: Fix frame size enumeration Krishna Kumar (1): net: ice: Perform accurate aRFS flow match Krzysztof Hałasa (1): usbnet: asix AX88772: leave the carrier control to phylink Krzysztof Kozlowski (10): ASoC: codecs: wcd9375: Fix double free of regulator supplies ASoC: codecs: wcd937x: Drop unused buck_supply bus: firewall: Fix missing static inline annotations for stubs NFC: nci: uart: Set tty->disc_data only in success path power: supply: gpio-charger: Fix wakeup source leaks on device unbind power: supply: collie: Fix wakeup source leaks on device unbind Bluetooth: btmrvl_sdio: Fix wakeup source leaks on device unbind Bluetooth: btmtksdio: Fix wakeup source leaks on device unbind watchdog: stm32: Fix wakeup source leaks on device unbind drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate Kuan-Chung Chen (1): wifi: rtw89: 8922a: fix TX fail with wrong VCO setting Kuninori Morimoto (1): ASoC: simple-card-utils: fixup dlc->xxx handling for error case Kuniyuki Iwashima (4): atm: Revert atm_account_tx() if copy_from_iter_full() fails. mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Kurt Borja (1): Revert "platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1" Kyungwook Boo (1): i40e: fix MMIO write access to an invalid page in i40e_clear_hw Laurent Pinchart (1): media: renesas: vsp1: Fix media bus code setup on RWPF source pad Laurentiu Palcu (1): media: nxp: imx8-isi: better handle the m2m usage_count Laurentiu Tudor (1): bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Leon Romanovsky (1): xfrm: validate assignment of maximal possible SEQ number Leon Yen (1): wifi: mt76: mt7925: introduce thermal protection Li Lingfeng (1): nfsd: Initialize ssc before laundromat_work to prevent NULL dereference Lijo Lazar (3): drm/amdgpu: Add basic validation for RAS header drm/amdgpu: Disallow partition query during reset drm/amd/pm: Reset SMU v13.0.x custom settings Linus Torvalds (1): Make 'cc-option' work correctly for the -Wno-xyzzy pattern Linus Walleij (1): net: ethernet: cortina: Use TOE/TSO on all TCP Liwei Sun (1): Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922 Loic Poulain (1): media: venus: Fix probe error handling Long Li (5): Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary uio_hv_generic: Use correct size for interrupt and monitor pages uio_hv_generic: Align ring size to system page sunrpc: update nextcheck time when adding new cache entries sunrpc: fix race in cache cleanup causing stale nextcheck time Lorenzo Stoakes (2): KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY mm/vma: reset VMA iterator on commit_merge() OOM failure Lu Baolu (2): iommu/vt-d: Restore context entry setup order for aliased devices iommu: Allow attaching static domains in iommu_attach_device_pasid() Lucas De Marchi (1): drm/xe/uc: Remove static from loop variable Luis Henriques (1): fs: drop assert in file_seek_cur_needs_f_lock Lukas Bulwahn (1): x86/its: Fix an ifdef typo in its_alloc() Lukas Wunner (1): PCI: pciehp: Ignore belated Presence Detect Changed caused by DPC Luke D. Jones (1): hid-asus: check ROG Ally MCU version and warn Luo Gengkun (2): watchdog: fix watchdog may detect false positive of softlockup perf/core: Fix WARN in perf_cgroup_switch() Ma Ke (1): media: v4l2-dev: fix error handling in __video_register_device() Maarten Lankhorst (1): drm/xe/svm: Fix regression disallowing 64K SVM migration Maninder Singh (2): NFSD: unregister filesystem in case genl_register_family() fails NFSD: fix race between nfsd registration and exports_proc Marcus Folkesson (1): watchdog: da9052_wdt: respect TWDMIN Marek Szyprowski (3): media: omap3isp: use sgtable-based scatterlist wrappers media: videobuf2: use sgtable-based scatterlist wrappers udmabuf: use sgtable-based scatterlist wrappers Mario Limonciello (7): ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 drm/amd/display: Restructure DMI quirks iommu/amd: Allow matching ACPI HID devices without matching UIDs platform/x86/amd: pmc: Clear metrics table at start of cycle platform/x86/amd: pmf: Use device managed allocations platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice Mark Rutland (1): KVM: arm64: VHE: Synchronize restore of host debug registers Martin Blumenstingl (1): ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Martin KaFai Lau (1): bpftool: Fix cgroup command to only show cgroup bpf programs Mateusz Pacuszka (1): ice: fix check for existing switch rule Max Kellermann (1): fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Maíra Canal (1): drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` Md Sadre Alam (3): mtd: rawnand: qcom: Pass 18 bit offset from NANDc base to BAM base mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() mtd: rawnand: qcom: Fix read len for onfi param page Meghana Malladi (1): net: ti: icssg-prueth: Fix packet handling for XDP_TX Michael Chang (1): media: nuvoton: npcm-video: Fix stuck due to no video signal error Michael Lo (1): wifi: mt76: mt7925: fix host interrupt register initialization Michael Walle (1): net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER Mike Looijmans (1): pinctrl: mcp23s08: Reset all pins to input at probe Mike Rapoport (Microsoft) (3): x86/Kconfig: only enable ROX cache in execmem when STRICT_MODULE_RWX is set x86/its: move its_pages array to struct mod_arch_specific Revert "mm/execmem: Unify early execmem_cache behaviour" Mike Snitzer (1): NFS: always probe for LOCALIO support asynchronously Mike Tipton (1): cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs Mikko Korhonen (1): ata: ahci: Disallow LPM for Asus B550-F motherboard Mikulas Patocka (3): dm-mirror: fix a tiny race condition dm-verity: fix a memory leak if some arguments are specified multiple times dm: lock limits when reading them Mina Almasry (1): net: netmem: fix skb_ensure_writable with unreadable skbs Ming Qian (5): media: imx-jpeg: Drop the first error frames media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead media: imx-jpeg: Reset slot data pointers when freed media: imx-jpeg: Cleanup after an allocation error media: imx-jpeg: Check decoding is ongoing for motion-jpeg Mingcong Bai (1): wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Miquel Raynal (6): mtd: spinand: Use more specific naming for the (single) read from cache ops mtd: spinand: Use more specific naming for the (dual output) read from cache ops mtd: spinand: Use more specific naming for the (dual IO) read from cache ops mtd: spinand: Use more specific naming for the (quad output) read from cache ops mtd: spinand: Use more specific naming for the (quad IO) read from cache ops mtd: spinand: winbond: Prevent unsupported frequencies on dual/quad I/O variants Miri Korenblit (2): wifi: iwlwifi: mld: check for NULL before referencing a pointer wifi: iwlwifi: pcie: make sure to lock rxq->read Moon Yeounsu (1): net: dlink: add synchronization for stats update Muhammad Usama Anjum (1): wifi: ath11k: Fix QMI memory reuse logic Muna Sinada (1): wifi: mac80211: VLAN traffic in multicast path Murad Masimov (2): fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Mykyta Yatsenko (1): libbpf: Check bpf_map_skeleton link for NULL Namjae Jeon (3): exfat: fix double free in delayed_free ksmbd: fix null pointer dereference in destroy_previous_session ksmbd: add free_transport ops in ksmbd connection Narayana Murty N (1): powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Nas Chung (3): media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition media: qcom: venus: Fix uninitialized variable warning Neal Cardwell (1): tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior NeilBrown (1): nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Nicolas Dufresne (2): media: verisilicon: Enable wide 4K in AV1 decoder media: rkvdec: Initialize the m2m context before the controls Niklas Cassel (3): ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard PCI: cadence-ep: Correct PBA offset in .set_msix() callback PCI: dwc: ep: Correct PBA offset in .set_msix() callback Niklas Schnelle (4): s390/pci: Remove redundant bus removal and disable from zpci_release_device() s390/pci: Prevent self deletion in disable_slot() s390/pci: Allow re-add of a reserved but not yet removed device s390/pci: Serialize device addition and removal Niklas Söderlund (1): media: rcar-vin: Fix stride setting for RAW8 formats Niravkumar L Rabara (1): EDAC/altera: Use correct write width with the INTTEST register Nuno Sá (1): hwmon: (ltc4282) avoid repeated register write Olga Kornievskaia (1): nfsd: fix access checking for NLM under XPRTSEC policies Ovidiu Bunea (1): drm/amd/display: Update IPS sequential_ono requirement checks Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Pali Rohár (1): cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function Paul Aurich (1): smb: Log an error when close_all_cached_dirs fails Paul Hsieh (1): drm/amd/display: Skip to enable dsc if it has been off Pavan Chebbi (2): bnxt_en: Add a helper function to configure MRU and RSS bnxt_en: Update MRU and RSS table of RSS contexts on queue reset Pavel Begunkov (2): io_uring: account drain memory to cgroup io_uring/kbuf: account ring io_buffer_list memory Peng Fan (1): gpiolib: of: Add polarity quirk for s5m8767 Penglei Jiang (2): io_uring: fix task leak issue in io_wq_create() io_uring: fix potential page leak in io_sqe_buffer_register() Peter Marheine (1): ACPI: battery: negate current when discharging Peter Oberparleiter (1): scsi: s390: zfcp: Ensure synchronous unit_add Peter Zijlstra (3): sched/fair: Adhere to place_entity() constraints perf: Fix sample vs do_exit() perf: Fix cgroup state vs ERROR Peter Zijlstra (Intel) (1): x86/its: explicitly manage permissions for ITS pages Petr Malat (1): sctp: Do not wake readers in __sctp_write_space() Pradeep Kumar Chitrapu (1): wifi: ath12k: Fix incorrect rates sent to firmware Pu Lehui (1): mm: fix uprobe pte be overwritten when expanding vma Qasim Ijaz (2): net: ch9200: fix uninitialised access during mii_nway_restart drm/ttm/tests: fix incorrect assert in ttm_bo_unreserve_bulk() Qiuxu Zhuo (2): EDAC/igen6: Skip absent memory controllers EDAC/igen6: Fix NULL pointer dereference Rand Deeb (1): ixgbe: Fix unreachable retry logic in combined and byte I2C write functions Rengarajan S (1): net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Fix deferred probing error Richard Fitzgerald (1): ALSA: hda/realtek: Add quirk for Asus GU605C Rik van Riel (1): x86/mm: Fix early boot use of INVPLGB Rong Zhang (1): platform/x86: ideapad-laptop: use usleep_range() for EC polling Ronnie Sahlberg (1): ublk: santizize the arguments from userspace when adding a device Ross Stutterheim (1): ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ruben Devos (1): smb: client: add NULL check in automount_fullpath Ryan Roberts (2): arm64/mm: Close theoretical race where stale TLB entry remains valid mm: close theoretical race where stale TLB entries could linger Sakari Ailus (5): media: ccs-pll: Start VT pre-PLL multiplier search from correct value media: ccs-pll: Start OP pre-PLL multiplier search from correct value media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case media: ccs-pll: Better validate VT PLL branch Salah Triki (1): wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() Samson Tam (1): drm/amd/display: disable EASF narrow filter sharpening Samuel Williams (1): wifi: mt76: mt7921: add 160 MHz AP for mt7922 device Sarika Sharma (2): wifi: ath12k: correctly handle mcast packets for clients wifi: ath12k: using msdu end descriptor to check for rx multicast packets Sascha Hauer (1): gpio: pca953x: fix wrong error probe return value Saurabh Sengar (1): hv_netvsc: fix potential deadlock in netvsc_vf_setxdp() Scott Mayhew (1): NFSv4: Don't check for OPEN feature support in v4.1 Sean Christopherson (1): iommu/amd: Ensure GA log notifier callbacks finish running before module unload Sean Nyekjaer (3): iio: accel: fxls8962af: Fix temperature scan element sign iio: accel: fxls8962af: Fix temperature calculation iio: imu: inv_icm42600: Fix temperature calculation Sebastian Andrzej Siewior (2): ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT net: page_pool: Don't recycle into cache on PREEMPT_RT SeongJae Park (1): mm/madvise: handle madvise_lock() failure during race unwinding Sergio Perez Gonzalez (1): net: macb: Check return value of dma_set_mask_and_coherent() Seunghun Han (2): ACPICA: fix acpi operand cache leak in dswstate.c ACPICA: fix acpi parse and parseext cache leaks Shawn Lin (1): PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() Shin'ichiro Kawasaki (2): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction nvme-tcp: remove tag set when second admin queue config fails Shravan Chippa (1): media: i2c: imx334: update mode_3840x2160_regs array Shung-Hsi Yu (1): bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index Shyam Prasad N (6): cifs: reset connections for all channels when reconnect requested cifs: update dstaddr whenever channel iface is updated cifs: dns resolution is needed only for primary channel cifs: deal with the channel loading lag while picking channels cifs: serialize other channels when query server interfaces is pending cifs: do not disable interface polling on failure Sibi Sankar (1): firmware: arm_scmi: Ensure that the message-id supports fastchannel Sidhanta Sahu (1): wifi: ath12k: Fix memory leak due to multiple rx_stats allocation Simon Horman (1): pldmfw: Select CRC32 when PLDMFW is selected Simon Schuster (1): nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults Srinivas Pandruvada (1): platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL Srinivasan Shanmugam (1): drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() Sriram R (1): wifi: ath12k: Fix the enabling of REO queue lookup table feature Stanislaw Gruszka (1): media: intel/ipu6: Fix dma mask for non-secure mode Stefan Binding (2): ALSA: hda/realtek: Add support for Acer Helios Laptops using CS35L41 HDA ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops Stefan Metzmacher (1): smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() Stefan Wahren (1): net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi Stephen Smalley (2): fs/xattr.c: fix simple_xattr_list() selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Steven Rostedt (4): tracing: Only return an adjusted address if it matches the kernel address tracing: Fix regression of filter waiting a long time on RCU synchronization fgraph: Do not enable function_graph tracer when setting funcgraph-args tracing: Do not free "head" on error path of filter_free_subsystem_filters() Stuart Hayes (2): platform/x86: dell_rbu: Fix list usage platform/x86: dell_rbu: Stop overwriting data buffer Sukrut Bellary (1): ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Sumit Kumar (1): bus: mhi: ep: Update read pointer only after buffer is written Suraj P Kizhakkethil (1): wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz Suren Baghdasaryan (1): alloc_tag: handle module codetag load errors as module load failures Svyatoslav Ryhel (1): power: supply: max17040: adjust thermal channel scaling Takashi Iwai (1): ALSA: hda/intel: Add Thinkpad E15 to PM deny list Talhah Peerbhai (1): ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 Tali Perry (1): i2c: npcm: Add clock toggle recovery Tamir Duberstein (1): ACPICA: Apply pack(1) to union aml_resource Tan En De (1): i2c: designware: Invoke runtime suspend on quick slave re-registration Taniya Das (2): clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks clk: qcom: gcc: Set FORCE_MEM_CORE_ON for gcc_ufs_axi_clk for 8650/8750 Tarang Raval (2): media: i2c: imx334: Enable runtime PM before sub-device registration media: i2c: imx334: Fix runtime PM handling in remove function Tasos Sahanidis (1): ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Tejun Heo (1): sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() Tengda Wu (1): arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Thadeu Lima de Souza Cascardo (1): ext4: inline: fix len overflow in ext4_prepare_inline_data Thomas Weißschuh (1): LoongArch: vDSO: Correctly use asm parameters in syscall wrappers Thomas Zimmermann (3): sysfb: Fix screen_info type check for VGA video: screen_info: Relocate framebuffers behind PCI bridges dummycon: Trigger redraw when switching consoles with deferred takeover Tianyang Zhang (1): LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() Tiezhu Yang (1): rtla: Define __NR_sched_setattr for LoongArch Toke Høiland-Jørgensen (1): Revert "mac80211: Dynamically set CoDel parameters per station" Tomi Valkeinen (3): media: i2c: ds90ub913: Fix returned fmt from .set_fmt() media: rcar-vin: Fix RAW10 media: ti: cal: Fix wrong goto on error path TungYu Lu (1): drm/amd/display: Correct prefetch calculation Tzung-Bi Shih (1): drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled Ulf Hansson (1): pmdomain: core: Reset genpd->states to avoid freeing invalid data Umang Jain (1): media: imx335: Use correct register width for HNUM Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Viacheslav Dubeyko (1): ceph: avoid kernel BUG for encrypted inode with unaligned file size Vicki Pfau (1): drm: panel-orientation-quirks: Add ZOTAC Gaming Zone Victor Skvortsov (1): drm/amdgpu: Add indirect L1_TLB_CNTL reg programming for VFs Vijendar Mukunda (2): ASoC: amd: amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() Vinay Belgaumkar (1): drm/xe/bmg: Update Wa_16023588340 Vitaliy Shevtsov (1): scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() Vitaly Lifshits (1): e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 Vlad Dogaru (2): net/mlx5: HWS, Fix IP version decision net/mlx5: HWS, Harden IP version definer checks Vladimir Oltean (2): ptp: fix breakage after ptp_vclock_in_use() rework ptp: allow reading of currently dialed frequency to succeed on free-running clocks Víctor Gonzalo (1): wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 Wan Junjie (1): bus: fsl-mc: fix GET/SET_TAILDROP command ids WangYuli (1): Bluetooth: btusb: Add RTL8851BE device 0x0bda:0xb850 Wentao Liang (9): ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() media: gspca: Add error handling for stv06xx_read_sensor() mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable regulator: max14577: Add error check for max14577_read_reg() media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() Xiaolei Wang (2): remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() remoteproc: core: Release rproc->clean_table after rproc_attach() fails Xin Li (Intel) (1): selftests/x86: Add a test to detect infinite SIGTRAP handler loop Xu Yang (1): phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() Yao Zi (3): platform/loongarch: laptop: Get brightness setting from EC on probe platform/loongarch: laptop: Unregister generic_sub_drivers on exit platform/loongarch: laptop: Add backlight power control support Ye Bin (1): ftrace: Fix UAF when lookup kallsym after ftrace disabled Yevgeny Kliteynik (1): net/mlx5: HWS, fix counting of rules in the matcher Yihan Zhu (1): drm/amd/display: DCN32 null data check Yong Wang (2): net: bridge: mcast: update multicast contex when vlan state is changed net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions Yosry Ahmed (1): KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs Yuanjun Gong (1): ASoC: tegra210_ahub: Add check to of_device_get_match_data() Yuezhang Mo (1): exfat: do not clear volume dirty flag during sync Yuuki NAGAO (1): wifi: rtw88: rtw8822bu VID/PID for BUFFALO WI-U2-866DM Zhang Yi (6): ext4: fix out of bounds punch offset ext4: fix incorrect punch max_end ext4: factor out ext4_get_maxbytes() ext4: ensure i_size is smaller than maxbytes ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() ext4: prevent stale extent cache entries caused by concurrent get es_cache Zhi Wang (3): drm/nouveau/nvkm: factor out current GSP RPC command policies drm/nouveau/nvkm: introduce new GSP reply policy NVKM_GSP_RPC_REPLY_POLL drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() Zijun Hu (3): configfs: Do not override creating attribute file failure in populate_attrs() software node: Correct a OOB check in software_node_get_reference_args() sock: Correct error checking condition for (assign|release)_proto_idx() Zilin Guan (1): tipc: use kfree_sensitive() for aead cleanup gldrk (1): ACPICA: utilities: Fix overflow check in vsnprintf() sunliming (1): wifi: mt76: mt7996: fix uninitialized symbol warning wangdicheng (1): ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card zhangjian (1): smb: client: fix first command failure during re-negotiation

1 day, 21 hours

2
3
0 0

[PATCH] ALSA: hda/realtek - Add mute LED support for HP Victus 15-fb2xxx

by edip＠medip.dev

From: Edip Hazuri <edip(a)medip.dev> The mute led on this laptop is using ALC245 but requires a quirk to work This patch enables the existing quirk for the device. Tested on my friend's Victus 15-fb2xxx Laptop. The LED behaviour works as intended. Cc: <stable(a)vger.kernel.org> Signed-off-by: Edip Hazuri <edip(a)medip.dev> --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 5d6d01ecf..a33e8a654 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10881,6 +10881,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8ce0, "HP SnowWhite", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8cf5, "HP ZBook Studio 16", ALC245_FIXUP_CS35L41_SPI_4_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8d01, "HP ZBook Power 14 G12", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8d07, "HP Victus 15-fb2xxx (MB 8D07)", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8d18, "HP EliteStudio 8 AIO", ALC274_FIXUP_HP_AIO_BIND_DACS), SND_PCI_QUIRK(0x103c, 0x8d84, "HP EliteBook X G1i", ALC285_FIXUP_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8d85, "HP EliteBook 14 G12", ALC285_FIXUP_HP_GPIO_LED), -- 2.50.0

2 days

2
1
0 0

[PATCH v4 1/2] usb: dwc3: gadget: Fix TRB reclaim logic for short transfers and ZLPs

by Johannes Schneider

Commit 61440628a4ff ("usb: dwc3: gadget: Cleanup SG handling") updated the TRB reclaim path to use the TRB CHN (Chain) bit to determine whether a TRB was part of a chain. However, this inadvertently changed the behavior of reclaiming the final TRB in some scatter-gather or short transfer cases. In particular, if the final TRB did not have the CHN bit set, the cleanup path could incorrectly skip clearing the HWO (Hardware Own) bit, leaving stale TRBs in the ring. This resulted in broken data transfer completions in userspace, notably for MTP over FunctionFS. Fix this by unconditionally clearing the HWO bit during TRB reclaim, regardless of the CHN bit state. This restores correct behavior especially for transfers that require ZLPs or end on non-CHN TRBs. Fixes: 61440628a4ff ("usb: dwc3: gadget: Cleanup SG handling") Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Johannes Schneider <johannes.schneider(a)leica-geosystems.com> Cc: <stable(a)vger.kernel.org> # v6.13 --- Changes in v4: - None, patch content is the same - re-assembled into a patch-series, and re-submission to solve b4 troubles - Link to v3: 1. https://lore.kernel.org/all/AM8PR06MB7521A29A8863C838B54987B6BC7BA@AM8PR06M… 2. https://lore.kernel.org/all/AM8PR06MB752168CCAF31023017025DD5BC7BA@AM8PR06M… Changes in v3: - re-submission as singular patch - Link to v2: https://lore.kernel.org/r/20250624-dwc3-fix-gadget-mtp-v2-0-0e2d9979328f@le… Changes in v2: - None, resubmission as separate patches - dropped Patch 3, as it did change the logic - CC to stable - Link to v1: https://lore.kernel.org/r/20250621-dwc3-fix-gadget-mtp-v1-0-a45e6def71bb@le… --- drivers/usb/dwc3/gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..99fbd29d8f46 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -3516,7 +3516,7 @@ static int dwc3_gadget_ep_reclaim_completed_trb(struct dwc3_ep *dep, * We're going to do that here to avoid problems of HW trying * to use bogus TRBs for transfers. */ - if (chain && (trb->ctrl & DWC3_TRB_CTRL_HWO)) + if (trb->ctrl & DWC3_TRB_CTRL_HWO) trb->ctrl &= ~DWC3_TRB_CTRL_HWO; /* -- 2.34.1

2 days

1
0
0 0

[PATCH v2] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible

by Alexey Klimov

Add the SM6115 MDSS compatible to clients compatible list, as it also needs that workaround. Without this workaround, for example, QRB4210 RB2 which is based on SM4250/SM6115 generates a lot of smmu unhandled context faults during boot: arm_smmu_context_fault: 116854 callbacks suppressed arm-smmu c600000.iommu: Unhandled context fault: fsr=0x402, iova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5 arm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420 arm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1] arm-smmu c600000.iommu: Unhandled context fault: fsr=0x402, iova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5 arm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420 and also failed initialisation of lontium lt9611uxc, gpu and dpu is observed: (binding MDSS components triggered by lt9611uxc have failed) ------------[ cut here ]------------ !aspace WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm] Modules linked in: ... (long list of modules) CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT) pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : msm_gem_vma_init+0x150/0x18c [msm] lr : msm_gem_vma_init+0x150/0x18c [msm] sp : ffff80008144b280 ... Call trace: msm_gem_vma_init+0x150/0x18c [msm] (P) get_vma_locked+0xc0/0x194 [msm] msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm] msm_gem_kernel_new+0x48/0x160 [msm] msm_gpu_init+0x34c/0x53c [msm] adreno_gpu_init+0x1b0/0x2d8 [msm] a6xx_gpu_init+0x1e8/0x9e0 [msm] adreno_bind+0x2b8/0x348 [msm] component_bind_all+0x100/0x230 msm_drm_bind+0x13c/0x3d0 [msm] try_to_bring_up_aggregate_device+0x164/0x1d0 __component_add+0xa4/0x174 component_add+0x14/0x20 dsi_dev_attach+0x20/0x34 [msm] dsi_host_attach+0x58/0x98 [msm] devm_mipi_dsi_attach+0x34/0x90 lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc] lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc] i2c_device_probe+0x148/0x2a8 really_probe+0xbc/0x2c0 __driver_probe_device+0x78/0x120 driver_probe_device+0x3c/0x154 __driver_attach+0x90/0x1a0 bus_for_each_dev+0x68/0xb8 driver_attach+0x24/0x30 bus_add_driver+0xe4/0x208 driver_register+0x68/0x124 i2c_register_driver+0x48/0xcc lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc] do_one_initcall+0x60/0x1d4 do_init_module+0x54/0x1fc load_module+0x1748/0x1c8c init_module_from_file+0x74/0xa0 __arm64_sys_finit_module+0x130/0x2f8 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x2c/0x80 el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ---[ end trace 0000000000000000 ]--- msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22 msm_dpu 5e01000.display-controller: failed to load adreno gpu platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19 msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22 msm_dpu 5e01000.display-controller: adev bind failed: -22 lt9611uxc 0-002b: failed to attach dsi to host lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22 Suggested-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Fixes: 3581b7062cec ("drm/msm/disp/dpu1: add support for display on SM6115") Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexey Klimov <alexey.klimov(a)linaro.org> --- v2: - added tags as suggested by Dmitry; - slightly updated text in the commit message. Previous version: https://lore.kernel.org/linux-arm-msm/20250528003118.214093-1-alexey.klimov… drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c index 62874b18f645..c75023718595 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c @@ -379,6 +379,7 @@ static const struct of_device_id qcom_smmu_client_of_match[] __maybe_unused = { { .compatible = "qcom,sdm670-mdss" }, { .compatible = "qcom,sdm845-mdss" }, { .compatible = "qcom,sdm845-mss-pil" }, + { .compatible = "qcom,sm6115-mdss" }, { .compatible = "qcom,sm6350-mdss" }, { .compatible = "qcom,sm6375-mdss" }, { .compatible = "qcom,sm8150-mdss" }, -- 2.47.2

2 days, 13 hours

2
2
0 0

[PATCH v4] iio: common: st_sensors: Fix use of uninitialize device structs

by Maud Spierings via B4 Relay

From: Maud Spierings <maudspierings(a)gocontroll.com> Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err(), dev_warn() and dev_info() don't seem to cause a panic, but are fixed as well. The issue is reported and traced here: [1] Link: https://lore.kernel.org/all/AM7P189MB100986A83D2F28AF3FFAF976E39EA@AM7P189M… [1] Cc: stable(a)vger.kernel.org Signed-off-by: Maud Spierings <maudspierings(a)gocontroll.com> --- When I search for general &indio_dev->dev usage, I see quite a lot more hits, but I am not sure if there are issues with those too. This issue has existed for a long time it seems and therefore it is nearly impossible to find a proper fixes tag. I would love to see it at least backported to 6.12 as that is where I encountered it, and I believe the patch should apply without conflicts. --- Changes in v4: - Put the link to the original issue in a proper link tag - Remove stray newline - Link to v3: https://lore.kernel.org/r/20250526-st_iio_fix-v3-1-039fec38707c@gocontroll.… Changes in v3: - Added the stable cc to the commit message - Move the link to the original issue to the commit message - Fix function notation in the commit message - Move some more of the dev_*() calls to one line - Link to v2: https://lore.kernel.org/r/20250522-st_iio_fix-v2-1-07a32655a996@gocontroll.… Changes in v2: - Added SoB in commit message - Link to v1: https://lore.kernel.org/r/20250522-st_iio_fix-v1-1-d689b35f1612@gocontroll.… --- drivers/iio/accel/st_accel_core.c | 10 +++--- drivers/iio/common/st_sensors/st_sensors_core.c | 36 ++++++++++------------ drivers/iio/common/st_sensors/st_sensors_trigger.c | 20 ++++++------ 3 files changed, 31 insertions(+), 35 deletions(-) diff --git a/drivers/iio/accel/st_accel_core.c b/drivers/iio/accel/st_accel_core.c index 99cb661fabb2d9cc1943fa8d0a6f3becb71126e6..a7961c610ed203d039bbf298c8883031a578fb0b 100644 --- a/drivers/iio/accel/st_accel_core.c +++ b/drivers/iio/accel/st_accel_core.c @@ -1353,6 +1353,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) union acpi_object *ont; union acpi_object *elements; acpi_status status; + struct device *parent = indio_dev->dev.parent; int ret = -EINVAL; unsigned int val; int i, j; @@ -1371,7 +1372,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) }; - adev = ACPI_COMPANION(indio_dev->dev.parent); + adev = ACPI_COMPANION(parent); if (!adev) return -ENXIO; @@ -1380,8 +1381,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) if (status == AE_NOT_FOUND) { return -ENXIO; } else if (ACPI_FAILURE(status)) { - dev_warn(&indio_dev->dev, "failed to execute _ONT: %d\n", - status); + dev_warn(parent, "failed to execute _ONT: %d\n", status); return status; } @@ -1457,12 +1457,12 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) } ret = 0; - dev_info(&indio_dev->dev, "computed mount matrix from ACPI\n"); + dev_info(parent, "computed mount matrix from ACPI\n"); out: kfree(buffer.pointer); if (ret) - dev_dbg(&indio_dev->dev, + dev_dbg(parent, "failed to apply ACPI orientation data: %d\n", ret); return ret; diff --git a/drivers/iio/common/st_sensors/st_sensors_core.c b/drivers/iio/common/st_sensors/st_sensors_core.c index 8ce1dccfea4f5aaff45d3d40f6542323dd1f0b09..dac593be56958fd0be92e13f628350fcfd0f040d 100644 --- a/drivers/iio/common/st_sensors/st_sensors_core.c +++ b/drivers/iio/common/st_sensors/st_sensors_core.c @@ -154,7 +154,7 @@ static int st_sensors_set_fullscale(struct iio_dev *indio_dev, unsigned int fs) return err; st_accel_set_fullscale_error: - dev_err(&indio_dev->dev, "failed to set new fullscale.\n"); + dev_err(indio_dev->dev.parent, "failed to set new fullscale.\n"); return err; } @@ -231,8 +231,7 @@ int st_sensors_power_enable(struct iio_dev *indio_dev) ARRAY_SIZE(regulator_names), regulator_names); if (err) - return dev_err_probe(&indio_dev->dev, err, - "unable to enable supplies\n"); + return dev_err_probe(parent, err, "unable to enable supplies\n"); return 0; } @@ -241,13 +240,14 @@ EXPORT_SYMBOL_NS(st_sensors_power_enable, "IIO_ST_SENSORS"); static int st_sensors_set_drdy_int_pin(struct iio_dev *indio_dev, struct st_sensors_platform_data *pdata) { + struct device *parent = indio_dev->dev.parent; struct st_sensor_data *sdata = iio_priv(indio_dev); /* Sensor does not support interrupts */ if (!sdata->sensor_settings->drdy_irq.int1.addr && !sdata->sensor_settings->drdy_irq.int2.addr) { if (pdata->drdy_int_pin) - dev_info(&indio_dev->dev, + dev_info(parent, "DRDY on pin INT%d specified, but sensor does not support interrupts\n", pdata->drdy_int_pin); return 0; @@ -256,29 +256,27 @@ static int st_sensors_set_drdy_int_pin(struct iio_dev *indio_dev, switch (pdata->drdy_int_pin) { case 1: if (!sdata->sensor_settings->drdy_irq.int1.mask) { - dev_err(&indio_dev->dev, - "DRDY on INT1 not available.\n"); + dev_err(parent, "DRDY on INT1 not available.\n"); return -EINVAL; } sdata->drdy_int_pin = 1; break; case 2: if (!sdata->sensor_settings->drdy_irq.int2.mask) { - dev_err(&indio_dev->dev, - "DRDY on INT2 not available.\n"); + dev_err(parent, "DRDY on INT2 not available.\n"); return -EINVAL; } sdata->drdy_int_pin = 2; break; default: - dev_err(&indio_dev->dev, "DRDY on pdata not valid.\n"); + dev_err(parent, "DRDY on pdata not valid.\n"); return -EINVAL; } if (pdata->open_drain) { if (!sdata->sensor_settings->drdy_irq.int1.addr_od && !sdata->sensor_settings->drdy_irq.int2.addr_od) - dev_err(&indio_dev->dev, + dev_err(parent, "open drain requested but unsupported.\n"); else sdata->int_pin_open_drain = true; @@ -336,6 +334,7 @@ EXPORT_SYMBOL_NS(st_sensors_dev_name_probe, "IIO_ST_SENSORS"); int st_sensors_init_sensor(struct iio_dev *indio_dev, struct st_sensors_platform_data *pdata) { + struct device *parent = indio_dev->dev.parent; struct st_sensor_data *sdata = iio_priv(indio_dev); struct st_sensors_platform_data *of_pdata; int err = 0; @@ -343,7 +342,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, mutex_init(&sdata->odr_lock); /* If OF/DT pdata exists, it will take precedence of anything else */ - of_pdata = st_sensors_dev_probe(indio_dev->dev.parent, pdata); + of_pdata = st_sensors_dev_probe(parent, pdata); if (IS_ERR(of_pdata)) return PTR_ERR(of_pdata); if (of_pdata) @@ -370,7 +369,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, if (err < 0) return err; } else - dev_info(&indio_dev->dev, "Full-scale not possible\n"); + dev_info(parent, "Full-scale not possible\n"); err = st_sensors_set_odr(indio_dev, sdata->odr); if (err < 0) @@ -405,7 +404,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, mask = sdata->sensor_settings->drdy_irq.int2.mask_od; } - dev_info(&indio_dev->dev, + dev_info(parent, "set interrupt line to open drain mode on pin %d\n", sdata->drdy_int_pin); err = st_sensors_write_data_with_mask(indio_dev, addr, @@ -593,21 +592,20 @@ EXPORT_SYMBOL_NS(st_sensors_get_settings_index, "IIO_ST_SENSORS"); int st_sensors_verify_id(struct iio_dev *indio_dev) { struct st_sensor_data *sdata = iio_priv(indio_dev); + struct device *parent = indio_dev->dev.parent; int wai, err; if (sdata->sensor_settings->wai_addr) { err = regmap_read(sdata->regmap, sdata->sensor_settings->wai_addr, &wai); if (err < 0) { - dev_err(&indio_dev->dev, - "failed to read Who-Am-I register.\n"); - return err; + return dev_err_probe(parent, err, + "failed to read Who-Am-I register.\n"); } if (sdata->sensor_settings->wai != wai) { - dev_warn(&indio_dev->dev, - "%s: WhoAmI mismatch (0x%x).\n", - indio_dev->name, wai); + dev_warn(parent, "%s: WhoAmI mismatch (0x%x).\n", + indio_dev->name, wai); } } diff --git a/drivers/iio/common/st_sensors/st_sensors_trigger.c b/drivers/iio/common/st_sensors/st_sensors_trigger.c index 9d4bf822a15dfcdd6c2835f6b9d7698cd3cb0b08..8a8ab688d7980f6dd43c660f90a0eba32c38388b 100644 --- a/drivers/iio/common/st_sensors/st_sensors_trigger.c +++ b/drivers/iio/common/st_sensors/st_sensors_trigger.c @@ -127,7 +127,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->trig = devm_iio_trigger_alloc(parent, "%s-trigger", indio_dev->name); if (sdata->trig == NULL) { - dev_err(&indio_dev->dev, "failed to allocate iio trigger.\n"); + dev_err(parent, "failed to allocate iio trigger.\n"); return -ENOMEM; } @@ -143,7 +143,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, case IRQF_TRIGGER_FALLING: case IRQF_TRIGGER_LOW: if (!sdata->sensor_settings->drdy_irq.addr_ihl) { - dev_err(&indio_dev->dev, + dev_err(parent, "falling/low specified for IRQ but hardware supports only rising/high: will request rising/high\n"); if (irq_trig == IRQF_TRIGGER_FALLING) irq_trig = IRQF_TRIGGER_RISING; @@ -156,21 +156,19 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->sensor_settings->drdy_irq.mask_ihl, 1); if (err < 0) return err; - dev_info(&indio_dev->dev, + dev_info(parent, "interrupts on the falling edge or active low level\n"); } break; case IRQF_TRIGGER_RISING: - dev_info(&indio_dev->dev, - "interrupts on the rising edge\n"); + dev_info(parent, "interrupts on the rising edge\n"); break; case IRQF_TRIGGER_HIGH: - dev_info(&indio_dev->dev, - "interrupts active high level\n"); + dev_info(parent, "interrupts active high level\n"); break; default: /* This is the most preferred mode, if possible */ - dev_err(&indio_dev->dev, + dev_err(parent, "unsupported IRQ trigger specified (%lx), enforce rising edge\n", irq_trig); irq_trig = IRQF_TRIGGER_RISING; } @@ -179,7 +177,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, if (irq_trig == IRQF_TRIGGER_FALLING || irq_trig == IRQF_TRIGGER_RISING) { if (!sdata->sensor_settings->drdy_irq.stat_drdy.addr) { - dev_err(&indio_dev->dev, + dev_err(parent, "edge IRQ not supported w/o stat register.\n"); return -EOPNOTSUPP; } @@ -214,13 +212,13 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->trig->name, sdata->trig); if (err) { - dev_err(&indio_dev->dev, "failed to request trigger IRQ.\n"); + dev_err(parent, "failed to request trigger IRQ.\n"); return err; } err = devm_iio_trigger_register(parent, sdata->trig); if (err < 0) { - dev_err(&indio_dev->dev, "failed to register iio trigger.\n"); + dev_err(parent, "failed to register iio trigger.\n"); return err; } indio_dev->trig = iio_trigger_get(sdata->trig); --- base-commit: 7bac2c97af4078d7a627500c9bcdd5b033f97718 change-id: 20250522-st_iio_fix-1c58fdd4d420 Best regards, -- Maud Spierings <maudspierings(a)gocontroll.com>

2 days, 16 hours

4
4
0 0

[PATCH] i2c: qup: jump out of the loop in case of timeout

by Yang Xiwen via B4 Relay

From: Yang Xiwen <forbidden405(a)outlook.com> Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender. Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and return to the caller with -ETIMEDOUT. Cc: stable(a)vger.kernel.org Signed-off-by: Yang Xiwen <forbidden405(a)outlook.com> --- drivers/i2c/busses/i2c-qup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-qup.c b/drivers/i2c/busses/i2c-qup.c index 3a36d682ed57..5b053e51f4c9 100644 --- a/drivers/i2c/busses/i2c-qup.c +++ b/drivers/i2c/busses/i2c-qup.c @@ -452,8 +452,10 @@ static int qup_i2c_bus_active(struct qup_i2c_dev *qup, int len) if (!(status & I2C_STATUS_BUS_ACTIVE)) break; - if (time_after(jiffies, timeout)) + if (time_after(jiffies, timeout)) { ret = -ETIMEDOUT; + break; + } usleep_range(len, len * 2); } --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250615-qca-i2c-d41bb61aa59e Best regards, -- Yang Xiwen <forbidden405(a)outlook.com>

2 days, 17 hours

2
1
0 0

[PATCH v 5] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY

by Minas Harutyunyan

For UTMI+ PHY, according to programming guide, first should be set PMUACTV bit then STOPPCLK bit. Otherwise, when the device issues Remote Wakeup, then host notices disconnect instead. For ULPI PHY, above mentioned bits must be set in reversed order: STOPPCLK then PMUACTV. Fixes: 4483ef3c1685 ("usb: dwc2: Add hibernation updates for ULPI PHY") Cc: stable(a)vger.kernel.org Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> --- Changes in v5: - Rebased on top of Linux 6.16-rc2 Changes in v4: - Rebased on top of Linux 6.15-rc6 Changes in v3: - Rebased on top of Linux 6.15-rc4 Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/dwc2/gadget.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c index d5b622f78cf3..0637bfbc054e 100644 --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -5389,20 +5389,34 @@ int dwc2_gadget_enter_hibernation(struct dwc2_hsotg *hsotg) if (gusbcfg & GUSBCFG_ULPI_UTMI_SEL) { /* ULPI interface */ gpwrdn |= GPWRDN_ULPI_LATCH_EN_DURING_HIB_ENTRY; - } - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); - /* Suspend the Phy Clock */ - pcgcctl = dwc2_readl(hsotg, PCGCTL); - pcgcctl |= PCGCTL_STOPPCLK; - dwc2_writel(hsotg, pcgcctl, PCGCTL); - udelay(10); + /* Suspend the Phy Clock */ + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); - gpwrdn = dwc2_readl(hsotg, GPWRDN); - gpwrdn |= GPWRDN_PMUACTV; - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + } else { + /* UTMI+ Interface */ + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); + } /* Set flag to indicate that we are in hibernation */ hsotg->hibernated = 1; base-commit: 7aed15379db9c6ec67999cdaf5c443b7be06ea73 -- 2.41.0

2 days, 18 hours

2
1
0 0

[PATCH 6.12.y 0/2] crypto: rng - FIPS 140-3 compliance for random number generation

by Jay Wang

This patch series implements FIPS 140-3 compliance requirements for random number generation in the Linux kernel 6.12. The changes ensure that when the kernel is operating in FIPS mode, FIPS-compliant random number generators are used instead of the default /dev/random implementation. IMPORTANT: These two patches must be applied together as a series. Applying only the first patch without the second will cause a deadlock during boot in FIPS-enabled environments. The second patch fixes a critical timing issue introduced by the first patch where the crypto RNG attempts to override the drivers/char/random interface before the default RNG becomes available. The series consists of two patches: 1. Initial implementation to override drivers/char/random in FIPS mode 2. Refinement to ensure override only occurs after FIPS-mode RNGs are available These 2 patches are required for FIPS 140-3 certification and compliance in government and enterprise environments. Herbert Xu (1): crypto: rng - Override drivers/char/random in FIPS mode Jay Wang (1): Override drivers/char/random only after FIPS-mode RNGs become available crypto/rng.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) -- 2.47.1

2 days, 18 hours

3
5
0 0

[tip: ras/urgent] x86/mce: Don't remove sysfs if thresholding sysfs init fails

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the ras/urgent branch of tip: Commit-ID: 4c113a5b28bfd589e2010b5fc8867578b0135ed7 Gitweb: https://git.kernel.org/tip/4c113a5b28bfd589e2010b5fc8867578b0135ed7 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 24 Jun 2025 14:15:56 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Thu, 26 Jun 2025 17:28:13 +02:00 x86/mce: Don't remove sysfs if thresholding sysfs init fails Currently, the MCE subsystem sysfs interface will be removed if the thresholding sysfs interface fails to be created. A common failure is due to new MCA bank types that are not recognized and don't have a short name set. The MCA thresholding feature is optional and should not break the common MCE sysfs interface. Also, new MCA bank types are occasionally introduced, and updates will be needed to recognize them. But likewise, this should not break the common sysfs interface. Keep the MCE sysfs interface regardless of the status of the thresholding sysfs interface. Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Tested-by: Tony Luck <tony.luck(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250624-wip-mca-updates-v4-1-236dd74f645f@amd.com --- arch/x86/kernel/cpu/mce/core.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c index e9b3c5d..07d6193 100644 --- a/arch/x86/kernel/cpu/mce/core.c +++ b/arch/x86/kernel/cpu/mce/core.c @@ -2801,15 +2801,9 @@ static int mce_cpu_dead(unsigned int cpu) static int mce_cpu_online(unsigned int cpu) { struct timer_list *t = this_cpu_ptr(&mce_timer); - int ret; mce_device_create(cpu); - - ret = mce_threshold_create_device(cpu); - if (ret) { - mce_device_remove(cpu); - return ret; - } + mce_threshold_create_device(cpu); mce_reenable_cpu(); mce_start_timer(t); return 0;

2 days, 21 hours

1
0
0 0

[tip: ras/urgent] x86/mce: Ensure user polling settings are honored when restarting timer

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the ras/urgent branch of tip: Commit-ID: 00c092de6f28ebd32208aef83b02d61af2229b60 Gitweb: https://git.kernel.org/tip/00c092de6f28ebd32208aef83b02d61af2229b60 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 24 Jun 2025 14:15:57 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 27 Jun 2025 12:41:44 +02:00 x86/mce: Ensure user polling settings are honored when restarting timer Users can disable MCA polling by setting the "ignore_ce" parameter or by setting "check_interval=0". This tells the kernel to *not* start the MCE timer on a CPU. If the user did not disable CMCI, then storms can occur. When these happen, the MCE timer will be started with a fixed interval. After the storm subsides, the timer's next interval is set to check_interval. This disregards the user's input through "ignore_ce" and "check_interval". Furthermore, if "check_interval=0", then the new timer will run faster than expected. Create a new helper to check these conditions and use it when a CMCI storm ends. [ bp: Massage. ] Fixes: 7eae17c4add5 ("x86/mce: Add per-bank CMCI storm mitigation") Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250624-wip-mca-updates-v4-2-236dd74f645f@amd.com --- arch/x86/kernel/cpu/mce/core.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c index 07d6193..4da4eab 100644 --- a/arch/x86/kernel/cpu/mce/core.c +++ b/arch/x86/kernel/cpu/mce/core.c @@ -1740,6 +1740,11 @@ static void mc_poll_banks_default(void) void (*mc_poll_banks)(void) = mc_poll_banks_default; +static bool should_enable_timer(unsigned long iv) +{ + return !mca_cfg.ignore_ce && iv; +} + static void mce_timer_fn(struct timer_list *t) { struct timer_list *cpu_t = this_cpu_ptr(&mce_timer); @@ -1763,7 +1768,7 @@ static void mce_timer_fn(struct timer_list *t) if (mce_get_storm_mode()) { __start_timer(t, HZ); - } else { + } else if (should_enable_timer(iv)) { __this_cpu_write(mce_next_interval, iv); __start_timer(t, iv); } @@ -2156,11 +2161,10 @@ static void mce_start_timer(struct timer_list *t) { unsigned long iv = check_interval * HZ; - if (mca_cfg.ignore_ce || !iv) - return; - - this_cpu_write(mce_next_interval, iv); - __start_timer(t, iv); + if (should_enable_timer(iv)) { + this_cpu_write(mce_next_interval, iv); + __start_timer(t, iv); + } } static void __mcheck_cpu_setup_timer(void)

2 days, 21 hours

1
0
0 0

[tip: ras/urgent] x86/mce/amd: Add default names for MCA banks and blocks

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the ras/urgent branch of tip: Commit-ID: d66e1e90b16055d2f0ee76e5384e3f119c3c2773 Gitweb: https://git.kernel.org/tip/d66e1e90b16055d2f0ee76e5384e3f119c3c2773 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 24 Jun 2025 14:15:58 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 27 Jun 2025 13:13:36 +02:00 x86/mce/amd: Add default names for MCA banks and blocks Ensure that sysfs init doesn't fail for new/unrecognized bank types or if a bank has additional blocks available. Most MCA banks have a single thresholding block, so the block takes the same name as the bank. Unified Memory Controllers (UMCs) are a special case where there are two blocks and each has a unique name. However, the microarchitecture allows for five blocks. Any new MCA bank types with more than one block will be missing names for the extra blocks. The MCE sysfs will fail to initialize in this case. Fixes: 87a6d4091bd7 ("x86/mce/AMD: Update sysfs bank names for SMCA systems") Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250624-wip-mca-updates-v4-3-236dd74f645f@amd.com --- arch/x86/kernel/cpu/mce/amd.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/amd.c b/arch/x86/kernel/cpu/mce/amd.c index 9d852c3..6820ebc 100644 --- a/arch/x86/kernel/cpu/mce/amd.c +++ b/arch/x86/kernel/cpu/mce/amd.c @@ -1113,13 +1113,20 @@ static const char *get_name(unsigned int cpu, unsigned int bank, struct threshol } bank_type = smca_get_bank_type(cpu, bank); - if (bank_type >= N_SMCA_BANK_TYPES) - return NULL; if (b && (bank_type == SMCA_UMC || bank_type == SMCA_UMC_V2)) { if (b->block < ARRAY_SIZE(smca_umc_block_names)) return smca_umc_block_names[b->block]; - return NULL; + } + + if (b && b->block) { + snprintf(buf_mcatype, MAX_MCATYPE_NAME_LEN, "th_block_%u", b->block); + return buf_mcatype; + } + + if (bank_type >= N_SMCA_BANK_TYPES) { + snprintf(buf_mcatype, MAX_MCATYPE_NAME_LEN, "th_bank_%u", bank); + return buf_mcatype; } if (per_cpu(smca_bank_counts, cpu)[bank_type] == 1)

2 days, 21 hours

1
0
0 0

[tip: ras/urgent] x86/mce/amd: Fix threshold limit reset

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the ras/urgent branch of tip: Commit-ID: 5f6e3b720694ad771911f637a51930f511427ce1 Gitweb: https://git.kernel.org/tip/5f6e3b720694ad771911f637a51930f511427ce1 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 24 Jun 2025 14:15:59 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 27 Jun 2025 13:16:23 +02:00 x86/mce/amd: Fix threshold limit reset The MCA threshold limit must be reset after servicing the interrupt. Currently, the restart function doesn't have an explicit check for this. It makes some assumptions based on the current limit and what's in the registers. These assumptions don't always hold, so the limit won't be reset in some cases. Make the reset condition explicit. Either an interrupt/overflow has occurred or the bank is being initialized. Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250624-wip-mca-updates-v4-4-236dd74f645f@amd.com --- arch/x86/kernel/cpu/mce/amd.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/amd.c b/arch/x86/kernel/cpu/mce/amd.c index 6820ebc..5c4eb28 100644 --- a/arch/x86/kernel/cpu/mce/amd.c +++ b/arch/x86/kernel/cpu/mce/amd.c @@ -350,7 +350,6 @@ static void smca_configure(unsigned int bank, unsigned int cpu) struct thresh_restart { struct threshold_block *b; - int reset; int set_lvt_off; int lvt_off; u16 old_limit; @@ -432,13 +431,13 @@ static void threshold_restart_bank(void *_tr) rdmsr(tr->b->address, lo, hi); - if (tr->b->threshold_limit < (hi & THRESHOLD_MAX)) - tr->reset = 1; /* limit cannot be lower than err count */ - - if (tr->reset) { /* reset err count and overflow bit */ - hi = - (hi & ~(MASK_ERR_COUNT_HI | MASK_OVERFLOW_HI)) | - (THRESHOLD_MAX - tr->b->threshold_limit); + /* + * Reset error count and overflow bit. + * This is done during init or after handling an interrupt. + */ + if (hi & MASK_OVERFLOW_HI || tr->set_lvt_off) { + hi &= ~(MASK_ERR_COUNT_HI | MASK_OVERFLOW_HI); + hi |= THRESHOLD_MAX - tr->b->threshold_limit; } else if (tr->old_limit) { /* change limit w/o reset */ int new_count = (hi & THRESHOLD_MAX) + (tr->old_limit - tr->b->threshold_limit);

2 days, 21 hours

1
0
0 0

[PATCH v2 1/1] mm/rmap: fix potential out-of-bounds page table access during batched unmap

by Lance Yang

From: Lance Yang <lance.yang(a)linux.dev> As pointed out by David[1], the batched unmap logic in try_to_unmap_one() can read past the end of a PTE table if a large folio is mapped starting at the last entry of that table. It would be quite rare in practice, as MADV_FREE typically splits the large folio ;) So let's fix the potential out-of-bounds read by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper now correctly calculates the safe number of pages to scan by limiting the operation to the boundaries of the current VMA and the PTE table. In addition, the "all-or-nothing" batching restriction is removed to support partial batches. The reference counting is also cleaned up to use folio_put_refs(). [1] https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Cc: <stable(a)vger.kernel.org> Suggested-by: David Hildenbrand <david(a)redhat.com> Suggested-by: Barry Song <baohua(a)kernel.org> Signed-off-by: Lance Yang <lance.yang(a)linux.dev> --- v1 -> v2: - Update subject and changelog (per Barry) - https://lore.kernel.org/linux-mm/20250627025214.30887-1-lance.yang@linux.dev mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/mm/rmap.c b/mm/rmap.c index fb63d9256f09..1320b88fab74 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio *folio, struct page *page, #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: -- 2.49.0

3 days, 10 hours

5
9
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Fri, 27 Jun 2025 14:20:14 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in", v3. The current mTHP swapin path have some problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio) and added more sanity checks and comments. !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (24 samples each): Before: 11.17, Standard Deviation: 0.02 After patch 1: 10.89, Standard Deviation: 0.05 After patch 2: 10.84, Standard Deviation: 0.03 After patch 3: 10.91, Standard Deviation: 0.03 After patch 4: 10.86, Standard Deviation: 0.03 After patch 5: 10.07, Standard Deviation: 0.04 After patch 7: 10.09, Standard Deviation: 0.03 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 test runs): Before: system time avg: 3911.80s After: system time avg: 3863.76s This patch (of 7): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250627062020.534-2-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250627062020.534-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-tidy-up-thp-swapin-checks.patch mm-shmem-swap-clean-up-swap-entry-splitting.patch mm-shmem-swap-never-use-swap-cache-and-readahead-for-swp_synchronous_io.patch mm-shmem-swap-fix-major-fault-counting.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

3 days, 13 hours

1
0
0 0

+ mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lance Yang <lance.yang(a)linux.dev> Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap Date: Fri, 27 Jun 2025 14:23:19 +0800 As pointed out by David[1], the batched unmap logic in try_to_unmap_one() can read past the end of a PTE table if a large folio is mapped starting at the last entry of that table. It would be quite rare in practice, as MADV_FREE typically splits the large folio ;) So let's fix the potential out-of-bounds read by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper now correctly calculates the safe number of pages to scan by limiting the operation to the boundaries of the current VMA and the PTE table. In addition, the "all-or-nothing" batching restriction is removed to support partial batches. The reference counting is also cleaned up to use folio_put_refs(). [1] https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Link: https://lkml.kernel.org/r/20250627062319.84936-1-lance.yang@linux.dev Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Signed-off-by: Lance Yang <lance.yang(a)linux.dev> Suggested-by: David Hildenbrand <david(a)redhat.com> Suggested-by: Barry Song <baohua(a)kernel.org> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <huang.ying.caritas(a)gmail.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Lance Yang <lance.yang(a)linux.dev> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mingzhe Yang <mingzhe.yang(a)ly.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) --- a/mm/rmap.c~mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap +++ a/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct foli if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ discard: hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: _ Patches currently in -mm which might be from lance.yang(a)linux.dev are mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch

3 days, 13 hours

1
0
0 0

[PATCH v1 3/4] mpi3mr: Serialize admin queue BAR writes on 32-bit systems

by Ranjan Kumar

On 32-bit systems, 64-bit BAR writes to admin queue registers are performed as two 32-bit writes. Without locking, this can cause partial writes when accessed concurrently. Updated per-queue spinlocks is used to serialize these writes and prevent race conditions. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr.h | 4 ++++ drivers/scsi/mpi3mr/mpi3mr_fw.c | 15 +++++++++++---- drivers/scsi/mpi3mr/mpi3mr_os.c | 2 ++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index bf272dd69d23..f2201108ea91 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -1137,6 +1137,8 @@ struct scmd_priv { * @logdata_buf: Circular buffer to store log data entries * @logdata_buf_idx: Index of entry in buffer to store * @logdata_entry_sz: log data entry size + * @adm_req_q_bar_writeq_lock: Admin request queue lock + * @adm_reply_q_bar_writeq_lock: Admin reply queue lock * @pend_large_data_sz: Counter to track pending large data * @io_throttle_data_length: I/O size to track in 512b blocks * @io_throttle_high: I/O size to start throttle in 512b blocks @@ -1339,6 +1341,8 @@ struct mpi3mr_ioc { u8 *logdata_buf; u16 logdata_buf_idx; u16 logdata_entry_sz; + spinlock_t adm_req_q_bar_writeq_lock; + spinlock_t adm_reply_q_bar_writeq_lock; atomic_t pend_large_data_sz; u32 io_throttle_data_length; diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 8976582946a2..0152d31d430a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -23,17 +23,22 @@ module_param(poll_queues, int, 0444); MODULE_PARM_DESC(poll_queues, "Number of queues for io_uring poll mode. (Range 1 - 126)"); #if defined(writeq) && defined(CONFIG_64BIT) -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { writeq(b, addr); } #else -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { __u64 data_out = b; + unsigned long flags; + spin_lock_irqsave(write_queue_lock, flags); writel((u32)(data_out), addr); writel((u32)(data_out >> 32), (addr + 4)); + spin_unlock_irqrestore(write_queue_lock, flags); } #endif @@ -2954,9 +2959,11 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc) (mrioc->num_admin_req); writel(num_admin_entries, &mrioc->sysif_regs->admin_queue_num_entries); mpi3mr_writeq(mrioc->admin_req_dma, - &mrioc->sysif_regs->admin_request_queue_address); + &mrioc->sysif_regs->admin_request_queue_address, + &mrioc->adm_req_q_bar_writeq_lock); mpi3mr_writeq(mrioc->admin_reply_dma, - &mrioc->sysif_regs->admin_reply_queue_address); + &mrioc->sysif_regs->admin_reply_queue_address, + &mrioc->adm_reply_q_bar_writeq_lock); writel(mrioc->admin_req_pi, &mrioc->sysif_regs->admin_request_queue_pi); writel(mrioc->admin_reply_ci, &mrioc->sysif_regs->admin_reply_queue_ci); return retval; diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index ce444efd859e..0d1c9bbb13b5 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -5365,6 +5365,8 @@ mpi3mr_probe(struct pci_dev *pdev, const struct pci_device_id *id) spin_lock_init(&mrioc->tgtdev_lock); spin_lock_init(&mrioc->watchdog_lock); spin_lock_init(&mrioc->chain_buf_lock); + spin_lock_init(&mrioc->adm_req_q_bar_writeq_lock); + spin_lock_init(&mrioc->adm_reply_q_bar_writeq_lock); spin_lock_init(&mrioc->sas_node_lock); spin_lock_init(&mrioc->trigger_lock); -- 2.31.1

3 days, 13 hours

1
0
0 0

[PATCH v1 1/4] mpi3mr: Fix race between config read submit and interrupt completion

by Ranjan Kumar

The "is_waiting" flag was updated after calling complete(), which could lead to a race where the waiting thread wakes up before the flag is cleared, may cause a missed wakeup or stale state check. Reorder the operations to update "is_waiting" before signaling completion to ensure consistent state. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 1d7901a8f0e4..0186676698d4 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -428,8 +428,8 @@ static void mpi3mr_process_admin_reply_desc(struct mpi3mr_ioc *mrioc, MPI3MR_SENSE_BUF_SZ); } if (cmdptr->is_waiting) { - complete(&cmdptr->done); cmdptr->is_waiting = 0; + complete(&cmdptr->done); } else if (cmdptr->callback) cmdptr->callback(mrioc, cmdptr); } -- 2.31.1

3 days, 13 hours

1
0
0 0

FAILED: patch "[PATCH] nvme: always punt polled uring_cmd end_io work to task_work" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9ce6c9875f3e995be5fd720b65835291f8a609b1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-skydiver-undergrad-6e0f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ce6c9875f3e995be5fd720b65835291f8a609b1 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Fri, 13 Jun 2025 13:37:41 -0600 Subject: [PATCH] nvme: always punt polled uring_cmd end_io work to task_work Currently NVMe uring_cmd completions will complete locally, if they are polled. This is done because those completions are always invoked from task context. And while that is true, there's no guarantee that it's invoked under the right ring context, or even task. If someone does NVMe passthrough via multiple threads and with a limited number of poll queues, then ringA may find completions from ringB. For that case, completing the request may not be sound. Always just punt the passthrough completions via task_work, which will redirect the completion, if needed. Cc: stable(a)vger.kernel.org Fixes: 585079b6e425 ("nvme: wire up async polling for io passthrough commands") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c index 0b50da2f1175..6b3ac8ae3f34 100644 --- a/drivers/nvme/host/ioctl.c +++ b/drivers/nvme/host/ioctl.c @@ -429,21 +429,14 @@ static enum rq_end_io_ret nvme_uring_cmd_end_io(struct request *req, pdu->result = le64_to_cpu(nvme_req(req)->result.u64); /* - * For iopoll, complete it directly. Note that using the uring_cmd - * helper for this is safe only because we check blk_rq_is_poll(). - * As that returns false if we're NOT on a polled queue, then it's - * safe to use the polled completion helper. - * - * Otherwise, move the completion to task work. + * IOPOLL could potentially complete this request directly, but + * if multiple rings are polling on the same queue, then it's possible + * for one ring to find completions for another ring. Punting the + * completion via task_work will always direct it to the right + * location, rather than potentially complete requests for ringA + * under iopoll invocations from ringB. */ - if (blk_rq_is_poll(req)) { - if (pdu->bio) - blk_rq_unmap_user(pdu->bio); - io_uring_cmd_iopoll_done(ioucmd, pdu->result, pdu->status); - } else { - io_uring_cmd_do_in_task_lazy(ioucmd, nvme_uring_task_cb); - } - + io_uring_cmd_do_in_task_lazy(ioucmd, nvme_uring_task_cb); return RQ_END_IO_FREE; }

3 days, 16 hours

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror