- Linux-stable-mirror - lists.linaro.org

[RESEND PATCH v3] x86: Clear feature bits disabled at compile-time

by Maciej Wieczor-Retman

If some config options are disabled during compile time, they still are enumerated in macros that use the x86_capability bitmask - cpu_has() or this_cpu_has(). The features are also visible in /proc/cpuinfo even though they are not enabled - which is contrary to what the documentation states about the file. Examples of such feature flags are lam, fred, sgx, ibrs_enhanced, split_lock_detect, user_shstk, avx_vnni and enqcmd. Add a DISABLED_MASK_INITIALIZER macro that creates an initializer list filled with DISABLED_MASKx bitmasks. Initialize the cpu_caps_cleared array with the autogenerated disabled bitmask. Fixes: ea4e3bef4c94 ("Documentation/x86: Add documentation for /proc/cpuinfo feature flags") Reported-by: Farrah Chen <farrah.chen(a)intel.com> Signed-off-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Cc: <stable(a)vger.kernel.org> --- Resend: - Fix macro name to match with the patch message. - Add Peter's SoB. Changelog v3: - Remove Fixes: tags, keep only one at the point where the documentation changed and promised feature bits wouldn't show up if they're not enabled. - Don't use a helper to initialize cpu_caps_cleared, just statically initialize it. - Remove changes to cpu_caps_set. - Rewrite patch message to account for changes. Changelog v2: - Redo the patch to utilize a more generic solution, not just fix the LAM and FRED feature bits. - Note more feature flags that shouldn't be present. - Add fixes and cc tags. arch/x86/kernel/cpu/common.c | 3 ++- arch/x86/tools/cpufeaturemasks.awk | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 77afca95cced..a9040038ad9d 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -704,7 +704,8 @@ static const char *table_lookup_model(struct cpuinfo_x86 *c) } /* Aligned to unsigned long to avoid split lock in atomic bitmap ops */ -__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long)); +__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long)) = + DISABLED_MASK_INITIALIZER; __u32 cpu_caps_set[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long)); #ifdef CONFIG_X86_32 diff --git a/arch/x86/tools/cpufeaturemasks.awk b/arch/x86/tools/cpufeaturemasks.awk index 173d5bf2d999..1eabbc69f50d 100755 --- a/arch/x86/tools/cpufeaturemasks.awk +++ b/arch/x86/tools/cpufeaturemasks.awk @@ -84,5 +84,11 @@ END { printf "\t) & (1U << ((x) & 31)))\n\n"; } + printf "\n#define DISABLED_MASK_INITIALIZER\t\t\t\\"; + printf "\n\t{\t\t\t\t\t\t\\"; + for (i = 0; i < ncapints; i++) + printf "\n\t\tDISABLED_MASK%d,\t\t\t\\", i; + printf "\n\t}\n\n"; + printf "#endif /* _ASM_X86_CPUFEATUREMASKS_H */\n"; } -- 2.49.0

1 month, 3 weeks

2
3
0 0

[PATCH V3 REPOST] comedi: pcl726: Prevent invalid irq number

by Ian Abbott

From: Edward Adam Davis <eadavis(a)qq.com> The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob. Added an interrupt number check to prevent users from passing in an irq number that was too large. If `it->options[1]` is 31, then `1 << it->options[1]` is still invalid because it shifts a 1-bit into the sign bit (which is UB in C). Possible solutions include reducing the upper bound on the `it->options[1]` value to 30 or lower, or using `1U << it->options[1]`. The old code would just not attempt to request the IRQ if the `options[1]` value were invalid. And it would still configure the device without interrupts even if the call to `request_irq` returned an error. So it would be better to combine this test with the test below. Fixes: fff46207245c ("staging: comedi: pcl726: enable the interrupt support code") Cc: <stable(a)vger.kernel.org> # 5.13+ Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reported-by: syzbot+5cd373521edd68bebcb3(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5cd373521edd68bebcb3 Tested-by: syzbot+5cd373521edd68bebcb3(a)syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Reviewed-by: Ian Abbott <abbotti(a)mev.co.uk> --- drivers/comedi/drivers/pcl726.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/comedi/drivers/pcl726.c b/drivers/comedi/drivers/pcl726.c index 0430630e6ebb..b542896fa0e4 100644 --- a/drivers/comedi/drivers/pcl726.c +++ b/drivers/comedi/drivers/pcl726.c @@ -328,7 +328,8 @@ static int pcl726_attach(struct comedi_device *dev, * Hook up the external trigger source interrupt only if the * user config option is valid and the board supports interrupts. */ - if (it->options[1] && (board->irq_mask & (1 << it->options[1]))) { + if (it->options[1] > 0 && it->options[1] < 16 && + (board->irq_mask & (1U << it->options[1]))) { ret = request_irq(it->options[1], pcl726_interrupt, 0, dev->board_name, dev); if (ret == 0) { -- 2.47.2

1 month, 3 weeks

1
1
0 0

[STABLE 5.15+] f2fs: sysfs: add encoding_flags entry

by Lee Jones

On Wed, 16 Apr 2025, Chao Yu wrote: > This patch adds a new sysfs entry /sys/fs/f2fs/<disk>/encoding_flags, > it is a read-only entry to show the value of sb.s_encoding_flags, the > value is hexadecimal. > > =========================== ========== > Flag_Name Flag_Value > =========================== ========== > SB_ENC_STRICT_MODE_FL 0x00000001 > SB_ENC_NO_COMPAT_FALLBACK_FL 0x00000002 > =========================== ========== > > case#1 > mkfs.f2fs -f -O casefold -C utf8:strict /dev/vda > mount /dev/vda /mnt/f2fs > cat /sys/fs/f2fs/vda/encoding_flags > 1 > > case#2 > mkfs.f2fs -f -O casefold -C utf8 /dev/vda > fsck.f2fs --nolinear-lookup=1 /dev/vda > mount /dev/vda /mnt/f2fs > cat /sys/fs/f2fs/vda/encoding_flags > 2 > > Signed-off-by: Chao Yu <chao(a)kernel.org> > --- > Documentation/ABI/testing/sysfs-fs-f2fs | 13 +++++++++++++ > fs/f2fs/sysfs.c | 9 +++++++++ > 2 files changed, 22 insertions(+) This patch, commit 617e0491abe4 ("f2fs: sysfs: export linear_lookup in features directory") upstream, needs to find its way into all Stable branches containing upstream commit 91b587ba79e1 ("f2fs: Introduce linear search for dentries"), which is essentially linux-5.15.y and newer. stable/linux-5.4.y: MISSING: f2fs: Introduce linear search for dentries MISSING: f2fs: sysfs: export linear_lookup in features directory stable/linux-5.10.y: MISSING: f2fs: Introduce linear search for dentries MISSING: f2fs: sysfs: export linear_lookup in features directory stable/linux-5.15.y: b0938ffd39ae f2fs: Introduce linear search for dentries [5.15.179] MISSING: f2fs: sysfs: export linear_lookup in features directory stable/linux-6.1.y: de605097eb17 f2fs: Introduce linear search for dentries [6.1.129] MISSING: f2fs: sysfs: export linear_lookup in features directory stable/linux-6.6.y: 0bf2adad03e1 f2fs: Introduce linear search for dentries [6.6.76] MISSING: f2fs: sysfs: export linear_lookup in features directory stable/linux-6.12.y: 00d1943fe46d f2fs: Introduce linear search for dentries [6.12.13] MISSING: f2fs: sysfs: export linear_lookup in features directory mainline: 91b587ba79e1 f2fs: Introduce linear search for dentries 617e0491abe4 f2fs: sysfs: export linear_lookup in features directory > diff --git a/Documentation/ABI/testing/sysfs-fs-f2fs > b/Documentation/ABI/testing/sysfs-fs-f2fs index > 59adb7dc6f9e..0dbe6813b709 100644 --- > a/Documentation/ABI/testing/sysfs-fs-f2fs +++ > b/Documentation/ABI/testing/sysfs-fs-f2fs @@ -846,3 +846,16 @@ > Description: For several zoned storage devices, vendors will provide > extra space reserved_blocks. However, it is not enough, since this > extra space should not be shown to users. So, with this new sysfs > node, we can hide the space by substracting reserved_blocks from total > bytes. + +What: /sys/fs/f2fs/<disk>/encoding_flags > +Date: April 2025 +Contact: "Chao Yu" > <chao(a)kernel.org> +Description: This is a read-only entry to > show the value of sb.s_encoding_flags, the + value is > hexadecimal. + + =========================== > ========== + Flag_Name Flag_Value + > =========================== ========== + > SB_ENC_STRICT_MODE_FL 0x00000001 + > SB_ENC_NO_COMPAT_FALLBACK_FL 0x00000002 + > =========================== ========== diff --git > a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c index 3a3485622691..cf98c5cbb98a > 100644 --- a/fs/f2fs/sysfs.c +++ b/fs/f2fs/sysfs.c @@ -274,6 +274,13 > @@ static ssize_t encoding_show(struct f2fs_attr *a, return > sysfs_emit(buf, "(none)\n"); } > > +static ssize_t encoding_flags_show(struct f2fs_attr *a, + > struct f2fs_sb_info *sbi, char *buf) +{ + return sysfs_emit(buf, > "%x\n", + > le16_to_cpu(F2FS_RAW_SUPER(sbi)->s_encoding_flags)); +} + static > ssize_t mounted_time_sec_show(struct f2fs_attr *a, struct f2fs_sb_info > *sbi, char *buf) { @@ -1158,6 +1165,7 @@ > F2FS_GENERAL_RO_ATTR(features); > F2FS_GENERAL_RO_ATTR(current_reserved_blocks); > F2FS_GENERAL_RO_ATTR(unusable); F2FS_GENERAL_RO_ATTR(encoding); > +F2FS_GENERAL_RO_ATTR(encoding_flags); > F2FS_GENERAL_RO_ATTR(mounted_time_sec); > F2FS_GENERAL_RO_ATTR(main_blkaddr); > F2FS_GENERAL_RO_ATTR(pending_discard); @@ -1270,6 +1278,7 @@ static > struct attribute *f2fs_attrs[] = { ATTR_LIST(reserved_blocks), > ATTR_LIST(current_reserved_blocks), ATTR_LIST(encoding), + > ATTR_LIST(encoding_flags), ATTR_LIST(mounted_time_sec), #ifdef > CONFIG_F2FS_STAT_FS ATTR_LIST(cp_foreground_calls), -- 2.49.0 > -- Lee Jones [李琼斯]

1 month, 3 weeks

2
4
0 0

[PATCH 3/5] usb: gadget: udc: renesas_usb3: fix device leak at unbind

by Johan Hovold

Make sure to drop the reference to the companion device taken during probe when the driver is unbound. Fixes: 39facfa01c9f ("usb: gadget: udc: renesas_usb3: Add register of usb role switch") Cc: stable(a)vger.kernel.org # 4.19 Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/gadget/udc/renesas_usb3.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 3e4d56457597..d23b1762e0e4 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2657,6 +2657,7 @@ static void renesas_usb3_remove(struct platform_device *pdev) struct renesas_usb3 *usb3 = platform_get_drvdata(pdev); debugfs_remove_recursive(usb3->dentry); + put_device(usb3->host_dev); device_remove_file(&pdev->dev, &dev_attr_role); cancel_work_sync(&usb3->role_work); -- 2.49.1

1 month, 3 weeks

1
0
0 0

[PATCH 1/5] usb: dwc3: imx8mp: fix device leak at unbind

by Johan Hovold

Make sure to drop the reference to the dwc3 device taken by of_find_device_by_node() on probe errors and on driver unbind. Fixes: 6dd2565989b4 ("usb: dwc3: add imx8mp dwc3 glue layer driver") Cc: stable(a)vger.kernel.org # 5.12 Cc: Li Jun <jun.li(a)nxp.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/dwc3/dwc3-imx8mp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/dwc3-imx8mp.c b/drivers/usb/dwc3/dwc3-imx8mp.c index 3edc5aca76f9..bce6af82f54c 100644 --- a/drivers/usb/dwc3/dwc3-imx8mp.c +++ b/drivers/usb/dwc3/dwc3-imx8mp.c @@ -244,7 +244,7 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) IRQF_ONESHOT, dev_name(dev), dwc3_imx); if (err) { dev_err(dev, "failed to request IRQ #%d --> %d\n", irq, err); - goto depopulate; + goto put_dwc3; } device_set_wakeup_capable(dev, true); @@ -252,6 +252,8 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) return 0; +put_dwc3: + put_device(&dwc3_imx->dwc3->dev); depopulate: of_platform_depopulate(dev); remove_swnode: @@ -265,8 +267,11 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) static void dwc3_imx8mp_remove(struct platform_device *pdev) { + struct dwc3_imx8mp *dwc3_imx = platform_get_drvdata(pdev); struct device *dev = &pdev->dev; + put_device(&dwc3_imx->dwc3->dev); + pm_runtime_get_sync(dev); of_platform_depopulate(dev); device_remove_software_node(dev); -- 2.49.1

1 month, 3 weeks

1
0
0 0

Linux 6.15.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.8 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/freescale/fsl-ls1046a.dtsi | 3 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-venice-gw71xx.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-venice-gw73xx.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-venice-gw74xx.dts | 2 arch/arm64/boot/dts/freescale/imx95-15x15-evk.dts | 20 arch/arm64/boot/dts/freescale/imx95-19x19-evk.dts | 12 arch/arm64/boot/dts/freescale/imx95.dtsi | 2 arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 23 arch/arm64/boot/dts/rockchip/rk3576-armsom-sige5.dts | 28 arch/arm64/boot/dts/rockchip/rk3588-coolpi-cm5.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 1 arch/riscv/kernel/traps.c | 10 arch/riscv/kernel/traps_misaligned.c | 2 arch/s390/net/bpf_jit_comp.c | 10 arch/x86/kvm/xen.c | 2 block/blk-sysfs.c | 1 drivers/block/loop.c | 5 drivers/bluetooth/bfusb.c | 2 drivers/bluetooth/bpa10x.c | 2 drivers/bluetooth/btbcm.c | 8 drivers/bluetooth/btintel.c | 30 drivers/bluetooth/btintel_pcie.c | 8 drivers/bluetooth/btmtksdio.c | 4 drivers/bluetooth/btmtkuart.c | 2 drivers/bluetooth/btnxpuart.c | 2 drivers/bluetooth/btqca.c | 2 drivers/bluetooth/btqcomsmd.c | 2 drivers/bluetooth/btrtl.c | 10 drivers/bluetooth/btsdio.c | 2 drivers/bluetooth/btusb.c | 148 +- drivers/bluetooth/hci_aml.c | 2 drivers/bluetooth/hci_bcm.c | 4 drivers/bluetooth/hci_bcm4377.c | 10 drivers/bluetooth/hci_intel.c | 2 drivers/bluetooth/hci_ldisc.c | 6 drivers/bluetooth/hci_ll.c | 4 drivers/bluetooth/hci_nokia.c | 2 drivers/bluetooth/hci_qca.c | 14 drivers/bluetooth/hci_serdev.c | 8 drivers/bluetooth/hci_vhci.c | 8 drivers/bluetooth/virtio_bt.c | 10 drivers/comedi/comedi_fops.c | 30 drivers/comedi/drivers.c | 17 drivers/comedi/drivers/aio_iiro_16.c | 3 drivers/comedi/drivers/comedi_test.c | 2 drivers/comedi/drivers/das16m1.c | 3 drivers/comedi/drivers/das6402.c | 3 drivers/comedi/drivers/pcl812.c | 3 drivers/cpuidle/cpuidle-psci.c | 23 drivers/dma/mediatek/mtk-cqdma.c | 4 drivers/dma/nbpfaxi.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 9 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 11 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn401/dcn401_clk_mgr.c | 3 drivers/gpu/drm/mediatek/mtk_crtc.c | 36 drivers/gpu/drm/mediatek/mtk_crtc.h | 1 drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 1 drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 9 drivers/gpu/drm/mediatek/mtk_disp_drv.h | 1 drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 7 drivers/gpu/drm/mediatek/mtk_plane.c | 12 drivers/gpu/drm/mediatek/mtk_plane.h | 3 drivers/gpu/drm/panfrost/panfrost_job.c | 2 drivers/gpu/drm/xe/xe_gt.c | 13 drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 19 drivers/gpu/drm/xe/xe_gt_sriov_pf.h | 5 drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 27 drivers/gpu/drm/xe/xe_ring_ops.c | 22 drivers/hid/hid-core.c | 19 drivers/hwmon/corsair-cpro.c | 5 drivers/i2c/busses/i2c-omap.c | 7 drivers/i2c/busses/i2c-stm32.c | 8 drivers/i2c/busses/i2c-stm32f7.c | 24 drivers/iio/accel/fxls8962af-core.c | 2 drivers/iio/accel/st_accel_core.c | 10 drivers/iio/adc/ad7380.c | 5 drivers/iio/adc/adi-axi-adc.c | 6 drivers/iio/adc/axp20x_adc.c | 1 drivers/iio/adc/max1363.c | 43 drivers/iio/adc/stm32-adc-core.c | 7 drivers/iio/common/st_sensors/st_sensors_core.c | 36 drivers/iio/common/st_sensors/st_sensors_trigger.c | 20 drivers/iio/industrialio-backend.c | 5 drivers/input/joystick/xpad.c | 2 drivers/md/dm-bufio.c | 6 drivers/memstick/core/memstick.c | 2 drivers/mmc/host/bcm2835.c | 3 drivers/mmc/host/sdhci-pci-core.c | 3 drivers/mmc/host/sdhci_am654.c | 9 drivers/net/can/m_can/tcan4x5x-core.c | 61 - drivers/net/ethernet/airoha/airoha_npu.c | 3 drivers/net/ethernet/intel/ice/ice_debugfs.c | 2 drivers/net/ethernet/intel/ice/ice_lag.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 12 drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 8 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 9 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 20 drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 drivers/net/hyperv/netvsc_drv.c | 5 drivers/net/phy/phy_device.c | 6 drivers/net/usb/sierra_net.c | 4 drivers/net/virtio_net.c | 2 drivers/net/wireless/intel/iwlwifi/fw/api/nvm-reg.h | 5 drivers/net/wireless/intel/iwlwifi/fw/regulatory.c | 1 drivers/net/wireless/intel/iwlwifi/mld/regulatory.c | 4 drivers/nvme/host/core.c | 27 drivers/nvme/target/tcp.c | 4 drivers/nvmem/imx-ocotp-ele.c | 5 drivers/nvmem/imx-ocotp.c | 5 drivers/nvmem/layouts/u-boot-env.c | 6 drivers/phy/phy-core.c | 5 drivers/phy/tegra/xusb-tegra186.c | 75 - drivers/phy/tegra/xusb.h | 1 drivers/pmdomain/governor.c | 18 drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 drivers/soundwire/amd_manager.c | 4 drivers/soundwire/qcom.c | 26 drivers/spi/spi.c | 14 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 95 + drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c | 1 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.h | 2 drivers/thunderbolt/switch.c | 10 drivers/thunderbolt/tb.h | 2 drivers/thunderbolt/usb4.c | 12 drivers/tty/serial/pch_uart.c | 2 drivers/usb/core/hub.c | 36 drivers/usb/core/hub.h | 1 drivers/usb/dwc2/gadget.c | 38 drivers/usb/dwc3/dwc3-qcom.c | 8 drivers/usb/gadget/configfs.c | 4 drivers/usb/musb/musb_gadget.c | 2 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 3 drivers/usb/serial/option.c | 5 fs/cachefiles/io.c | 2 fs/cachefiles/ondemand.c | 4 fs/efivarfs/super.c | 6 fs/isofs/inode.c | 9 fs/netfs/read_pgpriv2.c | 5 fs/notify/dnotify/dnotify.c | 8 fs/smb/client/cifs_debug.c | 23 fs/smb/client/file.c | 10 fs/smb/client/smb2inode.c | 3 fs/smb/client/smb2ops.c | 24 fs/smb/client/smbdirect.c | 544 ++++------ fs/smb/client/smbdirect.h | 64 - fs/smb/common/smbdirect/smbdirect.h | 37 fs/smb/common/smbdirect/smbdirect_pdu.h | 55 + fs/smb/common/smbdirect/smbdirect_socket.h | 43 fs/xfs/libxfs/xfs_group.c | 14 fs/xfs/xfs_extent_busy.h | 8 include/linux/phy/phy.h | 2 include/net/bluetooth/hci.h | 2 include/net/bluetooth/hci_core.h | 50 include/net/cfg80211.h | 2 include/net/netfilter/nf_conntrack.h | 15 include/trace/events/netfs.h | 30 include/trace/events/rxrpc.h | 6 io_uring/net.c | 12 io_uring/poll.c | 2 kernel/bpf/helpers.c | 11 kernel/cgroup/legacy_freezer.c | 8 kernel/freezer.c | 15 kernel/sched/ext.c | 12 kernel/sched/loadavg.c | 2 kernel/sched/sched.h | 2 kernel/trace/trace_events.c | 5 kernel/trace/trace_osnoise.c | 2 kernel/trace/trace_probe.c | 2 net/8021q/vlan.c | 42 net/8021q/vlan.h | 1 net/bluetooth/hci_core.c | 4 net/bluetooth/hci_debugfs.c | 8 net/bluetooth/hci_event.c | 19 net/bluetooth/hci_sync.c | 63 - net/bluetooth/l2cap_core.c | 26 net/bluetooth/l2cap_sock.c | 3 net/bluetooth/mgmt.c | 38 net/bluetooth/msft.c | 2 net/bluetooth/smp.c | 21 net/bluetooth/smp.h | 1 net/bridge/br_switchdev.c | 3 net/ipv4/tcp_offload.c | 1 net/ipv4/udp_offload.c | 1 net/ipv6/mcast.c | 2 net/ipv6/rpl_iptunnel.c | 8 net/mptcp/options.c | 3 net/mptcp/pm.c | 8 net/mptcp/protocol.c | 56 - net/mptcp/protocol.h | 29 net/mptcp/subflow.c | 30 net/netfilter/nf_conntrack_core.c | 26 net/packet/af_packet.c | 27 net/phonet/pep.c | 2 net/rxrpc/ar-internal.h | 4 net/rxrpc/call_accept.c | 14 net/rxrpc/call_object.c | 28 net/rxrpc/io_thread.c | 14 net/rxrpc/output.c | 22 net/rxrpc/peer_object.c | 6 net/rxrpc/recvmsg.c | 23 net/rxrpc/security.c | 8 net/sched/sch_htb.c | 4 net/sched/sch_qfq.c | 30 net/smc/af_smc.c | 14 net/smc/smc.h | 8 net/tls/tls_strp.c | 3 rust/Makefile | 1 rust/kernel/firmware.rs | 2 rust/kernel/init.rs | 8 rust/kernel/kunit.rs | 2 rust/kernel/lib.rs | 2 rust/macros/module.rs | 10 scripts/Makefile.build | 2 sound/core/compress_offload.c | 48 sound/pci/hda/patch_realtek.c | 2 tools/hv/hv_fcopy_uio_daemon.c | 91 + tools/lib/bpf/libbpf.c | 20 tools/objtool/check.c | 1 tools/testing/selftests/net/udpgro.sh | 8 tools/testing/selftests/sched_ext/exit.c | 8 227 files changed, 2113 insertions(+), 1236 deletions(-) Al Viro (1): fix a leak in fcntl_dirnotify() Alessandro Gasbarroni (1): Bluetooth: hci_sync: fix connectable extended advertising when using static random address Alexey Charkov (1): arm64: dts: rockchip: list all CPU supplies on ArmSoM Sige5 Alok Tiwari (3): thunderbolt: Fix bit masking in tb_dp_port_set_hops() net: emaclite: Fix missing pointer increment in aligned_read() net: airoha: fix potential use-after-free in airoha_npu_get() Amit Pundir (1): soundwire: Revert "soundwire: qcom: Add set_channel_map api support" Andrea Righi (1): selftests/sched_ext: Fix exit selftest hang on UP Andreas Schwab (1): riscv: traps_misaligned: properly sign extend value in misaligned load handler Andrew Jeffery (2): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Andrii Nakryiko (1): libbpf: Fix handling of BPF arena relocations Andy Yan (2): arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B Arnd Bergmann (1): ALSA: compress_offload: tighten ioctl command number checks Aruna Ramakrishna (1): sched: Change nr_uninterruptible type to unsigned long Balasubramani Vivekanandan (1): drm/xe/mocs: Initialize MOCS index early Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request Breno Leitao (2): efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths sched/ext: Prevent update_locked_rq() calls with NULL rq Brett Werling (1): can: tcan4x5x: fix reset gpio usage during probe Chen Ni (1): iio: adc: stm32-adc: Fix race in installing chained IRQ handler Chen Ridong (2): Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" sched,freezer: Remove unnecessary warning in __thaw_task Chen-Yu Tsai (1): iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps Cheng Ming Lin (1): spi: Add check for 8-bit transfer with 8 IO mode support Christian Eggers (3): Bluetooth: hci_core: fix typos in macros Bluetooth: hci_core: add missing braces when using macro parameters Bluetooth: hci_dev: replace 'quirks' integer by 'quirk_flags' bitmap Christoph Hellwig (2): xfs: don't allocate the xfs_extent_busy structure for zoned RTGs nvme: revert the cross-controller atomic write size validation Christoph Paasch (1): net/mlx5: Correctly set gso_size when LRO is used Christophe JAILLET (2): i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() i2c: omap: Fix an error handling path in omap_i2c_probe() Clayton King (1): drm/amd/display: Free memory allocation Clément Le Goffic (2): i2c: stm32: fix the device used for the DMA map i2c: stm32f7: unmap DMA mapped buffer Dan Carpenter (1): dmaengine: nbpfaxi: Fix memory corruption in probe() Daniel Lezcano (1): cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y Dave Ertman (1): ice: add NULL check in eswitch lag check David Howells (9): netfs: Fix copy-to-cache so that it performs collection with ceph+fscache netfs: Fix race between cache write completion and ALL_QUEUED being set rxrpc: Fix irq-disabled in local_bh_enable() rxrpc: Fix recv-recv race of completed call rxrpc: Fix notification vs call-release vs recvmsg rxrpc: Fix transmission of an abort in response to an abort rxrpc: Fix to use conn aborts for conn-wide failures cifs: Fix the smbd_response slab to allow usercopy cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code David Lechner (2): iio: adc: ad7380: fix adi,gain-milli property parsing iio: adc: adi-axi-adc: fix ad7606_bus_reg_read() Dmitry Baryshkov (1): phy: use per-PHY lockdep keys Dong Chenchen (1): net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Drew Hamilton (1): usb: musb: fix gadget state on disconnect Edip Hazuri (1): ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx Edson Juliano Drosdeck (1): mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Eeli Haapalainen (1): drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume Fabio Estevam (2): iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] iio: adc: max1363: Reorder mode_list[] entries Fabio Porcedda (1): USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition Felix Fietkau (1): net: fix segmentation after TCP/UDP fraglist GRO Florian Westphal (1): netfilter: nf_conntrack: fix crash due to removal of uninitialised entry Francesco Dolcini (1): arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on Greg Kroah-Hartman (1): Linux 6.15.8 Haotien Hsu (1): phy: tegra: xusb: Disable periodic tracking on Tegra234 Ian Abbott (9): comedi: pcl812: Fix bit shift out of bounds comedi: aio_iiro_16: Fix bit shift out of bounds comedi: das16m1: Fix bit shift out of bounds comedi: das6402: Fix bit shift out of bounds comedi: comedi_test: Fix possible deletion of uninitialized timers comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large comedi: Fix some signed shift left operations comedi: Fix use of uninitialized data in insn_rw_emulate_bits() comedi: Fix initialization of data for instructions that write to subdevice Icenowy Zheng (1): drm/mediatek: only announce AFBC if really supported Ilya Leoshkevich (1): s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again Jakob Unterwurzacher (1): arm64: dts: rockchip: use cs-gpios for spi1 on ringneck Jakub Kicinski (1): tls: always refresh the queue when reading sock Jan Kara (1): isofs: Verify inode mode when loading from disk Janne Grunau (1): rust: init: Fix generics in *_init! macros Jason-JH Lin (1): drm/mediatek: Add wait_event_timeout when disabling plane Jiawen Wu (4): net: libwx: remove duplicate page_pool_put_full_page() net: libwx: fix the using of Rx buffer DMA net: libwx: properly reset Rx ring descriptor net: libwx: fix multicast packets received count Johannes Berg (1): wifi: cfg80211: remove scan request n_channels counted_by John Garry (1): nvme: fix endianness of command word prints in nvme_log_err_passthru() Joseph Huang (1): net: bridge: Do not offload IGMP/MLD messages Judith Mendez (1): mmc: sdhci_am654: Workaround for Errata i2312 Krishna Kurapati (1): usb: dwc3: qcom: Don't leave BCR asserted Kuniyuki Iwashima (3): rpl: Fix use-after-free in rpl_do_srh_inline(). smc: Fix various oops due to inet_sock type confusion. Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Li Tian (1): hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf Lijo Lazar (1): drm/amdgpu: Increase reset counter only on success Luiz Augusto von Dentz (4): Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type Bluetooth: SMP: If an unallowed command is received consider it a failure Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Manuel Andreas (1): KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls Maor Gottlieb (1): net/mlx5: Update the list of the PCI supported devices Mario Limonciello (1): thunderbolt: Fix wake on connect at runtime Marius Zachmann (1): hwmon: (corsair-cpro) Validate the size of the received input buffer Markus Blöchl (1): net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback Markus Burri (1): iio: backend: fix out-of-bound write Mathias Nyman (4): usb: hub: fix detection of high tier USB3 devices behind suspended hubs usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm usb: hub: Fix flushing of delayed work used for post resume purposes usb: hub: Don't try to recover devices lost during warm reset. Matthew Brost (1): drm/xe: Move page fault init after topology init Maud Spierings (1): iio: common: st_sensors: Fix use of uninitialize device structs Maulik Shah (1): pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Maurizio Lombardi (1): nvmet-tcp: fix callback lock for TLS handshake Melissa Wen (1): drm/amd/display: Disable CRTC degamma LUT for DCN401 Meng Li (1): arm64: dts: add big-endian property back into watchdog node Michael C. Pratt (1): nvmem: layouts: u-boot-env: remove crc32 endianness conversion Michal Swiatkowski (1): ice: check correct pointer in fwlog debugfs Michal Wajdeczko (2): drm/xe/pf: Prepare to stop SR-IOV support prior GT reset drm/xe/pf: Resend PF provisioning after GT reset Miguel Ojeda (2): objtool/rust: add one more `noreturn` Rust function for Rust 1.89.0 rust: use `#[used(compiler)]` to fix build and `modpost` with Rust >= 1.89.0 Minas Harutyunyan (1): usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY Ming Lei (2): block: fix kobject leak in blk_unregister_queue loop: use kiocb helpers to fix lockdep warning Nam Cao (1): riscv: Enable interrupt during exception handling Naman Jain (1): tools/hv: fcopy: Fix irregularities with size of ring buffer Nathan Chancellor (3): tracing/probes: Avoid using params uninitialized in parse_btf_arg() phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() Nilton Perim Neto (1): Input: xpad - set correct controller type for Acer NGR200 Oliver Neukum (1): usb: net: sierra: check for no status endpoint Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: mask reserved bits in chan_state_active_bitmap Paolo Abeni (4): mptcp: make fallback action and fallback decision atomic mptcp: plug races between subflow fail and subflow creation mptcp: reset fallback status gracefully at disconnect() time selftests: net: increase inter-packet timeout in udpgro.sh Paul Chaignon (1): bpf: Reject %p% format string in bprintf-like helpers Pavel Begunkov (1): io_uring/poll: fix POLLERR handling Philipp Stanner (1): drm/panfrost: Fix scheduler workqueue bug Qiu-ji Chen (1): dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() Richard Zhu (1): arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep Ryan Mann (NDI) (1): USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Sean Anderson (1): net: phy: Don't register LEDs for genphy Sean Nyekjaer (1): iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush Sheng Yong (1): dm-bufio: fix sched in atomic context Slark Xiao (1): USB: serial: option: add Foxconn T99W640 Stefan Metzmacher (8): smb: smbdirect: add smbdirect_pdu.h with protocol definitions smb: client: make use of common smbdirect_pdu.h smb: smbdirect: add smbdirect.h with public structures smb: smbdirect: add smbdirect_socket.h smb: client: make use of common smbdirect_socket smb: smbdirect: introduce smbdirect_socket_parameters smb: client: make use of common smbdirect_socket_parameters smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data Stefan Wahren (2): Revert "staging: vchiq_arm: Improve initial VCHIQ connect" Revert "staging: vchiq_arm: Create keep-alive thread during probe" Steffen Bätz (1): nvmem: imx-ocotp: fix MAC address byte length Steve French (1): Fix SMB311 posix special file creation to servers which do not advertise reparse support Steven Rostedt (1): tracing: Add down_write(trace_event_sem) when adding trace event Takashi Iwai (1): ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS Tejas Upadhyay (1): drm/xe: Dont skip TLB invalidations on VF Thomas Fourier (2): pch_uart: Fix dma_sync_sg_for_device() nents value mmc: bcm2835: Fix dma_unmap_sg() nents value Tim Harvey (4): arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency Tomas Glozar (1): tracing/osnoise: Fix crash in timerlat_dump_stack() Vijendar Mukunda (2): soundwire: amd: fix for handling slave alerts after link is down soundwire: amd: fix for clearing command status register Wang Zhaolong (2): smb: client: fix use-after-free in crypt_message when using async crypto smb: client: fix use-after-free in cifs_oplock_break Wayne Chang (2): phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode phy: tegra: xusb: Decouple CYA_TRK_CODE_UPDATE_ON_IDLE from trk_hw_mode Wei Fang (2): arm64: dts: imx95-19x19-evk: fix the overshoot issue of NETC arm64: dts: imx95-15x15-evk: fix the overshoot issue of NETC William Liu (1): net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree Xiang Mei (1): net/sched: sch_qfq: Fix race condition on qfq_aggregate Xinyu Liu (1): usb: gadget: configfs: Fix OOB read on empty string write Yu Kuai (1): nvme: fix misaccounting of nvme-mpath inflight I/O Yue Haibing (1): ipv6: mcast: Delay put pmc->idev in mld_del_delrec() Yun Lu (2): af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() af_packet: fix soft lockup issue caused by tpacket_snd() Zheng Qixing (1): nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() Zigit Zo (1): virtio-net: fix recursived rtnl_lock() during probe() Zijun Hu (1): Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID Zizhi Wo (1): cachefiles: Fix the incorrect return value in __cachefiles_write()

1 month, 3 weeks

1
1
0 0

Linux 6.12.40

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.40 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/freescale/fsl-ls1046a.dtsi | 3 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-venice-gw71xx.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-venice-gw73xx.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-venice-gw74xx.dts | 2 arch/arm64/boot/dts/freescale/imx95.dtsi | 2 arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 23 ++ arch/arm64/boot/dts/rockchip/rk3588-coolpi-cm5.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 1 arch/riscv/kernel/traps.c | 10 arch/riscv/kernel/traps_misaligned.c | 2 arch/s390/net/bpf_jit_comp.c | 10 arch/x86/kvm/xen.c | 2 block/blk-sysfs.c | 1 drivers/block/loop.c | 5 drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btusb.c | 78 +++--- drivers/comedi/comedi_fops.c | 30 ++ drivers/comedi/drivers.c | 17 - drivers/comedi/drivers/aio_iiro_16.c | 3 drivers/comedi/drivers/das16m1.c | 3 drivers/comedi/drivers/das6402.c | 3 drivers/comedi/drivers/pcl812.c | 3 drivers/cpuidle/cpuidle-psci.c | 23 +- drivers/dma/nbpfaxi.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 9 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 11 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn401/dcn401_clk_mgr.c | 3 drivers/gpu/drm/mediatek/mtk_crtc.c | 36 +++ drivers/gpu/drm/mediatek/mtk_crtc.h | 1 drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 1 drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 9 drivers/gpu/drm/mediatek/mtk_disp_drv.h | 1 drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 7 drivers/gpu/drm/mediatek/mtk_plane.c | 12 - drivers/gpu/drm/mediatek/mtk_plane.h | 3 drivers/gpu/drm/xe/xe_gt.c | 13 - drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 114 +++++++++- drivers/gpu/drm/xe/xe_gt_sriov_pf.h | 6 drivers/gpu/drm/xe/xe_gt_sriov_pf_control.c | 3 drivers/gpu/drm/xe/xe_gt_sriov_pf_types.h | 10 drivers/hid/hid-core.c | 19 + drivers/hwmon/corsair-cpro.c | 5 drivers/i2c/busses/Kconfig | 1 drivers/i2c/busses/i2c-omap.c | 30 ++ drivers/i2c/busses/i2c-stm32.c | 8 drivers/i2c/busses/i2c-stm32f7.c | 24 -- drivers/iio/accel/fxls8962af-core.c | 2 drivers/iio/accel/st_accel_core.c | 10 drivers/iio/adc/axp20x_adc.c | 1 drivers/iio/adc/max1363.c | 43 +-- drivers/iio/adc/stm32-adc-core.c | 7 drivers/iio/common/st_sensors/st_sensors_core.c | 36 +-- drivers/iio/common/st_sensors/st_sensors_trigger.c | 20 - drivers/iio/industrialio-backend.c | 5 drivers/input/joystick/xpad.c | 2 drivers/iommu/intel/iommu.c | 6 drivers/md/dm-bufio.c | 6 drivers/memstick/core/memstick.c | 2 drivers/mmc/host/bcm2835.c | 3 drivers/mmc/host/sdhci-pci-core.c | 3 drivers/mmc/host/sdhci_am654.c | 9 drivers/net/can/m_can/tcan4x5x-core.c | 80 +++++-- drivers/net/can/m_can/tcan4x5x.h | 2 drivers/net/ethernet/intel/ice/ice_debugfs.c | 2 drivers/net/ethernet/intel/ice/ice_lag.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 12 - drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 8 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 9 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 20 - drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 drivers/net/hyperv/netvsc_drv.c | 5 drivers/net/phy/phy_device.c | 6 drivers/net/usb/sierra_net.c | 4 drivers/net/virtio_net.c | 2 drivers/nvme/host/core.c | 18 - drivers/nvme/target/tcp.c | 4 drivers/nvmem/imx-ocotp-ele.c | 5 drivers/nvmem/imx-ocotp.c | 5 drivers/nvmem/layouts/u-boot-env.c | 6 drivers/phy/tegra/xusb-tegra186.c | 75 ++++-- drivers/phy/tegra/xusb.h | 1 drivers/pmdomain/governor.c | 18 + drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 + drivers/soundwire/amd_manager.c | 4 drivers/spi/spi.c | 14 - drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 69 +++--- drivers/thunderbolt/switch.c | 10 drivers/thunderbolt/tb.h | 2 drivers/thunderbolt/usb4.c | 12 - drivers/tty/serial/pch_uart.c | 2 drivers/usb/core/hub.c | 36 ++- drivers/usb/core/hub.h | 1 drivers/usb/dwc2/gadget.c | 38 ++- drivers/usb/dwc3/dwc3-qcom.c | 8 drivers/usb/gadget/configfs.c | 4 drivers/usb/musb/musb_gadget.c | 2 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 3 drivers/usb/serial/option.c | 5 fs/btrfs/block-group.c | 3 fs/cachefiles/io.c | 2 fs/cachefiles/ondemand.c | 4 fs/efivarfs/super.c | 6 fs/isofs/inode.c | 9 fs/namespace.c | 5 fs/notify/dnotify/dnotify.c | 8 fs/smb/client/file.c | 10 fs/smb/client/smb2ops.c | 7 fs/smb/client/smbdirect.c | 31 ++ include/net/bluetooth/hci_core.h | 22 - include/net/cfg80211.h | 2 include/net/netfilter/nf_conntrack.h | 15 + include/trace/events/rxrpc.h | 3 io_uring/net.c | 12 - io_uring/poll.c | 2 kernel/bpf/helpers.c | 11 kernel/cgroup/legacy_freezer.c | 8 kernel/freezer.c | 15 - kernel/sched/loadavg.c | 2 kernel/sched/sched.h | 2 kernel/trace/trace_events.c | 5 kernel/trace/trace_osnoise.c | 2 kernel/trace/trace_probe.c | 2 net/8021q/vlan.c | 42 ++- net/8021q/vlan.h | 1 net/bluetooth/hci_sync.c | 4 net/bluetooth/l2cap_core.c | 26 +- net/bluetooth/l2cap_sock.c | 3 net/bluetooth/smp.c | 21 + net/bluetooth/smp.h | 1 net/bridge/br_switchdev.c | 3 net/ipv4/tcp_offload.c | 1 net/ipv4/udp_offload.c | 1 net/ipv6/mcast.c | 2 net/ipv6/rpl_iptunnel.c | 8 net/mptcp/options.c | 3 net/mptcp/pm.c | 8 net/mptcp/protocol.c | 56 ++++ net/mptcp/protocol.h | 29 +- net/mptcp/subflow.c | 30 +- net/netfilter/nf_conntrack_core.c | 26 +- net/packet/af_packet.c | 27 +- net/phonet/pep.c | 2 net/rxrpc/call_accept.c | 1 net/rxrpc/output.c | 3 net/rxrpc/recvmsg.c | 19 + net/sched/sch_htb.c | 4 net/sched/sch_qfq.c | 30 +- net/smc/af_smc.c | 14 + net/smc/smc.h | 8 net/tls/tls_strp.c | 3 rust/Makefile | 1 rust/kernel/lib.rs | 1 rust/macros/module.rs | 10 scripts/Makefile.build | 2 sound/pci/hda/patch_realtek.c | 2 tools/lib/bpf/libbpf.c | 20 + tools/objtool/check.c | 1 tools/testing/selftests/bpf/prog_tests/token.c | 19 + tools/testing/selftests/net/udpgro.sh | 8 tools/testing/selftests/sched_ext/exit.c | 8 167 files changed, 1334 insertions(+), 543 deletions(-) Al Viro (2): fix a leak in fcntl_dirnotify() clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns Alessandro Gasbarroni (1): Bluetooth: hci_sync: fix connectable extended advertising when using static random address Alok Tiwari (2): thunderbolt: Fix bit masking in tb_dp_port_set_hops() net: emaclite: Fix missing pointer increment in aligned_read() Andrea Righi (1): selftests/sched_ext: Fix exit selftest hang on UP Andreas Schwab (1): riscv: traps_misaligned: properly sign extend value in misaligned load handler Andrew Jeffery (2): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Andrii Nakryiko (1): libbpf: Fix handling of BPF arena relocations Andy Yan (2): arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B Aruna Ramakrishna (1): sched: Change nr_uninterruptible type to unsigned long Balasubramani Vivekanandan (1): drm/xe/mocs: Initialize MOCS index early Ban ZuoXiang (1): iommu/vt-d: Fix misplaced domain_attached assignment Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request Boris Burkov (1): btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Breno Leitao (1): efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths Brett Werling (1): can: tcan4x5x: fix reset gpio usage during probe Chen Ni (1): iio: adc: stm32-adc: Fix race in installing chained IRQ handler Chen Ridong (2): Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" sched,freezer: Remove unnecessary warning in __thaw_task Chen-Yu Tsai (1): iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps Cheng Ming Lin (1): spi: Add check for 8-bit transfer with 8 IO mode support Christian Eggers (1): Bluetooth: hci_core: add missing braces when using macro parameters Christoph Paasch (1): net/mlx5: Correctly set gso_size when LRO is used Christophe JAILLET (2): i2c: omap: Fix an error handling path in omap_i2c_probe() i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() Clayton King (1): drm/amd/display: Free memory allocation Clément Le Goffic (2): i2c: stm32: fix the device used for the DMA map i2c: stm32f7: unmap DMA mapped buffer Dan Carpenter (1): dmaengine: nbpfaxi: Fix memory corruption in probe() Daniel Lezcano (1): cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y Dave Ertman (1): ice: add NULL check in eswitch lag check David Howells (2): rxrpc: Fix recv-recv race of completed call rxrpc: Fix transmission of an abort in response to an abort Dong Chenchen (1): net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Drew Hamilton (1): usb: musb: fix gadget state on disconnect Edip Hazuri (1): ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx Edson Juliano Drosdeck (1): mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Eeli Haapalainen (1): drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume Fabio Estevam (2): iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] iio: adc: max1363: Reorder mode_list[] entries Fabio Porcedda (1): USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition Felix Fietkau (1): net: fix segmentation after TCP/UDP fraglist GRO Florian Westphal (1): netfilter: nf_conntrack: fix crash due to removal of uninitialised entry Francesco Dolcini (1): arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on Greg Kroah-Hartman (1): Linux 6.12.40 Haotien Hsu (1): phy: tegra: xusb: Disable periodic tracking on Tegra234 Ian Abbott (8): comedi: pcl812: Fix bit shift out of bounds comedi: aio_iiro_16: Fix bit shift out of bounds comedi: das16m1: Fix bit shift out of bounds comedi: das6402: Fix bit shift out of bounds comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large comedi: Fix some signed shift left operations comedi: Fix use of uninitialized data in insn_rw_emulate_bits() comedi: Fix initialization of data for instructions that write to subdevice Icenowy Zheng (1): drm/mediatek: only announce AFBC if really supported Ihor Solodrai (1): selftests/bpf: Set test path for token/obj_priv_implicit_token_envvar Ilya Leoshkevich (1): s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again Jakob Unterwurzacher (1): arm64: dts: rockchip: use cs-gpios for spi1 on ringneck Jakub Kicinski (1): tls: always refresh the queue when reading sock Jan Kara (1): isofs: Verify inode mode when loading from disk Jason-JH Lin (1): drm/mediatek: Add wait_event_timeout when disabling plane Jayesh Choudhary (1): i2c: omap: Add support for setting mux Jiawen Wu (4): net: libwx: remove duplicate page_pool_put_full_page() net: libwx: fix the using of Rx buffer DMA net: libwx: properly reset Rx ring descriptor net: libwx: fix multicast packets received count Johan Hovold (1): i2c: omap: fix deprecated of_property_read_bool() use Johannes Berg (1): wifi: cfg80211: remove scan request n_channels counted_by John Garry (1): nvme: fix endianness of command word prints in nvme_log_err_passthru() Joseph Huang (1): net: bridge: Do not offload IGMP/MLD messages Judith Mendez (1): mmc: sdhci_am654: Workaround for Errata i2312 Krishna Kurapati (1): usb: dwc3: qcom: Don't leave BCR asserted Kuniyuki Iwashima (3): rpl: Fix use-after-free in rpl_do_srh_inline(). smc: Fix various oops due to inet_sock type confusion. Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Li Tian (1): hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf Lijo Lazar (1): drm/amdgpu: Increase reset counter only on success Luiz Augusto von Dentz (4): Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type Bluetooth: SMP: If an unallowed command is received consider it a failure Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Manuel Andreas (1): KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls Maor Gottlieb (1): net/mlx5: Update the list of the PCI supported devices Mario Limonciello (1): thunderbolt: Fix wake on connect at runtime Marius Zachmann (1): hwmon: (corsair-cpro) Validate the size of the received input buffer Markus Blöchl (1): net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback Markus Burri (1): iio: backend: fix out-of-bound write Mathias Nyman (4): usb: hub: fix detection of high tier USB3 devices behind suspended hubs usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm usb: hub: Fix flushing of delayed work used for post resume purposes usb: hub: Don't try to recover devices lost during warm reset. Matthew Brost (1): drm/xe: Move page fault init after topology init Maud Spierings (1): iio: common: st_sensors: Fix use of uninitialize device structs Maulik Shah (1): pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Maurizio Lombardi (1): nvmet-tcp: fix callback lock for TLS handshake Melissa Wen (1): drm/amd/display: Disable CRTC degamma LUT for DCN401 Meng Li (1): arm64: dts: add big-endian property back into watchdog node Michael C. Pratt (1): nvmem: layouts: u-boot-env: remove crc32 endianness conversion Michal Swiatkowski (1): ice: check correct pointer in fwlog debugfs Michal Wajdeczko (3): drm/xe/pf: Sanitize VF scratch registers on FLR drm/xe/pf: Move VFs reprovisioning to worker drm/xe/pf: Prepare to stop SR-IOV support prior GT reset Miguel Ojeda (2): objtool/rust: add one more `noreturn` Rust function for Rust 1.89.0 rust: use `#[used(compiler)]` to fix build and `modpost` with Rust >= 1.89.0 Minas Harutyunyan (1): usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY Ming Lei (2): block: fix kobject leak in blk_unregister_queue loop: use kiocb helpers to fix lockdep warning Nam Cao (1): riscv: Enable interrupt during exception handling Nathan Chancellor (3): tracing/probes: Avoid using params uninitialized in parse_btf_arg() phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() Nilton Perim Neto (1): Input: xpad - set correct controller type for Acer NGR200 Oliver Neukum (1): usb: net: sierra: check for no status endpoint Paolo Abeni (4): mptcp: make fallback action and fallback decision atomic mptcp: plug races between subflow fail and subflow creation mptcp: reset fallback status gracefully at disconnect() time selftests: net: increase inter-packet timeout in udpgro.sh Paul Chaignon (1): bpf: Reject %p% format string in bprintf-like helpers Pavel Begunkov (1): io_uring/poll: fix POLLERR handling Richard Zhu (1): arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep Ryan Mann (NDI) (1): USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Sean Anderson (1): net: phy: Don't register LEDs for genphy Sean Nyekjaer (2): iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush can: tcan4x5x: add option for selecting nWKRQ voltage Sheng Yong (1): dm-bufio: fix sched in atomic context Slark Xiao (1): USB: serial: option: add Foxconn T99W640 Stefan Metzmacher (1): smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data Stefan Wahren (1): Revert "staging: vchiq_arm: Create keep-alive thread during probe" Steffen Bätz (1): nvmem: imx-ocotp: fix MAC address byte length Steven Rostedt (1): tracing: Add down_write(trace_event_sem) when adding trace event Takashi Iwai (1): ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS Thomas Fourier (2): pch_uart: Fix dma_sync_sg_for_device() nents value mmc: bcm2835: Fix dma_unmap_sg() nents value Tim Harvey (4): arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency Tomas Glozar (1): tracing/osnoise: Fix crash in timerlat_dump_stack() Vijendar Mukunda (2): soundwire: amd: fix for handling slave alerts after link is down soundwire: amd: fix for clearing command status register Wang Zhaolong (2): smb: client: fix use-after-free in crypt_message when using async crypto smb: client: fix use-after-free in cifs_oplock_break Wayne Chang (2): phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode phy: tegra: xusb: Decouple CYA_TRK_CODE_UPDATE_ON_IDLE from trk_hw_mode William Liu (1): net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree Xiang Mei (1): net/sched: sch_qfq: Fix race condition on qfq_aggregate Xinyu Liu (1): usb: gadget: configfs: Fix OOB read on empty string write Yu Kuai (1): nvme: fix misaccounting of nvme-mpath inflight I/O Yue Haibing (1): ipv6: mcast: Delay put pmc->idev in mld_del_delrec() Yun Lu (2): af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() af_packet: fix soft lockup issue caused by tpacket_snd() Zheng Qixing (1): nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() Zigit Zo (1): virtio-net: fix recursived rtnl_lock() during probe() Zijun Hu (1): Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID Zizhi Wo (1): cachefiles: Fix the incorrect return value in __cachefiles_write()

1 month, 3 weeks

1
1
0 0

Linux 6.6.100

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.100 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-venice-gw74xx.dts | 2 arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 23 ++++ arch/arm64/kernel/cpufeature.c | 35 ++++-- arch/s390/net/bpf_jit_comp.c | 10 + arch/x86/kvm/xen.c | 2 block/blk-sysfs.c | 1 drivers/base/power/domain_governor.c | 18 +++ drivers/bluetooth/btusb.c | 78 ++++++++------- drivers/comedi/comedi_fops.c | 30 +++++ drivers/comedi/drivers.c | 17 +-- drivers/comedi/drivers/aio_iiro_16.c | 3 drivers/comedi/drivers/das16m1.c | 3 drivers/comedi/drivers/das6402.c | 3 drivers/comedi/drivers/pcl812.c | 3 drivers/dma/nbpfaxi.c | 11 -- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 1 drivers/hid/hid-core.c | 19 ++- drivers/hwmon/corsair-cpro.c | 5 drivers/i2c/busses/Kconfig | 1 drivers/i2c/busses/i2c-omap.c | 30 +++++ drivers/i2c/busses/i2c-stm32.c | 8 - drivers/i2c/busses/i2c-stm32f7.c | 4 drivers/iio/accel/fxls8962af-core.c | 2 drivers/iio/adc/max1363.c | 43 ++++---- drivers/iio/adc/stm32-adc-core.c | 7 - drivers/input/joystick/xpad.c | 2 drivers/md/dm-bufio.c | 6 - drivers/memstick/core/memstick.c | 2 drivers/mmc/host/bcm2835.c | 3 drivers/mmc/host/sdhci-pci-core.c | 3 drivers/mmc/host/sdhci_am654.c | 9 + drivers/net/ethernet/intel/ice/ice_lag.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 7 - drivers/net/ethernet/wangxun/libwx/wx_lib.c | 20 +-- drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 drivers/net/hyperv/netvsc_drv.c | 5 drivers/net/phy/phy_device.c | 6 - drivers/net/usb/sierra_net.c | 4 drivers/nvme/host/core.c | 6 - drivers/nvmem/imx-ocotp-ele.c | 5 drivers/nvmem/imx-ocotp.c | 5 drivers/nvmem/u-boot-env.c | 6 - drivers/phy/tegra/xusb-tegra186.c | 75 ++++++++------ drivers/phy/tegra/xusb.h | 1 drivers/regulator/pwm-regulator.c | 40 +++++++ drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 ++ drivers/soundwire/amd_manager.c | 4 drivers/spi/spi.c | 14 +- drivers/thunderbolt/switch.c | 10 - drivers/thunderbolt/tb.h | 2 drivers/thunderbolt/usb4.c | 12 -- drivers/tty/serial/pch_uart.c | 2 drivers/usb/core/hub.c | 36 ++++++ drivers/usb/core/hub.h | 1 drivers/usb/dwc3/dwc3-qcom.c | 8 - drivers/usb/gadget/configfs.c | 4 drivers/usb/musb/musb_gadget.c | 2 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 3 drivers/usb/serial/option.c | 5 fs/cachefiles/io.c | 2 fs/cachefiles/ondemand.c | 4 fs/isofs/inode.c | 9 + fs/namespace.c | 5 fs/smb/client/file.c | 10 + fs/smb/client/smb2ops.c | 7 + include/net/cfg80211.h | 2 include/net/netfilter/nf_conntrack.h | 15 ++ include/trace/events/rxrpc.h | 3 io_uring/net.c | 12 +- io_uring/poll.c | 2 kernel/bpf/helpers.c | 11 +- kernel/cgroup/legacy_freezer.c | 8 - kernel/sched/loadavg.c | 2 kernel/sched/sched.h | 2 kernel/trace/trace_events.c | 5 kernel/trace/trace_osnoise.c | 2 kernel/trace/trace_probe.c | 2 net/8021q/vlan.c | 42 ++++++-- net/8021q/vlan.h | 1 net/bluetooth/hci_sync.c | 4 net/bluetooth/l2cap_core.c | 26 ++++- net/bluetooth/l2cap_sock.c | 3 net/bluetooth/smp.c | 21 +++- net/bluetooth/smp.h | 1 net/bridge/br_switchdev.c | 3 net/ipv6/addrconf.c | 3 net/ipv6/mcast.c | 2 net/ipv6/rpl_iptunnel.c | 8 - net/netfilter/nf_conntrack_core.c | 26 +++-- net/packet/af_packet.c | 27 ++--- net/phonet/pep.c | 2 net/rxrpc/call_accept.c | 1 net/rxrpc/output.c | 3 net/rxrpc/recvmsg.c | 19 +++ net/sched/sch_htb.c | 4 net/sched/sch_qfq.c | 30 ++++- net/tls/tls_strp.c | 3 sound/pci/hda/patch_realtek.c | 1 sound/soc/fsl/fsl_sai.c | 14 +- tools/testing/selftests/bpf/prog_tests/dummy_st_ops.c | 27 ----- tools/testing/selftests/bpf/progs/dummy_st_ops_success.c | 13 -- tools/testing/selftests/net/udpgro.sh | 8 - 108 files changed, 751 insertions(+), 349 deletions(-) Al Viro (1): clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns Alessandro Gasbarroni (1): Bluetooth: hci_sync: fix connectable extended advertising when using static random address Alok Tiwari (2): thunderbolt: Fix bit masking in tb_dp_port_set_hops() net: emaclite: Fix missing pointer increment in aligned_read() Andrew Jeffery (2): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Arun Raghavan (1): ASoC: fsl_sai: Force a software reset when starting in consumer mode Aruna Ramakrishna (1): sched: Change nr_uninterruptible type to unsigned long Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request Chen Ni (1): iio: adc: stm32-adc: Fix race in installing chained IRQ handler Chen Ridong (1): Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" Cheng Ming Lin (1): spi: Add check for 8-bit transfer with 8 IO mode support Christoph Paasch (1): net/mlx5: Correctly set gso_size when LRO is used Christophe JAILLET (2): i2c: omap: Fix an error handling path in omap_i2c_probe() i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() Clément Le Goffic (1): i2c: stm32: fix the device used for the DMA map Dan Carpenter (1): dmaengine: nbpfaxi: Fix memory corruption in probe() Dave Ertman (1): ice: add NULL check in eswitch lag check David Howells (2): rxrpc: Fix recv-recv race of completed call rxrpc: Fix transmission of an abort in response to an abort Dong Chenchen (1): net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Drew Hamilton (1): usb: musb: fix gadget state on disconnect Edson Juliano Drosdeck (1): mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Eeli Haapalainen (1): drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume Eric Dumazet (1): ipv6: make addrconf_wq single threaded Fabio Estevam (2): iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] iio: adc: max1363: Reorder mode_list[] entries Fabio Porcedda (1): USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition Florian Westphal (1): netfilter: nf_conntrack: fix crash due to removal of uninitialised entry Francesco Dolcini (1): arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on Greg Kroah-Hartman (1): Linux 6.6.100 Haotien Hsu (1): phy: tegra: xusb: Disable periodic tracking on Tegra234 Ian Abbott (8): comedi: pcl812: Fix bit shift out of bounds comedi: aio_iiro_16: Fix bit shift out of bounds comedi: das16m1: Fix bit shift out of bounds comedi: das6402: Fix bit shift out of bounds comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large comedi: Fix some signed shift left operations comedi: Fix use of uninitialized data in insn_rw_emulate_bits() comedi: Fix initialization of data for instructions that write to subdevice Ilya Leoshkevich (1): s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again Jakob Unterwurzacher (1): arm64: dts: rockchip: use cs-gpios for spi1 on ringneck Jakub Kicinski (1): tls: always refresh the queue when reading sock Jan Kara (1): isofs: Verify inode mode when loading from disk Jayesh Choudhary (1): i2c: omap: Add support for setting mux Jiawen Wu (3): net: libwx: remove duplicate page_pool_put_full_page() net: libwx: fix the using of Rx buffer DMA net: libwx: properly reset Rx ring descriptor Johan Hovold (1): i2c: omap: fix deprecated of_property_read_bool() use Johannes Berg (1): wifi: cfg80211: remove scan request n_channels counted_by Joseph Huang (1): net: bridge: Do not offload IGMP/MLD messages Judith Mendez (1): mmc: sdhci_am654: Workaround for Errata i2312 Krishna Kurapati (1): usb: dwc3: qcom: Don't leave BCR asserted Kuniyuki Iwashima (2): rpl: Fix use-after-free in rpl_do_srh_inline(). Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Li Tian (1): hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf Luiz Augusto von Dentz (3): Bluetooth: SMP: If an unallowed command is received consider it a failure Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Manuel Andreas (1): KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls Maor Gottlieb (1): net/mlx5: Update the list of the PCI supported devices Mario Limonciello (1): thunderbolt: Fix wake on connect at runtime Marius Zachmann (1): hwmon: (corsair-cpro) Validate the size of the received input buffer Mark Brown (1): arm64: Filter out SME hwcaps when FEAT_SME isn't implemented Martin Blumenstingl (2): regulator: pwm-regulator: Calculate the output voltage for disabled PWMs regulator: pwm-regulator: Manage boot-on with disabled PWM channels Mathias Nyman (4): usb: hub: fix detection of high tier USB3 devices behind suspended hubs usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm usb: hub: Fix flushing of delayed work used for post resume purposes usb: hub: Don't try to recover devices lost during warm reset. Maulik Shah (1): pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Michael C. Pratt (1): nvmem: layouts: u-boot-env: remove crc32 endianness conversion Ming Lei (1): block: fix kobject leak in blk_unregister_queue Nathan Chancellor (3): tracing/probes: Avoid using params uninitialized in parse_btf_arg() phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() Nilton Perim Neto (1): Input: xpad - set correct controller type for Acer NGR200 Oliver Neukum (1): usb: net: sierra: check for no status endpoint Paolo Abeni (1): selftests: net: increase inter-packet timeout in udpgro.sh Paul Chaignon (1): bpf: Reject %p% format string in bprintf-like helpers Pavel Begunkov (1): io_uring/poll: fix POLLERR handling Ryan Mann (NDI) (1): USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Sean Anderson (1): net: phy: Don't register LEDs for genphy Sean Nyekjaer (1): iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush Sheng Yong (1): dm-bufio: fix sched in atomic context Shung-Hsi Yu (2): Revert "selftests/bpf: adjust dummy_st_ops_success to detect additional error" Revert "selftests/bpf: dummy_st_ops should reject 0 for non-nullable params" Slark Xiao (1): USB: serial: option: add Foxconn T99W640 Steffen Bätz (1): nvmem: imx-ocotp: fix MAC address byte length Steven Rostedt (1): tracing: Add down_write(trace_event_sem) when adding trace event Takashi Iwai (1): ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS Thomas Fourier (2): pch_uart: Fix dma_sync_sg_for_device() nents value mmc: bcm2835: Fix dma_unmap_sg() nents value Tim Harvey (1): arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency Tomas Glozar (1): tracing/osnoise: Fix crash in timerlat_dump_stack() Vijendar Mukunda (2): soundwire: amd: fix for handling slave alerts after link is down soundwire: amd: fix for clearing command status register Wang Zhaolong (2): smb: client: fix use-after-free in crypt_message when using async crypto smb: client: fix use-after-free in cifs_oplock_break Wayne Chang (2): phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode phy: tegra: xusb: Decouple CYA_TRK_CODE_UPDATE_ON_IDLE from trk_hw_mode William Liu (1): net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree Xiang Mei (1): net/sched: sch_qfq: Fix race condition on qfq_aggregate Xinyu Liu (1): usb: gadget: configfs: Fix OOB read on empty string write Yu Kuai (1): nvme: fix misaccounting of nvme-mpath inflight I/O Yue Haibing (1): ipv6: mcast: Delay put pmc->idev in mld_del_delrec() Yun Lu (2): af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() af_packet: fix soft lockup issue caused by tpacket_snd() Zheng Qixing (1): nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() Zijun Hu (1): Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID Zizhi Wo (1): cachefiles: Fix the incorrect return value in __cachefiles_write()

1 month, 3 weeks

1
1
0 0

Linux 6.1.147

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.147 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 1 drivers/base/power/domain_governor.c | 18 + drivers/bluetooth/btusb.c | 78 ++++---- drivers/comedi/comedi_fops.c | 30 ++- drivers/comedi/drivers.c | 17 + drivers/comedi/drivers/aio_iiro_16.c | 3 drivers/comedi/drivers/das16m1.c | 3 drivers/comedi/drivers/das6402.c | 3 drivers/comedi/drivers/pcl812.c | 3 drivers/dma/nbpfaxi.c | 11 - drivers/hid/hid-core.c | 19 +- drivers/hid/hid-mcp2221.c | 2 drivers/hwmon/corsair-cpro.c | 5 drivers/i2c/busses/i2c-stm32.c | 8 drivers/i2c/busses/i2c-stm32f7.c | 4 drivers/iio/accel/fxls8962af-core.c | 2 drivers/iio/adc/max1363.c | 43 ++-- drivers/iio/adc/stm32-adc-core.c | 7 drivers/input/joystick/xpad.c | 2 drivers/memstick/core/memstick.c | 2 drivers/mmc/host/bcm2835.c | 3 drivers/mmc/host/sdhci-pci-core.c | 3 drivers/mmc/host/sdhci_am654.c | 9 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 12 - drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 drivers/net/usb/sierra_net.c | 4 drivers/nvme/host/core.c | 4 drivers/nvmem/u-boot-env.c | 2 drivers/phy/tegra/xusb-tegra186.c | 59 +++--- drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 + drivers/thunderbolt/switch.c | 2 drivers/tty/serial/pch_uart.c | 2 drivers/usb/core/hub.c | 36 +++ drivers/usb/core/hub.h | 1 drivers/usb/dwc3/dwc3-qcom.c | 7 drivers/usb/gadget/configfs.c | 2 drivers/usb/musb/musb_core.c | 62 +++--- drivers/usb/musb/musb_core.h | 11 + drivers/usb/musb/musb_debugfs.c | 6 drivers/usb/musb/musb_gadget.c | 30 +-- drivers/usb/musb/musb_host.c | 6 drivers/usb/musb/musb_virthub.c | 18 - drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 3 drivers/usb/serial/option.c | 5 fs/cachefiles/io.c | 2 fs/cachefiles/ondemand.c | 4 fs/isofs/inode.c | 9 fs/namespace.c | 5 fs/smb/client/file.c | 10 - fs/smb/client/smb2ops.c | 7 include/net/netfilter/nf_conntrack.h | 15 + io_uring/net.c | 12 - io_uring/poll.c | 2 kernel/bpf/helpers.c | 11 - kernel/cgroup/legacy_freezer.c | 8 kernel/sched/loadavg.c | 2 kernel/sched/sched.h | 2 kernel/trace/trace_events.c | 5 mm/vmalloc.c | 22 +- net/8021q/vlan.c | 42 +++- net/8021q/vlan.h | 1 net/bluetooth/hci_event.c | 36 --- net/bluetooth/hci_sync.c | 217 ++++++++++++++--------- net/bluetooth/l2cap_core.c | 26 ++ net/bluetooth/l2cap_sock.c | 3 net/bluetooth/smp.c | 21 ++ net/bluetooth/smp.h | 1 net/bridge/br_switchdev.c | 3 net/ipv6/mcast.c | 2 net/ipv6/rpl_iptunnel.c | 8 net/netfilter/nf_conntrack_core.c | 26 ++ net/packet/af_packet.c | 27 +- net/phonet/pep.c | 2 net/sched/sch_htb.c | 4 net/sched/sch_qfq.c | 30 ++- net/tls/tls_strp.c | 3 sound/soc/fsl/fsl_sai.c | 14 - tools/testing/selftests/net/udpgro.sh | 8 81 files changed, 741 insertions(+), 417 deletions(-) Al Viro (1): clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns Alessandro Gasbarroni (1): Bluetooth: hci_sync: fix connectable extended advertising when using static random address Alexander Gordeev (1): mm/vmalloc: leave lazy MMU mode on PTE mapping error Alok Tiwari (2): thunderbolt: Fix bit masking in tb_dp_port_set_hops() net: emaclite: Fix missing pointer increment in aligned_read() Andrew Jeffery (2): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Arun Raghavan (1): ASoC: fsl_sai: Force a software reset when starting in consumer mode Aruna Ramakrishna (1): sched: Change nr_uninterruptible type to unsigned long Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request Chen Ni (1): iio: adc: stm32-adc: Fix race in installing chained IRQ handler Chen Ridong (1): Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" Christian Eggers (1): Bluetooth: HCI: Set extended advertising data synchronously Christoph Paasch (1): net/mlx5: Correctly set gso_size when LRO is used Clément Le Goffic (1): i2c: stm32: fix the device used for the DMA map Dan Carpenter (1): dmaengine: nbpfaxi: Fix memory corruption in probe() Dong Chenchen (1): net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Drew Hamilton (1): usb: musb: fix gadget state on disconnect Edson Juliano Drosdeck (1): mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Fabio Estevam (2): iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] iio: adc: max1363: Reorder mode_list[] entries Fabio Porcedda (1): USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition Florian Westphal (1): netfilter: nf_conntrack: fix crash due to removal of uninitialised entry Francesco Dolcini (1): arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on Greg Kroah-Hartman (1): Linux 6.1.147 Hamish Martin (1): HID: mcp2221: Set driver data before I2C adapter add Ian Abbott (8): comedi: pcl812: Fix bit shift out of bounds comedi: aio_iiro_16: Fix bit shift out of bounds comedi: das16m1: Fix bit shift out of bounds comedi: das6402: Fix bit shift out of bounds comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large comedi: Fix some signed shift left operations comedi: Fix use of uninitialized data in insn_rw_emulate_bits() comedi: Fix initialization of data for instructions that write to subdevice Jakub Kicinski (1): tls: always refresh the queue when reading sock Jan Kara (1): isofs: Verify inode mode when loading from disk Joseph Huang (1): net: bridge: Do not offload IGMP/MLD messages Judith Mendez (1): mmc: sdhci_am654: Workaround for Errata i2312 Krishna Kurapati (1): usb: dwc3: qcom: Don't leave BCR asserted Kuniyuki Iwashima (2): rpl: Fix use-after-free in rpl_do_srh_inline(). Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Luiz Augusto von Dentz (3): Bluetooth: SMP: If an unallowed command is received consider it a failure Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Maor Gottlieb (1): net/mlx5: Update the list of the PCI supported devices Marius Zachmann (1): hwmon: (corsair-cpro) Validate the size of the received input buffer Mathias Nyman (4): usb: hub: fix detection of high tier USB3 devices behind suspended hubs usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm usb: hub: Fix flushing of delayed work used for post resume purposes usb: hub: Don't try to recover devices lost during warm reset. Maulik Shah (1): pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Michael C. Pratt (1): nvmem: layouts: u-boot-env: remove crc32 endianness conversion Nathan Chancellor (2): phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() Nilton Perim Neto (1): Input: xpad - set correct controller type for Acer NGR200 Oliver Neukum (1): usb: net: sierra: check for no status endpoint Paolo Abeni (1): selftests: net: increase inter-packet timeout in udpgro.sh Paul Cercueil (1): usb: musb: Add and use inline functions musb_{get,set}_state Paul Chaignon (1): bpf: Reject %p% format string in bprintf-like helpers Pavel Begunkov (1): io_uring/poll: fix POLLERR handling Ryan Mann (NDI) (1): USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Sean Nyekjaer (1): iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush Slark Xiao (1): USB: serial: option: add Foxconn T99W640 Steven Rostedt (1): tracing: Add down_write(trace_event_sem) when adding trace event Thomas Fourier (2): pch_uart: Fix dma_sync_sg_for_device() nents value mmc: bcm2835: Fix dma_unmap_sg() nents value Wang Zhaolong (2): smb: client: fix use-after-free in crypt_message when using async crypto smb: client: fix use-after-free in cifs_oplock_break Wayne Chang (1): phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode William Liu (1): net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree Xiang Mei (1): net/sched: sch_qfq: Fix race condition on qfq_aggregate Xinyu Liu (1): usb: gadget: configfs: Fix OOB read on empty string write Yu Kuai (1): nvme: fix misaccounting of nvme-mpath inflight I/O Yue Haibing (1): ipv6: mcast: Delay put pmc->idev in mld_del_delrec() Yun Lu (2): af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() af_packet: fix soft lockup issue caused by tpacket_snd() Zijun Hu (1): Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID Zizhi Wo (1): cachefiles: Fix the incorrect return value in __cachefiles_write()

1 month, 3 weeks

1
1
0 0

[PATCH v2] HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()

by Qasim Ijaz

A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_report_fixup() attempts to patch byte offset 607 of the descriptor with 0x25 by first checking if byte offset 607 is 0x15 however it lacks bounds checks to verify if the descriptor is big enough before conducting this check. Fix this bug by ensuring the descriptor size is at least 608 bytes before accessing it. Below is the KASAN splat after the out of bounds access happens: [ 13.671954] ================================================================== [ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110 [ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10 [ 13.673297] [ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3 [ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04 [ 13.673297] Call Trace: [ 13.673297] <TASK> [ 13.673297] dump_stack_lvl+0x5f/0x80 [ 13.673297] print_report+0xd1/0x660 [ 13.673297] kasan_report+0xe5/0x120 [ 13.673297] __asan_report_load1_noabort+0x18/0x20 [ 13.673297] mt_report_fixup+0x103/0x110 [ 13.673297] hid_open_report+0x1ef/0x810 [ 13.673297] mt_probe+0x422/0x960 [ 13.673297] hid_device_probe+0x2e2/0x6f0 [ 13.673297] really_probe+0x1c6/0x6b0 [ 13.673297] __driver_probe_device+0x24f/0x310 [ 13.673297] driver_probe_device+0x4e/0x220 [ 13.673297] __device_attach_driver+0x169/0x320 [ 13.673297] bus_for_each_drv+0x11d/0x1b0 [ 13.673297] __device_attach+0x1b8/0x3e0 [ 13.673297] device_initial_probe+0x12/0x20 [ 13.673297] bus_probe_device+0x13d/0x180 [ 13.673297] device_add+0xe3a/0x1670 [ 13.673297] hid_add_device+0x31d/0xa40 [...] Fixes: c8000deb6836 ("HID: multitouch: Add support for GT7868Q") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- v2: - Simplify fix with a if-size check after discussion with Jiri Slaby - Change explanation of bug to reflect inclusion of a if-size check drivers/hid/hid-multitouch.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 294516a8f541..22c6314a8843 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -1503,6 +1503,14 @@ static const __u8 *mt_report_fixup(struct hid_device *hdev, __u8 *rdesc, if (hdev->vendor == I2C_VENDOR_ID_GOODIX && (hdev->product == I2C_DEVICE_ID_GOODIX_01E8 || hdev->product == I2C_DEVICE_ID_GOODIX_01E9)) { + if (*size < 608) { + dev_info( + &hdev->dev, + "GT7868Q fixup: report descriptor is only %u bytes, skipping\n", + *size); + return rdesc; + } + if (rdesc[607] == 0x15) { rdesc[607] = 0x25; dev_info( -- 2.39.5

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f4a8f561d08e39f7833d4a278ebfb12a41eef15f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062007-outrage-unaudited-e2a9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4a8f561d08e39f7833d4a278ebfb12a41eef15f Mon Sep 17 00:00:00 2001 From: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Date: Fri, 30 May 2025 15:36:43 -0700 Subject: [PATCH] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT When enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in hard irq context, but the input_event() takes a spin_lock, which isn't allowed there as it is converted to a rt_spin_lock(). [ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0 ... [ 4054.290195] __might_resched+0x13c/0x1f4 [ 4054.290209] rt_spin_lock+0x54/0x11c [ 4054.290219] input_event+0x48/0x80 [ 4054.290230] gpio_keys_irq_timer+0x4c/0x78 [ 4054.290243] __hrtimer_run_queues+0x1a4/0x438 [ 4054.290257] hrtimer_interrupt+0xe4/0x240 [ 4054.290269] arch_timer_handler_phys+0x2c/0x44 [ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c [ 4054.290297] handle_irq_desc+0x40/0x58 [ 4054.290307] generic_handle_domain_irq+0x1c/0x28 [ 4054.290316] gic_handle_irq+0x44/0xcc Considering the gpio_keys_irq_isr() can run in any context, e.g. it can be threaded, it seems there's no point in requesting the timer isr to run in hard irq context. Relax the hrtimer not to use the hard context. Fixes: 019002f20cb5 ("Input: gpio-keys - use hrtimer for release timer") Suggested-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Signed-off-by: Gatien Chevallier <gatien.chevallier(a)foss.st.com> Link: https://lore.kernel.org/r/20250528-gpio_keys_preempt_rt-v2-1-3fc55a9c3619@f… Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/keyboard/gpio_keys.c b/drivers/input/keyboard/gpio_keys.c index 5c39a217b94c..d884538107c9 100644 --- a/drivers/input/keyboard/gpio_keys.c +++ b/drivers/input/keyboard/gpio_keys.c @@ -486,7 +486,7 @@ static irqreturn_t gpio_keys_irq_isr(int irq, void *dev_id) if (bdata->release_delay) hrtimer_start(&bdata->release_timer, ms_to_ktime(bdata->release_delay), - HRTIMER_MODE_REL_HARD); + HRTIMER_MODE_REL); out: return IRQ_HANDLED; } @@ -628,7 +628,7 @@ static int gpio_keys_setup_key(struct platform_device *pdev, bdata->release_delay = button->debounce_interval; hrtimer_setup(&bdata->release_timer, gpio_keys_irq_timer, - CLOCK_REALTIME, HRTIMER_MODE_REL_HARD); + CLOCK_REALTIME, HRTIMER_MODE_REL); isr = gpio_keys_irq_isr; irqflags = 0;

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f4a8f561d08e39f7833d4a278ebfb12a41eef15f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062006-onshore-stool-de98@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4a8f561d08e39f7833d4a278ebfb12a41eef15f Mon Sep 17 00:00:00 2001 From: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Date: Fri, 30 May 2025 15:36:43 -0700 Subject: [PATCH] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT When enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in hard irq context, but the input_event() takes a spin_lock, which isn't allowed there as it is converted to a rt_spin_lock(). [ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0 ... [ 4054.290195] __might_resched+0x13c/0x1f4 [ 4054.290209] rt_spin_lock+0x54/0x11c [ 4054.290219] input_event+0x48/0x80 [ 4054.290230] gpio_keys_irq_timer+0x4c/0x78 [ 4054.290243] __hrtimer_run_queues+0x1a4/0x438 [ 4054.290257] hrtimer_interrupt+0xe4/0x240 [ 4054.290269] arch_timer_handler_phys+0x2c/0x44 [ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c [ 4054.290297] handle_irq_desc+0x40/0x58 [ 4054.290307] generic_handle_domain_irq+0x1c/0x28 [ 4054.290316] gic_handle_irq+0x44/0xcc Considering the gpio_keys_irq_isr() can run in any context, e.g. it can be threaded, it seems there's no point in requesting the timer isr to run in hard irq context. Relax the hrtimer not to use the hard context. Fixes: 019002f20cb5 ("Input: gpio-keys - use hrtimer for release timer") Suggested-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Signed-off-by: Gatien Chevallier <gatien.chevallier(a)foss.st.com> Link: https://lore.kernel.org/r/20250528-gpio_keys_preempt_rt-v2-1-3fc55a9c3619@f… Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/keyboard/gpio_keys.c b/drivers/input/keyboard/gpio_keys.c index 5c39a217b94c..d884538107c9 100644 --- a/drivers/input/keyboard/gpio_keys.c +++ b/drivers/input/keyboard/gpio_keys.c @@ -486,7 +486,7 @@ static irqreturn_t gpio_keys_irq_isr(int irq, void *dev_id) if (bdata->release_delay) hrtimer_start(&bdata->release_timer, ms_to_ktime(bdata->release_delay), - HRTIMER_MODE_REL_HARD); + HRTIMER_MODE_REL); out: return IRQ_HANDLED; } @@ -628,7 +628,7 @@ static int gpio_keys_setup_key(struct platform_device *pdev, bdata->release_delay = button->debounce_interval; hrtimer_setup(&bdata->release_timer, gpio_keys_irq_timer, - CLOCK_REALTIME, HRTIMER_MODE_REL_HARD); + CLOCK_REALTIME, HRTIMER_MODE_REL); isr = gpio_keys_irq_isr; irqflags = 0;

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f4a8f561d08e39f7833d4a278ebfb12a41eef15f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062008-carrousel-lazily-2f19@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4a8f561d08e39f7833d4a278ebfb12a41eef15f Mon Sep 17 00:00:00 2001 From: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Date: Fri, 30 May 2025 15:36:43 -0700 Subject: [PATCH] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT When enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in hard irq context, but the input_event() takes a spin_lock, which isn't allowed there as it is converted to a rt_spin_lock(). [ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0 ... [ 4054.290195] __might_resched+0x13c/0x1f4 [ 4054.290209] rt_spin_lock+0x54/0x11c [ 4054.290219] input_event+0x48/0x80 [ 4054.290230] gpio_keys_irq_timer+0x4c/0x78 [ 4054.290243] __hrtimer_run_queues+0x1a4/0x438 [ 4054.290257] hrtimer_interrupt+0xe4/0x240 [ 4054.290269] arch_timer_handler_phys+0x2c/0x44 [ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c [ 4054.290297] handle_irq_desc+0x40/0x58 [ 4054.290307] generic_handle_domain_irq+0x1c/0x28 [ 4054.290316] gic_handle_irq+0x44/0xcc Considering the gpio_keys_irq_isr() can run in any context, e.g. it can be threaded, it seems there's no point in requesting the timer isr to run in hard irq context. Relax the hrtimer not to use the hard context. Fixes: 019002f20cb5 ("Input: gpio-keys - use hrtimer for release timer") Suggested-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Signed-off-by: Gatien Chevallier <gatien.chevallier(a)foss.st.com> Link: https://lore.kernel.org/r/20250528-gpio_keys_preempt_rt-v2-1-3fc55a9c3619@f… Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/keyboard/gpio_keys.c b/drivers/input/keyboard/gpio_keys.c index 5c39a217b94c..d884538107c9 100644 --- a/drivers/input/keyboard/gpio_keys.c +++ b/drivers/input/keyboard/gpio_keys.c @@ -486,7 +486,7 @@ static irqreturn_t gpio_keys_irq_isr(int irq, void *dev_id) if (bdata->release_delay) hrtimer_start(&bdata->release_timer, ms_to_ktime(bdata->release_delay), - HRTIMER_MODE_REL_HARD); + HRTIMER_MODE_REL); out: return IRQ_HANDLED; } @@ -628,7 +628,7 @@ static int gpio_keys_setup_key(struct platform_device *pdev, bdata->release_delay = button->debounce_interval; hrtimer_setup(&bdata->release_timer, gpio_keys_irq_timer, - CLOCK_REALTIME, HRTIMER_MODE_REL_HARD); + CLOCK_REALTIME, HRTIMER_MODE_REL); isr = gpio_keys_irq_isr; irqflags = 0;

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] perf/x86/intel: Fix crash in icl_update_topdown_event()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062338-sliver-bacteria-7a82@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed Mon Sep 17 00:00:00 2001 From: Kan Liang <kan.liang(a)linux.intel.com> Date: Thu, 12 Jun 2025 07:38:18 -0700 Subject: [PATCH] perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Call Trace: <TASK> icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. The icl_update_topdown_event() should not be invoked on these CPUs. It's a regression of commit: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") The bug introduced by that commit is that the is_topdown_event() function is mistakenly used to replace the is_topdown_count() call to check if the topdown functions for the perf metrics feature should be invoked. Fix it. Fixes: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") Closes: https://lore.kernel.org/lkml/352f0709-f026-cd45-e60c-60dfd97f73f3@maine.edu/ Reported-by: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Vince Weaver <vincent.weaver(a)maine.edu> Cc: stable(a)vger.kernel.org # v6.15+ Link: https://lore.kernel.org/r/20250612143818.2889040-1-kan.liang@linux.intel.com diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 741b229f0718..c2fb729c270e 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -2826,7 +2826,7 @@ static void intel_pmu_read_event(struct perf_event *event) * If the PEBS counters snapshotting is enabled, * the topdown event is available in PEBS records. */ - if (is_topdown_event(event) && !is_pebs_counter_event_group(event)) + if (is_topdown_count(event) && !is_pebs_counter_event_group(event)) static_call(intel_pmu_update_topdown_event)(event, NULL); else intel_pmu_drain_pebs_buffer();

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] perf/x86/intel: Fix crash in icl_update_topdown_event()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062337-conceal-parole-52a4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed Mon Sep 17 00:00:00 2001 From: Kan Liang <kan.liang(a)linux.intel.com> Date: Thu, 12 Jun 2025 07:38:18 -0700 Subject: [PATCH] perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Call Trace: <TASK> icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. The icl_update_topdown_event() should not be invoked on these CPUs. It's a regression of commit: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") The bug introduced by that commit is that the is_topdown_event() function is mistakenly used to replace the is_topdown_count() call to check if the topdown functions for the perf metrics feature should be invoked. Fix it. Fixes: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") Closes: https://lore.kernel.org/lkml/352f0709-f026-cd45-e60c-60dfd97f73f3@maine.edu/ Reported-by: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Vince Weaver <vincent.weaver(a)maine.edu> Cc: stable(a)vger.kernel.org # v6.15+ Link: https://lore.kernel.org/r/20250612143818.2889040-1-kan.liang@linux.intel.com diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 741b229f0718..c2fb729c270e 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -2826,7 +2826,7 @@ static void intel_pmu_read_event(struct perf_event *event) * If the PEBS counters snapshotting is enabled, * the topdown event is available in PEBS records. */ - if (is_topdown_event(event) && !is_pebs_counter_event_group(event)) + if (is_topdown_count(event) && !is_pebs_counter_event_group(event)) static_call(intel_pmu_update_topdown_event)(event, NULL); else intel_pmu_drain_pebs_buffer();

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f4a8f561d08e39f7833d4a278ebfb12a41eef15f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062006-pristine-unfitted-7204@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4a8f561d08e39f7833d4a278ebfb12a41eef15f Mon Sep 17 00:00:00 2001 From: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Date: Fri, 30 May 2025 15:36:43 -0700 Subject: [PATCH] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT When enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in hard irq context, but the input_event() takes a spin_lock, which isn't allowed there as it is converted to a rt_spin_lock(). [ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0 ... [ 4054.290195] __might_resched+0x13c/0x1f4 [ 4054.290209] rt_spin_lock+0x54/0x11c [ 4054.290219] input_event+0x48/0x80 [ 4054.290230] gpio_keys_irq_timer+0x4c/0x78 [ 4054.290243] __hrtimer_run_queues+0x1a4/0x438 [ 4054.290257] hrtimer_interrupt+0xe4/0x240 [ 4054.290269] arch_timer_handler_phys+0x2c/0x44 [ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c [ 4054.290297] handle_irq_desc+0x40/0x58 [ 4054.290307] generic_handle_domain_irq+0x1c/0x28 [ 4054.290316] gic_handle_irq+0x44/0xcc Considering the gpio_keys_irq_isr() can run in any context, e.g. it can be threaded, it seems there's no point in requesting the timer isr to run in hard irq context. Relax the hrtimer not to use the hard context. Fixes: 019002f20cb5 ("Input: gpio-keys - use hrtimer for release timer") Suggested-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Signed-off-by: Gatien Chevallier <gatien.chevallier(a)foss.st.com> Link: https://lore.kernel.org/r/20250528-gpio_keys_preempt_rt-v2-1-3fc55a9c3619@f… Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/keyboard/gpio_keys.c b/drivers/input/keyboard/gpio_keys.c index 5c39a217b94c..d884538107c9 100644 --- a/drivers/input/keyboard/gpio_keys.c +++ b/drivers/input/keyboard/gpio_keys.c @@ -486,7 +486,7 @@ static irqreturn_t gpio_keys_irq_isr(int irq, void *dev_id) if (bdata->release_delay) hrtimer_start(&bdata->release_timer, ms_to_ktime(bdata->release_delay), - HRTIMER_MODE_REL_HARD); + HRTIMER_MODE_REL); out: return IRQ_HANDLED; } @@ -628,7 +628,7 @@ static int gpio_keys_setup_key(struct platform_device *pdev, bdata->release_delay = button->debounce_interval; hrtimer_setup(&bdata->release_timer, gpio_keys_irq_timer, - CLOCK_REALTIME, HRTIMER_MODE_REL_HARD); + CLOCK_REALTIME, HRTIMER_MODE_REL); isr = gpio_keys_irq_isr; irqflags = 0;

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] x86/hyperv: Fix APIC ID and VP index confusion in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 86c48271e0d60c82665e9fd61277002391efcef7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061756-shale-squiggly-9c9a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 86c48271e0d60c82665e9fd61277002391efcef7 Mon Sep 17 00:00:00 2001 From: Roman Kisel <romank(a)linux.microsoft.com> Date: Wed, 7 May 2025 11:22:25 -0700 Subject: [PATCH] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() To start an application processor in SNP-isolated guest, a hypercall is used that takes a virtual processor index. The hv_snp_boot_ap() function uses that START_VP hypercall but passes as VP index to it what it receives as a wakeup_secondary_cpu_64 callback: the APIC ID. As those two aren't generally interchangeable, that may lead to hung APs if the VP index and the APIC ID don't match up. Update the parameter names to avoid confusion as to what the parameter is. Use the APIC ID to the VP index conversion to provide the correct input to the hypercall. Cc: stable(a)vger.kernel.org Fixes: 44676bb9d566 ("x86/hyperv: Add smp support for SEV-SNP guest") Signed-off-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Link: https://lore.kernel.org/r/20250507182227.7421-2-romank@linux.microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20250507182227.7421-2-romank(a)linux.microsoft.com> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 3b569291dfed..9a8fc144e195 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -672,3 +672,36 @@ bool hv_is_hyperv_initialized(void) return hypercall_msr.enable; } EXPORT_SYMBOL_GPL(hv_is_hyperv_initialized); + +int hv_apicid_to_vp_index(u32 apic_id) +{ + u64 control; + u64 status; + unsigned long irq_flags; + struct hv_get_vp_from_apic_id_in *input; + u32 *output, ret; + + local_irq_save(irq_flags); + + input = *this_cpu_ptr(hyperv_pcpu_input_arg); + memset(input, 0, sizeof(*input)); + input->partition_id = HV_PARTITION_ID_SELF; + input->apic_ids[0] = apic_id; + + output = *this_cpu_ptr(hyperv_pcpu_output_arg); + + control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_INDEX_FROM_APIC_ID; + status = hv_do_hypercall(control, input, output); + ret = output[0]; + + local_irq_restore(irq_flags); + + if (!hv_result_success(status)) { + pr_err("failed to get vp index from apic id %d, status %#llx\n", + apic_id, status); + return -EINVAL; + } + + return ret; +} +EXPORT_SYMBOL_GPL(hv_apicid_to_vp_index); diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index ac3d27a766d5..2f32ac1ae40e 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -211,41 +211,9 @@ static int hv_vtl_bringup_vcpu(u32 target_vp_index, int cpu, u64 eip_ignored) return ret; } -static int hv_vtl_apicid_to_vp_id(u32 apic_id) -{ - u64 control; - u64 status; - unsigned long irq_flags; - struct hv_get_vp_from_apic_id_in *input; - u32 *output, ret; - - local_irq_save(irq_flags); - - input = *this_cpu_ptr(hyperv_pcpu_input_arg); - memset(input, 0, sizeof(*input)); - input->partition_id = HV_PARTITION_ID_SELF; - input->apic_ids[0] = apic_id; - - output = *this_cpu_ptr(hyperv_pcpu_output_arg); - - control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_ID_FROM_APIC_ID; - status = hv_do_hypercall(control, input, output); - ret = output[0]; - - local_irq_restore(irq_flags); - - if (!hv_result_success(status)) { - pr_err("failed to get vp id from apic id %d, status %#llx\n", - apic_id, status); - return -EINVAL; - } - - return ret; -} - static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) { - int vp_id, cpu; + int vp_index, cpu; /* Find the logical CPU for the APIC ID */ for_each_present_cpu(cpu) { @@ -256,18 +224,18 @@ static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) return -EINVAL; pr_debug("Bringing up CPU with APIC ID %d in VTL2...\n", apicid); - vp_id = hv_vtl_apicid_to_vp_id(apicid); + vp_index = hv_apicid_to_vp_index(apicid); - if (vp_id < 0) { + if (vp_index < 0) { pr_err("Couldn't find CPU with APIC ID %d\n", apicid); return -EINVAL; } - if (vp_id > ms_hyperv.max_vp_index) { - pr_err("Invalid CPU id %d for APIC ID %d\n", vp_id, apicid); + if (vp_index > ms_hyperv.max_vp_index) { + pr_err("Invalid CPU id %d for APIC ID %d\n", vp_index, apicid); return -EINVAL; } - return hv_vtl_bringup_vcpu(vp_id, cpu, start_eip); + return hv_vtl_bringup_vcpu(vp_index, cpu, start_eip); } int __init hv_vtl_early_init(void) diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c index 77bf05f06b9e..0cc239cdb4da 100644 --- a/arch/x86/hyperv/ivm.c +++ b/arch/x86/hyperv/ivm.c @@ -9,6 +9,7 @@ #include <linux/bitfield.h> #include <linux/types.h> #include <linux/slab.h> +#include <linux/cpu.h> #include <asm/svm.h> #include <asm/sev.h> #include <asm/io.h> @@ -288,7 +289,7 @@ static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa) free_page((unsigned long)vmsa); } -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { struct sev_es_save_area *vmsa = (struct sev_es_save_area *) __get_free_page(GFP_KERNEL | __GFP_ZERO); @@ -297,10 +298,27 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) u64 ret, retry = 5; struct hv_enable_vp_vtl *start_vp_input; unsigned long flags; + int cpu, vp_index; if (!vmsa) return -ENOMEM; + /* Find the Hyper-V VP index which might be not the same as APIC ID */ + vp_index = hv_apicid_to_vp_index(apic_id); + if (vp_index < 0 || vp_index > ms_hyperv.max_vp_index) + return -EINVAL; + + /* + * Find the Linux CPU number for addressing the per-CPU data, and it + * might not be the same as APIC ID. + */ + for_each_present_cpu(cpu) { + if (arch_match_cpu_phys_id(cpu, apic_id)) + break; + } + if (cpu >= nr_cpu_ids) + return -EINVAL; + native_store_gdt(&gdtr); vmsa->gdtr.base = gdtr.address; @@ -348,7 +366,7 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) start_vp_input = (struct hv_enable_vp_vtl *)ap_start_input_arg; memset(start_vp_input, 0, sizeof(*start_vp_input)); start_vp_input->partition_id = -1; - start_vp_input->vp_index = cpu; + start_vp_input->vp_index = vp_index; start_vp_input->target_vtl.target_vtl = ms_hyperv.vtl; *(u64 *)&start_vp_input->vp_context = __pa(vmsa) | 1; diff --git a/arch/x86/include/asm/mshyperv.h b/arch/x86/include/asm/mshyperv.h index bab5ccfc60a7..0b9a3a307d06 100644 --- a/arch/x86/include/asm/mshyperv.h +++ b/arch/x86/include/asm/mshyperv.h @@ -268,11 +268,11 @@ int hv_unmap_ioapic_interrupt(int ioapic_id, struct hv_interrupt_entry *entry); #ifdef CONFIG_AMD_MEM_ENCRYPT bool hv_ghcb_negotiate_protocol(void); void __noreturn hv_ghcb_terminate(unsigned int set, unsigned int reason); -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip); +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip); #else static inline bool hv_ghcb_negotiate_protocol(void) { return false; } static inline void hv_ghcb_terminate(unsigned int set, unsigned int reason) {} -static inline int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) { return 0; } +static inline int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { return 0; } #endif #if defined(CONFIG_AMD_MEM_ENCRYPT) || defined(CONFIG_INTEL_TDX_GUEST) @@ -306,6 +306,7 @@ static __always_inline u64 hv_raw_get_msr(unsigned int reg) { return __rdmsr(reg); } +int hv_apicid_to_vp_index(u32 apic_id); #else /* CONFIG_HYPERV */ static inline void hyperv_init(void) {} @@ -327,6 +328,7 @@ static inline void hv_set_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_msr(unsigned int reg) { return 0; } static inline void hv_set_non_nested_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_non_nested_msr(unsigned int reg) { return 0; } +static inline int hv_apicid_to_vp_index(u32 apic_id) { return -EINVAL; } #endif /* CONFIG_HYPERV */ diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h index cf0923dc727d..2d431b53f587 100644 --- a/include/hyperv/hvgdk_mini.h +++ b/include/hyperv/hvgdk_mini.h @@ -475,7 +475,7 @@ union hv_vp_assist_msr_contents { /* HV_REGISTER_VP_ASSIST_PAGE */ #define HVCALL_CREATE_PORT 0x0095 #define HVCALL_CONNECT_PORT 0x0096 #define HVCALL_START_VP 0x0099 -#define HVCALL_GET_VP_ID_FROM_APIC_ID 0x009a +#define HVCALL_GET_VP_INDEX_FROM_APIC_ID 0x009a #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_SPACE 0x00af #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_LIST 0x00b0 #define HVCALL_SIGNAL_EVENT_DIRECT 0x00c0

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] ext4: fix incorrect punch max_end" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 29ec9bed2395061350249ae356fb300dd82a78e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062009-junior-thriving-f882@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 29ec9bed2395061350249ae356fb300dd82a78e7 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Tue, 6 May 2025 09:20:07 +0800 Subject: [PATCH] ext4: fix incorrect punch max_end For the extents based inodes, the maxbytes should be sb->s_maxbytes instead of sbi->s_bitmap_maxbytes. Additionally, for the calculation of max_end, the -sb->s_blocksize operation is necessary only for indirect-block based inodes. Correct the maxbytes and max_end value to correct the behavior of punch hole. Fixes: 2da376228a24 ("ext4: limit length to bitmap_maxbytes - blocksize in punch_hole") Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Baokun Li <libaokun1(a)huawei.com> Link: https://patch.msgid.link/20250506012009.3896990-2-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 99f30b9cfe17..01038b4ecee0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4051,7 +4051,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; ext4_lblk_t start_lblk, end_lblk; - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + loff_t max_end = sb->s_maxbytes; loff_t end = offset + length; handle_t *handle; unsigned int credits; @@ -4060,14 +4060,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) trace_ext4_punch_hole(inode, offset, length, 0); WARN_ON_ONCE(!inode_is_locked(inode)); + /* + * For indirect-block based inodes, make sure that the hole within + * one block before last range. + */ + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + /* No need to punch hole beyond i_size */ if (offset >= inode->i_size || offset >= max_end) return 0; /* * If the hole extends beyond i_size, set the hole to end after - * the page that contains i_size, and also make sure that the hole - * within one block before last range. + * the page that contains i_size. */ if (end > inode->i_size) end = round_up(inode->i_size, PAGE_SIZE);

1 month, 3 weeks

2
11
0 0

FAILED: patch "[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bc8169003b41e89fe7052e408cf9fdbecb4017fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-daylight-scrubber-8837@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8169003b41e89fe7052e408cf9fdbecb4017fe Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 20 May 2025 10:39:29 +0800 Subject: [PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5d..3f9e1bbd9905 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -10,6 +10,7 @@ config CRYPTO_CHACHA20_P10 config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x bc8169003b41e89fe7052e408cf9fdbecb4017fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-renderer-tremor-6a52@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8169003b41e89fe7052e408cf9fdbecb4017fe Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 20 May 2025 10:39:29 +0800 Subject: [PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5d..3f9e1bbd9905 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -10,6 +10,7 @@ config CRYPTO_CHACHA20_P10 config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] mtd: rawnand: qcom: Fix last codeword read in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 47bddabbf69da50999ec68be92b58356c687e1d6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062002-disperser-removing-78fc@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47bddabbf69da50999ec68be92b58356c687e1d6 Mon Sep 17 00:00:00 2001 From: Md Sadre Alam <quic_mdalam(a)quicinc.com> Date: Thu, 10 Apr 2025 15:30:18 +0530 Subject: [PATCH] mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() For QPIC V2 onwards there is a separate register to read last code word "QPIC_NAND_READ_LOCATION_LAST_CW_n". qcom_param_page_type_exec() is used to read only one code word If it configures the number of code words to 1 in QPIC_NAND_DEV0_CFG0 register then QPIC controller thinks its reading the last code word, since we are having separate register to read the last code word, we have to configure "QPIC_NAND_READ_LOCATION_LAST_CW_n" register to fetch data from QPIC buffer to system memory. Without this change page read was failing with timeout error / # hexdump -C /dev/mtd1 [ 129.206113] qcom-nandc 1cc8000.nand-controller: failure to read page/oob hexdump: /dev/mtd1: Connection timed out This issue only seen on SDX targets since SDX target used QPICv2. But same working on IPQ targets since IPQ used QPICv1. Cc: stable(a)vger.kernel.org Fixes: 89550beb098e ("mtd: rawnand: qcom: Implement exec_op()") Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Tested-by: Lakshmi Sowjanya D <quic_laksd(a)quicinc.com> Signed-off-by: Md Sadre Alam <quic_mdalam(a)quicinc.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index ef2dd158ca34..a73bb154353f 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -1863,7 +1863,12 @@ static int qcom_param_page_type_exec(struct nand_chip *chip, const struct nand_ const struct nand_op_instr *instr = NULL; unsigned int op_id = 0; unsigned int len = 0; - int ret; + int ret, reg_base; + + reg_base = NAND_READ_LOCATION_0; + + if (nandc->props->qpic_version2) + reg_base = NAND_READ_LOCATION_LAST_CW_0; ret = qcom_parse_instructions(chip, subop, &q_op); if (ret) @@ -1915,7 +1920,10 @@ static int qcom_param_page_type_exec(struct nand_chip *chip, const struct nand_ op_id = q_op.data_instr_idx; len = nand_subop_get_data_len(subop, op_id); - nandc_set_read_loc(chip, 0, 0, 0, len, 1); + if (nandc->props->qpic_version2) + nandc_set_read_loc_last(chip, reg_base, 0, len, 1); + else + nandc_set_read_loc_first(chip, reg_base, 0, len, 1); if (!nandc->props->qpic_version2) { qcom_write_reg_dma(nandc, &nandc->regs->vld, NAND_DEV_CMD_VLD, 1, 0);

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] mtd: rawnand: qcom: Fix last codeword read in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 47bddabbf69da50999ec68be92b58356c687e1d6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062000-manhunt-treachery-4c42@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47bddabbf69da50999ec68be92b58356c687e1d6 Mon Sep 17 00:00:00 2001 From: Md Sadre Alam <quic_mdalam(a)quicinc.com> Date: Thu, 10 Apr 2025 15:30:18 +0530 Subject: [PATCH] mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() For QPIC V2 onwards there is a separate register to read last code word "QPIC_NAND_READ_LOCATION_LAST_CW_n". qcom_param_page_type_exec() is used to read only one code word If it configures the number of code words to 1 in QPIC_NAND_DEV0_CFG0 register then QPIC controller thinks its reading the last code word, since we are having separate register to read the last code word, we have to configure "QPIC_NAND_READ_LOCATION_LAST_CW_n" register to fetch data from QPIC buffer to system memory. Without this change page read was failing with timeout error / # hexdump -C /dev/mtd1 [ 129.206113] qcom-nandc 1cc8000.nand-controller: failure to read page/oob hexdump: /dev/mtd1: Connection timed out This issue only seen on SDX targets since SDX target used QPICv2. But same working on IPQ targets since IPQ used QPICv1. Cc: stable(a)vger.kernel.org Fixes: 89550beb098e ("mtd: rawnand: qcom: Implement exec_op()") Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Tested-by: Lakshmi Sowjanya D <quic_laksd(a)quicinc.com> Signed-off-by: Md Sadre Alam <quic_mdalam(a)quicinc.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index ef2dd158ca34..a73bb154353f 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -1863,7 +1863,12 @@ static int qcom_param_page_type_exec(struct nand_chip *chip, const struct nand_ const struct nand_op_instr *instr = NULL; unsigned int op_id = 0; unsigned int len = 0; - int ret; + int ret, reg_base; + + reg_base = NAND_READ_LOCATION_0; + + if (nandc->props->qpic_version2) + reg_base = NAND_READ_LOCATION_LAST_CW_0; ret = qcom_parse_instructions(chip, subop, &q_op); if (ret) @@ -1915,7 +1920,10 @@ static int qcom_param_page_type_exec(struct nand_chip *chip, const struct nand_ op_id = q_op.data_instr_idx; len = nand_subop_get_data_len(subop, op_id); - nandc_set_read_loc(chip, 0, 0, 0, len, 1); + if (nandc->props->qpic_version2) + nandc_set_read_loc_last(chip, reg_base, 0, len, 1); + else + nandc_set_read_loc_first(chip, reg_base, 0, len, 1); if (!nandc->props->qpic_version2) { qcom_write_reg_dma(nandc, &nandc->regs->vld, NAND_DEV_CMD_VLD, 1, 0);

1 month, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 673fa129e558c5f1196adb27d97ac90ddfe4f19c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060255-dislike-elaborate-1e0f@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 673fa129e558c5f1196adb27d97ac90ddfe4f19c Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:34 +0100 Subject: [PATCH] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-3-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi index eff0e73640bc..160c052db1ec 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi @@ -456,6 +456,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -477,6 +478,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l17b_2p5: ldo17 {

1 month, 3 weeks

2
1
0 0

[PATCH v3 1/2] x86/fpu: Fix NULL dereference in avx512_status()

by Sohil Mehta

From: Fushuai Wang <wangfushuai(a)baidu.com> Problem ------- With CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status causes a kernel NULL pointer dereference. Kernel threads aren't expected to access the FPU state directly. Kernel usage of FPU registers is contained within kernel_fpu_begin()/_end() sections. However, to report AVX-512 usage, the avx512_timestamp variable within struct fpu needs to be accessed, which triggers a warning in x86_task_fpu(). For Kthreads: proc_pid_arch_status() avx512_status() x86_task_fpu() => Warning and returns NULL x86_task_fpu()->avx512_timestamp => NULL dereference The warning is a false alarm in this case, since the access isn't intended for modifying the FPU state. All kernel threads (except the init_task) have a "struct fpu" with an accessible avx512_timestamp variable. The init_task (PID 0) never follows this path since it is not exposed in /proc. Solution -------- One option is to get rid of the warning in x86_task_fpu() for kernel threads. However, that warning was recently added and might be useful to catch any potential misuse of the FPU state in kernel threads. Another option is to avoid the access altogether. The kernel does not track AVX-512 usage for kernel threads. save_fpregs_to_fpstate()->update_avx_timestamp() is never invoked for kernel threads, so avx512_timestamp is always guaranteed to be 0. Also, the legacy behavior of reporting "AVX512_elapsed_ms: -1", which signifies "no AVX-512 usage", is misleading. The kernel usage just isn't tracked. Update the ABI for kernel threads and do not report AVX-512 usage for them. Not having a value in the file avoids the NULL dereference as well as the misleading report. Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Fixes: 22aafe3bcb67 ("x86/fpu: Remove init_task FPU state dependencies, add debugging warning for PF_KTHREAD tasks") Cc: stable(a)vger.kernel.org Signed-off-by: Fushuai Wang <wangfushuai(a)baidu.com> Co-developed-by: Sohil Mehta <sohil.mehta(a)intel.com> Signed-off-by: Sohil Mehta <sohil.mehta(a)intel.com> --- v3: - Do not report anything for kernel threads. (DaveH) - Make the commit message more precise. v2: https://lore.kernel.org/lkml/20250721215302.3562784-1-sohil.mehta@intel.com/ - Avoid making the fix dependent on CONFIG_X86_DEBUG_FPU. - Include PF_USER_WORKER in the kernel thread check. - Update commit message for clarity. --- arch/x86/kernel/fpu/xstate.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 9aa9ac8399ae..b90b2eec8fb8 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1855,19 +1855,20 @@ long fpu_xstate_prctl(int option, unsigned long arg2) #ifdef CONFIG_PROC_PID_ARCH_STATUS /* * Report the amount of time elapsed in millisecond since last AVX512 - * use in the task. + * use in the task. Report -1 if no AVX-512 usage. */ static void avx512_status(struct seq_file *m, struct task_struct *task) { - unsigned long timestamp = READ_ONCE(x86_task_fpu(task)->avx512_timestamp); - long delta; + unsigned long timestamp; + long delta = -1; - if (!timestamp) { - /* - * Report -1 if no AVX512 usage - */ - delta = -1; - } else { + /* AVX-512 usage is not tracked for kernel threads. */ + if (task->flags & (PF_KTHREAD | PF_USER_WORKER)) + return; + + timestamp = READ_ONCE(x86_task_fpu(task)->avx512_timestamp); + + if (timestamp) { delta = (long)(jiffies - timestamp); /* * Cap to LONG_MAX if time difference > LONG_MAX -- 2.43.0

1 month, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/traps: Initialize DR7 by writing its architectural reset" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x fa7d0f83c5c4223a01598876352473cb3d3bd4d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063026-grandma-tributary-5bd8@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa7d0f83c5c4223a01598876352473cb3d3bd4d7 Mon Sep 17 00:00:00 2001 From: "Xin Li (Intel)" <xin(a)zytor.com> Date: Fri, 20 Jun 2025 16:15:04 -0700 Subject: [PATCH] x86/traps: Initialize DR7 by writing its architectural reset value Initialize DR7 by writing its architectural reset value to always set bit 10, which is reserved to '1', when "clearing" DR7 so as not to trigger unanticipated behavior if said bit is ever unreserved, e.g. as a feature enabling flag with inverted polarity. Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Sean Christopherson <seanjc(a)google.com> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250620231504.2676902-3-xin%40zytor.com diff --git a/arch/x86/include/asm/debugreg.h b/arch/x86/include/asm/debugreg.h index 363110e6b2e3..a2c1f2d24b64 100644 --- a/arch/x86/include/asm/debugreg.h +++ b/arch/x86/include/asm/debugreg.h @@ -9,6 +9,14 @@ #include <asm/cpufeature.h> #include <asm/msr.h> +/* + * Define bits that are always set to 1 in DR7, only bit 10 is + * architecturally reserved to '1'. + * + * This is also the init/reset value for DR7. + */ +#define DR7_FIXED_1 0x00000400 + DECLARE_PER_CPU(unsigned long, cpu_dr7); #ifndef CONFIG_PARAVIRT_XXL @@ -100,8 +108,8 @@ static __always_inline void native_set_debugreg(int regno, unsigned long value) static inline void hw_breakpoint_disable(void) { - /* Zero the control register for HW Breakpoint */ - set_debugreg(0UL, 7); + /* Reset the control register for HW Breakpoint */ + set_debugreg(DR7_FIXED_1, 7); /* Zero-out the individual HW breakpoint address registers */ set_debugreg(0UL, 0); @@ -125,9 +133,12 @@ static __always_inline unsigned long local_db_save(void) return 0; get_debugreg(dr7, 7); - dr7 &= ~0x400; /* architecturally set bit */ + + /* Architecturally set bit */ + dr7 &= ~DR7_FIXED_1; if (dr7) - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); + /* * Ensure the compiler doesn't lower the above statements into * the critical section; disabling breakpoints late would not diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b4a391929cdb..639d9bcee842 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -31,6 +31,7 @@ #include <asm/apic.h> #include <asm/pvclock-abi.h> +#include <asm/debugreg.h> #include <asm/desc.h> #include <asm/mtrr.h> #include <asm/msr-index.h> @@ -249,7 +250,6 @@ enum x86_intercept_stage; #define DR7_BP_EN_MASK 0x000000ff #define DR7_GE (1 << 9) #define DR7_GD (1 << 13) -#define DR7_FIXED_1 0x00000400 #define DR7_VOLATILE 0xffff2bff #define KVM_GUESTDBG_VALID_MASK \ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 0f6c280a94f0..27125e009847 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2246,7 +2246,7 @@ EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); static void initialize_debug_regs(void) { /* Control register first -- to make sure everything is disabled. */ - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(DR6_RESERVED, 6); /* dr5 and dr4 don't exist */ set_debugreg(0, 3); diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c index 102641fd2172..8b1a9733d13e 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c @@ -385,7 +385,7 @@ static void kgdb_disable_hw_debug(struct pt_regs *regs) struct perf_event *bp; /* Disable hardware debugging while we are in kgdb: */ - set_debugreg(0UL, 7); + set_debugreg(DR7_FIXED_1, 7); for (i = 0; i < HBP_NUM; i++) { if (!breakinfo[i].enabled) continue; diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index a10e180cbf23..3ef15c2f152f 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -93,7 +93,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if ((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400)) + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1)) return; printk("%sDR0: %08lx DR1: %08lx DR2: %08lx DR3: %08lx\n", diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 8d6cf25127aa..b972bf72fb8b 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -133,7 +133,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if (!((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400))) { + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1))) { printk("%sDR0: %016lx DR1: %016lx DR2: %016lx\n", log_lvl, d0, d1, d2); printk("%sDR3: %016lx DR6: %016lx DR7: %016lx\n", diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b58a74c1722d..a9d992d5652f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11035,7 +11035,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs && !(vcpu->arch.switch_db_regs & KVM_DEBUGREG_AUTO_SWITCH))) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(vcpu->arch.eff_db[0], 0); set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); @@ -11044,7 +11044,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); } vcpu->arch.host_debugctl = get_debugctlmsr();

1 month, 3 weeks

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror