[PATCH] drm/amdgpu: Raven: don't allow mixing GTT and VRAM
by Brian Geffon
Commit 81d0bcf99009 ("drm/amdgpu: make display pinning more flexible (v2)")
allowed for newer ASICs to mix GTT and VRAM, this change also noted that
some older boards, such as Stoney and Carrizo do not support this.
It appears that at least one additional ASIC does not support this which
is Raven.
We observed this issue when migrating a device from a 5.4 to 6.6 kernel
and have confirmed that Raven also needs to be excluded from mixing GTT
and VRAM.
Fixes: 81d0bcf99009 ("drm/amdgpu: make display pinning more flexible (v2)")
Cc: Luben Tuikov <luben.tuikov(a)amd.com>
Cc: Christian König <christian.koenig(a)amd.com>
Cc: Alex Deucher <alexander.deucher(a)amd.com>
Cc: stable(a)vger.kernel.org # 6.1+
Tested-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
Signed-off-by: Brian Geffon <bgeffon(a)google.com>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
index 73403744331a..5d7f13e25b7c 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
@@ -1545,7 +1545,8 @@ uint32_t amdgpu_bo_get_preferred_domain(struct amdgpu_device *adev,
uint32_t domain)
{
if ((domain == (AMDGPU_GEM_DOMAIN_VRAM | AMDGPU_GEM_DOMAIN_GTT)) &&
- ((adev->asic_type == CHIP_CARRIZO) || (adev->asic_type == CHIP_STONEY))) {
+ ((adev->asic_type == CHIP_CARRIZO) || (adev->asic_type == CHIP_STONEY) ||
+ (adev->asic_type == CHIP_RAVEN))) {
domain = AMDGPU_GEM_DOMAIN_VRAM;
if (adev->gmc.real_vram_size <= AMDGPU_SG_THRESHOLD)
domain = AMDGPU_GEM_DOMAIN_GTT;
--
2.50.0.727.gbf7dc18ff4-goog
3 minutes
- 2
- 4
[PATCH 6.1] HID: mcp2221: Set driver data before I2C adapter add
by Sumanth Gavini
The process of adding an I2C adapter can invoke I2C accesses on that new
adapter (see i2c_detect()).
Ensure we have set the adapter's driver data to avoid null pointer
dereferences in the xfer functions during the adapter add.
This has been noted in the past and the same fix proposed but not
completed. See:
https://lore.kernel.org/lkml/ef597e73-ed71-168e-52af-0d19b03734ac@vigem.de/
Signed-off-by: Hamish Martin <hamish.martin(a)alliedtelesis.co.nz>
Signed-off-by: Jiri Kosina <jkosina(a)suse.cz>
Signed-off-by: Sumanth Gavini <sumanth.gavini(a)yahoo.com>
---
drivers/hid/hid-mcp2221.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-mcp2221.c b/drivers/hid/hid-mcp2221.c
index de52e9f7bb8c..9973545c1c4b 100644
--- a/drivers/hid/hid-mcp2221.c
+++ b/drivers/hid/hid-mcp2221.c
@@ -873,12 +873,12 @@ static int mcp2221_probe(struct hid_device *hdev,
"MCP2221 usb-i2c bridge on hidraw%d",
((struct hidraw *)hdev->hidraw)->minor);
+ i2c_set_adapdata(&mcp->adapter, mcp);
ret = i2c_add_adapter(&mcp->adapter);
if (ret) {
hid_err(hdev, "can't add usb-i2c adapter: %d\n", ret);
goto err_i2c;
}
- i2c_set_adapdata(&mcp->adapter, mcp);
/* Setup GPIO chip */
mcp->gc = devm_kzalloc(&hdev->dev, sizeof(*mcp->gc), GFP_KERNEL);
--
2.43.0
14 minutes
- 2
- 2
[PATCH v2 0/1] nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails
by Rick Wertenbroek
Changes from v1 :
- Updated comment for nvmet_pci_epf_queue_response() per Damien's suggestion.
- Fixed typo in commit message.
- Added 3 tags in commit message:
Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org>
Fixes: 0faa0fe6f90e ("nvmet: New NVMe PCI endpoint function target driver")
Cc: stable(a)vger.kernel.org
Best regards,
Rick
Rick Wertenbroek (1):
nvmet: pci-epf: Do not complete commands twice if nvmet_req_init()
fails
drivers/nvme/target/pci-epf.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
--
2.25.1
1 hour, 34 minutes
- 3
- 3
[PATCH] i2c: qup: jump out of the loop in case of timeout
by Yang Xiwen via B4 Relay
From: Yang Xiwen <forbidden405(a)outlook.com>
Original logic only sets the return value but doesn't jump out of the
loop if the bus is kept active by a client. This is not expected. A
malicious or buggy i2c client can hang the kernel in this case and
should be avoided. This is observed during a long time test with a
PCA953x GPIO extender.
Fix it by changing the logic to not only sets the return value, but also
jumps out of the loop and return to the caller with -ETIMEDOUT.
Cc: stable(a)vger.kernel.org
Signed-off-by: Yang Xiwen <forbidden405(a)outlook.com>
---
drivers/i2c/busses/i2c-qup.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-qup.c b/drivers/i2c/busses/i2c-qup.c
index 3a36d682ed57..5b053e51f4c9 100644
--- a/drivers/i2c/busses/i2c-qup.c
+++ b/drivers/i2c/busses/i2c-qup.c
@@ -452,8 +452,10 @@ static int qup_i2c_bus_active(struct qup_i2c_dev *qup, int len)
if (!(status & I2C_STATUS_BUS_ACTIVE))
break;
- if (time_after(jiffies, timeout))
+ if (time_after(jiffies, timeout)) {
ret = -ETIMEDOUT;
+ break;
+ }
usleep_range(len, len * 2);
}
---
base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494
change-id: 20250615-qca-i2c-d41bb61aa59e
Best regards,
--
Yang Xiwen <forbidden405(a)outlook.com>
1 hour, 58 minutes
- 4
- 3
Access Target Contacts from the GSX 2025 Audience
by Lena Schwekendiek
Hi ,
Planning to get the GSX 2025 attendee list?
Expo Name: Global Security Exchange (GSX) 2025
Total Number of records: 17,000 records
List includes: Company Name, Contact Name, Job Title, Mailing Address, Phone, Emails, etc.
Interested in moving forward with these leads? Let me know, and I'll share the price.
Can't wait for your reply
Regards
Lena
Marketing Manager
Pro Tech Insights.,
Please reply with REMOVE if you don't wish to receive further emails
2 hours, 32 minutes
- 1
- 0
[PATCH 1/7] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x
by Ville Syrjala
From: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
On g4x we currently use the 96MHz non-SSC refclk, which can't actually
generate an exact 2.7 Gbps link rate. In practice we end up with 2.688
Gbps which seems to be close enough to actually work, but link training
is currently failing due to miscalculating the DP_LINK_BW value (we
calcualte it directly from port_clock which reflects the actual PLL
outpout frequency).
Ideas how to fix this:
- nudge port_clock back up to 270000 during PLL computation/readout
- track port_clock and the nominal link rate separately so they might
differ a bit
- switch to the 100MHz refclk, but that one should be SSC so perhaps
not something we want
While we ponder about a better solution apply some band aid to the
immediate issue of miscalculated DP_LINK_BW value. With this
I can again use 2.7 Gbps link rate on g4x.
Cc: stable(a)vger.kernel.org
Fixes: 665a7b04092c ("drm/i915: Feed the DPLL output freq back into crtc_state")
Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
---
drivers/gpu/drm/i915/display/intel_dp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c
index f48912f308df..7976fec88606 100644
--- a/drivers/gpu/drm/i915/display/intel_dp.c
+++ b/drivers/gpu/drm/i915/display/intel_dp.c
@@ -1606,6 +1606,12 @@ int intel_dp_rate_select(struct intel_dp *intel_dp, int rate)
void intel_dp_compute_rate(struct intel_dp *intel_dp, int port_clock,
u8 *link_bw, u8 *rate_select)
{
+ struct intel_display *display = to_intel_display(intel_dp);
+
+ /* FIXME g4x can't generate an exact 2.7GHz with the 96MHz non-SSC refclk */
+ if (display->platform.g4x && port_clock == 268800)
+ port_clock = 270000;
+
/* eDP 1.4 rate select method. */
if (intel_dp->use_rate_select) {
*link_bw = 0;
--
2.49.0
2 hours, 34 minutes
- 3
- 3
[PATCH] net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
by John Ernberg
Having a Gemalto Cinterion PLS83-W modem attached to USB and activating the
cellular data link would sometimes yield the following RCU stall, leading
to a system freeze:
rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 0-.... } 33108 jiffies s: 201 root: 0x1/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
Call trace:
arch_local_irq_enable+0x4/0x8
local_bh_enable+0x18/0x20
__netdev_alloc_skb+0x18c/0x1cc
rx_submit+0x68/0x1f8 [usbnet]
rx_alloc_submit+0x4c/0x74 [usbnet]
usbnet_bh+0x1d8/0x218 [usbnet]
usbnet_bh_tasklet+0x10/0x18 [usbnet]
tasklet_action_common+0xa8/0x110
tasklet_action+0x2c/0x34
handle_softirqs+0x2cc/0x3a0
__do_softirq+0x10/0x18
____do_softirq+0xc/0x14
call_on_irq_stack+0x24/0x34
do_softirq_own_stack+0x18/0x20
__irq_exit_rcu+0xa8/0xb8
irq_exit_rcu+0xc/0x30
el1_interrupt+0x34/0x48
el1h_64_irq_handler+0x14/0x1c
el1h_64_irq+0x68/0x6c
_raw_spin_unlock_irqrestore+0x38/0x48
xhci_urb_dequeue+0x1ac/0x45c [xhci_hcd]
unlink1+0xd4/0xdc [usbcore]
usb_hcd_unlink_urb+0x70/0xb0 [usbcore]
usb_unlink_urb+0x24/0x44 [usbcore]
unlink_urbs.constprop.0.isra.0+0x64/0xa8 [usbnet]
__handle_link_change+0x34/0x70 [usbnet]
usbnet_deferred_kevent+0x1c0/0x320 [usbnet]
process_scheduled_works+0x2d0/0x48c
worker_thread+0x150/0x1dc
kthread+0xd8/0xe8
ret_from_fork+0x10/0x20
It turns out that during the link activation a LINK_CHANGE event is emitted
which causes the active RX URBs to be unlinked, while that is happening
rx_submit() may begin pushing new URBs to the queue being emptied.
Causing the unlink queue to never empty.
Use the same approach as commit 43daa96b166c ("usbnet: Stop RX Q on MTU
change") and pause the RX queue while unlinking the URBs on LINK_CHANGE
as well.
Fixes: 4b49f58fff00 ("usbnet: handle link change")
Cc: stable(a)vger.kernel.org
Signed-off-by: John Ernberg <john.ernberg(a)actia.se>
---
Tested on 6.12.20 and forward ported.
---
drivers/net/usb/usbnet.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index c04e715a4c2a..156f0e85a135 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1115,7 +1115,9 @@ static void __handle_link_change(struct usbnet *dev)
if (!netif_carrier_ok(dev->net)) {
/* kill URBs for reading packets to save bus bandwidth */
+ usbnet_pause_rx(dev);
unlink_urbs(dev, &dev->rxq);
+ usbnet_resume_rx(dev);
/*
* tx_timeout will unlink URBs for sending packets and
--
2.49.0
2 hours, 36 minutes
- 3
- 6
+ kasan-use-vmalloc_dump_obj-for-vmalloc-error-reports.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: kasan: use vmalloc_dump_obj() for vmalloc error reports
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
kasan-use-vmalloc_dump_obj-for-vmalloc-error-reports.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Marco Elver <elver(a)google.com>
Subject: kasan: use vmalloc_dump_obj() for vmalloc error reports
Date: Wed, 16 Jul 2025 17:23:28 +0200
Since 6ee9b3d84775 ("kasan: remove kasan_find_vm_area() to prevent
possible deadlock"), more detailed info about the vmalloc mapping and the
origin was dropped due to potential deadlocks.
While fixing the deadlock is necessary, that patch was too quick in
killing an otherwise useful feature, and did no due-diligence in
understanding if an alternative option is available.
Restore printing more helpful vmalloc allocation info in KASAN reports
with the help of vmalloc_dump_obj(). Example report:
| BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x4c9/0x610
| Read of size 1 at addr ffffc900002fd7f3 by task kunit_try_catch/493
|
| CPU: [...]
| Call Trace:
| <TASK>
| dump_stack_lvl+0xa8/0xf0
| print_report+0x17e/0x810
| kasan_report+0x155/0x190
| vmalloc_oob+0x4c9/0x610
| [...]
|
| The buggy address belongs to a 1-page vmalloc region starting at 0xffffc900002fd000 allocated at vmalloc_oob+0x36/0x610
| The buggy address belongs to the physical page:
| page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x126364
| flags: 0x200000000000000(node=0|zone=2)
| raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
| raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
| page dumped because: kasan: bad access detected
|
| [..]
Link: https://lkml.kernel.org/r/20250716152448.3877201-1-elver@google.com
Fixes: 6ee9b3d84775 ("kasan: remove kasan_find_vm_area() to prevent possible deadlock")
Signed-off-by: Marco Elver <elver(a)google.com>
Suggested-by: Uladzislau Rezki <urezki(a)gmail.com>
Acked-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com>
Cc: Alexander Potapenko <glider(a)google.com>
Cc: Andrey Konovalov <andreyknvl(a)gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
Cc: Yeoreum Yun <yeoreum.yun(a)arm.com>
Cc: Yunseong Kim <ysk(a)kzalloc.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/kasan/report.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/mm/kasan/report.c~kasan-use-vmalloc_dump_obj-for-vmalloc-error-reports
+++ a/mm/kasan/report.c
@@ -399,7 +399,9 @@ static void print_address_description(vo
}
if (is_vmalloc_addr(addr)) {
- pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr);
+ pr_err("The buggy address belongs to a");
+ if (!vmalloc_dump_obj(addr))
+ pr_cont(" vmalloc virtual mapping\n");
page = vmalloc_to_page(addr);
}
_
Patches currently in -mm which might be from elver(a)google.com are
kasan-use-vmalloc_dump_obj-for-vmalloc-error-reports.patch
2 hours, 42 minutes
- 1
- 0
[PATCH 1/2] nvmem: layouts: u-boot-env: remove crc32 endianness conversion
by srini@kernel.org
From: "Michael C. Pratt" <mcpratt(a)pm.me>
On 11 Oct 2022, it was reported that the crc32 verification
of the u-boot environment failed only on big-endian systems
for the u-boot-env nvmem layout driver with the following error.
Invalid calculated CRC32: 0x88cd6f09 (expected: 0x096fcd88)
This problem has been present since the driver was introduced,
and before it was made into a layout driver.
The suggested fix at the time was to use further endianness
conversion macros in order to have both the stored and calculated
crc32 values to compare always represented in the system's endianness.
This was not accepted due to sparse warnings
and some disagreement on how to handle the situation.
Later on in a newer revision of the patch, it was proposed to use
cpu_to_le32() for both values to compare instead of le32_to_cpu()
and store the values as __le32 type to remove compilation errors.
The necessity of this is based on the assumption that the use of crc32()
requires endianness conversion because the algorithm uses little-endian,
however, this does not prove to be the case and the issue is unrelated.
Upon inspecting the current kernel code,
there already is an existing use of le32_to_cpu() in this driver,
which suggests there already is special handling for big-endian systems,
however, it is big-endian systems that have the problem.
This, being the only functional difference between architectures
in the driver combined with the fact that the suggested fix
was to use the exact same endianness conversion for the values
brings up the possibility that it was not necessary to begin with,
as the same endianness conversion for two values expected to be the same
is expected to be equivalent to no conversion at all.
After inspecting the u-boot environment of devices of both endianness
and trying to remove the existing endianness conversion,
the problem is resolved in an equivalent way as the other suggested fixes.
Ultimately, it seems that u-boot is agnostic to endianness
at least for the purpose of environment variables.
In other words, u-boot reads and writes the stored crc32 value
with the same endianness that the crc32 value is calculated with
in whichever endianness a certain architecture runs on.
Therefore, the u-boot-env driver does not need to convert endianness.
Remove the usage of endianness macros in the u-boot-env driver,
and change the type of local variables to maintain the same return type.
If there is a special situation in the case of endianness,
it would be a corner case and should be handled by a unique "compatible".
Even though it is not necessary to use endianness conversion macros here,
it may be useful to use them in the future for consistent error printing.
Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables")
Reported-by: INAGAKI Hiroshi <musashino.open(a)gmail.com>
Link: https://lore.kernel.org/all/20221011024928.1807-1-musashino.open@gmail.com
Cc: stable(a)vger.kernel.org # 6.12.x
Cc: stable(a)vger.kernel.org # 6.6.x: f4cf4e5: Revert "nvmem: add new config option"
Cc: stable(a)vger.kernel.org # 6.6.x: 7f38b70: of: device: Export of_device_make_bus_id()
Cc: stable(a)vger.kernel.org # 6.6.x: 4a1a402: nvmem: Move of_nvmem_layout_get_container() in another header
Cc: stable(a)vger.kernel.org # 6.6.x: fc29fd8: nvmem: core: Rework layouts to become regular devices
Cc: stable(a)vger.kernel.org # 6.6.x: 0331c61: nvmem: core: Expose cells through sysfs
Cc: stable(a)vger.kernel.org # 6.6.x: 401df0d: nvmem: layouts: refactor .add_cells() callback arguments
Cc: stable(a)vger.kernel.org # 6.6.x: 6d0ca4a: nvmem: layouts: store owner from modules with nvmem_layout_driver_register()
Cc: stable(a)vger.kernel.org # 6.6.x: 5f15811: nvmem: layouts: add U-Boot env layout
Cc: stable(a)vger.kernel.org # 6.6.x
Signed-off-by: Michael C. Pratt <mcpratt(a)pm.me>
Signed-off-by: Srinivas Kandagatla <srini(a)kernel.org>
---
drivers/nvmem/layouts/u-boot-env.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/nvmem/layouts/u-boot-env.c b/drivers/nvmem/layouts/u-boot-env.c
index 436426d4e8f9..8571aac56295 100644
--- a/drivers/nvmem/layouts/u-boot-env.c
+++ b/drivers/nvmem/layouts/u-boot-env.c
@@ -92,7 +92,7 @@ int u_boot_env_parse(struct device *dev, struct nvmem_device *nvmem,
size_t crc32_data_offset;
size_t crc32_data_len;
size_t crc32_offset;
- __le32 *crc32_addr;
+ uint32_t *crc32_addr;
size_t data_offset;
size_t data_len;
size_t dev_size;
@@ -143,8 +143,8 @@ int u_boot_env_parse(struct device *dev, struct nvmem_device *nvmem,
goto err_kfree;
}
- crc32_addr = (__le32 *)(buf + crc32_offset);
- crc32 = le32_to_cpu(*crc32_addr);
+ crc32_addr = (uint32_t *)(buf + crc32_offset);
+ crc32 = *crc32_addr;
crc32_data_len = dev_size - crc32_data_offset;
data_len = dev_size - data_offset;
--
2.43.0
2 hours, 52 minutes
- 4
- 5
Backport a5a441ae283d ("ice/ptp: fix crosstimestamp reporting")
by Markus Blöchl
Hi Greg,
please consider backporting
a5a441ae283d ("ice/ptp: fix crosstimestamp reporting")
into linux-6.12.y
It fixes a regression from the series around
d4bea547ebb57 ("ice/ptp: Remove convert_art_to_tsc()")
which affected multiple drivers and occasionally
caused phc2sys to fail on ioctl(fd, PTP_SYS_OFFSET_PRECISE, ...).
This was the initial fix for ice but apparently tagging it
for stable was forgotten during submission.
A similar fix for e1000e can be found here:
Link: https://lore.kernel.org/lkml/20250709-e1000e_crossts-v2-1-2aae94384c59@bloc…
The hunk was moved around slightly in the upstream commit
92456e795ac6 ("ice: Add unified ice_capture_crosststamp").
Let me know if you therefore want a separate patch,
I just didn't want to to steal the credits here.
Thanks a lot!
Markus
--
3 hours, 7 minutes
- 1
- 0
[PATCH 1/2] s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again
by Ilya Leoshkevich
Commit 7ded842b356d ("s390/bpf: Fix bpf_plt pointer arithmetic") has
accidentally removed the critical piece of commit c730fce7c70c
("s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL"), causing
intermittent kernel panics in e.g. perf's on_switch() prog to reappear.
Restore the fix and add a comment.
Fixes: 7ded842b356d ("s390/bpf: Fix bpf_plt pointer arithmetic")
Cc: stable(a)vger.kernel.org
Signed-off-by: Ilya Leoshkevich <iii(a)linux.ibm.com>
---
arch/s390/net/bpf_jit_comp.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index 8bb738f1b1b6..bb17efe29d65 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -576,7 +576,15 @@ static void bpf_jit_plt(struct bpf_plt *plt, void *ret, void *target)
{
memcpy(plt, &bpf_plt, sizeof(*plt));
plt->ret = ret;
- plt->target = target;
+ /*
+ * (target == NULL) implies that the branch to this PLT entry was
+ * patched and became a no-op. However, some CPU could have jumped
+ * to this PLT entry before patching and may be still executing it.
+ *
+ * Since the intention in this case is to make the PLT entry a no-op,
+ * make the target point to the return label instead of NULL.
+ */
+ plt->target = target ?: ret;
}
/*
--
2.50.1
4 hours, 41 minutes
- 1
- 0
[PATCH 6.15 000/192] 6.15.7-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.15.7 release.
There are 192 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.7-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.15.7-rc1
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potential use-after-free in oplock/lease break ack
Nikunj A Dadhania <nikunj(a)amd.com>
x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation
Jiawen Wu <jiawenwu(a)trustnetic.com>
net: wangxun: revert the adjustment of the IRQ vector sequence
Willem de Bruijn <willemb(a)google.com>
selftests/bpf: adapt one more case in test_lru_map to the new target_free
Daniel J. Ogorchock <djogorchock(a)gmail.com>
HID: nintendo: avoid bluetooth suspend/resume stalls
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Fangrui Song <i(a)maskray.me>
riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment
Willem de Bruijn <willemb(a)google.com>
bpf: Adjust free target to avoid global starvation of LRU map
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix assertion when building free space tree
Long Li <longli(a)microsoft.com>
net: mana: Record doorbell physical address in PF mode
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Shuai Zhang <quic_shuaz(a)quicinc.com>
driver: bluetooth: hci_qca:fix unable to load the BT driver
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Tim Crawford <tcrawford(a)system76.com>
ALSA: hda/realtek: Add quirks for some Clevo laptops
Yasmin Fitzgerald <sunoflife1.git(a)gmail.com>
ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
Yuzuru10 <yuzuru_10(a)proton.me>
ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
Fengnan Chang <changfengnan(a)bytedance.com>
io_uring: make fallocate be hashed work
Chris Chiu <chris.chiu(a)canonical.com>
ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 6 G1a
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606
Jack Yu <jack.yu(a)realtek.com>
ASoC: rt721-sdca: fix boost gain calculation error
Tamura Dai <kirinode0(a)gmail.com>
ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Ronnie Sahlberg <rsahlberg(a)whamcloud.com>
ublk: sanity check add_dev input for underflow
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shruti Parab <shruti.parab(a)broadcom.com>
bnxt_en: Flush FW trace before copying to the coredump
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Jianbo Liu <jianbol(a)nvidia.com>
net/mlx5e: Add new prio for promiscuous mode
Carolina Jubran <cjubran(a)nvidia.com>
net/mlx5e: Fix race between DIM disable and net_dim()
Carolina Jubran <cjubran(a)nvidia.com>
net/mlx5: Reset bw_share field when changing a node's parent
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Shuicheng Lin <shuicheng.lin(a)intel.com>
drm/xe/pm: Correct comment of xe_pm_set_vram_threshold()
Shuicheng Lin <shuicheng.lin(a)intel.com>
drm/xe/pm: Restore display pm if there is error after display suspend
Hangbin Liu <liuhangbin(a)gmail.com>
selftests: net: lib: fix shift count out of range
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits
Mingming Cao <mmc(a)linux.ibm.com>
ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: mac80211: add the virtual monitor after reconfig complete
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_readahead()
Gao Xiang <xiang(a)kernel.org>
erofs: refine readahead tracepoint
Michal Wajdeczko <michal.wajdeczko(a)intel.com>
drm/xe/pf: Clear all LMTT pages on alloc
Pankaj Raghav <p.raghav(a)samsung.com>
block: reject bs > ps block devices when THP is disabled
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Henry Martin <bsdhenrymartin(a)gmail.com>
wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: Remove RCU section in mt7996_mac_sta_rc_work()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: Move RCU section in mt7996_mcu_add_rate_ctrl()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: Move RCU section in mt7996_mcu_add_rate_ctrl_fixed()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: Move RCU section in mt7996_mcu_set_fixed_field()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: Assume __mt76_connac_mcu_alloc_sta_req runs in atomic context
Ben Skeggs <bskeggs(a)nvidia.com>
drm/nouveau/gsp: fix potential leak of memory used during acpi init
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring/zcrx: fix pp destruction warnings
Felix Fietkau <nbd(a)nbd.name>
wifi: rt2x00: fix remove callback type mismatch
Moon Hee Lee <moonhee.lee.ca(a)gmail.com>
wifi: mac80211: reject VHT opmode for unsupported channel widths
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: fix non-transmitted BSSID profile search
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: mac80211: correctly identify S1G short beacon
Zheng Qixing <zhengqixing(a)huawei.com>
md/raid1,raid10: strip REQ_NOWAIT from member bios
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Mikko Perttunen <mperttunen(a)nvidia.com>
drm/tegra: nvdec: Fix dma_alloc_coherent error check
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: cfg80211: fix S1G beacon head validation in nl80211
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count
Gao Xiang <xiang(a)kernel.org>
erofs: fix large fragment handling
Gao Xiang <xiang(a)kernel.org>
erofs: address D-cache aliasing
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_read_folio()
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Sascha Hauer <s.hauer(a)pengutronix.de>
clk: scmi: Handle case where child clocks are initialized before their parents
Julien Massot <julien.massot(a)collabora.com>
dt-bindings: clock: mediatek: Add #reset-cells property for MT8188
Mikhail Paulyshka <me(a)mixaill.net>
x86/CPU/AMD: Disable INVLPGB on Zen2
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Mikhail Paulyshka <me(a)mixaill.net>
x86/rdrand: Disable RDSEED on AMD Cyan Skillfish
Xiaolei Wang <xiaolei.wang(a)windriver.com>
clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data
Harry Yoo <harry.yoo(a)oracle.com>
lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users()
Honggyu Kim <honggyu.kim(a)sk.com>
samples/damon: fix damon sample wsse for start failure
Honggyu Kim <honggyu.kim(a)sk.com>
samples/damon: fix damon sample prcl for start failure
Honggyu Kim <honggyu.kim(a)sk.com>
mm/damon: fix divide by zero in damon_get_intervals_score()
SeongJae Park <sj(a)kernel.org>
mm/damon/core: handle damon_call_control as normal under kdmond deactivation
Lance Yang <lance.yang(a)linux.dev>
mm/rmap: fix potential out-of-bounds page table access during batched unmap
Alexander Gordeev <agordeev(a)linux.ibm.com>
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Illia Ostapyshyn <illia(a)yshyn.com>
scripts: gdb: vfs: support external dentry names
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts.py after maple tree conversion
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: de-reference per-CPU MCE interrupts
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts display after MCP on x86
Baolin Wang <baolin.wang(a)linux.alibaba.com>
mm: fix the inaccurate memory statistics issue for users
Wei Yang <richard.weiyang(a)gmail.com>
maple_tree: fix mt_destroy_walk() on root leaf node
Yeoreum Yun <yeoreum.yun(a)arm.com>
kasan: remove kasan_find_vm_area() to prevent possible deadlock
Achill Gilgenast <fossdd(a)pwned.life>
kallsyms: fix build without execinfo
Zhe Qiao <qiaozhe(a)iscas.ac.cn>
Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()"
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Matthew Brost <matthew.brost(a)intel.com>
drm/xe: Allocate PF queue size on pow2 boundary
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/framebuffer: Acquire internal references on GEM handles
Kuen-Han Tsai <khtsai(a)google.com>
Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Aaron Thompson <dev(a)aaront.org>
drm/nouveau: Do not fail module init on debugfs errors
Matthew Brost <matthew.brost(a)intel.com>
Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2"
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/bmg: fix compressed VRAM handling
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix error handling in ttm_buffer_object_transfer
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/gem: Acquire references on GEM handles for framebuffers
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdkfd: add hqd_sdma_get_doorbell callbacks for gfx7/8
Kent Russell <kent.russell(a)amd.com>
drm/amdgpu: Include sdma_4_4_4.bin
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: Don't call mmput from MMU notifier callback
Alessio Belle <alessio.belle(a)imgtec.com>
drm/imagination: Fix kernel crash when hard resetting the GPU
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the wrong config for tx interrupt
Deren Wu <deren.wu(a)mediatek.com>
wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()
Deren Wu <deren.wu(a)mediatek.com>
wifi: mt76: mt7921: prevent decap offload config before STA initialization
Vitor Soares <vitor.soares(a)toradex.com>
wifi: mwifiex: discard erroneous disassoc frames on STA interface
Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be>
wifi: prevent A-MSDU attacks in mesh networks
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Fix invalid state detection
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Miquel Raynal <miquel.raynal(a)bootlin.com>
pinctrl: nuvoton: Fix boot on ma35dx platforms
Håkon Bugge <haakon.bugge(a)oracle.com>
md/md-bitmap: fix GPF in bitmap_get_stats()
Hugo Villeneuve <hvilleneuve(a)dimonoff.com>
gpiolib: fix performance regression when using gpio_chip_get_multiple()
Haoxiang Li <haoxiang_li2024(a)163.com>
net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
Jens Axboe <axboe(a)kernel.dk>
io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU
Arun Raghavan <arun(a)asymptotic.io>
ASoC: fsl_sai: Force a software reset when starting in consumer mode
Mark Brown <broonie(a)kernel.org>
arm64: Filter out SME hwcaps when FEAT_SME isn't implemented
Edip Hazuri <edip(a)medip.dev>
ALSA: hda/realtek - Add mute LED support for HP Victus 15-fb2xxx
Thorsten Blum <thorsten.blum(a)linux.dev>
ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
sched: Fix preemption string of preempt_dynamic_none
Liam Merwick <liam.merwick(a)oracle.com>
KVM: Allow CPU to reschedule while setting per-page memory attributes
Sean Christopherson <seanjc(a)google.com>
KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight
Nikunj A Dadhania <nikunj(a)amd.com>
KVM: SVM: Add missing member in SNP_LAUNCH_START command structure
Manuel Andreas <manuel.andreas(a)tum.de>
KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Ensure user polling settings are honored when restarting timer
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Add default names for MCA banks and blocks
Dan Carpenter <dan.carpenter(a)linaro.org>
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Eric Biggers <ebiggers(a)kernel.org>
crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2
David Howells <dhowells(a)redhat.com>
rxrpc: Fix bug due to prealloc collision
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Chintan Vankar <c-vankar(a)ti.com>
net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Force predictable MDI-X state on LAN87xx
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
EricChan <chenchuangyu(a)xiaomi.com>
net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2
Petr Pavlu <petr.pavlu(a)suse.com>
module: Fix memory deallocation on error path in move_module()
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
net: airoha: Fix an error handling path in airoha_probe()
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Jiayuan Chen <jiayuan.chen(a)linux.dev>
tcp: Correct signedness in skb remaining space calculation
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: fix `vsock_proto` declaration
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Luo Jie <quic_luoj(a)quicinc.com>
net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol()
Luo Jie <quic_luoj(a)quicinc.com>
net: phy: qcom: move the WoL function to shared library
Anshuman Khandual <anshuman.khandual(a)arm.com>
arm64/mm: Drop wrong writes into TCR2_EL1
Kevin Brodsky <kevin.brodsky(a)arm.com>
arm64: poe: Handle spurious Overlay faults
Jason Xing <kernelxing(a)tencent.com>
bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL
kuyo chang <kuyo.chang(a)mediatek.com>
sched/deadline: Fix dl_server runtime calculation formula
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Mario Limonciello <mario.limonciello(a)amd.com>
pinctrl: amd: Clear GPIO debounce for suspend
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix attempting to send HCI_Disconnect to BIS handle
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_core: Remove check of BDADDR_ANY in hci_conn_hash_lookup_big_state
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix not disabling advertising instance
Richard Fitzgerald <rf(a)opensource.cirrus.com>
ASoC: cs35l56: probe() should fail if the device ID is not recognized
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Heiko Carstens <hca(a)linux.ibm.com>
objtool: Add missing endian conversion to read_annotate()
Peter Zijlstra <peterz(a)infradead.org>
sched/core: Fix migrate_swap() vs. hotplug
Nam Cao <namcao(a)linutronix.de>
irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ
Shiju Jose <shiju.jose(a)huawei.com>
EDAC: Initialize EDAC features sysfs attributes
Luo Gengkun <luogengkun(a)huaweicloud.com>
perf/core: Fix the WARN_ON_ONCE is out of lock protected region
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: add sof_sdw_get_tplg_files ops
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: soc-acpi: add get_function_tplg_files ops
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Linus Torvalds <torvalds(a)linux-foundation.org>
eventpoll: don't decrement ep refcount while still holding the ep mutex
-------------
Diffstat:
Documentation/bpf/map_hash.rst | 8 +-
Documentation/bpf/map_lru_hash_update.dot | 6 +-
.../bindings/clock/mediatek,mt8188-clock.yaml | 3 +
Makefile | 4 +-
arch/arm64/kernel/cpufeature.c | 57 +++--
arch/arm64/kernel/process.c | 5 +
arch/arm64/mm/fault.c | 30 ++-
arch/arm64/mm/proc.S | 1 -
arch/riscv/kernel/vdso/vdso.lds.S | 2 +-
arch/s390/crypto/sha1_s390.c | 2 +
arch/s390/crypto/sha256_s390.c | 3 +
arch/s390/crypto/sha512_s390.c | 3 +
arch/um/drivers/vector_kern.c | 42 ++--
arch/x86/Kconfig | 2 +-
arch/x86/coco/sev/core.c | 22 +-
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/include/asm/sev.h | 17 +-
arch/x86/kernel/cpu/amd.c | 10 +
arch/x86/kernel/cpu/mce/amd.c | 28 ++-
arch/x86/kernel/cpu/mce/core.c | 24 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kvm/hyperv.c | 3 +
arch/x86/kvm/svm/sev.c | 4 +
arch/x86/kvm/xen.c | 15 +-
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/nbd.c | 6 +-
drivers/block/ublk_drv.c | 3 +-
drivers/bluetooth/hci_qca.c | 13 +-
drivers/char/ipmi/ipmi_msghandler.c | 3 +-
drivers/clk/clk-scmi.c | 20 +-
drivers/clk/imx/clk-imx95-blk-ctl.c | 12 +-
drivers/edac/ecs.c | 4 +-
drivers/edac/mem_repair.c | 1 +
drivers/edac/scrub.c | 1 +
drivers/gpio/gpiolib.c | 5 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 8 +
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v8.c | 8 +
drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 1 +
drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 ++--
drivers/gpu/drm/drm_framebuffer.c | 31 ++-
drivers/gpu/drm/drm_gem.c | 74 +++++-
drivers/gpu/drm/drm_internal.h | 2 +
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/imagination/pvr_power.c | 4 +-
drivers/gpu/drm/nouveau/nouveau_debugfs.c | 6 +-
drivers/gpu/drm/nouveau/nouveau_debugfs.h | 5 +-
drivers/gpu/drm/nouveau/nouveau_drm.c | 4 +-
drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 +-
drivers/gpu/drm/tegra/nvdec.c | 6 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 +
drivers/gpu/drm/xe/xe_lmtt.c | 11 +
drivers/gpu/drm/xe/xe_migrate.c | 2 +-
drivers/gpu/drm/xe/xe_pci.c | 1 -
drivers/gpu/drm/xe/xe_pm.c | 11 +-
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-nintendo.c | 38 +++-
drivers/hid/hid-quirks.c | 3 +
drivers/irqchip/Kconfig | 1 +
drivers/md/md-bitmap.c | 3 +-
drivers/md/raid1.c | 4 +-
drivers/md/raid10.c | 12 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/airoha/airoha_eth.c | 1 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 18 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/ibm/ibmvnic.h | 8 +-
drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 +-
drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 1 +
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 +-
drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 +
drivers/net/ethernet/renesas/rtsn.c | 5 +
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +-
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +-
drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 +-
drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +-
drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +-
drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +-
drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 +-
drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 3 +-
drivers/net/phy/qcom/at803x.c | 27 ---
drivers/net/phy/qcom/qca808x.c | 2 +-
drivers/net/phy/qcom/qcom-phy-lib.c | 25 ++
drivers/net/phy/qcom/qcom.h | 5 +
drivers/net/phy/smsc.c | 57 ++++-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/marvell/mwifiex/util.c | 4 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 +
drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 +
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 +
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 40 +---
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 188 ++++++++++-----
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 16 +-
drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 +-
drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 +-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pci/pci-acpi.c | 23 +-
drivers/pinctrl/nuvoton/pinctrl-ma35.c | 10 +-
drivers/pinctrl/pinctrl-amd.c | 11 +
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/pwm/core.c | 2 +-
drivers/pwm/pwm-mediatek.c | 13 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/gadget/function/u_serial.c | 12 +-
fs/btrfs/free-space-tree.c | 16 +-
fs/erofs/data.c | 21 +-
fs/erofs/decompressor.c | 12 +-
fs/erofs/fileio.c | 6 +-
fs/erofs/internal.h | 6 +-
fs/erofs/zdata.c | 13 +-
fs/erofs/zmap.c | 9 +-
fs/eventpoll.c | 12 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
fs/proc/task_mmu.c | 14 +-
fs/smb/server/smb2pdu.c | 29 +--
fs/smb/server/transport_rdma.c | 5 +-
fs/smb/server/vfs.c | 1 +
include/drm/drm_file.h | 3 +
include/drm/drm_framebuffer.h | 7 +
include/drm/spsc_queue.h | 4 +-
include/linux/blkdev.h | 5 +
include/linux/ieee80211.h | 45 +++-
include/linux/io_uring_types.h | 2 +
include/linux/mm.h | 5 +
include/linux/psp-sev.h | 2 +
include/net/af_vsock.h | 2 +-
include/net/bluetooth/hci_core.h | 3 +-
include/net/netfilter/nf_flow_table.h | 2 +-
include/sound/soc-acpi.h | 13 ++
include/trace/events/erofs.h | 2 +-
io_uring/msg_ring.c | 4 +-
io_uring/opdef.c | 1 +
io_uring/zcrx.c | 3 -
kernel/bpf/bpf_lru_list.c | 9 +-
kernel/bpf/bpf_lru_list.h | 1 +
kernel/events/core.c | 6 +-
kernel/module/main.c | 4 +-
kernel/sched/core.c | 7 +-
kernel/sched/deadline.c | 10 +-
kernel/stop_machine.c | 20 +-
lib/alloc_tag.c | 3 +
lib/maple_tree.c | 1 +
mm/damon/core.c | 8 +-
mm/kasan/report.c | 45 +---
mm/rmap.c | 46 ++--
mm/vmalloc.c | 22 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 ++++--
net/bluetooth/hci_event.c | 3 +
net/bluetooth/hci_sync.c | 4 +-
net/ipv4/tcp.c | 2 +-
net/ipv6/addrconf.c | 9 +-
net/mac80211/cfg.c | 14 ++
net/mac80211/mlme.c | 7 +-
net/mac80211/parse.c | 6 +-
net/mac80211/util.c | 9 +-
net/netlink/af_netlink.c | 90 +++++---
net/rxrpc/call_accept.c | 4 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 ++++-
net/wireless/nl80211.c | 7 +-
net/wireless/util.c | 52 ++++-
samples/damon/prcl.c | 8 +-
samples/damon/wsse.c | 8 +-
scripts/gdb/linux/constants.py.in | 7 +
scripts/gdb/linux/interrupts.py | 16 +-
scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++++
scripts/gdb/linux/vfs.py | 2 +-
scripts/gdb/linux/xarray.py | 28 +++
sound/isa/ad1816a/ad1816a.c | 2 +-
sound/pci/hda/patch_realtek.c | 10 +
sound/soc/amd/yc/acp6x-mach.c | 7 +
sound/soc/codecs/cs35l56-shared.c | 2 +-
sound/soc/codecs/rt721-sdca.c | 23 +-
sound/soc/fsl/fsl_asrc.c | 3 +-
sound/soc/fsl/fsl_sai.c | 14 +-
sound/soc/intel/boards/Kconfig | 1 +
sound/soc/intel/common/Makefile | 2 +-
sound/soc/intel/common/soc-acpi-intel-arl-match.c | 21 +-
sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++++++++
sound/soc/intel/common/sof-function-topology-lib.h | 15 ++
sound/soc/sof/intel/hda.c | 6 +-
tools/arch/x86/include/asm/msr-index.h | 1 +
tools/include/linux/kallsyms.h | 4 +
tools/objtool/check.c | 1 +
tools/testing/selftests/bpf/test_lru_map.c | 105 ++++-----
tools/testing/selftests/net/lib.sh | 2 +-
virt/kvm/kvm_main.c | 3 +
203 files changed, 2012 insertions(+), 833 deletions(-)
5 hours, 9 minutes
- 19
- 211
[PATCH net 3/5] rxrpc: Fix notification vs call-release vs recvmsg
by David Howells
When a call is released, rxrpc takes the spinlock and removes it from
->recvmsg_q in an effort to prevent racing recvmsg() invocations from
seeing the same call. Now, rxrpc_recvmsg() only takes the spinlock when
actually removing a call from the queue; it doesn't, however, take it in
the lead up to that when it checks to see if the queue is empty. It *does*
hold the socket lock, which prevents a recvmsg/recvmsg race - but this
doesn't prevent sendmsg from ending the call because sendmsg() drops the
socket lock and relies on the call->user_mutex.
Fix this by firstly removing the bit in rxrpc_release_call() that dequeues
the released call and, instead, rely on recvmsg() to simply discard
released calls (done in a preceding fix).
Secondly, rxrpc_notify_socket() is abandoned if the call is already marked
as released rather than trying to be clever by setting both pointers in
call->recvmsg_link to NULL to trick list_empty(). This isn't perfect and
can still race, resulting in a released call on the queue, but recvmsg()
will now clean that up.
Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
Signed-off-by: David Howells <dhowells(a)redhat.com>
Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com>
cc: Marc Dionne <marc.dionne(a)auristor.com>
cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com>
cc: LePremierHomme <kwqcheii(a)proton.me>
cc: Jakub Kicinski <kuba(a)kernel.org>
cc: Paolo Abeni <pabeni(a)redhat.com>
cc: "David S. Miller" <davem(a)davemloft.net>
cc: Eric Dumazet <edumazet(a)google.com>
cc: Simon Horman <horms(a)kernel.org>
cc: linux-afs(a)lists.infradead.org
cc: netdev(a)vger.kernel.org
cc: stable(a)vger.kernel.org
---
include/trace/events/rxrpc.h | 2 +-
net/rxrpc/call_object.c | 28 ++++++++++++----------------
net/rxrpc/recvmsg.c | 4 ++++
3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h
index e7dcfb1369b6..8e5a73eb5268 100644
--- a/include/trace/events/rxrpc.h
+++ b/include/trace/events/rxrpc.h
@@ -325,7 +325,6 @@
EM(rxrpc_call_put_release_sock, "PUT rls-sock") \
EM(rxrpc_call_put_release_sock_tba, "PUT rls-sk-a") \
EM(rxrpc_call_put_sendmsg, "PUT sendmsg ") \
- EM(rxrpc_call_put_unnotify, "PUT unnotify") \
EM(rxrpc_call_put_userid_exists, "PUT u-exists") \
EM(rxrpc_call_put_userid, "PUT user-id ") \
EM(rxrpc_call_see_accept, "SEE accept ") \
@@ -338,6 +337,7 @@
EM(rxrpc_call_see_disconnected, "SEE disconn ") \
EM(rxrpc_call_see_distribute_error, "SEE dist-err") \
EM(rxrpc_call_see_input, "SEE input ") \
+ EM(rxrpc_call_see_notify_released, "SEE nfy-rlsd") \
EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \
EM(rxrpc_call_see_release, "SEE release ") \
EM(rxrpc_call_see_userid_exists, "SEE u-exists") \
diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c
index 15067ff7b1f2..918f41d97a2f 100644
--- a/net/rxrpc/call_object.c
+++ b/net/rxrpc/call_object.c
@@ -561,7 +561,7 @@ static void rxrpc_cleanup_rx_buffers(struct rxrpc_call *call)
void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call)
{
struct rxrpc_connection *conn = call->conn;
- bool put = false, putu = false;
+ bool putu = false;
_enter("{%d,%d}", call->debug_id, refcount_read(&call->ref));
@@ -573,23 +573,13 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call)
rxrpc_put_call_slot(call);
- /* Make sure we don't get any more notifications */
+ /* Note that at this point, the call may still be on or may have been
+ * added back on to the socket receive queue. recvmsg() must discard
+ * released calls. The CALL_RELEASED flag should prevent further
+ * notifications.
+ */
spin_lock_irq(&rx->recvmsg_lock);
-
- if (!list_empty(&call->recvmsg_link)) {
- _debug("unlinking once-pending call %p { e=%lx f=%lx }",
- call, call->events, call->flags);
- list_del(&call->recvmsg_link);
- put = true;
- }
-
- /* list_empty() must return false in rxrpc_notify_socket() */
- call->recvmsg_link.next = NULL;
- call->recvmsg_link.prev = NULL;
-
spin_unlock_irq(&rx->recvmsg_lock);
- if (put)
- rxrpc_put_call(call, rxrpc_call_put_unnotify);
write_lock(&rx->call_lock);
@@ -638,6 +628,12 @@ void rxrpc_release_calls_on_socket(struct rxrpc_sock *rx)
rxrpc_put_call(call, rxrpc_call_put_release_sock);
}
+ while ((call = list_first_entry_or_null(&rx->recvmsg_q,
+ struct rxrpc_call, recvmsg_link))) {
+ list_del_init(&call->recvmsg_link);
+ rxrpc_put_call(call, rxrpc_call_put_release_recvmsg_q);
+ }
+
_leave("");
}
diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c
index 6990e37697de..7fa7e77f6bb9 100644
--- a/net/rxrpc/recvmsg.c
+++ b/net/rxrpc/recvmsg.c
@@ -29,6 +29,10 @@ void rxrpc_notify_socket(struct rxrpc_call *call)
if (!list_empty(&call->recvmsg_link))
return;
+ if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) {
+ rxrpc_see_call(call, rxrpc_call_see_notify_released);
+ return;
+ }
rcu_read_lock();
5 hours, 16 minutes
- 2
- 1
[PATCH 6.12 000/165] 6.12.39-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.39 release.
There are 165 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 16:35:06 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.39-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.39-rc2
Michael Jeanson <mjeanson(a)efficios.com>
rseq: Fix segfault on registration when rseq_cs is non-zero
Lukas Wunner <lukas(a)wunner.de>
crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
Mark Brown <broonie(a)kernel.org>
arm64: Filter out SME hwcaps when FEAT_SME isn't implemented
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potential use-after-free in oplock/lease break ack
Yeoreum Yun <yeoreum.yun(a)arm.com>
kasan: remove kasan_find_vm_area() to prevent possible deadlock
Jiawen Wu <jiawenwu(a)trustnetic.com>
net: wangxun: revert the adjustment of the IRQ vector sequence
Gao Xiang <xiang(a)kernel.org>
erofs: fix rare pcluster memory leak after unmounting
Willem de Bruijn <willemb(a)google.com>
selftests/bpf: adapt one more case in test_lru_map to the new target_free
Daniel J. Ogorchock <djogorchock(a)gmail.com>
HID: nintendo: avoid bluetooth suspend/resume stalls
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Fangrui Song <i(a)maskray.me>
riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment
Willem de Bruijn <willemb(a)google.com>
bpf: Adjust free target to avoid global starvation of LRU map
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix assertion when building free space tree
Long Li <longli(a)microsoft.com>
net: mana: Record doorbell physical address in PF mode
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Shuai Zhang <quic_shuaz(a)quicinc.com>
driver: bluetooth: hci_qca:fix unable to load the BT driver
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Tim Crawford <tcrawford(a)system76.com>
ALSA: hda/realtek: Add quirks for some Clevo laptops
Yasmin Fitzgerald <sunoflife1.git(a)gmail.com>
ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
Yuzuru10 <yuzuru_10(a)proton.me>
ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
Fengnan Chang <changfengnan(a)bytedance.com>
io_uring: make fallocate be hashed work
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606
Tamura Dai <kirinode0(a)gmail.com>
ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Ronnie Sahlberg <rsahlberg(a)whamcloud.com>
ublk: sanity check add_dev input for underflow
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Jianbo Liu <jianbol(a)nvidia.com>
net/mlx5e: Add new prio for promiscuous mode
Carolina Jubran <cjubran(a)nvidia.com>
net/mlx5e: Fix race between DIM disable and net_dim()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Shuicheng Lin <shuicheng.lin(a)intel.com>
drm/xe/pm: Correct comment of xe_pm_set_vram_threshold()
Hangbin Liu <liuhangbin(a)gmail.com>
selftests: net: lib: fix shift count out of range
Petr Machata <petrm(a)nvidia.com>
selftests: net: lib: Move logging from forwarding/lib.sh here
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits
Mingming Cao <mmc(a)linux.ibm.com>
ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_readahead()
Gao Xiang <xiang(a)kernel.org>
erofs: refine readahead tracepoint
Gao Xiang <xiang(a)kernel.org>
erofs: tidy up zdata.c
Gao Xiang <xiang(a)kernel.org>
erofs: get rid of `z_erofs_next_pcluster_t`
Chunhai Guo <guochunhai(a)vivo.com>
erofs: free pclusters if no cached folio is attached
Michal Wajdeczko <michal.wajdeczko(a)intel.com>
drm/xe/pf: Clear all LMTT pages on alloc
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Henry Martin <bsdhenrymartin(a)gmail.com>
wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()
Ben Skeggs <bskeggs(a)nvidia.com>
drm/nouveau/gsp: fix potential leak of memory used during acpi init
Felix Fietkau <nbd(a)nbd.name>
wifi: rt2x00: fix remove callback type mismatch
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: fix non-transmitted BSSID profile search
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: mac80211: correctly identify S1G short beacon
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Mikko Perttunen <mperttunen(a)nvidia.com>
drm/tegra: nvdec: Fix dma_alloc_coherent error check
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: cfg80211: fix S1G beacon head validation in nl80211
David Howells <dhowells(a)redhat.com>
netfs: Fix ref leak on inserted extra subreq in write retry
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count
Gao Xiang <xiang(a)kernel.org>
erofs: address D-cache aliasing
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_read_folio()
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Sascha Hauer <s.hauer(a)pengutronix.de>
clk: scmi: Handle case where child clocks are initialized before their parents
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Mikhail Paulyshka <me(a)mixaill.net>
x86/rdrand: Disable RDSEED on AMD Cyan Skillfish
Xiaolei Wang <xiaolei.wang(a)windriver.com>
clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data
Miguel Ojeda <ojeda(a)kernel.org>
rust: init: allow `dead_code` warnings for Rust >= 1.89.0
Harry Yoo <harry.yoo(a)oracle.com>
lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users()
Alexander Gordeev <agordeev(a)linux.ibm.com>
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts.py after maple tree conversion
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: de-reference per-CPU MCE interrupts
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts display after MCP on x86
Baolin Wang <baolin.wang(a)linux.alibaba.com>
mm: fix the inaccurate memory statistics issue for users
Wei Yang <richard.weiyang(a)gmail.com>
maple_tree: fix mt_destroy_walk() on root leaf node
Achill Gilgenast <fossdd(a)pwned.life>
kallsyms: fix build without execinfo
Zhe Qiao <qiaozhe(a)iscas.ac.cn>
Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()"
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Matthew Brost <matthew.brost(a)intel.com>
drm/xe: Allocate PF queue size on pow2 boundary
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/framebuffer: Acquire internal references on GEM handles
Kuen-Han Tsai <khtsai(a)google.com>
Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Matthew Brost <matthew.brost(a)intel.com>
Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2"
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/bmg: fix compressed VRAM handling
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix error handling in ttm_buffer_object_transfer
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/gem: Acquire references on GEM handles for framebuffers
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: Don't call mmput from MMU notifier callback
Alessio Belle <alessio.belle(a)imgtec.com>
drm/imagination: Fix kernel crash when hard resetting the GPU
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the wrong config for tx interrupt
Deren Wu <deren.wu(a)mediatek.com>
wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()
Deren Wu <deren.wu(a)mediatek.com>
wifi: mt76: mt7921: prevent decap offload config before STA initialization
Vitor Soares <vitor.soares(a)toradex.com>
wifi: mwifiex: discard erroneous disassoc frames on STA interface
Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be>
wifi: prevent A-MSDU attacks in mesh networks
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Fix invalid state detection
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Håkon Bugge <haakon.bugge(a)oracle.com>
md/md-bitmap: fix GPF in bitmap_get_stats()
Haoxiang Li <haoxiang_li2024(a)163.com>
net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
Arun Raghavan <arun(a)asymptotic.io>
ASoC: fsl_sai: Force a software reset when starting in consumer mode
Thorsten Blum <thorsten.blum(a)linux.dev>
ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()
Liam Merwick <liam.merwick(a)oracle.com>
KVM: Allow CPU to reschedule while setting per-page memory attributes
Sean Christopherson <seanjc(a)google.com>
KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight
Nikunj A Dadhania <nikunj(a)amd.com>
KVM: SVM: Add missing member in SNP_LAUNCH_START command structure
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Ensure user polling settings are honored when restarting timer
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Add default names for MCA banks and blocks
Dan Carpenter <dan.carpenter(a)linaro.org>
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
David Howells <dhowells(a)redhat.com>
rxrpc: Fix bug due to prealloc collision
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Chintan Vankar <c-vankar(a)ti.com>
net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Force predictable MDI-X state on LAN87xx
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
EricChan <chenchuangyu(a)xiaomi.com>
net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Jiayuan Chen <jiayuan.chen(a)linux.dev>
tcp: Correct signedness in skb remaining space calculation
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: fix `vsock_proto` declaration
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Luo Jie <quic_luoj(a)quicinc.com>
net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol()
Luo Jie <quic_luoj(a)quicinc.com>
net: phy: qcom: move the WoL function to shared library
Kevin Brodsky <kevin.brodsky(a)arm.com>
arm64: poe: Handle spurious Overlay faults
Jason Xing <kernelxing(a)tencent.com>
bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL
kuyo chang <kuyo.chang(a)mediatek.com>
sched/deadline: Fix dl_server runtime calculation formula
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Mario Limonciello <mario.limonciello(a)amd.com>
pinctrl: amd: Clear GPIO debounce for suspend
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix not disabling advertising instance
Richard Fitzgerald <rf(a)opensource.cirrus.com>
ASoC: cs35l56: probe() should fail if the device ID is not recognized
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Peter Zijlstra <peterz(a)infradead.org>
sched/core: Fix migrate_swap() vs. hotplug
Nam Cao <namcao(a)linutronix.de>
irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ
Luo Gengkun <luogengkun(a)huaweicloud.com>
perf/core: Fix the WARN_ON_ONCE is out of lock protected region
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: add sof_sdw_get_tplg_files ops
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: soc-acpi: add get_function_tplg_files ops
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
Eric Biggers <ebiggers(a)kernel.org>
crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2
Flora Cui <flora.cui(a)amd.com>
drm/amdgpu/ip_discovery: add missing ip_discovery fw
Flora Cui <flora.cui(a)amd.com>
drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Linus Torvalds <torvalds(a)linux-foundation.org>
eventpoll: don't decrement ep refcount while still holding the ep mutex
-------------
Diffstat:
Documentation/bpf/map_hash.rst | 8 +-
Documentation/bpf/map_lru_hash_update.dot | 6 +-
Makefile | 4 +-
arch/arm64/kernel/cpufeature.c | 45 ++--
arch/arm64/kernel/process.c | 5 +
arch/arm64/mm/fault.c | 30 ++-
arch/riscv/kernel/vdso/vdso.lds.S | 2 +-
arch/s390/crypto/sha1_s390.c | 2 +
arch/s390/crypto/sha256_s390.c | 3 +
arch/s390/crypto/sha512_s390.c | 3 +
arch/um/drivers/vector_kern.c | 42 ++--
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/kernel/cpu/amd.c | 7 +
arch/x86/kernel/cpu/mce/amd.c | 28 ++-
arch/x86/kernel/cpu/mce/core.c | 24 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kvm/svm/sev.c | 4 +
arch/x86/kvm/xen.c | 15 +-
crypto/ecc.c | 2 +-
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/nbd.c | 6 +-
drivers/block/ublk_drv.c | 3 +-
drivers/bluetooth/hci_qca.c | 13 +-
drivers/char/ipmi/ipmi_msghandler.c | 3 +-
drivers/clk/clk-scmi.c | 20 +-
drivers/clk/imx/clk-imx95-blk-ctl.c | 12 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 30 ++-
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 +-
drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 ++--
drivers/gpu/drm/drm_framebuffer.c | 31 ++-
drivers/gpu/drm/drm_gem.c | 74 +++++-
drivers/gpu/drm/drm_internal.h | 2 +
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/imagination/pvr_power.c | 4 +-
drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 +-
drivers/gpu/drm/tegra/nvdec.c | 6 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 +
drivers/gpu/drm/xe/xe_lmtt.c | 11 +
drivers/gpu/drm/xe/xe_migrate.c | 2 +-
drivers/gpu/drm/xe/xe_pci.c | 1 -
drivers/gpu/drm/xe/xe_pm.c | 8 +-
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-nintendo.c | 38 +++-
drivers/hid/hid-quirks.c | 3 +
drivers/irqchip/Kconfig | 1 +
drivers/md/md-bitmap.c | 3 +-
drivers/md/raid1.c | 1 +
drivers/md/raid10.c | 10 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/ibm/ibmvnic.h | 8 +-
drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 +-
drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 +-
drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 +
drivers/net/ethernet/renesas/rtsn.c | 5 +
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +-
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +-
drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 +-
drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +-
drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +-
drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +-
drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 +-
drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 3 +-
drivers/net/phy/qcom/at803x.c | 27 ---
drivers/net/phy/qcom/qca808x.c | 2 +-
drivers/net/phy/qcom/qcom-phy-lib.c | 25 ++
drivers/net/phy/qcom/qcom.h | 5 +
drivers/net/phy/smsc.c | 57 ++++-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/marvell/mwifiex/util.c | 4 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 +
drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 +
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 +
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +-
drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 +-
drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 +-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pci/pci-acpi.c | 23 +-
drivers/pinctrl/pinctrl-amd.c | 11 +
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/pwm/core.c | 2 +-
drivers/pwm/pwm-mediatek.c | 13 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/gadget/function/u_serial.c | 12 +-
fs/btrfs/free-space-tree.c | 16 +-
fs/erofs/data.c | 21 +-
fs/erofs/decompressor.c | 12 +-
fs/erofs/fileio.c | 6 +-
fs/erofs/internal.h | 2 +-
fs/erofs/zdata.c | 251 +++++++++-----------
fs/erofs/zutil.c | 7 +-
fs/eventpoll.c | 12 +-
fs/netfs/write_collect.c | 2 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
fs/proc/task_mmu.c | 14 +-
fs/smb/server/smb2pdu.c | 29 +--
fs/smb/server/transport_rdma.c | 5 +-
fs/smb/server/vfs.c | 1 +
include/drm/drm_file.h | 3 +
include/drm/drm_framebuffer.h | 7 +
include/drm/spsc_queue.h | 4 +-
include/linux/ieee80211.h | 45 +++-
include/linux/math.h | 12 +
include/linux/mm.h | 5 +
include/linux/psp-sev.h | 2 +
include/net/af_vsock.h | 2 +-
include/net/netfilter/nf_flow_table.h | 2 +-
include/sound/soc-acpi.h | 13 ++
include/trace/events/erofs.h | 2 +-
io_uring/opdef.c | 1 +
kernel/bpf/bpf_lru_list.c | 9 +-
kernel/bpf/bpf_lru_list.h | 1 +
kernel/events/core.c | 6 +-
kernel/rseq.c | 60 ++++-
kernel/sched/core.c | 5 +
kernel/sched/deadline.c | 10 +-
kernel/stop_machine.c | 20 +-
lib/alloc_tag.c | 3 +
lib/maple_tree.c | 1 +
mm/kasan/report.c | 13 +-
mm/vmalloc.c | 22 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 ++++--
net/bluetooth/hci_event.c | 3 +
net/bluetooth/hci_sync.c | 2 +-
net/ipv4/tcp.c | 2 +-
net/ipv6/addrconf.c | 9 +-
net/mac80211/mlme.c | 7 +-
net/mac80211/parse.c | 6 +-
net/netlink/af_netlink.c | 90 +++++---
net/rxrpc/call_accept.c | 4 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 ++++-
net/wireless/nl80211.c | 7 +-
net/wireless/util.c | 52 ++++-
rust/kernel/init/macros.rs | 2 +
scripts/gdb/linux/constants.py.in | 7 +
scripts/gdb/linux/interrupts.py | 16 +-
scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++++
scripts/gdb/linux/xarray.py | 28 +++
sound/isa/ad1816a/ad1816a.c | 2 +-
sound/pci/hda/patch_realtek.c | 7 +
sound/soc/amd/yc/acp6x-mach.c | 7 +
sound/soc/codecs/cs35l56-shared.c | 2 +-
sound/soc/fsl/fsl_asrc.c | 3 +-
sound/soc/fsl/fsl_sai.c | 14 +-
sound/soc/intel/boards/Kconfig | 1 +
sound/soc/intel/common/Makefile | 2 +-
sound/soc/intel/common/soc-acpi-intel-arl-match.c | 66 +++++-
sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++++++++
sound/soc/intel/common/sof-function-topology-lib.h | 15 ++
sound/soc/sof/intel/hda.c | 6 +-
tools/arch/x86/include/asm/msr-index.h | 1 +
tools/include/linux/kallsyms.h | 4 +
tools/testing/selftests/bpf/test_lru_map.c | 105 ++++-----
tools/testing/selftests/net/forwarding/lib.sh | 113 ---------
tools/testing/selftests/net/lib.sh | 115 ++++++++++
virt/kvm/kvm_main.c | 3 +
175 files changed, 2014 insertions(+), 880 deletions(-)
5 hours, 18 minutes
- 9
- 8
[PATCH v5] riscv: hwprobe: Fix stale vDSO data for late-initialized keys at boot
by Jingwei Wang
The hwprobe vDSO data for some keys, like MISALIGNED_VECTOR_PERF,
is determined by an asynchronous kthread. This can create a race
condition where the kthread finishes after the vDSO data has
already been populated, causing userspace to read stale values.
To fix this, a completion-based framework is introduced to robustly
synchronize the async probes with the vDSO data population. The
waiting function, init_hwprobe_vdso_data(), now blocks on
wait_for_completion() until all probes signal they are done.
Furthermore, to prevent this potential blocking from impacting boot
performance, the initialization is deferred to late_initcall. This
is safe as the data is only required by userspace (which starts
much later) and moves the synchronization delay off the critical
boot path.
Reported-by: Tsukasa OI <research_trasio(a)irq.a4lg.com>
Closes: https://lore.kernel.org/linux-riscv/760d637b-b13b-4518-b6bf-883d55d44e7f@ir…
Fixes: e7c9d66e313b ("RISC-V: Report vector unaligned access speed hwprobe")
Cc: Palmer Dabbelt <palmer(a)dabbelt.com>
Cc: Alexandre Ghiti <alexghiti(a)rivosinc.com>
Cc: Olof Johansson <olof(a)lixom.net>
Cc: stable(a)vger.kernel.org
Signed-off-by: Jingwei Wang <wangjingwei(a)iscas.ac.cn>
---
Changes in v5:
- Reworked the synchronization logic to a robust "sentinel-count"
pattern based on feedback from Alexandre.
- Fixed a "multiple definition" linker error for nommu builds by changing
the header-file stub functions to `static inline`, as pointed out by Olof.
- Updated the commit message to better explain the rationale for moving
the vDSO initialization to `late_initcall`.
Changes in v4:
- Reworked the synchronization mechanism based on feedback from Palmer
and Alexandre.
- Instead of a post-hoc refresh, this version introduces a robust
completion-based framework using an atomic counter to ensure async
probes are finished before populating the vDSO.
- Moved the vdso data initialization to a late_initcall to avoid
impacting boot time.
Changes in v3:
- Retained existing blank line.
Changes in v2:
- Addressed feedback from Yixun's regarding #ifdef CONFIG_MMU usage.
- Updated commit message to provide a high-level summary.
- Added Fixes tag for commit e7c9d66e313b.
v1: https://lore.kernel.org/linux-riscv/20250521052754.185231-1-wangjingwei@isc…
arch/riscv/include/asm/hwprobe.h | 8 +++++++-
arch/riscv/kernel/sys_hwprobe.c | 20 +++++++++++++++++++-
arch/riscv/kernel/unaligned_access_speed.c | 9 +++++++--
3 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/arch/riscv/include/asm/hwprobe.h b/arch/riscv/include/asm/hwprobe.h
index 7fe0a379474ae2c6..3b2888126e659ea1 100644
--- a/arch/riscv/include/asm/hwprobe.h
+++ b/arch/riscv/include/asm/hwprobe.h
@@ -40,5 +40,11 @@ static inline bool riscv_hwprobe_pair_cmp(struct riscv_hwprobe *pair,
return pair->value == other_pair->value;
}
-
+#ifdef CONFIG_MMU
+void riscv_hwprobe_register_async_probe(void);
+void riscv_hwprobe_complete_async_probe(void);
+#else
+static inline void riscv_hwprobe_register_async_probe(void) {}
+static inline void riscv_hwprobe_complete_async_probe(void) {}
+#endif
#endif
diff --git a/arch/riscv/kernel/sys_hwprobe.c b/arch/riscv/kernel/sys_hwprobe.c
index 0b170e18a2beba57..ee02aeb03e7bd3d8 100644
--- a/arch/riscv/kernel/sys_hwprobe.c
+++ b/arch/riscv/kernel/sys_hwprobe.c
@@ -5,6 +5,8 @@
* more details.
*/
#include <linux/syscalls.h>
+#include <linux/completion.h>
+#include <linux/atomic.h>
#include <asm/cacheflush.h>
#include <asm/cpufeature.h>
#include <asm/hwprobe.h>
@@ -467,6 +469,20 @@ static int do_riscv_hwprobe(struct riscv_hwprobe __user *pairs,
#ifdef CONFIG_MMU
+static DECLARE_COMPLETION(boot_probes_done);
+static atomic_t pending_boot_probes = ATOMIC_INIT(1);
+
+void riscv_hwprobe_register_async_probe(void)
+{
+ atomic_inc(&pending_boot_probes);
+}
+
+void riscv_hwprobe_complete_async_probe(void)
+{
+ if (atomic_dec_and_test(&pending_boot_probes))
+ complete(&boot_probes_done);
+}
+
static int __init init_hwprobe_vdso_data(void)
{
struct vdso_arch_data *avd = vdso_k_arch_data;
@@ -474,6 +490,8 @@ static int __init init_hwprobe_vdso_data(void)
struct riscv_hwprobe pair;
int key;
+ if (unlikely(!atomic_dec_and_test(&pending_boot_probes)))
+ wait_for_completion(&boot_probes_done);
/*
* Initialize vDSO data with the answers for the "all CPUs" case, to
* save a syscall in the common case.
@@ -504,7 +522,7 @@ static int __init init_hwprobe_vdso_data(void)
return 0;
}
-arch_initcall_sync(init_hwprobe_vdso_data);
+late_initcall(init_hwprobe_vdso_data);
#endif /* CONFIG_MMU */
diff --git a/arch/riscv/kernel/unaligned_access_speed.c b/arch/riscv/kernel/unaligned_access_speed.c
index ae2068425fbcd207..4b8ad2673b0f7470 100644
--- a/arch/riscv/kernel/unaligned_access_speed.c
+++ b/arch/riscv/kernel/unaligned_access_speed.c
@@ -379,6 +379,7 @@ static void check_vector_unaligned_access(struct work_struct *work __always_unus
static int __init vec_check_unaligned_access_speed_all_cpus(void *unused __always_unused)
{
schedule_on_each_cpu(check_vector_unaligned_access);
+ riscv_hwprobe_complete_async_probe();
return 0;
}
@@ -473,8 +474,12 @@ static int __init check_unaligned_access_all_cpus(void)
per_cpu(vector_misaligned_access, cpu) = unaligned_vector_speed_param;
} else if (!check_vector_unaligned_access_emulated_all_cpus() &&
IS_ENABLED(CONFIG_RISCV_PROBE_VECTOR_UNALIGNED_ACCESS)) {
- kthread_run(vec_check_unaligned_access_speed_all_cpus,
- NULL, "vec_check_unaligned_access_speed_all_cpus");
+ riscv_hwprobe_register_async_probe();
+ if (IS_ERR(kthread_run(vec_check_unaligned_access_speed_all_cpus,
+ NULL, "vec_check_unaligned_access_speed_all_cpus"))) {
+ pr_warn("Failed to create vec_unalign_check kthread\n");
+ riscv_hwprobe_complete_async_probe();
+ }
}
/*
--
2.50.0
5 hours, 28 minutes
- 2
- 1
[PATCH 6.6 000/111] 6.6.99-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.6.99 release.
There are 111 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 16:35:12 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.99-rc2…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.6.99-rc2
Michael Jeanson <mjeanson(a)efficios.com>
rseq: Fix segfault on registration when rseq_cs is non-zero
Lukas Wunner <lukas(a)wunner.de>
crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potential use-after-free in oplock/lease break ack
Yeoreum Yun <yeoreum.yun(a)arm.com>
kasan: remove kasan_find_vm_area() to prevent possible deadlock
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix potential race in cifs_put_tcon()
Willem de Bruijn <willemb(a)google.com>
selftests/bpf: adapt one more case in test_lru_map to the new target_free
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Willem de Bruijn <willemb(a)google.com>
bpf: Adjust free target to avoid global starvation of LRU map
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix assertion when building free space tree
Long Li <longli(a)microsoft.com>
net: mana: Record doorbell physical address in PF mode
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Yasmin Fitzgerald <sunoflife1.git(a)gmail.com>
ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
Yuzuru10 <yuzuru_10(a)proton.me>
ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
Fengnan Chang <changfengnan(a)bytedance.com>
io_uring: make fallocate be hashed work
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Ronnie Sahlberg <rsahlberg(a)whamcloud.com>
ublk: sanity check add_dev input for underflow
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Mingming Cao <mmc(a)linux.ibm.com>
ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Mikko Perttunen <mperttunen(a)nvidia.com>
drm/tegra: nvdec: Fix dma_alloc_coherent error check
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Shyam Prasad N <sprasad(a)microsoft.com>
cifs: all initializations for tcon should happen in tcon_info_alloc
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix DFS interlink failover
Paulo Alcantara <pc(a)manguebit.com>
smb: client: avoid unnecessary reconnects when refreshing referrals
Kuen-Han Tsai <khtsai(a)google.com>
usb: dwc3: Abort suspend on soft disconnect failure
Pawel Laszczak <pawell(a)cadence.com>
usb: cdnsp: Fix issue with CV Bad Descriptor test
Lee Jones <lee(a)kernel.org>
usb: cdnsp: Replace snprintf() with the safer scnprintf() variant
Pawel Laszczak <pawell(a)cadence.com>
usb:cdnsp: remove TRB_FLUSH_ENDPOINT command
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix inode lookup error handling during log replay
Filipe Manana <fdmanana(a)suse.com>
btrfs: return a btrfs_inode from btrfs_iget_logging()
Filipe Manana <fdmanana(a)suse.com>
btrfs: remove redundant root argument from fixup_inode_link_count()
Filipe Manana <fdmanana(a)suse.com>
btrfs: remove redundant root argument from btrfs_update_inode_fallback()
Filipe Manana <fdmanana(a)suse.com>
btrfs: remove noinline from btrfs_update_inode()
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_read_folio()
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Mikhail Paulyshka <me(a)mixaill.net>
x86/rdrand: Disable RDSEED on AMD Cyan Skillfish
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Alexander Gordeev <agordeev(a)linux.ibm.com>
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts.py after maple tree conversion
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: de-reference per-CPU MCE interrupts
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts display after MCP on x86
Baolin Wang <baolin.wang(a)linux.alibaba.com>
mm: fix the inaccurate memory statistics issue for users
Wei Yang <richard.weiyang(a)gmail.com>
maple_tree: fix mt_destroy_walk() on root leaf node
Achill Gilgenast <fossdd(a)pwned.life>
kallsyms: fix build without execinfo
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/framebuffer: Acquire internal references on GEM handles
Kuen-Han Tsai <khtsai(a)google.com>
Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix error handling in ttm_buffer_object_transfer
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/gem: Acquire references on GEM handles for framebuffers
Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be>
wifi: prevent A-MSDU attacks in mesh networks
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Håkon Bugge <haakon.bugge(a)oracle.com>
md/md-bitmap: fix GPF in bitmap_get_stats()
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
Sean Christopherson <seanjc(a)google.com>
KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Add default names for MCA banks and blocks
Dan Carpenter <dan.carpenter(a)linaro.org>
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Christian Eggers <ceggers(a)arri.de>
Bluetooth: HCI: Set extended advertising data synchronously
Leo Yan <leo.yan(a)arm.com>
perf: build: Setup PKG_CONFIG_LIBDIR for cross compilation
Liam R. Howlett <Liam.Howlett(a)oracle.com>
maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
David Howells <dhowells(a)redhat.com>
rxrpc: Fix bug due to prealloc collision
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Force predictable MDI-X state on LAN87xx
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
EricChan <chenchuangyu(a)xiaomi.com>
net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Jiayuan Chen <jiayuan.chen(a)linux.dev>
tcp: Correct signedness in skb remaining space calculation
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: fix `vsock_proto` declaration
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Mario Limonciello <mario.limonciello(a)amd.com>
pinctrl: amd: Clear GPIO debounce for suspend
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix not disabling advertising instance
Richard Fitzgerald <rf(a)opensource.cirrus.com>
ASoC: cs35l56: probe() should fail if the device ID is not recognized
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Luo Gengkun <luogengkun(a)huaweicloud.com>
perf/core: Fix the WARN_ON_ONCE is out of lock protected region
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Linus Torvalds <torvalds(a)linux-foundation.org>
eventpoll: don't decrement ep refcount while still holding the ep mutex
-------------
Diffstat:
Documentation/bpf/map_hash.rst | 8 +-
Documentation/bpf/map_lru_hash_update.dot | 6 +-
Makefile | 4 +-
arch/um/drivers/vector_kern.c | 42 +--
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/kernel/cpu/amd.c | 7 +
arch/x86/kernel/cpu/mce/amd.c | 28 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kvm/svm/sev.c | 4 +
arch/x86/kvm/xen.c | 15 +-
crypto/ecc.c | 2 +-
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/nbd.c | 6 +-
drivers/block/ublk_drv.c | 3 +-
drivers/char/ipmi/ipmi_msghandler.c | 3 +-
drivers/gpu/drm/drm_framebuffer.c | 31 +-
drivers/gpu/drm/drm_gem.c | 74 ++++-
drivers/gpu/drm/drm_internal.h | 2 +
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/tegra/nvdec.c | 6 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-quirks.c | 3 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/md/md-bitmap.c | 3 +-
drivers/md/raid1.c | 1 +
drivers/md/raid10.c | 10 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/ibm/ibmvnic.h | 8 +-
drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 +
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 2 +-
drivers/net/phy/smsc.c | 57 +++-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pinctrl/pinctrl-amd.c | 11 +
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/pwm/pwm-mediatek.c | 13 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++-----------
drivers/usb/cdns3/cdnsp-ep0.c | 18 +-
drivers/usb/cdns3/cdnsp-gadget.c | 6 +-
drivers/usb/cdns3/cdnsp-gadget.h | 11 +-
drivers/usb/cdns3/cdnsp-ring.c | 27 +-
drivers/usb/dwc3/core.c | 9 +-
drivers/usb/dwc3/gadget.c | 22 +-
drivers/usb/gadget/function/u_serial.c | 12 +-
fs/btrfs/btrfs_inode.h | 2 +-
fs/btrfs/free-space-tree.c | 16 +-
fs/btrfs/inode.c | 18 +-
fs/btrfs/transaction.c | 2 +-
fs/btrfs/tree-log.c | 331 +++++++++++--------
fs/erofs/data.c | 2 +
fs/eventpoll.c | 12 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
fs/proc/task_mmu.c | 14 +-
fs/smb/client/cifsglob.h | 3 +
fs/smb/client/cifsproto.h | 13 +-
fs/smb/client/connect.c | 47 ++-
fs/smb/client/dfs.c | 73 ++---
fs/smb/client/dfs.h | 42 ++-
fs/smb/client/dfs_cache.c | 198 +++++++-----
fs/smb/client/fs_context.h | 1 +
fs/smb/client/misc.c | 9 +
fs/smb/client/namespace.c | 2 +-
fs/smb/server/smb2pdu.c | 29 +-
fs/smb/server/transport_rdma.c | 5 +-
fs/smb/server/vfs.c | 1 +
include/drm/drm_file.h | 3 +
include/drm/drm_framebuffer.h | 7 +
include/drm/spsc_queue.h | 4 +-
include/linux/math.h | 12 +
include/linux/mm.h | 5 +
include/net/af_vsock.h | 2 +-
include/net/netfilter/nf_flow_table.h | 2 +-
io_uring/opdef.c | 1 +
kernel/bpf/bpf_lru_list.c | 9 +-
kernel/bpf/bpf_lru_list.h | 1 +
kernel/events/core.c | 6 +-
kernel/rseq.c | 60 +++-
lib/maple_tree.c | 14 +-
mm/kasan/report.c | 13 +-
mm/vmalloc.c | 22 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 +++-
net/bluetooth/hci_event.c | 39 +--
net/bluetooth/hci_sync.c | 215 ++++++++-----
net/ipv4/tcp.c | 2 +-
net/ipv6/addrconf.c | 9 +-
net/netlink/af_netlink.c | 90 +++---
net/rxrpc/call_accept.c | 4 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 +++-
net/wireless/util.c | 52 ++-
scripts/gdb/linux/constants.py.in | 7 +
scripts/gdb/linux/interrupts.py | 16 +-
scripts/gdb/linux/mapletree.py | 252 +++++++++++++++
scripts/gdb/linux/xarray.py | 28 ++
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/yc/acp6x-mach.c | 7 +
sound/soc/codecs/cs35l56-shared.c | 2 +-
sound/soc/fsl/fsl_asrc.c | 3 +-
tools/arch/x86/include/asm/msr-index.h | 1 +
tools/build/feature/Makefile | 25 +-
tools/include/linux/kallsyms.h | 4 +
tools/perf/Makefile.perf | 27 +-
tools/testing/selftests/bpf/test_lru_map.c | 105 +++---
117 files changed, 1948 insertions(+), 1042 deletions(-)
From gregkh(a)linuxfoundation.org Tue Jul 15 18:35:42 2025
Message-ID: <20250715163542.121531643(a)linuxfoundation.org>
User-Agent: quilt/0.68
Date: Tue, 15 Jul 2025 18:35:43 +0200
From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
To: stable(a)vger.kernel.org
Cc: patches(a)lists.linux.dev, linux-kernel(a)vger.kernel.org, torvalds(a)linux-foundation.org, akpm(a)linux-foundation.org, linux(a)roeck-us.net, shuah(a)kernel.org, patches(a)kernelci.org, lkft-triage(a)lists.linaro.org, pavel(a)denx.de, jonathanh(a)nvidia.com, f.fainelli(a)gmail.com, sudipm.mukherjee(a)gmail.com, srw(a)sladewatkins.net, rwarsow(a)gmx.de, conor(a)kernel.org, hargar(a)microsoft.com, broonie(a)kernel.org,
Jann Horn <jannh(a)google.com>,
Alexander Viro <viro(a)zeniv.linux.org.uk>,
Christian Brauner <brauner(a)kernel.org>,
Jan Kara <jack(a)suse.cz>,
Linus Torvalds <torvalds(a)linux-foundation.org>
X-stable: review
X-Patchwork-Hint: ignore
Subject: [PATCH 6.6 001/111] eventpoll: dont decrement ep refcount while still holding the ep mutex
MIME-Version: 1.0
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Torvalds <torvalds(a)linux-foundation.org>
commit 8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2 upstream.
Jann Horn points out that epoll is decrementing the ep refcount and then
doing a
mutex_unlock(&ep->mtx);
afterwards. That's very wrong, because it can lead to a use-after-free.
That pattern is actually fine for the very last reference, because the
code in question will delay the actual call to "ep_free(ep)" until after
it has unlocked the mutex.
But it's wrong for the much subtler "next to last" case when somebody
*else* may also be dropping their reference and free the ep while we're
still using the mutex.
Note that this is true even if that other user is also using the same ep
mutex: mutexes, unlike spinlocks, can not be used for object ownership,
even if they guarantee mutual exclusion.
A mutex "unlock" operation is not atomic, and as one user is still
accessing the mutex as part of unlocking it, another user can come in
and get the now released mutex and free the data structure while the
first user is still cleaning up.
See our mutex documentation in Documentation/locking/mutex-design.rst,
in particular the section [1] about semantics:
"mutex_unlock() may access the mutex structure even after it has
internally released the lock already - so it's not safe for
another context to acquire the mutex and assume that the
mutex_unlock() context is not using the structure anymore"
So if we drop our ep ref before the mutex unlock, but we weren't the
last one, we may then unlock the mutex, another user comes in, drops
_their_ reference and releases the 'ep' as it now has no users - all
while the mutex_unlock() is still accessing it.
Fix this by simply moving the ep refcount dropping to outside the mutex:
the refcount itself is atomic, and doesn't need mutex protection (that's
the whole _point_ of refcounts: unlike mutexes, they are inherently
about object lifetimes).
Reported-by: Jann Horn <jannh(a)google.com>
Link: https://docs.kernel.org/locking/mutex-design.html#semantics [1]
Cc: Alexander Viro <viro(a)zeniv.linux.org.uk>
Cc: Christian Brauner <brauner(a)kernel.org>
Cc: Jan Kara <jack(a)suse.cz>
Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
fs/eventpoll.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -772,7 +772,7 @@ static bool __ep_remove(struct eventpoll
call_rcu(&epi->rcu, epi_rcu_free);
percpu_counter_dec(&ep->user->epoll_watches);
- return ep_refcount_dec_and_test(ep);
+ return true;
}
/*
@@ -780,14 +780,14 @@ static bool __ep_remove(struct eventpoll
*/
static void ep_remove_safe(struct eventpoll *ep, struct epitem *epi)
{
- WARN_ON_ONCE(__ep_remove(ep, epi, false));
+ if (__ep_remove(ep, epi, false))
+ WARN_ON_ONCE(ep_refcount_dec_and_test(ep));
}
static void ep_clear_and_put(struct eventpoll *ep)
{
struct rb_node *rbp, *next;
struct epitem *epi;
- bool dispose;
/* We need to release all tasks waiting for these file */
if (waitqueue_active(&ep->poll_wait))
@@ -820,10 +820,8 @@ static void ep_clear_and_put(struct even
cond_resched();
}
- dispose = ep_refcount_dec_and_test(ep);
mutex_unlock(&ep->mtx);
-
- if (dispose)
+ if (ep_refcount_dec_and_test(ep))
ep_free(ep);
}
@@ -1003,7 +1001,7 @@ again:
dispose = __ep_remove(ep, epi, true);
mutex_unlock(&ep->mtx);
- if (dispose)
+ if (dispose && ep_refcount_dec_and_test(ep))
ep_free(ep);
goto again;
}
5 hours, 31 minutes
- 9
- 8
[PATCH] kasan: use vmalloc_dump_obj() for vmalloc error reports
by Marco Elver
Since 6ee9b3d84775 ("kasan: remove kasan_find_vm_area() to prevent
possible deadlock"), more detailed info about the vmalloc mapping and
the origin was dropped due to potential deadlocks.
While fixing the deadlock is necessary, that patch was too quick in
killing an otherwise useful feature, and did no due-diligence in
understanding if an alternative option is available.
Restore printing more helpful vmalloc allocation info in KASAN reports
with the help of vmalloc_dump_obj(). Example report:
| BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x4c9/0x610
| Read of size 1 at addr ffffc900002fd7f3 by task kunit_try_catch/493
|
| CPU: [...]
| Call Trace:
| <TASK>
| dump_stack_lvl+0xa8/0xf0
| print_report+0x17e/0x810
| kasan_report+0x155/0x190
| vmalloc_oob+0x4c9/0x610
| [...]
|
| The buggy address belongs to a 1-page vmalloc region starting at 0xffffc900002fd000 allocated at vmalloc_oob+0x36/0x610
| The buggy address belongs to the physical page:
| page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x126364
| flags: 0x200000000000000(node=0|zone=2)
| raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
| raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
| page dumped because: kasan: bad access detected
|
| [..]
Fixes: 6ee9b3d84775 ("kasan: remove kasan_find_vm_area() to prevent possible deadlock")
Suggested-by: Uladzislau Rezki <urezki(a)gmail.com>
Cc: Alexander Potapenko <glider(a)google.com>
Cc: Andrey Konovalov <andreyknvl(a)gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
Cc: Yeoreum Yun <yeoreum.yun(a)arm.com>
Cc: Yunseong Kim <ysk(a)kzalloc.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Marco Elver <elver(a)google.com>
---
mm/kasan/report.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index b0877035491f..62c01b4527eb 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -399,7 +399,9 @@ static void print_address_description(void *addr, u8 tag,
}
if (is_vmalloc_addr(addr)) {
- pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr);
+ pr_err("The buggy address belongs to a");
+ if (!vmalloc_dump_obj(addr))
+ pr_cont(" vmalloc virtual mapping\n");
page = vmalloc_to_page(addr);
}
--
2.50.0.727.gbf7dc18ff4-goog
5 hours, 54 minutes
- 2
- 1
[PATCH] usb: atm: cxacru: Zero initialize bp in cxacru_heavy_init()
by Nathan Chancellor
After a recent change in clang to expose uninitialized warnings from
const variables [1], there is a warning in cxacru_heavy_init():
drivers/usb/atm/cxacru.c:1104:6: error: variable 'bp' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
1104 | if (instance->modem_type->boot_rom_patch) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/atm/cxacru.c:1113:39: note: uninitialized use occurs here
1113 | cxacru_upload_firmware(instance, fw, bp);
| ^~
drivers/usb/atm/cxacru.c:1104:2: note: remove the 'if' if its condition is always true
1104 | if (instance->modem_type->boot_rom_patch) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/atm/cxacru.c:1095:32: note: initialize the variable 'bp' to silence this warning
1095 | const struct firmware *fw, *bp;
| ^
| = NULL
This warning occurs in clang's frontend before inlining occurs, so it
cannot notice that bp is only used within cxacru_upload_firmware() under
the same condition that initializes it in cxacru_heavy_init(). Just
initialize bp to NULL to silence the warning without functionally
changing the code, which is what happens with modern compilers when they
support '-ftrivial-auto-var-init=zero' (CONFIG_INIT_STACK_ALL_ZERO=y).
Cc: stable(a)vger.kernel.org
Fixes: 1b0e61465234 ("[PATCH] USB ATM: driver for the Conexant AccessRunner chipset cxacru")
Closes: https://github.com/ClangBuiltLinux/linux/issues/2102
Link: https://github.com/llvm/llvm-project/commit/2464313eef01c5b1edf0eccf57a32cd… [1]
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
---
drivers/usb/atm/cxacru.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
index a12ab90b3db7..b7c3b224a759 100644
--- a/drivers/usb/atm/cxacru.c
+++ b/drivers/usb/atm/cxacru.c
@@ -1092,7 +1092,7 @@ static int cxacru_find_firmware(struct cxacru_data *instance,
static int cxacru_heavy_init(struct usbatm_data *usbatm_instance,
struct usb_interface *usb_intf)
{
- const struct firmware *fw, *bp;
+ const struct firmware *fw, *bp = NULL;
struct cxacru_data *instance = usbatm_instance->driver_data;
int ret = cxacru_find_firmware(instance, "fw", &fw);
---
base-commit: fdfa018c6962c86d2faa183187669569be4d513f
change-id: 20250715-usb-cxacru-fix-clang-21-uninit-warning-9430d96c6bc1
Best regards,
--
Nathan Chancellor <nathan(a)kernel.org>
6 hours, 47 minutes
- 2
- 7
[PATCH 6.1 00/89] 6.1.146-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.1.146 release.
There are 89 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 16:35:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.146-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.1.146-rc2
Michael Jeanson <mjeanson(a)efficios.com>
rseq: Fix segfault on registration when rseq_cs is non-zero
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potential use-after-free in oplock/lease break ack
Yeoreum Yun <yeoreum.yun(a)arm.com>
kasan: remove kasan_find_vm_area() to prevent possible deadlock
Jack Wang <jinpu.wang(a)ionos.com>
x86: Fix X86_FEATURE_VERW_CLEAR definition
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Dongli Zhang <dongli.zhang(a)oracle.com>
vhost-scsi: protect vq->log_used with vq->mutex
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix assertion when building free space tree
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Yasmin Fitzgerald <sunoflife1.git(a)gmail.com>
ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
Yuzuru10 <yuzuru_10(a)proton.me>
ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Mingming Cao <mmc(a)linux.ibm.com>
ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_read_folio()
Gao Xiang <xiang(a)kernel.org>
erofs: adapt folios for z_erofs_read_folio()
Gao Xiang <xiang(a)kernel.org>
erofs: avoid on-stack pagepool directly passed by arguments
Gao Xiang <xiang(a)kernel.org>
erofs: allocate extra bvec pages directly instead of retrying
Yue Hu <huyue2(a)coolpad.com>
erofs: clean up z_erofs_pcluster_readmore()
Yue Hu <huyue2(a)coolpad.com>
erofs: remove the member readahead from struct z_erofs_decompress_frontend
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Mikko Perttunen <mperttunen(a)nvidia.com>
drm/tegra: nvdec: Fix dma_alloc_coherent error check
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Zhang Rui <rui.zhang(a)intel.com>
platform/x86: think-lmi: Fix sysfs group cleanup
Kuen-Han Tsai <khtsai(a)google.com>
usb: dwc3: Abort suspend on soft disconnect failure
Pawel Laszczak <pawell(a)cadence.com>
usb: cdnsp: Fix issue with CV Bad Descriptor test
Lee Jones <lee(a)kernel.org>
usb: cdnsp: Replace snprintf() with the safer scnprintf() variant
Pawel Laszczak <pawell(a)cadence.com>
usb:cdnsp: remove TRB_FLUSH_ENDPOINT command
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - support Acer NGR 200 Controller
Raju Rangoju <Raju.Rangoju(a)amd.com>
usb: xhci: quirk for data loss in ISOC transfers
Basavaraj Natikar <Basavaraj.Natikar(a)amd.com>
xhci: Allow RPM on the USB controller (1022:43f7) by default
Filipe Manana <fdmanana(a)suse.com>
btrfs: propagate last_unlink_trans earlier when doing a rmdir
Shivank Garg <shivankg(a)amd.com>
fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Wei Yang <richard.weiyang(a)gmail.com>
maple_tree: fix mt_destroy_walk() on root leaf node
Achill Gilgenast <fossdd(a)pwned.life>
kallsyms: fix build without execinfo
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix error handling in ttm_buffer_object_transfer
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be>
wifi: prevent A-MSDU attacks in mesh networks
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Håkon Bugge <haakon.bugge(a)oracle.com>
md/md-bitmap: fix GPF in bitmap_get_stats()
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
Sean Christopherson <seanjc(a)google.com>
KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Dan Carpenter <dan.carpenter(a)linaro.org>
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
Alexey Dobriyan <adobriyan(a)gmail.com>
x86/boot: Compile boot code with -std=gnu11 too
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Liam R. Howlett <Liam.Howlett(a)oracle.com>
maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix not disabling advertising instance
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Rong Zhang <i(a)rong.moe>
platform/x86: ideapad-laptop: use usleep_range() for EC polling
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
-------------
Diffstat:
Makefile | 4 +-
arch/um/drivers/vector_kern.c | 42 +--
arch/x86/Kconfig | 2 +-
arch/x86/Makefile | 2 +-
arch/x86/include/asm/cpufeatures.h | 2 +-
arch/x86/kernel/cpu/mce/amd.c | 15 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kvm/svm/sev.c | 4 +
arch/x86/kvm/xen.c | 15 +-
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/nbd.c | 6 +-
drivers/char/ipmi/ipmi_msghandler.c | 3 +-
drivers/gpu/drm/drm_gem.c | 10 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/tegra/nvdec.c | 6 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-quirks.c | 3 +
drivers/input/joystick/xpad.c | 2 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/md/md-bitmap.c | 3 +-
drivers/md/raid1.c | 1 +
drivers/md/raid10.c | 10 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/ibm/ibmvnic.h | 8 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 2 +-
drivers/net/phy/smsc.c | 28 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/platform/x86/ideapad-laptop.c | 19 +-
drivers/powercap/intel_rapl_common.c | 22 +-
drivers/pwm/pwm-mediatek.c | 13 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/cdns3/cdnsp-debug.h | 358 +++++++++++++-------------
drivers/usb/cdns3/cdnsp-ep0.c | 18 +-
drivers/usb/cdns3/cdnsp-gadget.c | 6 +-
drivers/usb/cdns3/cdnsp-gadget.h | 11 +-
drivers/usb/cdns3/cdnsp-ring.c | 27 +-
drivers/usb/dwc3/core.c | 9 +-
drivers/usb/dwc3/gadget.c | 22 +-
drivers/usb/gadget/function/u_serial.c | 6 +-
drivers/usb/host/xhci-mem.c | 4 +
drivers/usb/host/xhci-pci.c | 30 ++-
drivers/usb/host/xhci.h | 1 +
drivers/vhost/scsi.c | 7 +-
fs/anon_inodes.c | 23 +-
fs/btrfs/free-space-tree.c | 16 +-
fs/btrfs/inode.c | 28 +-
fs/erofs/data.c | 2 +
fs/erofs/zdata.c | 124 ++++-----
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
fs/smb/server/smb2pdu.c | 29 +--
fs/smb/server/transport_rdma.c | 5 +-
fs/smb/server/vfs.c | 1 +
include/drm/drm_file.h | 3 +
include/drm/spsc_queue.h | 4 +-
include/linux/fs.h | 2 +
include/net/netfilter/nf_flow_table.h | 2 +-
include/trace/events/erofs.h | 16 +-
kernel/events/core.c | 2 +-
kernel/rseq.c | 60 ++++-
lib/maple_tree.c | 7 +-
mm/kasan/report.c | 13 +-
mm/secretmem.c | 11 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 +++--
net/bluetooth/hci_sync.c | 2 +-
net/ipv6/addrconf.c | 9 +-
net/netlink/af_netlink.c | 90 ++++---
net/rxrpc/call_accept.c | 3 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 +++-
net/wireless/util.c | 52 +++-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/yc/acp6x-mach.c | 7 +
sound/soc/fsl/fsl_asrc.c | 3 +-
tools/include/linux/kallsyms.h | 4 +
87 files changed, 924 insertions(+), 594 deletions(-)
7 hours, 17 minutes
- 9
- 8
[PATCH 5.15 00/78] 5.15.189-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.15.189 release.
There are 78 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 16:35:29 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.189-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.15.189-rc2
Michael Jeanson <mjeanson(a)efficios.com>
rseq: Fix segfault on registration when rseq_cs is non-zero
Jack Wang <jinpu.wang(a)ionos.com>
x86: Fix X86_FEATURE_VERW_CLEAR definition
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Dongli Zhang <dongli.zhang(a)oracle.com>
vhost-scsi: protect vq->log_used with vq->mutex
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Kurt Borja <kuurtb(a)gmail.com>
platform/x86: think-lmi: Fix sysfs group cleanup
Christian König <christian.koenig(a)amd.com>
dma-buf: fix timeout handling in dma_resv_wait_timeout v2
Christian König <christian.koenig(a)amd.com>
dma-buf: use new iterator in dma_resv_wait_timeout
Christian König <christian.koenig(a)amd.com>
dma-buf: add dma_resv_for_each_fence_unlocked v8
Kuen-Han Tsai <khtsai(a)google.com>
usb: dwc3: Abort suspend on soft disconnect failure
Pawel Laszczak <pawell(a)cadence.com>
usb: cdnsp: Fix issue with CV Bad Descriptor test
Lee Jones <lee(a)kernel.org>
usb: cdnsp: Replace snprintf() with the safer scnprintf() variant
Pawel Laszczak <pawell(a)cadence.com>
usb:cdnsp: remove TRB_FLUSH_ENDPOINT command
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - support Acer NGR 200 Controller
Hongyu Xie <xiehongyu1(a)kylinos.cn>
xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
Raju Rangoju <Raju.Rangoju(a)amd.com>
usb: xhci: quirk for data loss in ISOC transfers
Basavaraj Natikar <Basavaraj.Natikar(a)amd.com>
xhci: Allow RPM on the USB controller (1022:43f7) by default
Bui Quang Minh <minhquangbui99(a)gmail.com>
virtio-net: ensure the received length does not exceed allocated size
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix vport loopback for MPV device
Filipe Manana <fdmanana(a)suse.com>
btrfs: use btrfs_record_snapshot_destroy() during rmdir
Filipe Manana <fdmanana(a)suse.com>
btrfs: propagate last_unlink_trans earlier when doing a rmdir
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Juergen Gross <jgross(a)suse.com>
xen: replace xen_remap() with memremap()
Edward Adam Davis <eadavis(a)qq.com>
jfs: fix null ptr deref in dtInsertEntry
John Fastabend <john.fastabend(a)gmail.com>
bpf, sockmap: Fix skb refcnt race after locking changes
Maksim Kiselev <bigunclemax(a)gmail.com>
aoe: avoid potential deadlock at set_capacity
Lee, Chun-Yi <joeyli.kernel(a)gmail.com>
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
Andrii Nakryiko <andrii(a)kernel.org>
bpf: fix precision backtracking instruction iteration
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Jesse Brandeburg <jesse.brandeburg(a)intel.com>
ice: safer stats processing
Oleg Nesterov <oleg(a)redhat.com>
fs/proc: do_task_stat: use __for_each_thread()
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
-------------
Diffstat:
Makefile | 4 +-
arch/um/drivers/vector_kern.c | 42 +--
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/cpufeatures.h | 2 +-
arch/x86/include/asm/xen/page.h | 3 -
arch/x86/kernel/cpu/mce/amd.c | 15 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/aoe/aoeblk.c | 5 +-
drivers/block/nbd.c | 6 +-
drivers/dma-buf/dma-resv.c | 171 ++++++----
drivers/gpu/drm/drm_gem.c | 10 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-quirks.c | 3 +
drivers/infiniband/hw/mlx5/main.c | 33 ++
drivers/input/joystick/xpad.c | 2 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/md/raid1.c | 1 +
drivers/md/raid10.c | 10 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/intel/ice/ice_main.c | 29 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 2 +-
drivers/net/phy/smsc.c | 28 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/virtio_net.c | 44 ++-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/platform/x86/think-lmi.c | 35 +-
drivers/pwm/pwm-mediatek.c | 15 +-
.../intel/int340x_thermal/int3400_thermal.c | 9 +-
drivers/tty/hvc/hvc_xen.c | 2 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++-----------
drivers/usb/cdns3/cdnsp-ep0.c | 18 +-
drivers/usb/cdns3/cdnsp-gadget.c | 6 +-
drivers/usb/cdns3/cdnsp-gadget.h | 11 +-
drivers/usb/cdns3/cdnsp-ring.c | 27 +-
drivers/usb/dwc3/core.c | 9 +-
drivers/usb/dwc3/gadget.c | 22 +-
drivers/usb/gadget/function/u_serial.c | 6 +-
drivers/usb/host/xhci-mem.c | 4 +
drivers/usb/host/xhci-pci.c | 30 +-
drivers/usb/host/xhci-plat.c | 3 +-
drivers/usb/host/xhci.h | 1 +
drivers/vhost/scsi.c | 7 +-
drivers/xen/grant-table.c | 6 +-
drivers/xen/xenbus/xenbus_probe.c | 3 +-
fs/btrfs/inode.c | 36 +--
fs/jfs/jfs_dtree.c | 2 +
fs/ksmbd/transport_rdma.c | 5 +-
fs/ksmbd/vfs.c | 1 +
fs/proc/array.c | 6 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
include/drm/drm_file.h | 3 +
include/drm/spsc_queue.h | 4 +-
include/linux/dma-resv.h | 95 ++++++
include/net/netfilter/nf_flow_table.h | 2 +-
include/xen/arm/page.h | 3 -
kernel/bpf/verifier.c | 21 +-
kernel/events/core.c | 2 +-
kernel/rseq.c | 60 +++-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 +++-
net/core/skmsg.c | 12 +-
net/ipv6/addrconf.c | 9 +-
net/netlink/af_netlink.c | 90 +++---
net/rxrpc/call_accept.c | 3 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 +++-
sound/soc/fsl/fsl_asrc.c | 3 +-
80 files changed, 1030 insertions(+), 576 deletions(-)
7 hours, 27 minutes
- 5
- 4
[PATCH net v2 0/2] selftests: mptcp: connect: cover alt modes
by Matthieu Baerts (NGI0)
mptcp_connect.sh can be executed manually with "-m <MODE>" and "-C" to
make sure everything works as expected when using "mmap" and "sendfile"
modes instead of "poll", and with the MPTCP checksum support.
These modes should be validated, but they are not when the selftests are
executed via the kselftest helpers. It means that most CIs validating
these selftests, like NIPA for the net development trees and LKFT for
the stable ones, are not covering these modes.
To fix that, new test programs have been added, simply calling
mptcp_connect.sh with the right parameters.
The first patch can be backported up to v5.6, and the second one up to
v5.14.
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
Changes in v2:
- force using a different prefix in the subtests to avoid having the
same test names in all mptcp_connect*.sh selftests.
- Link to v1: https://lore.kernel.org/r/20250714-net-mptcp-sft-connect-alt-v1-0-bf1c5abbe…
---
Matthieu Baerts (NGI0) (2):
selftests: mptcp: connect: also cover alt modes
selftests: mptcp: connect: also cover checksum
tools/testing/selftests/net/mptcp/Makefile | 3 ++-
tools/testing/selftests/net/mptcp/mptcp_connect_checksum.sh | 5 +++++
tools/testing/selftests/net/mptcp/mptcp_connect_mmap.sh | 5 +++++
tools/testing/selftests/net/mptcp/mptcp_connect_sendfile.sh | 5 +++++
4 files changed, 17 insertions(+), 1 deletion(-)
---
base-commit: b640daa2822a39ff76e70200cb2b7b892b896dce
change-id: 20250714-net-mptcp-sft-connect-alt-c1aaf073ef4e
Best regards,
--
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
7 hours, 41 minutes
- 3
- 7
[PATCH 5.10 000/209] 5.10.240-rc3 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.10.240 release.
There are 209 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 16:35:35 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.240-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.10.240-rc3
Michael Jeanson <mjeanson(a)efficios.com>
rseq: Fix segfault on registration when rseq_cs is non-zero
Borislav Petkov <bp(a)kernel.org>
x86/process: Move the buffer clearing before MONITOR
Borislav Petkov <bp(a)kernel.org>
KVM: SVM: Advertise TSA CPUID bits to guests
Borislav Petkov <bp(a)kernel.org>
KVM: x86: add support for CPUID leaf 0x80000021
Borislav Petkov <bp(a)kernel.org>
x86/bugs: Add a Transient Scheduler Attacks mitigation
Borislav Petkov <bp(a)kernel.org>
x86/bugs: Rename MDS machinery to something more generic
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Dongli Zhang <dongli.zhang(a)oracle.com>
vhost-scsi: protect vq->log_used with vq->mutex
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Christian König <christian.koenig(a)amd.com>
dma-buf: fix timeout handling in dma_resv_wait_timeout v2
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - support Acer NGR 200 Controller
Vicki Pfau <vi(a)endrift.com>
Input: xpad - add VID for Turtle Beach controllers
Matt Reynolds <mattreynolds(a)chromium.org>
Input: xpad - add support for Amazon Game Controller
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Alexandre Belloni <alexandre.belloni(a)bootlin.com>
rtc: lib_test: add MODULE_LICENSE
Thomas Fourier <fourier.thomas(a)gmail.com>
ethernet: atl1: Add missing DMA mapping error checks and count errors
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Peter Zijlstra <peterz(a)infradead.org>
x86/its: FineIBT-paranoid vs ITS
Eric Biggers <ebiggers(a)google.com>
x86/its: Fix build errors when CONFIG_MODULES=n
Peter Zijlstra <peterz(a)infradead.org>
x86/its: Use dynamic thunks for indirect branches
Thomas Gleixner <tglx(a)linutronix.de>
x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Add "vmexit" option to skip mitigation on some CPUs
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Enable Indirect Target Selection mitigation
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Fix undefined reference to cpu_wants_rethunk_at()
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Add support for ITS-safe return thunk
Josh Poimboeuf <jpoimboe(a)kernel.org>
x86/alternatives: Remove faulty optimization
Borislav Petkov (AMD) <bp(a)alien8.de>
x86/alternative: Optimize returns patching
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Add support for ITS-safe indirect thunk
Peter Zijlstra <peterz(a)infradead.org>
x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions
Peter Zijlstra <peterz(a)infradead.org>
x86/alternatives: Introduce int3_emulate_jcc()
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Enumerate Indirect Target Selection (ITS) bug
Daniel Sneddon <daniel.sneddon(a)linux.intel.com>
x86/bhi: Define SPEC_CTRL_BHI_DIS_S
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
Documentation: x86/bugs/its: Add ITS documentation
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Oleg Nesterov <oleg(a)redhat.com>
fs/proc: do_task_stat: use __for_each_thread()
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Andra Paraschiv <andraprs(a)amazon.com>
af_vsock: Assign the vsock transport considering the vsock address flags
Andra Paraschiv <andraprs(a)amazon.com>
af_vsock: Set VMADDR_FLAG_TO_HOST flag on the receive path
Andra Paraschiv <andraprs(a)amazon.com>
vm_sockets: Add VMADDR_FLAG_TO_HOST vsock flag
Andra Paraschiv <andraprs(a)amazon.com>
vm_sockets: Add flags field in the vsock address data structure
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Nathan Chancellor <nathan(a)kernel.org>
staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Rollback non processed entities on error
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Send control events for partial succeeds
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Return the number of processed controls
Seiji Nishikawa <snishika(a)redhat.com>
ACPI: PAD: fix crash in exit_round_robin()
Andrei Kuchynski <akuchynski(a)chromium.org>
usb: typec: displayport: Fix potential deadlock
Oliver Neukum <oneukum(a)suse.com>
Logitech C-270 even more broken
Mathias Nyman <mathias.nyman(a)linux.intel.com>
xhci: dbc: Flush queued requests before stopping dbc
Łukasz Bartosik <ukaszb(a)chromium.org>
xhci: dbctty: disable ECHO flag by default
Fushuai Wang <wangfushuai(a)baidu.com>
dpaa2-eth: fix xdp_rxq_info leak
Ioana Ciornei <ioana.ciornei(a)nxp.com>
net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats
Radu Bulie <radu-andrei.bulie(a)nxp.com>
dpaa2-eth: Update SINGLE_STEP register access
Radu Bulie <radu-andrei.bulie(a)nxp.com>
dpaa2-eth: Update dpni_get_single_step_cfg command
Ioana Ciornei <ioana.ciornei(a)nxp.com>
dpaa2-eth: rename dpaa2_eth_xdp_release_buf into dpaa2_eth_recycle_buf
Filipe Manana <fdmanana(a)suse.com>
btrfs: use btrfs_record_snapshot_destroy() during rmdir
Filipe Manana <fdmanana(a)suse.com>
btrfs: propagate last_unlink_trans earlier when doing a rmdir
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4/flexfiles: Fix handling of NFS level errors in I/O
Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de>
flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix vport loopback for MPV device
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Disable interrupts before resetting the GPU
Sergey Senozhatsky <senozhatsky(a)chromium.org>
mtk-sd: reset host->mrq on prepare_data() error
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
mtk-sd: Prevent memory corruption from DMA map failure
Yue Hu <huyue2(a)yulong.com>
mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data()
Manivannan Sadhasivam <mani(a)kernel.org>
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
Uladzislau Rezki (Sony) <urezki(a)gmail.com>
rcu: Return early if callback is not specified
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPICA: Refuse to evaluate a method if arguments are missing
Johannes Berg <johannes.berg(a)intel.com>
wifi: ath6kl: remove WARN on bad firmware input
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: drop invalid source address OCB frames
Maurizio Lombardi <mlombard(a)redhat.com>
scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
Madhavan Srinivasan <maddy(a)linux.ibm.com>
powerpc: Fix struct termio related ioctl macros
Johannes Berg <johannes.berg(a)intel.com>
ata: pata_cs5536: fix build on 32-bit UML
Takashi Iwai <tiwai(a)suse.de>
ALSA: sb: Force to disable DMAs once when DMA mode is changed
Lion Ackermann <nnamrec(a)gmail.com>
net/sched: Always pass notifications when child class becomes empty
Thomas Fourier <fourier.thomas(a)gmail.com>
nui: Fix dma_mapping_error() check
Kohei Enju <enjuk(a)amazon.com>
rose: fix dangling neighbour pointers in rose_rt_device_down()
Gustavo A. R. Silva <gustavoars(a)kernel.org>
net: rose: Fix fall-through warnings for Clang
Alok Tiwari <alok.a.tiwari(a)oracle.com>
enic: fix incorrect MTU comparison in enic_change_mtu()
Raju Rangoju <Raju.Rangoju(a)amd.com>
amd-xgbe: align CL37 AN sequence as per databook
Dan Carpenter <dan.carpenter(a)linaro.org>
lib: test_objagg: Set error message in check_expect_hints_stats()
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/i915/gt: Fix timeline left held on VMA alloc error
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/i915/selftests: Change mock_request() to return error pointers
James Clark <james.clark(a)linaro.org>
spi: spi-fsl-dspi: Clear completion counter before initiating transfer
Marek Szyprowski <m.szyprowski(a)samsung.com>
drm/exynos: fimd: Guard display clock control with runtime PM calls
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix missing error handling when searching for inode refs during log replay
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix CC counters query for MPV
Bart Van Assche <bvanassche(a)acm.org>
scsi: ufs: core: Fix spelling of a sysfs attribute name
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
Benjamin Coddington <bcodding(a)redhat.com>
NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
Kuniyuki Iwashima <kuniyu(a)google.com>
nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
Mark Zhang <markzhang(a)nvidia.com>
RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
David Thompson <davthompson(a)nvidia.com>
platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
RD Babiera <rdbabiera(a)google.com>
usb: typec: altmodes/displayport: do not index invalid pin_assignments
Ulf Hansson <ulf.hansson(a)linaro.org>
Revert "mmc: sdhci: Disable SD card clock before changing parameters"
Victor Shih <victor.shih(a)genesyslogic.com.tw>
mmc: sdhci: Add a helper function for dump register in dynamic debug mode
HarshaVardhana S A <harshavardhana.sa(a)broadcom.com>
vsock/vmci: Clear the vmci transport packet properly when initializing it
Mateusz Jończyk <mat.jonczyk(a)o2.pl>
rtc: cmos: use spin_lock_irqsave in cmos_interrupt
Dev Jain <dev.jain(a)arm.com>
arm64: Restrict pagetable teardown to avoid false warning
Brett A C Sheffield (Librecast) <bacs(a)librecast.net>
Revert "ipv6: save dontfrag in cork"
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Dexuan Cui <decui(a)microsoft.com>
PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Check return value when getting default PHY config
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Fix connecting to next bridge
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
Jay Cornwall <jay.cornwall(a)amd.com>
drm/amdkfd: Fix race in GWS queue scheduling
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/udl: Unregister device before cleaning up on disconnect
Qiu-ji Chen <chenqiuji666(a)gmail.com>
drm/tegra: Fix a possible null pointer dereference
Thierry Reding <treding(a)nvidia.com>
drm/tegra: Assign plane type before registration
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix kobject reference count leak
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix memory leak on sysfs attribute creation failure
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix memory leak on kobject creation failure
Mark Harmstone <maharmstone(a)fb.com>
btrfs: update superblock's device bytes_used when dropping chunk
Heinz Mauelshagen <heinzm(a)redhat.com>
dm-raid: fix variable in journal device check
Frédéric Danis <frederic.danis(a)collabora.com>
Bluetooth: L2CAP: Fix L2CAP MTU negotiation
Yao Zi <ziyao(a)disroot.org>
dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
Simon Horman <horms(a)kernel.org>
net: enetc: Correct endianness handling in _enetc_rd_reg64
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: ubd: Add missing error check in start_io_thread()
Stefano Garzarella <sgarzare(a)redhat.com>
vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: mac80211: fix beacon interval calculation overflow
Yuan Chen <chenyuan(a)kylinos.cn>
libbpf: Fix null pointer dereference in btf_dump__free on allocation failure
Al Viro <viro(a)zeniv.linux.org.uk>
attach_recursive_mnt(): do not lock the covering tree when sliding something under it
Youngjun Lee <yjjuny.lee(a)samsung.com>
ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
Eric Dumazet <edumazet(a)google.com>
atm: clip: prevent NULL deref in clip_push()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: robotfuzz-osif: disable zero-length read messages
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: tiny-usb: disable zero-length read messages
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: reject invalid perturb period
Niklas Cassel <cassel(a)kernel.org>
PCI: cadence-ep: Correct PBA offset in .set_msix() callback
Long Li <longli(a)microsoft.com>
uio_hv_generic: Align ring size to system page
Saurabh Sengar <ssengar(a)linux.microsoft.com>
uio_hv_generic: Query the ringbuffer size for device
Saurabh Sengar <ssengar(a)linux.microsoft.com>
Drivers: hv: vmbus: Add utility function for querying ring size
Vitaly Kuznetsov <vkuznets(a)redhat.com>
Drivers: hv: Rename 'alloced' to 'allocated'
Haiyang Zhang <haiyangz(a)microsoft.com>
Drivers: hv: vmbus: Fix duplicate CPU assignments within a device
Alexandru Ardelean <alexandru.ardelean(a)analog.com>
uio: uio_hv_generic: use devm_kzalloc() for private data alloc
Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com>
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
Weihang Li <liweihang(a)huawei.com>
RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private
Chao Yu <chao(a)kernel.org>
f2fs: don't over-report free space or inodes in statvfs
Brett Werling <brett.werling(a)garmin.com>
can: tcan4x5x: fix power regulator retrieval during probe
Marek Szyprowski <m.szyprowski(a)samsung.com>
media: omap3isp: use sgtable-based scatterlist wrappers
Vasiliy Kovalev <kovalev(a)altlinux.org>
jfs: validate AG parameters in dbMount() to prevent crashes
Dave Kleikamp <dave.kleikamp(a)oracle.com>
fs/jfs: consolidate sanity checking in dbMount
Amit Sunil Dhamne <amitsd(a)google.com>
usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
Junlin Yang <yangjunlin(a)yulong.com>
usb: typec: tcpci_maxim: add terminating newlines to logging
Junlin Yang <yangjunlin(a)yulong.com>
usb: typec: tcpci_maxim: remove redundant assignment
Badhri Jagan Sridharan <badhri(a)google.com>
usb: typec: tcpci_maxim: Fix uninitialized return variable
Wupeng Ma <mawupeng1(a)huawei.com>
VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
George Kennedy <george.kennedy(a)oracle.com>
VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF
Dave Penkler <dpenkler(a)gmail.com>
usb: usbtmc: Fix read_stb function and get_stb ioctl
Dave Penkler <dpenkler(a)gmail.com>
USB: usbtmc: Add USBTMC_IOCTL_GET_STB
Dave Penkler <dpenkler(a)gmail.com>
USB: usbtmc: Fix reading stale status byte
Kees Cook <kees(a)kernel.org>
ovl: Check for NULL d_inode() in ovl_dentry_upper()
Dmitry Kandybka <d.kandybka(a)gmail.com>
ceph: fix possible integer overflow in ceph_zero_objects()
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
ALSA: hda: Add new pci id for AMD GPU display HD audio controller
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Ignore unsol events for cards being shut down
Jos Wang <joswang(a)lenovo.com>
usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode
Robert Hodaszi <robert.hodaszi(a)digi.com>
usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
usb: Add checks for snprintf() calls in usb_alloc_dev()
Chance Yang <chance.yang(a)kneron.us>
usb: common: usb-conn-gpio: use a unique name for usb connector device
Chen Yufeng <chenyufeng(a)iie.ac.cn>
usb: potential integer overflow in usbg_make_tpg()
Sami Tolvanen <samitolvanen(a)google.com>
um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: pressure: zpa2326: Use aligned_s64 for the timestamp
Linggang Zeng <linggang.zeng(a)easystack.cn>
bcache: fix NULL pointer in cache_set_flush()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: fix dm-raid max_write_behind setting
Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de>
dmaengine: xilinx_dma: Set dma_device directions
Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com>
hwmon: (pmbus/max34440) Fix support for max34451
Sven Schwermer <sven.schwermer(a)disruptive-technologies.com>
leds: multicolor: Fix intensity setting while SW blinking
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
mfd: max14577: Fix wakeup source leaks on device unbind
Peng Fan <peng.fan(a)nxp.com>
mailbox: Not protect module_put with spin_lock_irqsave
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix listxattr to return selinux security label
Pali Rohár <pali(a)kernel.org>
cifs: Fix cifs_query_path_info() for Windows NT servers
-------------
Diffstat:
Documentation/ABI/testing/sysfs-devices-system-cpu | 2 +
Documentation/ABI/testing/sysfs-driver-ufs | 2 +-
Documentation/admin-guide/hw-vuln/index.rst | 1 +
.../hw-vuln/indirect-target-selection.rst | 156 +++++++++++
.../hw-vuln/processor_mmio_stale_data.rst | 4 +-
Documentation/admin-guide/kernel-parameters.txt | 28 ++
Documentation/devicetree/bindings/serial/8250.yaml | 2 +-
Makefile | 4 +-
arch/arm64/mm/mmu.c | 3 +-
arch/powerpc/include/uapi/asm/ioctls.h | 8 +-
arch/s390/Makefile | 2 +-
arch/s390/purgatory/Makefile | 2 +-
arch/um/drivers/ubd_user.c | 2 +-
arch/um/drivers/vector_kern.c | 42 +--
arch/um/include/asm/asm-prototypes.h | 5 +
arch/x86/Kconfig | 22 +-
arch/x86/entry/entry.S | 8 +-
arch/x86/include/asm/alternative.h | 26 ++
arch/x86/include/asm/cpu.h | 13 +
arch/x86/include/asm/cpufeature.h | 5 +-
arch/x86/include/asm/cpufeatures.h | 14 +-
arch/x86/include/asm/disabled-features.h | 2 +-
arch/x86/include/asm/irqflags.h | 4 +-
arch/x86/include/asm/msr-index.h | 13 +-
arch/x86/include/asm/mwait.h | 19 +-
arch/x86/include/asm/nospec-branch.h | 50 ++--
arch/x86/include/asm/required-features.h | 2 +-
arch/x86/include/asm/text-patching.h | 31 +++
arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++-
arch/x86/kernel/cpu/amd.c | 58 ++++
arch/x86/kernel/cpu/bugs.c | 272 +++++++++++++++++-
arch/x86/kernel/cpu/common.c | 77 +++++-
arch/x86/kernel/cpu/mce/amd.c | 15 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kernel/cpu/scattered.c | 1 +
arch/x86/kernel/ftrace.c | 4 +-
arch/x86/kernel/kprobes/core.c | 39 +--
arch/x86/kernel/module.c | 14 +-
arch/x86/kernel/process.c | 15 +-
arch/x86/kernel/static_call.c | 2 +-
arch/x86/kernel/vmlinux.lds.S | 8 +
arch/x86/kvm/cpuid.c | 31 ++-
arch/x86/kvm/cpuid.h | 1 +
arch/x86/kvm/svm/vmenter.S | 3 +
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/x86.c | 4 +-
arch/x86/lib/retpoline.S | 39 +++
arch/x86/net/bpf_jit_comp.c | 8 +-
arch/x86/um/asm/checksum.h | 3 +
drivers/acpi/acpi_pad.c | 7 +-
drivers/acpi/acpica/dsmethod.c | 7 +
drivers/acpi/battery.c | 19 +-
drivers/ata/pata_cs5536.c | 2 +-
drivers/atm/idt77252.c | 5 +
drivers/base/cpu.c | 15 +
drivers/dma-buf/dma-resv.c | 2 +-
drivers/dma/xilinx/xilinx_dma.c | 2 +
drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +-
drivers/gpu/drm/bridge/cdns-dsi.c | 27 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 +
drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +-
drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-
drivers/gpu/drm/i915/selftests/mock_request.c | 2 +-
drivers/gpu/drm/tegra/dc.c | 17 +-
drivers/gpu/drm/tegra/hub.c | 4 +-
drivers/gpu/drm/tegra/hub.h | 3 +-
drivers/gpu/drm/udl/udl_drv.c | 2 +-
drivers/gpu/drm/v3d/v3d_drv.h | 7 +
drivers/gpu/drm/v3d/v3d_gem.c | 2 +
drivers/gpu/drm/v3d/v3d_irq.c | 38 ++-
drivers/hid/hid-ids.h | 5 +
drivers/hid/hid-quirks.c | 3 +
drivers/hid/wacom_sys.c | 6 +-
drivers/hv/channel_mgmt.c | 121 +++++---
drivers/hv/hyperv_vmbus.h | 19 +-
drivers/hv/vmbus_drv.c | 2 +-
drivers/hwmon/pmbus/max34440.c | 48 +++-
drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 +
drivers/i2c/busses/i2c-tiny-usb.c | 6 +
drivers/iio/pressure/zpa2326.c | 2 +-
drivers/infiniband/core/iwcm.c | 38 +--
drivers/infiniband/core/iwcm.h | 2 +-
drivers/infiniband/hw/mlx5/counters.c | 2 +-
drivers/infiniband/hw/mlx5/devx.c | 2 +-
drivers/infiniband/hw/mlx5/main.c | 33 +++
drivers/input/joystick/xpad.c | 5 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/leds/led-class-multicolor.c | 3 +-
drivers/mailbox/mailbox.c | 2 +-
drivers/md/bcache/super.c | 7 +-
drivers/md/dm-raid.c | 2 +-
drivers/md/md-bitmap.c | 2 +-
drivers/md/raid1.c | 1 +
drivers/media/platform/omap3isp/ispccdc.c | 8 +-
drivers/media/platform/omap3isp/ispstat.c | 6 +-
drivers/media/usb/uvc/uvc_ctrl.c | 61 ++--
drivers/mfd/max14577.c | 1 +
drivers/misc/vmw_vmci/vmci_host.c | 9 +-
drivers/mmc/host/mtk-sd.c | 39 ++-
drivers/mmc/host/sdhci.c | 9 +-
drivers/mmc/host/sdhci.h | 16 ++
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/can/m_can/tcan4x5x.c | 9 +-
drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 +
drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 +
drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +-
drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++--
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/cisco/enic/enic_main.c | 4 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 141 ++++++++--
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 20 +-
.../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +-
drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +-
drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 +
drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 +
drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +-
drivers/net/ethernet/sun/niu.c | 31 ++-
drivers/net/ethernet/sun/niu.h | 4 +
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 2 +-
drivers/net/phy/smsc.c | 28 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/ath/ath6kl/bmi.c | 4 +-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 +-
drivers/pci/controller/pci-hyperv.c | 17 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +-
drivers/pwm/pwm-mediatek.c | 15 +-
drivers/regulator/gpio-regulator.c | 4 +-
drivers/rtc/lib_test.c | 2 +
drivers/rtc/rtc-cmos.c | 10 +-
drivers/scsi/qla2xxx/qla_mbx.c | 2 +-
drivers/scsi/qla4xxx/ql4_os.c | 2 +
drivers/scsi/ufs/ufs-sysfs.c | 4 +-
drivers/spi/spi-fsl-dspi.c | 11 +-
drivers/staging/rtl8723bs/core/rtw_security.c | 46 +--
drivers/target/target_core_pr.c | 4 +-
drivers/tty/vt/vt.c | 1 +
drivers/uio/uio_hv_generic.c | 18 +-
drivers/usb/class/cdc-wdm.c | 23 +-
drivers/usb/class/usbtmc.c | 53 ++--
drivers/usb/common/usb-conn-gpio.c | 25 +-
drivers/usb/core/quirks.c | 3 +-
drivers/usb/core/usb.c | 14 +-
drivers/usb/gadget/function/f_tcm.c | 4 +-
drivers/usb/gadget/function/u_serial.c | 6 +-
drivers/usb/host/xhci-dbgcap.c | 4 +
drivers/usb/host/xhci-dbgtty.c | 1 +
drivers/usb/typec/altmodes/displayport.c | 5 +-
drivers/usb/typec/tcpm/tcpci_maxim.c | 20 +-
drivers/vhost/scsi.c | 7 +-
fs/btrfs/inode.c | 36 +--
fs/btrfs/tree-log.c | 4 +-
fs/btrfs/volumes.c | 6 +
fs/ceph/file.c | 2 +-
fs/cifs/misc.c | 8 +
fs/f2fs/super.c | 30 +-
fs/jfs/jfs_dmap.c | 41 +--
fs/namespace.c | 8 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++---
fs/nfs/inode.c | 17 +-
fs/nfs/nfs4proc.c | 12 +-
fs/nfs/pnfs.c | 4 +-
fs/overlayfs/util.c | 4 +-
fs/proc/array.c | 6 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
include/drm/spsc_queue.h | 4 +-
include/linux/cpu.h | 3 +
include/linux/hyperv.h | 2 +
include/linux/ipv6.h | 1 -
include/linux/module.h | 5 +
include/linux/usb/typec_dp.h | 1 +
include/uapi/linux/usb/tmc.h | 2 +
include/uapi/linux/vm_sockets.h | 30 +-
kernel/events/core.c | 2 +-
kernel/rcu/tree.c | 4 +
kernel/rseq.c | 60 +++-
lib/test_objagg.c | 4 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 75 +++--
net/atm/resources.c | 3 +-
net/bluetooth/l2cap_core.c | 9 +-
net/ipv6/ip6_output.c | 9 +-
net/mac80211/rx.c | 4 +
net/mac80211/util.c | 2 +-
net/netlink/af_netlink.c | 90 +++---
net/rose/rose_route.c | 15 +-
net/rxrpc/call_accept.c | 3 +
net/sched/sch_api.c | 42 +--
net/sched/sch_sfq.c | 10 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 78 +++++-
net/vmw_vsock/vmci_transport.c | 4 +-
sound/isa/sb/sb16_main.c | 4 +
sound/pci/hda/hda_bind.c | 2 +-
sound/pci/hda/hda_intel.c | 3 +
sound/soc/fsl/fsl_asrc.c | 3 +-
sound/usb/stream.c | 2 +
tools/lib/bpf/btf_dump.c | 3 +
204 files changed, 2750 insertions(+), 821 deletions(-)
7 hours, 44 minutes
- 6
- 5
[PATCH] vhost/net: Replace wait_queue with completion in ubufs reference
by Nikolay Kuratov
When operating on struct vhost_net_ubuf_ref, the following execution
sequence is theoretically possible:
CPU0 is finalizing DMA operation CPU1 is doing VHOST_NET_SET_BACKEND
// &ubufs->refcount == 2
vhost_net_ubuf_put() vhost_net_ubuf_put_wait_and_free(oldubufs)
vhost_net_ubuf_put_and_wait()
vhost_net_ubuf_put()
int r = atomic_sub_return(1, &ubufs->refcount);
// r = 1
int r = atomic_sub_return(1, &ubufs->refcount);
// r = 0
wait_event(ubufs->wait, !atomic_read(&ubufs->refcount));
// no wait occurs here because condition is already true
kfree(ubufs);
if (unlikely(!r))
wake_up(&ubufs->wait); // use-after-free
This leads to use-after-free on ubufs access. This happens because CPU1
skips waiting for wake_up() when refcount is already zero.
To prevent that use a completion instead of wait_queue as the ubufs
notification mechanism. wait_for_completion() guarantees that there will
be complete() call prior to its return.
We also need to reinit completion because refcnt == 0 does not mean
freeing in case of vhost_net_flush() - it then sets refcnt back to 1.
AFAIK concurrent calls to vhost_net_ubuf_put_and_wait() with the same
ubufs object aren't possible since those calls (through vhost_net_flush()
or vhost_net_set_backend()) are protected by the device mutex.
So reinit_completion() right after wait_for_completion() should be fine.
Cc: stable(a)vger.kernel.org
Fixes: 0ad8b480d6ee9 ("vhost: fix ref cnt checking deadlock")
Reported-by: Andrey Ryabinin <arbn(a)yandex-team.com>
Suggested-by: Andrey Smetanin <asmetanin(a)yandex-team.ru>
Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru>
---
drivers/vhost/net.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
index 7cbfc7d718b3..454d179fffeb 100644
--- a/drivers/vhost/net.c
+++ b/drivers/vhost/net.c
@@ -94,7 +94,7 @@ struct vhost_net_ubuf_ref {
* >1: outstanding ubufs
*/
atomic_t refcount;
- wait_queue_head_t wait;
+ struct completion wait;
struct vhost_virtqueue *vq;
};
@@ -240,7 +240,7 @@ vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy)
if (!ubufs)
return ERR_PTR(-ENOMEM);
atomic_set(&ubufs->refcount, 1);
- init_waitqueue_head(&ubufs->wait);
+ init_completion(&ubufs->wait);
ubufs->vq = vq;
return ubufs;
}
@@ -249,14 +249,15 @@ static int vhost_net_ubuf_put(struct vhost_net_ubuf_ref *ubufs)
{
int r = atomic_sub_return(1, &ubufs->refcount);
if (unlikely(!r))
- wake_up(&ubufs->wait);
+ complete_all(&ubufs->wait);
return r;
}
static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs)
{
vhost_net_ubuf_put(ubufs);
- wait_event(ubufs->wait, !atomic_read(&ubufs->refcount));
+ wait_for_completion(&ubufs->wait);
+ reinit_completion(&ubufs->wait);
}
static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs)
--
2.34.1
7 hours, 53 minutes
- 1
- 0
[PATCH 5.4 000/144] 5.4.296-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.4.296 release.
There are 144 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 18 Jul 2025 14:12:35 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.296-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.4.296-rc2
Georg Kohmann <geokohma(a)cisco.com>
net: ipv6: Discard next-hop MTU less than minimum link MTU
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Christian König <christian.koenig(a)amd.com>
dma-buf: fix timeout handling in dma_resv_wait_timeout v2
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - support Acer NGR 200 Controller
Vicki Pfau <vi(a)endrift.com>
Input: xpad - add VID for Turtle Beach controllers
Matt Reynolds <mattreynolds(a)chromium.org>
Input: xpad - add support for Amazon Game Controller
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4/flexfiles: Fix handling of NFS level errors in I/O
Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de>
flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix vport loopback for MPV device
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Eric W. Biederman <ebiederm(a)xmission.com>
proc: Clear the pieces of proc_inode that proc_evict_inode cares about
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Nathan Chancellor <nathan(a)kernel.org>
staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Rollback non processed entities on error
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Send control events for partial succeeds
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Return the number of processed controls
Seiji Nishikawa <snishika(a)redhat.com>
ACPI: PAD: fix crash in exit_round_robin()
Andrei Kuchynski <akuchynski(a)chromium.org>
usb: typec: displayport: Fix potential deadlock
Oliver Neukum <oneukum(a)suse.com>
Logitech C-270 even more broken
Kohei Enju <enjuk(a)amazon.com>
rose: fix dangling neighbour pointers in rose_rt_device_down()
Gustavo A. R. Silva <gustavoars(a)kernel.org>
net: rose: Fix fall-through warnings for Clang
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/i915/gt: Fix timeline left held on VMA alloc error
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/i915/selftests: Change mock_request() to return error pointers
James Clark <james.clark(a)linaro.org>
spi: spi-fsl-dspi: Clear completion counter before initiating transfer
Vladimir Oltean <vladimir.oltean(a)nxp.com>
spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path
Vladimir Oltean <vladimir.oltean(a)nxp.com>
spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write
Fushuai Wang <wangfushuai(a)baidu.com>
dpaa2-eth: fix xdp_rxq_info leak
Thomas Fourier <fourier.thomas(a)gmail.com>
ethernet: atl1: Add missing DMA mapping error checks and count errors
Filipe Manana <fdmanana(a)suse.com>
btrfs: use btrfs_record_snapshot_destroy() during rmdir
Filipe Manana <fdmanana(a)suse.com>
btrfs: propagate last_unlink_trans earlier when doing a rmdir
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix CC counters query for MPV
Leon Romanovsky <leon(a)kernel.org>
RDMA/core: Create and destroy counters in the ib_core
Bart Van Assche <bvanassche(a)acm.org>
scsi: ufs: core: Fix spelling of a sysfs attribute name
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Disable interrupts before resetting the GPU
Sergey Senozhatsky <senozhatsky(a)chromium.org>
mtk-sd: reset host->mrq on prepare_data() error
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
mtk-sd: Prevent memory corruption from DMA map failure
Yue Hu <huyue2(a)yulong.com>
mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data()
Manivannan Sadhasivam <mani(a)kernel.org>
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
Jerome Neanne <jneanne(a)baylibre.com>
regulator: gpio: Add input_supply support in gpio_regulator_config
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPICA: Refuse to evaluate a method if arguments are missing
Johannes Berg <johannes.berg(a)intel.com>
wifi: ath6kl: remove WARN on bad firmware input
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: drop invalid source address OCB frames
Madhavan Srinivasan <maddy(a)linux.ibm.com>
powerpc: Fix struct termio related ioctl macros
Johannes Berg <johannes.berg(a)intel.com>
ata: pata_cs5536: fix build on 32-bit UML
Takashi Iwai <tiwai(a)suse.de>
ALSA: sb: Force to disable DMAs once when DMA mode is changed
Lion Ackermann <nnamrec(a)gmail.com>
net/sched: Always pass notifications when child class becomes empty
Thomas Fourier <fourier.thomas(a)gmail.com>
nui: Fix dma_mapping_error() check
Alok Tiwari <alok.a.tiwari(a)oracle.com>
enic: fix incorrect MTU comparison in enic_change_mtu()
Raju Rangoju <Raju.Rangoju(a)amd.com>
amd-xgbe: align CL37 AN sequence as per databook
Dan Carpenter <dan.carpenter(a)linaro.org>
lib: test_objagg: Set error message in check_expect_hints_stats()
Marek Szyprowski <m.szyprowski(a)samsung.com>
drm/exynos: fimd: Guard display clock control with runtime PM calls
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix missing error handling when searching for inode refs during log replay
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
Kuniyuki Iwashima <kuniyu(a)google.com>
nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
Mark Zhang <markzhang(a)nvidia.com>
RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
David Thompson <davthompson(a)nvidia.com>
platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
RD Babiera <rdbabiera(a)google.com>
usb: typec: altmodes/displayport: do not index invalid pin_assignments
Ulf Hansson <ulf.hansson(a)linaro.org>
Revert "mmc: sdhci: Disable SD card clock before changing parameters"
Victor Shih <victor.shih(a)genesyslogic.com.tw>
mmc: sdhci: Add a helper function for dump register in dynamic debug mode
HarshaVardhana S A <harshavardhana.sa(a)broadcom.com>
vsock/vmci: Clear the vmci transport packet properly when initializing it
Omar Sandoval <osandov(a)fb.com>
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
Dev Jain <dev.jain(a)arm.com>
arm64: Restrict pagetable teardown to avoid false warning
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Check return value when getting default PHY config
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Fix connecting to next bridge
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
Thierry Reding <treding(a)nvidia.com>
drm/tegra: Assign plane type before registration
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix kobject reference count leak
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix memory leak on sysfs attribute creation failure
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix memory leak on kobject creation failure
Heinz Mauelshagen <heinzm(a)redhat.com>
dm-raid: fix variable in journal device check
Frédéric Danis <frederic.danis(a)collabora.com>
Bluetooth: L2CAP: Fix L2CAP MTU negotiation
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
Simon Horman <horms(a)kernel.org>
net: enetc: Correct endianness handling in _enetc_rd_reg64
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: ubd: Add missing error check in start_io_thread()
Stefano Garzarella <sgarzare(a)redhat.com>
vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: mac80211: fix beacon interval calculation overflow
Al Viro <viro(a)zeniv.linux.org.uk>
attach_recursive_mnt(): do not lock the covering tree when sliding something under it
Youngjun Lee <yjjuny.lee(a)samsung.com>
ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: robotfuzz-osif: disable zero-length read messages
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: tiny-usb: disable zero-length read messages
Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com>
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
Weihang Li <liweihang(a)huawei.com>
RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private
Denis Arefev <arefev(a)swemel.ru>
media: vivid: Change the siize of the composing
Marek Szyprowski <m.szyprowski(a)samsung.com>
media: omap3isp: use sgtable-based scatterlist wrappers
Edward Adam Davis <eadavis(a)qq.com>
media: cxusb: no longer judge rbuf when the write fails
Sean Young <sean(a)mess.org>
media: cxusb: use dev_dbg() rather than hand-rolled debug
Vasiliy Kovalev <kovalev(a)altlinux.org>
jfs: validate AG parameters in dbMount() to prevent crashes
Dave Kleikamp <dave.kleikamp(a)oracle.com>
fs/jfs: consolidate sanity checking in dbMount
Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>
ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
Rob Herring <robh(a)kernel.org>
of: Add of_property_present() helper
Michael Walle <michael(a)walle.cc>
of: property: define of_property_read_u{8,16,32,64}_array() unconditionally
Arnd Bergmann <arnd(a)arndb.de>
kbuild: hdrcheck: fix cross build with clang
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: add --target to correctly cross-compile UAPI headers with Clang
Masahiro Yamada <masahiroy(a)kernel.org>
bpfilter: match bit size of bpfilter_umh to that of the kernel
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: use -MMD instead of -MD to exclude system headers from dependency
Wupeng Ma <mawupeng1(a)huawei.com>
VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
George Kennedy <george.kennedy(a)oracle.com>
VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF
Kees Cook <kees(a)kernel.org>
ovl: Check for NULL d_inode() in ovl_dentry_upper()
Dmitry Kandybka <d.kandybka(a)gmail.com>
ceph: fix possible integer overflow in ceph_zero_objects()
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Ignore unsol events for cards being shut down
Jos Wang <joswang(a)lenovo.com>
usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode
Robert Hodaszi <robert.hodaszi(a)digi.com>
usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
usb: Add checks for snprintf() calls in usb_alloc_dev()
Jakub Lewalski <jakub.lewalski(a)nokia.com>
tty: serial: uartlite: register uart driver in init
Chen Yufeng <chenyufeng(a)iie.ac.cn>
usb: potential integer overflow in usbg_make_tpg()
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: pressure: zpa2326: Use aligned_s64 for the timestamp
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: fix dm-raid max_write_behind setting
Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de>
dmaengine: xilinx_dma: Set dma_device directions
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
mfd: max14577: Fix wakeup source leaks on device unbind
Peng Fan <peng.fan(a)nxp.com>
mailbox: Not protect module_put with spin_lock_irqsave
Pali Rohár <pali(a)kernel.org>
cifs: Fix cifs_query_path_info() for Windows NT servers
-------------
Diffstat:
Documentation/ABI/testing/sysfs-driver-ufs | 2 +-
Makefile | 4 +-
arch/arm64/mm/mmu.c | 3 +-
arch/powerpc/include/uapi/asm/ioctls.h | 8 +-
arch/s390/Makefile | 2 +-
arch/s390/purgatory/Makefile | 2 +-
arch/um/drivers/ubd_user.c | 2 +-
arch/x86/Kconfig | 2 +-
arch/x86/kernel/cpu/mce/amd.c | 15 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
drivers/acpi/acpi_pad.c | 7 +-
drivers/acpi/acpica/dsmethod.c | 7 +
drivers/acpi/battery.c | 19 +-
drivers/ata/pata_cs5536.c | 2 +-
drivers/atm/idt77252.c | 5 +
drivers/dma-buf/dma-resv.c | 5 +-
drivers/dma/xilinx/xilinx_dma.c | 2 +
drivers/gpu/drm/bridge/cdns-dsi.c | 11 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 +
drivers/gpu/drm/i915/gt/intel_ringbuffer.c | 3 +-
drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-
drivers/gpu/drm/i915/selftests/mock_request.c | 2 +-
drivers/gpu/drm/tegra/dc.c | 12 +-
drivers/gpu/drm/tegra/hub.c | 4 +-
drivers/gpu/drm/tegra/hub.h | 3 +-
drivers/gpu/drm/v3d/v3d_drv.h | 9 +
drivers/gpu/drm/v3d/v3d_gem.c | 2 +
drivers/gpu/drm/v3d/v3d_irq.c | 36 ++-
drivers/hid/hid-ids.h | 5 +
drivers/hid/hid-quirks.c | 3 +
drivers/hid/wacom_sys.c | 6 +-
drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 +
drivers/i2c/busses/i2c-tiny-usb.c | 6 +
drivers/iio/pressure/zpa2326.c | 2 +-
drivers/infiniband/core/device.c | 1 +
drivers/infiniband/core/iwcm.c | 38 +--
drivers/infiniband/core/iwcm.h | 2 +-
.../infiniband/core/uverbs_std_types_counters.c | 17 +-
drivers/infiniband/hw/mlx5/devx.c | 2 +-
drivers/infiniband/hw/mlx5/main.c | 55 ++--
drivers/input/joystick/xpad.c | 5 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/mailbox/mailbox.c | 2 +-
drivers/md/dm-raid.c | 2 +-
drivers/md/md-bitmap.c | 2 +-
drivers/md/raid1.c | 1 +
drivers/media/platform/omap3isp/ispccdc.c | 8 +-
drivers/media/platform/omap3isp/ispstat.c | 6 +-
drivers/media/platform/vivid/vivid-vid-cap.c | 2 +-
drivers/media/usb/dvb-usb/cxusb.c | 36 ++-
drivers/media/usb/uvc/uvc_ctrl.c | 61 +++--
drivers/mfd/max14577.c | 1 +
drivers/misc/vmw_vmci/vmci_host.c | 9 +-
drivers/mmc/host/mtk-sd.c | 39 ++-
drivers/mmc/host/sdhci.c | 9 +-
drivers/mmc/host/sdhci.h | 16 ++
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 +
drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 +
drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +-
drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++--
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/cisco/enic/enic_main.c | 4 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +-
drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +-
drivers/net/ethernet/sun/niu.c | 31 ++-
drivers/net/ethernet/sun/niu.h | 4 +
drivers/net/phy/microchip.c | 2 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/ath/ath6kl/bmi.c | 4 +-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +-
drivers/pwm/pwm-mediatek.c | 15 +-
drivers/regulator/gpio-regulator.c | 19 +-
drivers/scsi/qla4xxx/ql4_os.c | 2 +
drivers/scsi/ufs/ufs-sysfs.c | 4 +-
drivers/spi/spi-fsl-dspi.c | 55 ++--
drivers/staging/rtl8723bs/core/rtw_security.c | 46 +---
drivers/tty/serial/uartlite.c | 15 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/class/cdc-wdm.c | 23 +-
drivers/usb/core/quirks.c | 3 +-
drivers/usb/core/usb.c | 14 +-
drivers/usb/gadget/function/f_tcm.c | 4 +-
drivers/usb/gadget/function/u_serial.c | 6 +-
drivers/usb/typec/altmodes/displayport.c | 5 +-
fs/btrfs/inode.c | 36 +--
fs/btrfs/ioctl.c | 3 +
fs/btrfs/tree-log.c | 4 +-
fs/ceph/file.c | 2 +-
fs/cifs/misc.c | 8 +
fs/jfs/jfs_dmap.c | 41 +--
fs/namespace.c | 8 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 144 +++++++---
fs/nfs/inode.c | 17 +-
fs/overlayfs/util.c | 4 +-
fs/proc/inode.c | 16 +-
fs/proc/proc_sysctl.c | 18 +-
include/drm/spsc_queue.h | 4 +-
include/linux/of.h | 291 ++++++++++-----------
include/linux/regulator/gpio-regulator.h | 2 +
include/linux/usb/typec_dp.h | 1 +
include/rdma/ib_verbs.h | 7 +-
include/uapi/linux/vm_sockets.h | 4 +
init/Kconfig | 4 +-
lib/test_objagg.c | 4 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 +++--
net/atm/resources.c | 3 +-
net/bluetooth/l2cap_core.c | 9 +-
net/bpfilter/Makefile | 5 +-
net/ipv6/route.c | 3 +-
net/mac80211/rx.c | 4 +
net/mac80211/util.c | 2 +-
net/netlink/af_netlink.c | 90 ++++---
net/rose/rose_route.c | 15 +-
net/rxrpc/call_accept.c | 3 +
net/sched/sch_api.c | 42 +--
net/tipc/topsrv.c | 2 +
net/vmw_vsock/vmci_transport.c | 4 +-
scripts/Kbuild.include | 2 +-
scripts/Makefile.host | 4 +-
scripts/Makefile.lib | 8 +-
sound/isa/sb/sb16_main.c | 4 +
sound/pci/hda/hda_bind.c | 2 +-
sound/soc/meson/meson-card-utils.c | 2 +-
sound/usb/stream.c | 2 +
usr/include/Makefile | 6 +-
132 files changed, 1183 insertions(+), 685 deletions(-)
7 hours, 54 minutes
- 3
- 3
Re: [PATCH bpf-next v5 2/2] selftests/bpf: Add tests with stack ptr register in conditional jmp
by Shung-Hsi Yu
Hi Andrii and Yonghong,
On Fri, May 23, 2025 at 09:13:40PM -0700, Yonghong Song wrote:
> Add two tests:
> - one test has 'rX <op> r10' where rX is not r10, and
> - another test has 'rX <op> rY' where rX and rY are not r10
> but there is an early insn 'rX = r10'.
>
> Without previous verifier change, both tests will fail.
>
> Signed-off-by: Yonghong Song <yonghong.song(a)linux.dev>
> ---
> .../selftests/bpf/progs/verifier_precision.c | 53 +++++++++++++++++++
> 1 file changed, 53 insertions(+)
I was looking this commit (5ffb537e416e) since it was a BPF selftest
test for CVE-2025-38279, but upon looking I found that the commit
differs from the patch, there is an extra hunk that changed
kernel/bpf/verifier.c that wasn't found the Yonghong's original patch.
I suppose it was meant to be squashed into the previous commit
e2d2115e56c4 "bpf: Do not include stack ptr register in precision
backtracking bookkeeping"?
Since stable backports got only e2d2115e56c4, but not the 5ffb537e416e
here with the extra change for kernel/bpf/verifier.c, I'd guess the
backtracking logic in the stable kernel isn't correct at the moment,
so I'll send 5ffb537e416e "selftests/bpf: Add tests with stack ptr
register in conditional jmp" to stable as well. Let me know if that's
not the right thing to do.
Shung-Hsi
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 98c52829936e..a7d6e0c5928b 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -16456,6 +16456,8 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
if (src_reg->type == PTR_TO_STACK)
insn_flags |= INSN_F_SRC_REG_STACK;
+ if (dst_reg->type == PTR_TO_STACK)
+ insn_flags |= INSN_F_DST_REG_STACK;
} else {
if (insn->src_reg != BPF_REG_0) {
verbose(env, "BPF_JMP/JMP32 uses reserved fields\n");
@@ -16465,10 +16467,11 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
memset(src_reg, 0, sizeof(*src_reg));
src_reg->type = SCALAR_VALUE;
__mark_reg_known(src_reg, insn->imm);
+
+ if (dst_reg->type == PTR_TO_STACK)
+ insn_flags |= INSN_F_DST_REG_STACK;
}
- if (dst_reg->type == PTR_TO_STACK)
- insn_flags |= INSN_F_DST_REG_STACK;
if (insn_flags) {
err = push_insn_history(env, this_branch, insn_flags, 0);
if (err)
> diff --git a/tools/testing/selftests/bpf/progs/verifier_precision.c b/tools/testing/selftests/bpf/progs/verifier_precision.c
...
8 hours, 11 minutes
- 2
- 1
[PATCH v4 1/1] mm/rmap: fix potential out-of-bounds page table access during batched unmap
by Lance Yang
From: Lance Yang <lance.yang(a)linux.dev>
As pointed out by David[1], the batched unmap logic in try_to_unmap_one()
may read past the end of a PTE table when a large folio's PTE mappings
are not fully contained within a single page table.
While this scenario might be rare, an issue triggerable from userspace must
be fixed regardless of its likelihood. This patch fixes the out-of-bounds
access by refactoring the logic into a new helper, folio_unmap_pte_batch().
The new helper correctly calculates the safe batch size by capping the scan
at both the VMA and PMD boundaries. To simplify the code, it also supports
partial batching (i.e., any number of pages from 1 up to the calculated
safe maximum), as there is no strong reason to special-case for fully
mapped folios.
[1] https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha…
Cc: <stable(a)vger.kernel.org>
Reported-by: David Hildenbrand <david(a)redhat.com>
Closes: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha…
Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation")
Suggested-by: Barry Song <baohua(a)kernel.org>
Acked-by: Barry Song <baohua(a)kernel.org>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Signed-off-by: Lance Yang <lance.yang(a)linux.dev>
---
v3 -> v4:
- Add Reported-by + Closes tags (per David)
- Pick RB from Lorenzo - thanks!
- Pick AB from David - thanks!
- https://lore.kernel.org/linux-mm/20250630011305.23754-1-lance.yang@linux.dev
v2 -> v3:
- Tweak changelog (per Barry and David)
- Pick AB from Barry - thanks!
- https://lore.kernel.org/linux-mm/20250627062319.84936-1-lance.yang@linux.dev
v1 -> v2:
- Update subject and changelog (per Barry)
- https://lore.kernel.org/linux-mm/20250627025214.30887-1-lance.yang@linux.dev
mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------
1 file changed, 28 insertions(+), 18 deletions(-)
diff --git a/mm/rmap.c b/mm/rmap.c
index fb63d9256f09..1320b88fab74 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio *folio, struct page *page,
#endif
}
-/* We support batch unmapping of PTEs for lazyfree large folios */
-static inline bool can_batch_unmap_folio_ptes(unsigned long addr,
- struct folio *folio, pte_t *ptep)
+static inline unsigned int folio_unmap_pte_batch(struct folio *folio,
+ struct page_vma_mapped_walk *pvmw,
+ enum ttu_flags flags, pte_t pte)
{
const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY;
- int max_nr = folio_nr_pages(folio);
- pte_t pte = ptep_get(ptep);
+ unsigned long end_addr, addr = pvmw->address;
+ struct vm_area_struct *vma = pvmw->vma;
+ unsigned int max_nr;
+
+ if (flags & TTU_HWPOISON)
+ return 1;
+ if (!folio_test_large(folio))
+ return 1;
+ /* We may only batch within a single VMA and a single page table. */
+ end_addr = pmd_addr_end(addr, vma->vm_end);
+ max_nr = (end_addr - addr) >> PAGE_SHIFT;
+
+ /* We only support lazyfree batching for now ... */
if (!folio_test_anon(folio) || folio_test_swapbacked(folio))
- return false;
+ return 1;
if (pte_unused(pte))
- return false;
- if (pte_pfn(pte) != folio_pfn(folio))
- return false;
+ return 1;
- return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL,
- NULL, NULL) == max_nr;
+ return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags,
+ NULL, NULL, NULL);
}
/*
@@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma,
if (pte_dirty(pteval))
folio_mark_dirty(folio);
} else if (likely(pte_present(pteval))) {
- if (folio_test_large(folio) && !(flags & TTU_HWPOISON) &&
- can_batch_unmap_folio_ptes(address, folio, pvmw.pte))
- nr_pages = folio_nr_pages(folio);
+ nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval);
end_addr = address + nr_pages * PAGE_SIZE;
flush_cache_range(vma, address, end_addr);
@@ -2206,13 +2213,16 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma,
hugetlb_remove_rmap(folio);
} else {
folio_remove_rmap_ptes(folio, subpage, nr_pages, vma);
- folio_ref_sub(folio, nr_pages - 1);
}
if (vma->vm_flags & VM_LOCKED)
mlock_drain_local();
- folio_put(folio);
- /* We have already batched the entire folio */
- if (nr_pages > 1)
+ folio_put_refs(folio, nr_pages);
+
+ /*
+ * If we are sure that we batched the entire folio and cleared
+ * all PTEs, we can just optimize and stop right here.
+ */
+ if (nr_pages == folio_nr_pages(folio))
goto walk_done;
continue;
walk_abort:
--
2.49.0
8 hours, 54 minutes
- 6
- 7
[PATCH 5.10 000/355] 5.10.239-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.10.239 release.
There are 355 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 25 Jun 2025 13:05:51 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.239-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.10.239-rc1
Tengda Wu <wutengda(a)huaweicloud.com>
arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()
Peter Zijlstra <peterz(a)infradead.org>
perf: Fix sample vs do_exit()
Aaron Lu <ziqianlu(a)bytedance.com>
Revert "bpf: allow precision tracking for programs with subprogs"
Aaron Lu <ziqianlu(a)bytedance.com>
Revert "bpf: stop setting precise in current state"
Aaron Lu <ziqianlu(a)bytedance.com>
Revert "bpf: aggressively forget precise markings during state checkpointing"
Aaron Lu <ziqianlu(a)bytedance.com>
Revert "selftests/bpf: make test_align selftest more robust"
Heiko Carstens <hca(a)linux.ibm.com>
s390/pci: Fix __pcilg_mio_inuser() inline assembly
David Gow <davidgow(a)google.com>
rtc: test: Fix invalid format specifier.
Eddie James <eajames(a)linux.ibm.com>
hwmon: (occ) Fix P10 VRM temp sensors
Gavin Guo <gavinguo(a)igalia.com>
mm/huge_memory: fix dereferencing invalid pmd migration entry
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: move the limit validation
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: use a temporary work area for validating configuration
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: handle bigger packets
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: annotate data-races around q->perturb_period
Alexandre Mergnat <amergnat(a)baylibre.com>
rtc: Make rtc_time64_to_tm() support dates before 1970
Cassio Neri <cassio.neri(a)gmail.com>
rtc: Improve performance of rtc_time64_to_tm(). Add tests.
Paul Chaignon <paul.chaignon(a)gmail.com>
bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
Paul Chaignon <paul.chaignon(a)gmail.com>
net: Fix checksum update for ILA adj-transport
Eliav Farber <farbere(a)amazon.com>
net/ipv4: fix type mismatch in inet_ehash_locks_alloc() causing build failure
James Morse <james.morse(a)arm.com>
arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
James Morse <james.morse(a)arm.com>
arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
James Morse <james.morse(a)arm.com>
arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
Liu Song <liusong(a)linux.alibaba.com>
arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually
James Morse <james.morse(a)arm.com>
arm64: proton-pack: Expose whether the branchy loop k value
Will Deacon <will(a)kernel.org>
arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
James Morse <james.morse(a)arm.com>
arm64: proton-pack: Expose whether the platform is mitigated by firmware
James Morse <james.morse(a)arm.com>
arm64: insn: Add support for encoding DSB
Hou Tao <houtao1(a)huawei.com>
arm64: insn: add encoders for atomic operations
Hou Tao <houtao1(a)huawei.com>
arm64: move AARCH64_BREAK_FAULT into insn-def.h
Julien Thierry <jthierry(a)redhat.com>
arm64: insn: Add barrier encodings
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
serial: sh-sci: Increment the runtime usage counter for the earlycon device
Geert Uytterhoeven <geert+renesas(a)glider.be>
ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms
Colin Foster <colin.foster(a)in-advantage.com>
ARM: dts: am335x-bone-common: Increase MDIO reset deassert time
Shengyu Qu <wiagn233(a)outlook.com>
ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board
Eric Dumazet <edumazet(a)google.com>
net: atm: fix /proc/net/atm/lec handling
Eric Dumazet <edumazet(a)google.com>
net: atm: add lec_mutex
Kuniyuki Iwashima <kuniyu(a)google.com>
calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
Haixia Qu <hxqu(a)hillstonenet.com>
tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
Neal Cardwell <ncardwell(a)google.com>
tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: atmtcp: Free invalid length skb in atmtcp_c_send().
Kuniyuki Iwashima <kuniyu(a)google.com>
mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: carl9170: do not ping device which has failed to load firmware
Krishna Kumar <krikku(a)gmail.com>
net: ice: Perform accurate aRFS flow match
Justin Sanders <jsanders.devel(a)gmail.com>
aoe: clean device rq_list in aoedev_downdev()
Simon Horman <horms(a)kernel.org>
pldmfw: Select CRC32 when PLDMFW is selected
Arnd Bergmann <arnd(a)arndb.de>
hwmon: (occ) fix unaligned accesses
Arnd Bergmann <arnd(a)arndb.de>
hwmon: (occ) Rework attribute registration for stack usage
Eddie James <eajames(a)linux.ibm.com>
hwmon: (occ) Add soft minimum power cap attribute
Eddie James <eajames(a)linux.ibm.com>
hwmon: (occ) Add new temperature sensor type
Jacob Keller <jacob.e.keller(a)intel.com>
drm/nouveau/bl: increase buffer size to avoid truncate warning
Gao Xiang <hsiangkao(a)linux.alibaba.com>
erofs: remove unused trace event erofs_destroy_inode
Jann Horn <jannh(a)google.com>
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
Liu Shixin <liushixin2(a)huawei.com>
mm: hugetlb: independent PMD page table shared count
Jann Horn <jannh(a)google.com>
mm/hugetlb: unshare page tables during VMA split, not before
James Houghton <jthoughton(a)google.com>
hugetlb: unshare some PMDs when splitting VMAs
Jonathan Lane <jon(a)borg.moe>
ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/intel: Add Thinkpad E15 to PM deny list
wangdicheng <wangdicheng(a)kylinos.cn>
ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card
WangYuli <wangyuli(a)uniontech.com>
Input: sparcspkr - avoid unannotated fall-through
Terry Junge <linuxhid(a)cosmicgizmosystems.com>
HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: Revert atm_account_tx() if copy_from_iter_full() fails.
Stephen Smalley <stephen.smalley.work(a)gmail.com>
selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
Marek Szyprowski <m.szyprowski(a)samsung.com>
udmabuf: use sgtable-based scatterlist wrappers
Peter Oberparleiter <oberpar(a)linux.ibm.com>
scsi: s390: zfcp: Ensure synchronous unit_add
Dexuan Cui <decui(a)microsoft.com>
scsi: storvsc: Increase the timeouts to storvsc_timeout
Fedor Pchelkin <pchelkin(a)ispras.ru>
jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
Artem Sadovnikov <a.sadovnikov(a)ispras.ru>
jffs2: check that raw node were preallocated before writing summary
Andrew Morton <akpm(a)linux-foundation.org>
drivers/rapidio/rio_cm.c: prevent possible heap overwrite
Breno Leitao <leitao(a)debian.org>
Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older
Narayana Murty N <nnmlinux(a)linux.ibm.com>
powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery
Stuart Hayes <stuart.w.hayes(a)gmail.com>
platform/x86: dell_rbu: Stop overwriting data buffer
Stuart Hayes <stuart.w.hayes(a)gmail.com>
platform/x86: dell_rbu: Fix list usage
Maximilian Luz <luzmaximilian(a)gmail.com>
platform: Add Surface platform directory
Alexander Sverdlin <alexander.sverdlin(a)siemens.com>
Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first"
Jann Horn <jannh(a)google.com>
tee: Prevent size calculation wraparound on 32-bit kernels
Sukrut Bellary <sbellary(a)baylibre.com>
ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
Laurentiu Tudor <laurentiu.tudor(a)nxp.com>
bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
Marcus Folkesson <marcus.folkesson(a)gmail.com>
watchdog: da9052_wdt: respect TWDMIN
Kyungwook Boo <bookyungwook(a)gmail.com>
i40e: fix MMIO write access to an invalid page in i40e_clear_hw
Zijun Hu <quic_zijuhu(a)quicinc.com>
sock: Correct error checking condition for (assign|release)_proto_idx()
Daniel Wagner <wagi(a)kernel.org>
scsi: lpfc: Use memcpy() for BIOS version
Zijun Hu <quic_zijuhu(a)quicinc.com>
software node: Correct a OOB check in software_node_get_reference_args()
Ido Schimmel <idosch(a)nvidia.com>
vxlan: Do not treat dst cache initialization errors as fatal
Sean Christopherson <seanjc(a)google.com>
iommu/amd: Ensure GA log notifier callbacks finish running before module unload
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
Heiko Stuebner <heiko(a)sntech.de>
clk: rockchip: rk3036: mark ddrphy as critical
Benjamin Berg <benjamin(a)sipsolutions.net>
wifi: mac80211: do not offer a mesh path if forwarding is disabled
Jason Xing <kernelxing(a)tencent.com>
net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
Gabor Juhos <j4g8y7(a)gmail.com>
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
Gabor Juhos <j4g8y7(a)gmail.com>
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction()
Gabor Juhos <j4g8y7(a)gmail.com>
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction()
Gabor Juhos <j4g8y7(a)gmail.com>
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()
Jason Xing <kernelxing(a)tencent.com>
net: atlantic: generate software timestamp just before the doorbell
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
Eric Dumazet <edumazet(a)google.com>
tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
Eric Dumazet <edumazet(a)google.com>
tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
Moon Yeounsu <yyyynoom(a)gmail.com>
net: dlink: add synchronization for stats update
Tali Perry <tali.perry1(a)gmail.com>
i2c: npcm: Add clock toggle recovery
Petr Malat <oss(a)malat.biz>
sctp: Do not wake readers in __sctp_write_space()
Henk Vergonet <henk.vergonet(a)gmail.com>
wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
Alok Tiwari <alok.a.tiwari(a)oracle.com>
emulex/benet: correct command version selection in be_cmd_get_stats()
Tan En De <ende.tan(a)starfivetech.com>
i2c: designware: Invoke runtime suspend on quick slave re-registration
Zilin Guan <zilin(a)seu.edu.cn>
tipc: use kfree_sensitive() for aead cleanup
Sergio Perez Gonzalez <sperezglz(a)gmail.com>
net: macb: Check return value of dma_set_mask_and_coherent()
Viresh Kumar <viresh.kumar(a)linaro.org>
cpufreq: Force sync policy boost with global boost on sysfs update
George Moussalem <george.moussalem(a)outlook.com>
thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for IP v2+
Simon Schuster <schuster.simon(a)siemens-energy.com>
nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults
Wentao Liang <vulab(a)iscas.ac.cn>
media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()
Hans Verkuil <hverkuil(a)xs4all.nl>
media: tc358743: ignore video while HPD is low
Amber Lin <Amber.Lin(a)amd.com>
drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: don't select single flush for active CTL blocks
Dylan Wolff <wolffd(a)comp.nus.edu.sg>
jfs: Fix null-ptr-deref in jfs_ioc_trim
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/gfx9: fix CSIB handling
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/gfx8: fix CSIB handling
Zhang Yi <yi.zhang(a)huawei.com>
ext4: prevent stale extent cache entries caused by concurrent get es_cache
Long Li <leo.lilong(a)huawei.com>
sunrpc: fix race in cache cleanup causing stale nextcheck time
Nicolas Dufresne <nicolas.dufresne(a)collabora.com>
media: rkvdec: Initialize the m2m context before the controls
Aditya Dutt <duttaditya18(a)gmail.com>
jfs: fix array-index-out-of-bounds read in add_missing_indices
Zhang Yi <yi.zhang(a)huawei.com>
ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space()
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/gfx7: fix CSIB handling
Nas Chung <nas.chung(a)chipsnmedia.com>
media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/gfx10: fix CSIB handling
Akhil P Oommen <quic_akhilpo(a)quicinc.com>
drm/msm/a6xx: Increase HFI response timeout
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit()
Nas Chung <nas.chung(a)chipsnmedia.com>
media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/hdmi: add runtime PM calls to DDC transfer function
Namjae Jeon <linkinjeon(a)kernel.org>
exfat: fix double free in delayed_free
Damon Ding <damon.ding(a)rock-chips.com>
drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq()
Long Li <leo.lilong(a)huawei.com>
sunrpc: update nextcheck time when adding new cache entries
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/gfx6: fix CSIB handling
Peter Marheine <pmarheine(a)chromium.org>
ACPI: battery: negate current when discharging
Charan Teja Kalla <quic_charante(a)quicinc.com>
PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
Yuanjun Gong <ruc_gongyuanjun(a)163.com>
ASoC: tegra210_ahub: Add check to of_device_get_match_data()
gldrk <me(a)rarity.fan>
ACPICA: utilities: Fix overflow check in vsnprintf()
Jerry Lv <Jerry.Lv(a)axis.com>
power: supply: bq27xxx: Retrieve again when busy
Seunghun Han <kkamagui(a)gmail.com>
ACPICA: fix acpi parse and parseext cache leaks
Hector Martin <marcan(a)marcan.st>
ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
Ahmed Salem <x0rw3ll(a)gmail.com>
ACPICA: Avoid sequence overread in call to strncmp()
Guilherme G. Piccoli <gpiccoli(a)igalia.com>
clocksource: Fix the CPUs' choice in the watchdog per CPU verification
Seunghun Han <kkamagui(a)gmail.com>
ACPICA: fix acpi operand cache leak in dswstate.c
David Lechner <dlechner(a)baylibre.com>
iio: adc: ad7606_spi: fix reg write value mask
Sean Nyekjaer <sean(a)geanix.com>
iio: imu: inv_icm42600: Fix temperature calculation
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
PCI: Fix lock symmetry in pci_slot_unlock()
Huacai Chen <chenhuacai(a)loongson.cn>
PCI: Add ACS quirk for Loongson PCIe
Long Li <longli(a)microsoft.com>
uio_hv_generic: Use correct size for interrupt and monitor pages
Wentao Liang <vulab(a)iscas.ac.cn>
regulator: max14577: Add error check for max14577_read_reg()
Khem Raj <raj.khem(a)gmail.com>
mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
Gabriel Shahrouzi <gshahrouzi(a)gmail.com>
staging: iio: ad5933: Correct settling cycles encoding per datasheet
Qasim Ijaz <qasdev00(a)gmail.com>
net: ch9200: fix uninitialised access during mii_nway_restart
Ye Bin <yebin10(a)huawei.com>
ftrace: Fix UAF when lookup kallsym after ftrace disabled
Mikulas Patocka <mpatocka(a)redhat.com>
dm-mirror: fix a tiny race condition
Wentao Liang <vulab(a)iscas.ac.cn>
mtd: nand: sunxi: Add randomizer configuration before randomizer enable
Wentao Liang <vulab(a)iscas.ac.cn>
mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk
Jinliang Zheng <alexjlzheng(a)tencent.com>
mm: fix ratelimit_pages update error in dirty_ratio_handler()
Jeongjun Park <aha310510(a)gmail.com>
ipc: fix to protect IPCS lookups using RCU
Da Xue <da(a)libre.computer>
clk: meson-g12a: add missing fclk_div2 to spicc
Arnd Bergmann <arnd(a)arndb.de>
parisc: fix building with gcc-15
GONG Ruiqi <gongruiqi1(a)huawei.com>
vgacon: Add check for vc_origin address range in vgacon_scroll()
Murad Masimov <m.masimov(a)mt-integration.ru>
fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com>
EDAC/altera: Use correct write width with the INTTEST register
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
NFC: nci: uart: Set tty->disc_data only in success path
Chao Yu <chao(a)kernel.org>
f2fs: fix to do sanity check on sit_bitmap_size
Jaegeuk Kim <jaegeuk(a)kernel.org>
f2fs: prevent kernel warning due to negative i_nlink from corrupted image
Dan Carpenter <dan.carpenter(a)linaro.org>
Input: ims-pcu - check record size in ims_pcu_flash_firmware()
Zhang Yi <yi.zhang(a)huawei.com>
ext4: ensure i_size is smaller than maxbytes
Zhang Yi <yi.zhang(a)huawei.com>
ext4: factor out ext4_get_maxbytes()
Jan Kara <jack(a)suse.cz>
ext4: fix calculation of credits for extent tree modification
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
ext4: inline: fix len overflow in ext4_prepare_inline_data
Ioana Ciornei <ioana.ciornei(a)nxp.com>
bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
Tasos Sahanidis <tasos(a)tasossah.com>
ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
Jeff Hugo <quic_jhugo(a)quicinc.com>
bus: mhi: host: Fix conflict between power_up and SYSERR
Andreas Kemnade <andreas(a)kemnade.info>
ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
Ross Stutterheim <ross.stutterheim(a)garmin.com>
ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
Denis Arefev <arefev(a)swemel.ru>
media: vivid: Change the siize of the composing
Edward Adam Davis <eadavis(a)qq.com>
media: vidtv: Terminating the subsequent process of initialization failure
Marek Szyprowski <m.szyprowski(a)samsung.com>
media: videobuf2: use sgtable-based scatterlist wrappers
Loic Poulain <loic.poulain(a)oss.qualcomm.com>
media: venus: Fix probe error handling
Ma Ke <make24(a)iscas.ac.cn>
media: v4l2-dev: fix error handling in __video_register_device()
Wentao Liang <vulab(a)iscas.ac.cn>
media: gspca: Add error handling for stv06xx_read_sensor()
Edward Adam Davis <eadavis(a)qq.com>
media: cxusb: no longer judge rbuf when the write fails
Johan Hovold <johan+linaro(a)kernel.org>
media: ov8856: suppress probe deferral errors
Mingcong Bai <jeffbai(a)aosc.io>
wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
Jeongjun Park <aha310510(a)gmail.com>
jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
Li Lingfeng <lilingfeng3(a)huawei.com>
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
NeilBrown <neil(a)brown.name>
nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
Christian Lamparter <chunkeey(a)gmail.com>
wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
Wentao Liang <vulab(a)iscas.ac.cn>
net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
Wentao Liang <vulab(a)iscas.ac.cn>
net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>
ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
Wentao Liang <vulab(a)iscas.ac.cn>
ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()
Alexander Aring <aahringo(a)redhat.com>
gfs2: move msleep to sleepable context
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: marvell/cesa - Do not chain submitted requests
Zijun Hu <quic_zijuhu(a)quicinc.com>
configfs: Do not override creating attribute file failure in populate_attrs()
Eric Dumazet <edumazet(a)google.com>
tcp: tcp_data_ready() must look at SOCK_DONE
Arnd Bergmann <arnd(a)arndb.de>
kbuild: hdrcheck: fix cross build with clang
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
kbuild: userprogs: fix bitsize and target detection on clang
Oliver Neukum <oneukum(a)suse.com>
net: usb: aqc111: debug info before sanitation
Eric Dumazet <edumazet(a)google.com>
calipso: unlock rcu before returning -EAFNOSUPPORT
Thomas Gleixner <tglx(a)linutronix.de>
x86/iopl: Cure TIF_IO_BITMAP inconsistencies
Stefano Stabellini <stefano.stabellini(a)amd.com>
xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: Flush altsetting 0 endpoints before reinitializating them after reset.
Nathan Chancellor <nathan(a)kernel.org>
drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang
Nathan Chancellor <nathan(a)kernel.org>
kbuild: Add KBUILD_CPPFLAGS to as-option invocation
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS
Nathan Chancellor <nathan(a)kernel.org>
kbuild: Add CLANG_FLAGS to as-instr
Nathan Chancellor <nathan(a)kernel.org>
mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation
Nathan Chancellor <nathan(a)kernel.org>
drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang
Nick Desaulniers <ndesaulniers(a)google.com>
kbuild: Update assembler calls to use proper flags and language target
Nathan Chancellor <nathan(a)kernel.org>
MIPS: Prefer cc-option for additions to cflags
Nathan Chancellor <nathan(a)kernel.org>
MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option
Nick Desaulniers <ndesaulniers(a)google.com>
x86/boot/compressed: prefer cc-option for CFLAGS additions
Oleg Nesterov <oleg(a)redhat.com>
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
Zijun Hu <quic_zijuhu(a)quicinc.com>
fs/filesystems: Fix potential unsigned integer underflow in fs_name()
Eric Dumazet <edumazet(a)google.com>
net_sched: ets: fix a race in ets_qdisc_change()
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_ets: make est_qlen_notify() idempotent
Eric Dumazet <edumazet(a)google.com>
net_sched: tbf: fix a race in tbf_change()
Eric Dumazet <edumazet(a)google.com>
net_sched: red: fix a race in __red_change()
Eric Dumazet <edumazet(a)google.com>
net_sched: prio: fix a race in prio_tune()
Patrisious Haddad <phaddad(a)nvidia.com>
net/mlx5: Fix return value when searching for existing flow group
Moshe Shemesh <moshe(a)nvidia.com>
net/mlx5: Ensure fw pages are always allocated on same NUMA
Jakub Raczynski <j.raczynski(a)samsung.com>
net/mdiobus: Fix potential out-of-bounds read/write access
Andrew Lunn <andrew(a)lunn.ch>
net: mdio: C22 is now optional, EOPNOTSUPP if not provided
Carlos Fernandez <carlos.fernandez(a)technica-engineering.de>
macsec: MACsec SCI assignment for ES = 0
Michal Luczaj <mhal(a)rbox.co>
net: Fix TOCTOU issue in sk_is_readable()
Cong Wang <cong.wang(a)bytedance.com>
net: Rename ->stream_memory_read to ->sock_is_readable
Cong Wang <cong.wang(a)bytedance.com>
bpf: Clean up sockmap related Kconfigs
Eric Dumazet <edumazet(a)google.com>
tcp: factorize logic into tcp_epollin_ready()
Robert Malz <robert.malz(a)canonical.com>
i40e: retry VFLR handling if there is ongoing VF reset
Robert Malz <robert.malz(a)canonical.com>
i40e: return false from i40e_reset_vf if reset is in progress
Haren Myneni <haren(a)linux.ibm.com>
powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
Haren Myneni <haren(a)linux.ibm.com>
powerpc/vas: Move VAS API to book3s common platform
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: fix a potential crash on gso_skb handling
Alok Tiwari <alok.a.tiwari(a)oracle.com>
scsi: iscsi: Fix incorrect error path labels for flashnode operations
Caleb Connolly <caleb.connolly(a)linaro.org>
ath10k: snoc: fix unbalanced IRQ enable in crash recovery
Wen Gong <wgong(a)codeaurora.org>
ath10k: prevent deinitializing NAPI twice
Wen Gong <wgong(a)codeaurora.org>
ath10k: add atomic protection for device recovery
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
serial: sh-sci: Move runtime PM enable to sci_probe_single()
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
serial: sh-sci: Check if TX data was written to device in .tx_empty()
Judith Mendez <jm(a)ti.com>
arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0
Judith Mendez <jm(a)ti.com>
arm64: dts: ti: k3-am65-main: Fix sdhci node properties
Nishanth Menon <nm(a)ti.com>
arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property
Dmitry Torokhov <dmitry.torokhov(a)gmail.com>
Input: synaptics-rmi - fix crash with unsupported versions of F34
zhang songyi <zhang.songyi(a)zte.com.cn>
Input: synaptics-rmi4 - convert to use sysfs_emit() APIs
Dan Carpenter <dan.carpenter(a)linaro.org>
pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()
Al Viro <viro(a)zeniv.linux.org.uk>
do_change_type(): refuse to operate on unmounted/not ours mounts
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
Ronak Doshi <ronak.doshi(a)broadcom.com>
vmxnet3: correctly report gso type for UDP tunnels
Michal Kubiak <michal.kubiak(a)intel.com>
ice: create new Tx scheduler nodes for new queues only
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
Álvaro Fernández Rojas <noltari(a)gmail.com>
spi: bcm63xx-hsspi: fix shared reset
Álvaro Fernández Rojas <noltari(a)gmail.com>
spi: bcm63xx-spi: fix shared reset
Dan Carpenter <dan.carpenter(a)linaro.org>
net/mlx4_en: Prevent potential integer overflow calculating Hz
Yanqing Wang <ot_yanqing.wang(a)mediatek.com>
driver: net: ethernet: mtk_star_emac: fix suspend/resume issue
Charalampos Mitrodimas <charmitro(a)posteo.net>
net: tipc: fix refcount warning in tipc_aead_encrypt
Alok Tiwari <alok.a.tiwari(a)oracle.com>
gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
Quentin Schulz <quentin.schulz(a)cherry.de>
net: stmmac: platform: guarantee uniqueness of bus_id
Nicolas Pitre <npitre(a)baylibre.com>
vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
WangYuli <wangyuli(a)uniontech.com>
MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
iio: adc: ad7124: Fix 3dB filter frequency reading
Henry Martin <bsdhenrymartin(a)gmail.com>
serial: Fix potential null-ptr-deref in mlb_usio_probe()
Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com>
usb: renesas_usbhs: Reorder clock handling and power management in probe
Alexandre Mergnat <amergnat(a)baylibre.com>
rtc: Fix offset calculation for .start_secs < 0
Bjorn Helgaas <bhelgaas(a)google.com>
PCI/DPC: Initialize aer_err_info before using it
Henry Martin <bsdhenrymartin(a)gmail.com>
dmaengine: ti: Add NULL check in udma_probe()
Hans Zhang <18255117159(a)163.com>
PCI: cadence: Fix runtime atomic count underflow
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
rtc: sh: assign correct interrupts with DT
Li Lingfeng <lilingfeng3(a)huawei.com>
nfs: ignore SB_RDONLY when remounting nfs
Li Lingfeng <lilingfeng3(a)huawei.com>
nfs: clear SB_RDONLY before getting superblock
Dapeng Mi <dapeng1.mi(a)linux.intel.com>
perf record: Fix incorrect --user-regs comments
Leo Yan <leo.yan(a)arm.com>
perf tests switch-tracking: Fix timestamp comparison
Alexey Gladkov <legion(a)kernel.org>
mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove()
Dan Carpenter <dan.carpenter(a)linaro.org>
rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send()
Adrian Hunter <adrian.hunter(a)intel.com>
perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3
Henry Martin <bsdhenrymartin(a)gmail.com>
backlight: pm8941: Add NULL check in wled_configure()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf ui browser hists: Set actions->thread before calling do_zoom_thread()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf build: Warn when libdebuginfod devel files are not available
Kees Cook <kees(a)kernel.org>
randstruct: gcc-plugin: Fix attribute addition
Kees Cook <kees(a)kernel.org>
randstruct: gcc-plugin: Remove bogus void member
Sergey Shtylyov <s.shtylyov(a)omp.ru>
fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
Henry Martin <bsdhenrymartin(a)gmail.com>
soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
Su Hui <suhui(a)nfschina.com>
soc: aspeed: lpc: Fix impossible judgment condition
Quentin Schulz <quentin.schulz(a)cherry.de>
arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou
Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com>
ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device
Ioana Ciornei <ioana.ciornei(a)nxp.com>
bus: fsl-mc: fix double-free on mc_dev
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
Wentao Liang <vulab(a)iscas.ac.cn>
nilfs2: add pointer check for nilfs_direct_propagate()
Phillip Lougher <phillip(a)squashfs.org.uk>
Squashfs: check return result of sb_min_blocksize
Adam Ford <aford173(a)gmail.com>
arm64: dts: imx8mm-beacon: Fix RTC capacitive load
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
ARM: dts: at91: at91sam9263: fix NAND chip selects
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select
Zhiguo Niu <zhiguo.niu(a)unisoc.com>
f2fs: fix to correct check conditions in f2fs_cross_rename
Zhiguo Niu <zhiguo.niu(a)unisoc.com>
f2fs: use d_inode(dentry) cleanup dentry->d_inode
Horatiu Vultur <horatiu.vultur(a)microchip.com>
net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
Faicker Mo <faicker.mo(a)zenlayer.com>
net: openvswitch: Fix the dead loop of MPLS parse
Kuniyuki Iwashima <kuniyu(a)amazon.com>
calipso: Don't call calipso functions for AF_INET sk.
Thangaraj Samynathan <thangaraj.s(a)microchip.com>
net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: aqc111: fix error handling of usbnet read calls
Fernando Fernandez Mancera <fmancera(a)suse.de>
netfilter: nft_tunnel: fix geneve_opt dump
Li RongQing <lirongqing(a)baidu.com>
vfio/type1: Fix error unwind in migration dirty bitmap allocation
Florian Westphal <fw(a)strlen.de>
netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
Toke Høiland-Jørgensen <toke(a)toke.dk>
wifi: ath9k_htc: Abort software beacon handling if disabled
Ilya Leoshkevich <iii(a)linux.ibm.com>
s390/bpf: Store backchain even for leaf progs
Vincent Knecht <vincent.knecht(a)mailoo.org>
clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz
Tao Chen <chen.dylane(a)linux.dev>
bpf: Fix WARN() in get_bpf_raw_tp_regs
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
pinctrl: at91: Fix possible out-of-boundary access
Anton Protopopov <a.s.protopopov(a)gmail.com>
libbpf: Use proper errno value in nlattr
Jiayuan Chen <jiayuan.chen(a)linux.dev>
ktls, sockmap: Fix missing uncharge operation
Henry Martin <bsdhenrymartin(a)gmail.com>
clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
Huajian Yang <huajianyang(a)asrmicro.com>
netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it
Chao Yu <chao(a)kernel.org>
f2fs: clean up w/ fscrypt_is_bounce_page()
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: rtw88: do not ignore hardware read error during DPK
Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com>
net: ncsi: Fix GCPS 64-bit member variables
Chao Yu <chao(a)kernel.org>
f2fs: fix to do sanity check on sbi->total_valid_block_count
Stone Zhang <quic_stonez(a)quicinc.com>
wifi: ath11k: fix node corruption in ar->arvifs list
Huang Yiwei <quic_hyiwei(a)quicinc.com>
firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
Biju Das <biju.das.jz(a)bp.renesas.com>
drm/tegra: rgb: Fix the unbound reference count
Kees Cook <kees(a)kernel.org>
drm/vkms: Adjust vkms_state->active_planes allocation type
Biju Das <biju.das.jz(a)bp.renesas.com>
drm: rcar-du: Fix memory leak in rcar_du_vsps_init()
Neill Kapron <nkapron(a)google.com>
selftests/seccomp: fix syscall_restart test for arm compat
Miaoqian Lin <linmq006(a)gmail.com>
firmware: psci: Fix refcount leak in psci_dt_init
Finn Thain <fthain(a)linux-m68k.org>
m68k: mac: Fix macintosh_config for Mac II
Jonas Karlman <jonas(a)kwiboo.se>
media: rkvdec: Fix frame size enumeration
Ian Forbes <ian.forbes(a)broadcom.com>
drm/vmwgfx: Add seqno waiter for sync_files
Geert Uytterhoeven <geert+renesas(a)glider.be>
spi: sh-msiof: Fix maximum DMA transfer size
Armin Wolf <W_Armin(a)gmx.de>
ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com>
x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
Zijun Hu <quic_zijuhu(a)quicinc.com>
PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()
Alexander Shiyan <eagle.alexander923(a)gmail.com>
power: reset: at91-reset: Optimize at91_reset()
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/skx_common: Fix general protection fault
Ovidiu Panait <ovidiu.panait.oss(a)gmail.com>
crypto: sun8i-ce - move fallback ahash_request to the end of the struct
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: xts - Only add ecb if it is not already there
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: lrw - Only add ecb if it is not already there
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: marvell/cesa - Avoid empty transfer descriptor
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: marvell/cesa - Handle zero-length skcipher requests
Ahmed S. Darwish <darwi(a)linutronix.de>
x86/cpu: Sanitize CPUID(0x80000000) output
Corentin Labbe <clabbe.montjoie(a)gmail.com>
crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions
Qing Wang <wangqing7171(a)gmail.com>
perf/core: Fix broken throttling when max_samples_per_tick=1
Andreas Gruenbacher <agruenba(a)redhat.com>
gfs2: gfs2_create_inode error handling fix
Florian Westphal <fw(a)strlen.de>
netfilter: nft_socket: fix sk refcount leaks
Sergey Senozhatsky <senozhatsky(a)chromium.org>
thunderbolt: Do not double dequeue a configuration request
Dave Penkler <dpenkler(a)gmail.com>
usb: usbtmc: Fix timeout value in get_stb
Hongyu Xie <xiehongyu1(a)kylinos.cn>
usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
Jiayi Li <lijiayi(a)kylinos.cn>
usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
Gabor Juhos <j4g8y7(a)gmail.com>
pinctrl: armada-37xx: set GPIO output value before setting direction
Gabor Juhos <j4g8y7(a)gmail.com>
pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31
Pan Taixi <pantaixi(a)huaweicloud.com>
tracing: Fix compilation warning on arm32
-------------
Diffstat:
Documentation/admin-guide/kernel-parameters.txt | 7 +-
MAINTAINERS | 9 +
Makefile | 11 +-
arch/arm/boot/dts/am335x-bone-common.dtsi | 8 +
arch/arm/boot/dts/at91sam9263ek.dts | 2 +-
arch/arm/boot/dts/qcom-apq8064.dtsi | 13 +-
arch/arm/boot/dts/tny_a9263.dts | 2 +-
arch/arm/boot/dts/usb_a9263.dts | 4 +-
arch/arm/mach-omap2/clockdomain.h | 1 +
arch/arm/mach-omap2/clockdomains33xx_data.c | 2 +-
arch/arm/mach-omap2/cm33xx.c | 14 +-
arch/arm/mach-omap2/pmic-cpcap.c | 6 +-
arch/arm/mm/ioremap.c | 4 +-
.../boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 +
.../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 -
arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 20 +-
arch/arm64/include/asm/cputype.h | 2 +
arch/arm64/include/asm/debug-monitors.h | 12 -
arch/arm64/include/asm/insn.h | 114 +++++++-
arch/arm64/include/asm/spectre.h | 4 +-
arch/arm64/kernel/insn.c | 199 ++++++++++++-
arch/arm64/kernel/proton-pack.c | 202 ++++++++------
arch/arm64/kernel/ptrace.c | 2 +-
arch/arm64/net/bpf_jit.h | 11 +-
arch/arm64/net/bpf_jit_comp.c | 58 +++-
arch/arm64/xen/hypercall.S | 21 +-
arch/m68k/mac/config.c | 2 +-
arch/mips/Makefile | 6 +-
.../boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 +
arch/mips/loongson2ef/Platform | 2 +-
arch/mips/vdso/Makefile | 1 +
arch/nios2/include/asm/pgtable.h | 16 ++
arch/parisc/boot/compressed/Makefile | 1 +
arch/powerpc/include/asm/vas.h | 3 +
arch/powerpc/kernel/eeh.c | 2 +
arch/powerpc/platforms/Kconfig | 1 +
arch/powerpc/platforms/Makefile | 1 +
arch/powerpc/platforms/book3s/Kconfig | 15 +
arch/powerpc/platforms/book3s/Makefile | 2 +
.../platforms/{powernv => book3s}/vas-api.c | 11 +-
arch/powerpc/platforms/powernv/Kconfig | 14 -
arch/powerpc/platforms/powernv/Makefile | 2 +-
arch/powerpc/platforms/powernv/vas.h | 2 -
arch/s390/net/bpf_jit_comp.c | 12 +-
arch/s390/pci/pci_mmio.c | 2 +-
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/kernel/cpu/bugs.c | 10 +-
arch/x86/kernel/cpu/common.c | 17 +-
arch/x86/kernel/cpu/mtrr/generic.c | 2 +-
arch/x86/kernel/ioport.c | 13 +-
arch/x86/kernel/process.c | 6 +
crypto/lrw.c | 4 +-
crypto/xts.c | 4 +-
drivers/acpi/acpica/dsutils.c | 9 +-
drivers/acpi/acpica/psobject.c | 52 +---
drivers/acpi/acpica/utprint.c | 7 +-
drivers/acpi/apei/Kconfig | 1 +
drivers/acpi/apei/ghes.c | 2 +-
drivers/acpi/battery.c | 19 +-
drivers/acpi/osi.c | 1 -
drivers/ata/pata_via.c | 3 +-
drivers/atm/atmtcp.c | 4 +-
drivers/base/power/domain.c | 2 +-
drivers/base/power/main.c | 3 +-
drivers/base/power/runtime.c | 2 +-
drivers/base/swnode.c | 2 +-
drivers/block/aoe/aoedev.c | 8 +
drivers/bus/fsl-mc/fsl-mc-bus.c | 6 +-
drivers/bus/fsl-mc/mc-io.c | 19 +-
drivers/bus/fsl-mc/mc-sys.c | 2 +-
drivers/bus/mhi/host/pm.c | 18 +-
drivers/bus/ti-sysc.c | 49 ----
drivers/clk/bcm/clk-raspberrypi.c | 2 +
drivers/clk/meson/g12a.c | 1 +
drivers/clk/qcom/gcc-msm8939.c | 4 +-
drivers/clk/rockchip/clk-rk3036.c | 1 +
drivers/cpufreq/acpi-cpufreq.c | 2 +-
drivers/cpufreq/cpufreq.c | 6 +-
drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +-
.../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +-
drivers/crypto/marvell/cesa/cesa.c | 2 +-
drivers/crypto/marvell/cesa/cesa.h | 9 +-
drivers/crypto/marvell/cesa/cipher.c | 3 +
drivers/crypto/marvell/cesa/hash.c | 2 +-
drivers/crypto/marvell/cesa/tdma.c | 53 ++--
drivers/dma-buf/udmabuf.c | 5 +-
drivers/dma/ti/k3-udma.c | 3 +-
drivers/edac/altera_edac.c | 6 +-
drivers/edac/skx_common.c | 1 +
drivers/firmware/Kconfig | 1 -
drivers/firmware/arm_sdei.c | 11 +-
drivers/firmware/psci/psci.c | 4 +-
drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 -
drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 -
drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 2 -
drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 -
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 -
drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 4 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 18 +-
drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 +-
drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 +-
drivers/gpu/drm/amd/display/dc/dml/Makefile | 3 +-
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 5 +-
drivers/gpu/drm/msm/adreno/a6xx_hfi.c | 2 +-
.../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 3 +-
drivers/gpu/drm/msm/hdmi/hdmi_i2c.c | 14 +-
drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 +-
drivers/gpu/drm/rcar-du/rcar_du_kms.c | 10 +-
drivers/gpu/drm/tegra/rgb.c | 14 +-
drivers/gpu/drm/vkms/vkms_crtc.c | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 ++
drivers/hid/hid-hyperv.c | 5 +-
drivers/hid/usbhid/hid-core.c | 25 +-
drivers/hwmon/occ/common.c | 307 ++++++++++++---------
drivers/i2c/busses/i2c-designware-slave.c | 2 +-
drivers/i2c/busses/i2c-npcm7xx.c | 12 +-
drivers/iio/adc/ad7124.c | 4 +-
drivers/iio/adc/ad7606_spi.c | 2 +-
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 +-
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 -
drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 +
drivers/infiniband/hw/hns/hns_roce_main.c | 1 -
drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 -
drivers/infiniband/hw/mlx5/qpc.c | 30 +-
drivers/input/misc/ims-pcu.c | 6 +
drivers/input/misc/sparcspkr.c | 22 +-
drivers/input/rmi4/rmi_f34.c | 135 +++++----
drivers/iommu/amd/iommu.c | 8 +
drivers/md/dm-raid1.c | 5 +-
drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 +-
drivers/media/i2c/ov8856.c | 9 +-
drivers/media/i2c/tc358743.c | 4 +
drivers/media/platform/exynos4-is/fimc-is-regs.c | 1 +
drivers/media/platform/qcom/venus/core.c | 16 +-
drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 +-
drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 +-
drivers/media/usb/dvb-usb/cxusb.c | 3 +-
drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 +-
drivers/media/v4l2-core/v4l2-dev.c | 14 +-
drivers/mfd/exynos-lpass.c | 1 -
drivers/mfd/stmpe-spi.c | 2 +-
drivers/mtd/nand/raw/sunxi_nand.c | 2 +
drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 -
drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 +
drivers/net/ethernet/cadence/macb_main.c | 6 +-
drivers/net/ethernet/dlink/dl2k.c | 14 +-
drivers/net/ethernet/dlink/dl2k.h | 2 +
drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +-
drivers/net/ethernet/google/gve/gve_main.c | 2 +-
drivers/net/ethernet/intel/i40e/i40e_common.c | 7 +-
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 +-
drivers/net/ethernet/intel/ice/ice_arfs.c | 48 ++++
drivers/net/ethernet/intel/ice/ice_sched.c | 11 +-
drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 +
drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +-
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 +
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +-
.../net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 +-
drivers/net/ethernet/microchip/lan743x_main.c | 4 +-
.../net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 +-
drivers/net/macsec.c | 40 ++-
drivers/net/phy/mdio_bus.c | 16 +-
drivers/net/phy/mscc/mscc_ptp.c | 4 +-
drivers/net/usb/aqc111.c | 10 +-
drivers/net/usb/ch9200.c | 7 +-
drivers/net/vmxnet3/vmxnet3_drv.c | 26 ++
drivers/net/vxlan/vxlan_core.c | 8 +-
drivers/net/wireless/ath/ath10k/ahb.c | 5 +-
drivers/net/wireless/ath/ath10k/core.c | 36 +++
drivers/net/wireless/ath/ath10k/core.h | 9 +
drivers/net/wireless/ath/ath10k/debug.c | 6 +-
drivers/net/wireless/ath/ath10k/mac.c | 1 +
drivers/net/wireless/ath/ath10k/pci.c | 9 +-
drivers/net/wireless/ath/ath10k/sdio.c | 11 +-
drivers/net/wireless/ath/ath10k/snoc.c | 12 +-
drivers/net/wireless/ath/ath10k/wmi.c | 2 +-
drivers/net/wireless/ath/ath11k/core.c | 8 +-
drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 +
drivers/net/wireless/ath/carl9170/usb.c | 19 +-
drivers/net/wireless/intersil/p54/fwio.c | 2 +
drivers/net/wireless/intersil/p54/p54.h | 1 +
drivers/net/wireless/intersil/p54/txrx.c | 13 +-
drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 +
.../net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/pci.c | 10 +
drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 +-
drivers/pci/controller/cadence/pcie-cadence-host.c | 11 +-
drivers/pci/pci.c | 3 +-
drivers/pci/pcie/dpc.c | 2 +-
drivers/pci/quirks.c | 23 ++
drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 35 ++-
drivers/pinctrl/pinctrl-at91.c | 6 +-
drivers/platform/Kconfig | 2 +
drivers/platform/Makefile | 1 +
drivers/platform/surface/Kconfig | 14 +
drivers/platform/surface/Makefile | 5 +
drivers/platform/x86/dell_rbu.c | 6 +-
drivers/power/reset/at91-reset.c | 5 +-
drivers/power/supply/bq27xxx_battery.c | 2 +-
drivers/power/supply/bq27xxx_battery_i2c.c | 13 +-
drivers/rapidio/rio_cm.c | 3 +
drivers/regulator/max14577-regulator.c | 5 +-
drivers/rpmsg/qcom_smd.c | 2 +-
drivers/rtc/Kconfig | 10 +
drivers/rtc/Makefile | 1 +
drivers/rtc/class.c | 2 +-
drivers/rtc/lib.c | 121 ++++++--
drivers/rtc/lib_test.c | 79 ++++++
drivers/rtc/rtc-sh.c | 12 +-
drivers/s390/scsi/zfcp_sysfs.c | 2 +
drivers/scsi/lpfc/lpfc_hbadisc.c | 2 +-
drivers/scsi/lpfc/lpfc_sli.c | 4 +-
drivers/scsi/scsi_transport_iscsi.c | 11 +-
drivers/scsi/storvsc_drv.c | 10 +-
drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 +-
drivers/spi/spi-bcm63xx-hsspi.c | 2 +-
drivers/spi/spi-bcm63xx.c | 2 +-
drivers/spi/spi-sh-msiof.c | 13 +-
drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +-
drivers/staging/media/rkvdec/rkvdec.c | 24 +-
drivers/tee/tee_core.c | 11 +-
drivers/thermal/qcom/tsens.c | 10 +-
drivers/thunderbolt/ctl.c | 5 +
drivers/tty/serial/milbeaut_usio.c | 5 +-
drivers/tty/serial/sh-sci.c | 97 +++++--
drivers/tty/vt/vt_ioctl.c | 2 -
drivers/uio/uio_hv_generic.c | 4 +-
drivers/usb/class/usbtmc.c | 4 +-
drivers/usb/core/hub.c | 16 +-
drivers/usb/core/quirks.c | 3 +
drivers/usb/gadget/function/f_hid.c | 12 +-
drivers/usb/renesas_usbhs/common.c | 50 +++-
drivers/usb/storage/unusual_uas.h | 7 +
drivers/vfio/vfio_iommu_type1.c | 2 +-
drivers/video/backlight/qcom-wled.c | 6 +-
drivers/video/console/vgacon.c | 2 +-
drivers/video/fbdev/core/fbcvt.c | 2 +-
drivers/video/fbdev/core/fbmem.c | 4 +-
drivers/watchdog/da9052_wdt.c | 1 +
fs/configfs/dir.c | 2 +-
fs/exfat/nls.c | 1 +
fs/ext4/ext4.h | 7 +
fs/ext4/extents.c | 39 ++-
fs/ext4/file.c | 7 +-
fs/ext4/inline.c | 2 +-
fs/ext4/inode.c | 3 +-
fs/ext4/ioctl.c | 8 +-
fs/f2fs/data.c | 2 +-
fs/f2fs/f2fs.h | 10 +-
fs/f2fs/namei.c | 19 +-
fs/f2fs/super.c | 12 +-
fs/filesystems.c | 14 +-
fs/gfs2/inode.c | 3 +-
fs/gfs2/lock_dlm.c | 3 +-
fs/jbd2/transaction.c | 5 +-
fs/jffs2/erase.c | 4 +-
fs/jffs2/scan.c | 4 +-
fs/jffs2/summary.c | 7 +-
fs/jfs/jfs_discard.c | 3 +-
fs/jfs/jfs_dtree.c | 18 +-
fs/namespace.c | 4 +
fs/nfs/super.c | 19 ++
fs/nfsd/nfs4proc.c | 3 +-
fs/nfsd/nfssvc.c | 6 +-
fs/nilfs2/btree.c | 4 +-
fs/nilfs2/direct.c | 3 +
fs/squashfs/super.c | 5 +
include/acpi/actypes.h | 2 +-
include/linux/arm_sdei.h | 4 +-
include/linux/atmdev.h | 6 +
include/linux/bpf.h | 26 +-
include/linux/bpf_types.h | 6 +-
include/linux/hid.h | 3 +-
include/linux/hugetlb.h | 6 +
include/linux/mlx5/driver.h | 1 +
include/linux/mm.h | 3 +
include/linux/mm_types.h | 3 +
include/linux/skmsg.h | 18 ++
include/net/checksum.h | 2 +-
include/net/sock.h | 11 +-
include/net/tcp.h | 28 +-
include/net/tls.h | 2 +-
include/net/udp.h | 4 +-
include/trace/events/erofs.h | 18 --
include/uapi/linux/bpf.h | 2 +
include/uapi/linux/videodev2.h | 12 +-
init/Kconfig | 1 +
ipc/shm.c | 5 +-
kernel/bpf/verifier.c | 175 +-----------
kernel/events/core.c | 23 +-
kernel/exit.c | 17 +-
kernel/power/wakelock.c | 3 +
kernel/time/clocksource.c | 2 +-
kernel/time/posix-cpu-timers.c | 9 +
kernel/trace/bpf_trace.c | 2 +-
kernel/trace/ftrace.c | 10 +-
kernel/trace/trace.c | 2 +-
lib/Kconfig | 1 +
mm/huge_memory.c | 2 +-
mm/hugetlb.c | 117 +++++++-
mm/mmap.c | 8 +
mm/page-writeback.c | 2 +-
net/Kconfig | 6 +-
net/atm/common.c | 1 +
net/atm/lec.c | 12 +-
net/atm/raw.c | 2 +-
net/bluetooth/l2cap_core.c | 3 +-
net/bridge/netfilter/nf_conntrack_bridge.c | 12 +-
net/core/Makefile | 6 +-
net/core/filter.c | 5 +-
net/core/skmsg.c | 145 +++++-----
net/core/sock.c | 4 +-
net/core/sock_map.c | 2 +
net/core/utils.c | 4 +-
net/ipv4/Makefile | 2 +-
net/ipv4/inet_hashtables.c | 2 +-
net/ipv4/route.c | 4 +
net/ipv4/tcp.c | 21 +-
net/ipv4/tcp_bpf.c | 8 +-
net/ipv4/tcp_input.c | 74 ++---
net/ipv6/calipso.c | 8 +
net/ipv6/ila/ila_common.c | 6 +-
net/ipv6/netfilter.c | 12 +-
net/ipv6/netfilter/nft_fib_ipv6.c | 13 +-
net/mac80211/mesh_hwmp.c | 6 +-
net/mpls/af_mpls.c | 4 +-
net/ncsi/internal.h | 21 +-
net/ncsi/ncsi-pkt.h | 23 +-
net/ncsi/ncsi-rsp.c | 21 +-
net/netfilter/nft_socket.c | 5 +-
net/netfilter/nft_tunnel.c | 8 +-
net/netlabel/netlabel_kapi.c | 5 +
net/nfc/nci/uart.c | 8 +-
net/openvswitch/flow.c | 2 +-
net/sched/sch_ets.c | 10 +-
net/sched/sch_prio.c | 2 +-
net/sched/sch_red.c | 2 +-
net/sched/sch_sfq.c | 117 +++++---
net/sched/sch_tbf.c | 2 +-
net/sctp/socket.c | 3 +-
net/sunrpc/cache.c | 17 +-
net/tipc/crypto.c | 8 +-
net/tipc/udp_media.c | 4 +-
net/tls/tls_main.c | 4 +-
net/tls/tls_sw.c | 9 +-
scripts/Kbuild.include | 8 +-
scripts/Kconfig.include | 2 +-
scripts/as-version.sh | 2 +-
scripts/gcc-plugins/gcc-common.h | 32 +++
scripts/gcc-plugins/randomize_layout_plugin.c | 40 +--
security/selinux/xfrm.c | 2 +-
sound/pci/hda/hda_intel.c | 2 +
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/codecs/tas2770.c | 30 +-
sound/soc/meson/meson-card-utils.c | 2 +-
sound/soc/qcom/sdm845.c | 4 +
sound/soc/tegra/tegra210_ahub.c | 2 +
sound/usb/mixer_maps.c | 12 +
tools/include/uapi/linux/bpf.h | 2 +
tools/lib/bpf/nlattr.c | 15 +-
tools/perf/Makefile.config | 2 +
tools/perf/builtin-record.c | 2 +-
tools/perf/scripts/python/exported-sql-viewer.py | 5 +-
tools/perf/tests/switch-tracking.c | 2 +-
tools/perf/ui/browsers/hists.c | 2 +-
tools/testing/selftests/bpf/prog_tests/align.c | 36 +--
tools/testing/selftests/seccomp/seccomp_bpf.c | 7 +-
usr/include/Makefile | 2 +-
369 files changed, 3117 insertions(+), 1586 deletions(-)
9 hours, 12 minutes
- 8
- 363
[PATCH 5.4 000/148] 5.4.296-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.4.296 release.
There are 148 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.296-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.4.296-rc1
Georg Kohmann <geokohma(a)cisco.com>
net: ipv6: Discard next-hop MTU less than minimum link MTU
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Christian König <christian.koenig(a)amd.com>
dma-buf: fix timeout handling in dma_resv_wait_timeout v2
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - support Acer NGR 200 Controller
Vicki Pfau <vi(a)endrift.com>
Input: xpad - add VID for Turtle Beach controllers
Matt Reynolds <mattreynolds(a)chromium.org>
Input: xpad - add support for Amazon Game Controller
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4/flexfiles: Fix handling of NFS level errors in I/O
Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de>
flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix vport loopback for MPV device
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Eric W. Biederman <ebiederm(a)xmission.com>
proc: Clear the pieces of proc_inode that proc_evict_inode cares about
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Nathan Chancellor <nathan(a)kernel.org>
staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Rollback non processed entities on error
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Send control events for partial succeeds
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Return the number of processed controls
Seiji Nishikawa <snishika(a)redhat.com>
ACPI: PAD: fix crash in exit_round_robin()
Andrei Kuchynski <akuchynski(a)chromium.org>
usb: typec: displayport: Fix potential deadlock
Oliver Neukum <oneukum(a)suse.com>
Logitech C-270 even more broken
Kohei Enju <enjuk(a)amazon.com>
rose: fix dangling neighbour pointers in rose_rt_device_down()
Gustavo A. R. Silva <gustavoars(a)kernel.org>
net: rose: Fix fall-through warnings for Clang
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/i915/gt: Fix timeline left held on VMA alloc error
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/i915/selftests: Change mock_request() to return error pointers
James Clark <james.clark(a)linaro.org>
spi: spi-fsl-dspi: Clear completion counter before initiating transfer
Vladimir Oltean <vladimir.oltean(a)nxp.com>
spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path
Vladimir Oltean <vladimir.oltean(a)nxp.com>
spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write
Fushuai Wang <wangfushuai(a)baidu.com>
dpaa2-eth: fix xdp_rxq_info leak
Thomas Fourier <fourier.thomas(a)gmail.com>
ethernet: atl1: Add missing DMA mapping error checks and count errors
Filipe Manana <fdmanana(a)suse.com>
btrfs: use btrfs_record_snapshot_destroy() during rmdir
Filipe Manana <fdmanana(a)suse.com>
btrfs: propagate last_unlink_trans earlier when doing a rmdir
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix CC counters query for MPV
Leon Romanovsky <leon(a)kernel.org>
RDMA/core: Create and destroy counters in the ib_core
Bart Van Assche <bvanassche(a)acm.org>
scsi: ufs: core: Fix spelling of a sysfs attribute name
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Disable interrupts before resetting the GPU
Sergey Senozhatsky <senozhatsky(a)chromium.org>
mtk-sd: reset host->mrq on prepare_data() error
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
mtk-sd: Prevent memory corruption from DMA map failure
Yue Hu <huyue2(a)yulong.com>
mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data()
Manivannan Sadhasivam <mani(a)kernel.org>
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
Jerome Neanne <jneanne(a)baylibre.com>
regulator: gpio: Add input_supply support in gpio_regulator_config
Uladzislau Rezki (Sony) <urezki(a)gmail.com>
rcu: Return early if callback is not specified
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPICA: Refuse to evaluate a method if arguments are missing
Johannes Berg <johannes.berg(a)intel.com>
wifi: ath6kl: remove WARN on bad firmware input
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: drop invalid source address OCB frames
Madhavan Srinivasan <maddy(a)linux.ibm.com>
powerpc: Fix struct termio related ioctl macros
Johannes Berg <johannes.berg(a)intel.com>
ata: pata_cs5536: fix build on 32-bit UML
Takashi Iwai <tiwai(a)suse.de>
ALSA: sb: Force to disable DMAs once when DMA mode is changed
Lion Ackermann <nnamrec(a)gmail.com>
net/sched: Always pass notifications when child class becomes empty
Thomas Fourier <fourier.thomas(a)gmail.com>
nui: Fix dma_mapping_error() check
Alok Tiwari <alok.a.tiwari(a)oracle.com>
enic: fix incorrect MTU comparison in enic_change_mtu()
Raju Rangoju <Raju.Rangoju(a)amd.com>
amd-xgbe: align CL37 AN sequence as per databook
Dan Carpenter <dan.carpenter(a)linaro.org>
lib: test_objagg: Set error message in check_expect_hints_stats()
Marek Szyprowski <m.szyprowski(a)samsung.com>
drm/exynos: fimd: Guard display clock control with runtime PM calls
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix missing error handling when searching for inode refs during log replay
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
Kuniyuki Iwashima <kuniyu(a)google.com>
nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
Mark Zhang <markzhang(a)nvidia.com>
RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
David Thompson <davthompson(a)nvidia.com>
platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
RD Babiera <rdbabiera(a)google.com>
usb: typec: altmodes/displayport: do not index invalid pin_assignments
Ulf Hansson <ulf.hansson(a)linaro.org>
Revert "mmc: sdhci: Disable SD card clock before changing parameters"
Victor Shih <victor.shih(a)genesyslogic.com.tw>
mmc: sdhci: Add a helper function for dump register in dynamic debug mode
HarshaVardhana S A <harshavardhana.sa(a)broadcom.com>
vsock/vmci: Clear the vmci transport packet properly when initializing it
Omar Sandoval <osandov(a)fb.com>
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
Dev Jain <dev.jain(a)arm.com>
arm64: Restrict pagetable teardown to avoid false warning
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Check return value when getting default PHY config
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Fix connecting to next bridge
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
Thierry Reding <treding(a)nvidia.com>
drm/tegra: Assign plane type before registration
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix kobject reference count leak
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix memory leak on sysfs attribute creation failure
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix memory leak on kobject creation failure
Heinz Mauelshagen <heinzm(a)redhat.com>
dm-raid: fix variable in journal device check
Frédéric Danis <frederic.danis(a)collabora.com>
Bluetooth: L2CAP: Fix L2CAP MTU negotiation
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
Simon Horman <horms(a)kernel.org>
net: enetc: Correct endianness handling in _enetc_rd_reg64
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: ubd: Add missing error check in start_io_thread()
Stefano Garzarella <sgarzare(a)redhat.com>
vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: mac80211: fix beacon interval calculation overflow
Al Viro <viro(a)zeniv.linux.org.uk>
attach_recursive_mnt(): do not lock the covering tree when sliding something under it
Youngjun Lee <yjjuny.lee(a)samsung.com>
ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: robotfuzz-osif: disable zero-length read messages
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: tiny-usb: disable zero-length read messages
Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com>
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
Weihang Li <liweihang(a)huawei.com>
RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private
Denis Arefev <arefev(a)swemel.ru>
media: vivid: Change the siize of the composing
Marek Szyprowski <m.szyprowski(a)samsung.com>
media: omap3isp: use sgtable-based scatterlist wrappers
Edward Adam Davis <eadavis(a)qq.com>
media: cxusb: no longer judge rbuf when the write fails
Sean Young <sean(a)mess.org>
media: cxusb: use dev_dbg() rather than hand-rolled debug
Vasiliy Kovalev <kovalev(a)altlinux.org>
jfs: validate AG parameters in dbMount() to prevent crashes
Dave Kleikamp <dave.kleikamp(a)oracle.com>
fs/jfs: consolidate sanity checking in dbMount
Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>
ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
Rob Herring <robh(a)kernel.org>
of: Add of_property_present() helper
Michael Walle <michael(a)walle.cc>
of: property: define of_property_read_u{8,16,32,64}_array() unconditionally
Arnd Bergmann <arnd(a)arndb.de>
kbuild: hdrcheck: fix cross build with clang
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: add --target to correctly cross-compile UAPI headers with Clang
Masahiro Yamada <masahiroy(a)kernel.org>
bpfilter: match bit size of bpfilter_umh to that of the kernel
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: use -MMD instead of -MD to exclude system headers from dependency
Wupeng Ma <mawupeng1(a)huawei.com>
VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
George Kennedy <george.kennedy(a)oracle.com>
VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF
Dave Penkler <dpenkler(a)gmail.com>
usb: usbtmc: Fix read_stb function and get_stb ioctl
Dave Penkler <dpenkler(a)gmail.com>
USB: usbtmc: Add USBTMC_IOCTL_GET_STB
Dave Penkler <dpenkler(a)gmail.com>
USB: usbtmc: Fix reading stale status byte
Kees Cook <kees(a)kernel.org>
ovl: Check for NULL d_inode() in ovl_dentry_upper()
Dmitry Kandybka <d.kandybka(a)gmail.com>
ceph: fix possible integer overflow in ceph_zero_objects()
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Ignore unsol events for cards being shut down
Jos Wang <joswang(a)lenovo.com>
usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode
Robert Hodaszi <robert.hodaszi(a)digi.com>
usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
usb: Add checks for snprintf() calls in usb_alloc_dev()
Jakub Lewalski <jakub.lewalski(a)nokia.com>
tty: serial: uartlite: register uart driver in init
Chen Yufeng <chenyufeng(a)iie.ac.cn>
usb: potential integer overflow in usbg_make_tpg()
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: pressure: zpa2326: Use aligned_s64 for the timestamp
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: fix dm-raid max_write_behind setting
Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de>
dmaengine: xilinx_dma: Set dma_device directions
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
mfd: max14577: Fix wakeup source leaks on device unbind
Peng Fan <peng.fan(a)nxp.com>
mailbox: Not protect module_put with spin_lock_irqsave
Pali Rohár <pali(a)kernel.org>
cifs: Fix cifs_query_path_info() for Windows NT servers
-------------
Diffstat:
Documentation/ABI/testing/sysfs-driver-ufs | 2 +-
Makefile | 4 +-
arch/arm64/mm/mmu.c | 3 +-
arch/powerpc/include/uapi/asm/ioctls.h | 8 +-
arch/s390/Makefile | 2 +-
arch/s390/purgatory/Makefile | 2 +-
arch/um/drivers/ubd_user.c | 2 +-
arch/x86/Kconfig | 2 +-
arch/x86/kernel/cpu/mce/amd.c | 15 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
drivers/acpi/acpi_pad.c | 7 +-
drivers/acpi/acpica/dsmethod.c | 7 +
drivers/acpi/battery.c | 19 +-
drivers/ata/pata_cs5536.c | 2 +-
drivers/atm/idt77252.c | 5 +
drivers/dma-buf/dma-resv.c | 5 +-
drivers/dma/xilinx/xilinx_dma.c | 2 +
drivers/gpu/drm/bridge/cdns-dsi.c | 11 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 +
drivers/gpu/drm/i915/gt/intel_ringbuffer.c | 3 +-
drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-
drivers/gpu/drm/i915/selftests/mock_request.c | 2 +-
drivers/gpu/drm/tegra/dc.c | 12 +-
drivers/gpu/drm/tegra/hub.c | 4 +-
drivers/gpu/drm/tegra/hub.h | 3 +-
drivers/gpu/drm/v3d/v3d_drv.h | 9 +
drivers/gpu/drm/v3d/v3d_gem.c | 2 +
drivers/gpu/drm/v3d/v3d_irq.c | 36 ++-
drivers/hid/hid-ids.h | 5 +
drivers/hid/hid-quirks.c | 3 +
drivers/hid/wacom_sys.c | 6 +-
drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 +
drivers/i2c/busses/i2c-tiny-usb.c | 6 +
drivers/iio/pressure/zpa2326.c | 2 +-
drivers/infiniband/core/device.c | 1 +
drivers/infiniband/core/iwcm.c | 38 +--
drivers/infiniband/core/iwcm.h | 2 +-
.../infiniband/core/uverbs_std_types_counters.c | 17 +-
drivers/infiniband/hw/mlx5/devx.c | 2 +-
drivers/infiniband/hw/mlx5/main.c | 55 ++--
drivers/input/joystick/xpad.c | 5 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/mailbox/mailbox.c | 2 +-
drivers/md/dm-raid.c | 2 +-
drivers/md/md-bitmap.c | 2 +-
drivers/md/raid1.c | 1 +
drivers/media/platform/omap3isp/ispccdc.c | 8 +-
drivers/media/platform/omap3isp/ispstat.c | 6 +-
drivers/media/platform/vivid/vivid-vid-cap.c | 2 +-
drivers/media/usb/dvb-usb/cxusb.c | 36 ++-
drivers/media/usb/uvc/uvc_ctrl.c | 61 +++--
drivers/mfd/max14577.c | 1 +
drivers/misc/vmw_vmci/vmci_host.c | 9 +-
drivers/mmc/host/mtk-sd.c | 39 ++-
drivers/mmc/host/sdhci.c | 9 +-
drivers/mmc/host/sdhci.h | 16 ++
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 +
drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 +
drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +-
drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++--
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/cisco/enic/enic_main.c | 4 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +-
drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +-
drivers/net/ethernet/sun/niu.c | 31 ++-
drivers/net/ethernet/sun/niu.h | 4 +
drivers/net/phy/microchip.c | 2 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/ath/ath6kl/bmi.c | 4 +-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +-
drivers/pwm/pwm-mediatek.c | 15 +-
drivers/regulator/gpio-regulator.c | 19 +-
drivers/scsi/qla4xxx/ql4_os.c | 2 +
drivers/scsi/ufs/ufs-sysfs.c | 4 +-
drivers/spi/spi-fsl-dspi.c | 55 ++--
drivers/staging/rtl8723bs/core/rtw_security.c | 46 +---
drivers/tty/serial/uartlite.c | 15 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/class/cdc-wdm.c | 23 +-
drivers/usb/class/usbtmc.c | 53 ++--
drivers/usb/core/quirks.c | 3 +-
drivers/usb/core/usb.c | 14 +-
drivers/usb/gadget/function/f_tcm.c | 4 +-
drivers/usb/gadget/function/u_serial.c | 6 +-
drivers/usb/typec/altmodes/displayport.c | 5 +-
fs/btrfs/inode.c | 36 +--
fs/btrfs/ioctl.c | 3 +
fs/btrfs/tree-log.c | 4 +-
fs/ceph/file.c | 2 +-
fs/cifs/misc.c | 8 +
fs/jfs/jfs_dmap.c | 41 +--
fs/namespace.c | 8 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 144 +++++++---
fs/nfs/inode.c | 17 +-
fs/overlayfs/util.c | 4 +-
fs/proc/inode.c | 16 +-
fs/proc/proc_sysctl.c | 18 +-
include/drm/spsc_queue.h | 4 +-
include/linux/of.h | 291 ++++++++++-----------
include/linux/regulator/gpio-regulator.h | 2 +
include/linux/usb/typec_dp.h | 1 +
include/rdma/ib_verbs.h | 7 +-
include/uapi/linux/usb/tmc.h | 2 +
include/uapi/linux/vm_sockets.h | 4 +
init/Kconfig | 4 +-
kernel/rcu/tree.c | 4 +
lib/test_objagg.c | 4 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 +++--
net/atm/resources.c | 3 +-
net/bluetooth/l2cap_core.c | 9 +-
net/bpfilter/Makefile | 5 +-
net/ipv6/route.c | 3 +-
net/mac80211/rx.c | 4 +
net/mac80211/util.c | 2 +-
net/netlink/af_netlink.c | 90 ++++---
net/rose/rose_route.c | 15 +-
net/rxrpc/call_accept.c | 3 +
net/sched/sch_api.c | 42 +--
net/tipc/topsrv.c | 2 +
net/vmw_vsock/vmci_transport.c | 4 +-
scripts/Kbuild.include | 2 +-
scripts/Makefile.host | 4 +-
scripts/Makefile.lib | 8 +-
sound/isa/sb/sb16_main.c | 4 +
sound/pci/hda/hda_bind.c | 2 +-
sound/soc/meson/meson-card-utils.c | 2 +-
sound/usb/stream.c | 2 +
usr/include/Makefile | 6 +-
135 files changed, 1221 insertions(+), 706 deletions(-)
9 hours, 15 minutes
- 4
- 153
[PATCH 5.15 00/77] 5.15.189-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.15.189 release.
There are 77 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.189-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.15.189-rc1
Jack Wang <jinpu.wang(a)ionos.com>
x86: Fix X86_FEATURE_VERW_CLEAR definition
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Dongli Zhang <dongli.zhang(a)oracle.com>
vhost-scsi: protect vq->log_used with vq->mutex
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Kurt Borja <kuurtb(a)gmail.com>
platform/x86: think-lmi: Fix sysfs group cleanup
Christian König <christian.koenig(a)amd.com>
dma-buf: fix timeout handling in dma_resv_wait_timeout v2
Christian König <christian.koenig(a)amd.com>
dma-buf: use new iterator in dma_resv_wait_timeout
Christian König <christian.koenig(a)amd.com>
dma-buf: add dma_resv_for_each_fence_unlocked v8
Kuen-Han Tsai <khtsai(a)google.com>
usb: dwc3: Abort suspend on soft disconnect failure
Pawel Laszczak <pawell(a)cadence.com>
usb: cdnsp: Fix issue with CV Bad Descriptor test
Lee Jones <lee(a)kernel.org>
usb: cdnsp: Replace snprintf() with the safer scnprintf() variant
Pawel Laszczak <pawell(a)cadence.com>
usb:cdnsp: remove TRB_FLUSH_ENDPOINT command
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - support Acer NGR 200 Controller
Hongyu Xie <xiehongyu1(a)kylinos.cn>
xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
Raju Rangoju <Raju.Rangoju(a)amd.com>
usb: xhci: quirk for data loss in ISOC transfers
Basavaraj Natikar <Basavaraj.Natikar(a)amd.com>
xhci: Allow RPM on the USB controller (1022:43f7) by default
Bui Quang Minh <minhquangbui99(a)gmail.com>
virtio-net: ensure the received length does not exceed allocated size
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix vport loopback for MPV device
Filipe Manana <fdmanana(a)suse.com>
btrfs: use btrfs_record_snapshot_destroy() during rmdir
Filipe Manana <fdmanana(a)suse.com>
btrfs: propagate last_unlink_trans earlier when doing a rmdir
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Juergen Gross <jgross(a)suse.com>
xen: replace xen_remap() with memremap()
Edward Adam Davis <eadavis(a)qq.com>
jfs: fix null ptr deref in dtInsertEntry
John Fastabend <john.fastabend(a)gmail.com>
bpf, sockmap: Fix skb refcnt race after locking changes
Maksim Kiselev <bigunclemax(a)gmail.com>
aoe: avoid potential deadlock at set_capacity
Lee, Chun-Yi <joeyli.kernel(a)gmail.com>
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
Andrii Nakryiko <andrii(a)kernel.org>
bpf: fix precision backtracking instruction iteration
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Jesse Brandeburg <jesse.brandeburg(a)intel.com>
ice: safer stats processing
Oleg Nesterov <oleg(a)redhat.com>
fs/proc: do_task_stat: use __for_each_thread()
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
-------------
Diffstat:
Makefile | 4 +-
arch/um/drivers/vector_kern.c | 42 +--
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/cpufeatures.h | 2 +-
arch/x86/include/asm/xen/page.h | 3 -
arch/x86/kernel/cpu/mce/amd.c | 15 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/aoe/aoeblk.c | 5 +-
drivers/block/nbd.c | 6 +-
drivers/dma-buf/dma-resv.c | 171 ++++++----
drivers/gpu/drm/drm_gem.c | 10 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-quirks.c | 3 +
drivers/infiniband/hw/mlx5/main.c | 33 ++
drivers/input/joystick/xpad.c | 2 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/md/raid1.c | 1 +
drivers/md/raid10.c | 10 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/intel/ice/ice_main.c | 29 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 2 +-
drivers/net/phy/smsc.c | 28 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/virtio_net.c | 44 ++-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/platform/x86/think-lmi.c | 35 +-
drivers/pwm/pwm-mediatek.c | 15 +-
.../intel/int340x_thermal/int3400_thermal.c | 9 +-
drivers/tty/hvc/hvc_xen.c | 2 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++-----------
drivers/usb/cdns3/cdnsp-ep0.c | 18 +-
drivers/usb/cdns3/cdnsp-gadget.c | 6 +-
drivers/usb/cdns3/cdnsp-gadget.h | 11 +-
drivers/usb/cdns3/cdnsp-ring.c | 27 +-
drivers/usb/dwc3/core.c | 9 +-
drivers/usb/dwc3/gadget.c | 22 +-
drivers/usb/gadget/function/u_serial.c | 6 +-
drivers/usb/host/xhci-mem.c | 4 +
drivers/usb/host/xhci-pci.c | 30 +-
drivers/usb/host/xhci-plat.c | 3 +-
drivers/usb/host/xhci.h | 1 +
drivers/vhost/scsi.c | 7 +-
drivers/xen/grant-table.c | 6 +-
drivers/xen/xenbus/xenbus_probe.c | 3 +-
fs/btrfs/inode.c | 36 +--
fs/jfs/jfs_dtree.c | 2 +
fs/ksmbd/transport_rdma.c | 5 +-
fs/ksmbd/vfs.c | 1 +
fs/proc/array.c | 6 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
include/drm/drm_file.h | 3 +
include/drm/spsc_queue.h | 4 +-
include/linux/dma-resv.h | 95 ++++++
include/net/netfilter/nf_flow_table.h | 2 +-
include/xen/arm/page.h | 3 -
kernel/bpf/verifier.c | 21 +-
kernel/events/core.c | 2 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 +++-
net/core/skmsg.c | 12 +-
net/ipv6/addrconf.c | 9 +-
net/netlink/af_netlink.c | 90 +++---
net/rxrpc/call_accept.c | 3 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 +++-
sound/soc/fsl/fsl_asrc.c | 3 +-
79 files changed, 982 insertions(+), 564 deletions(-)
9 hours, 16 minutes
- 5
- 85
[PATCH 6.1 00/88] 6.1.146-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.1.146 release.
There are 88 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.146-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.1.146-rc1
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potential use-after-free in oplock/lease break ack
Yeoreum Yun <yeoreum.yun(a)arm.com>
kasan: remove kasan_find_vm_area() to prevent possible deadlock
Jack Wang <jinpu.wang(a)ionos.com>
x86: Fix X86_FEATURE_VERW_CLEAR definition
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Dongli Zhang <dongli.zhang(a)oracle.com>
vhost-scsi: protect vq->log_used with vq->mutex
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix assertion when building free space tree
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Yasmin Fitzgerald <sunoflife1.git(a)gmail.com>
ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
Yuzuru10 <yuzuru_10(a)proton.me>
ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Mingming Cao <mmc(a)linux.ibm.com>
ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_read_folio()
Gao Xiang <xiang(a)kernel.org>
erofs: adapt folios for z_erofs_read_folio()
Gao Xiang <xiang(a)kernel.org>
erofs: avoid on-stack pagepool directly passed by arguments
Gao Xiang <xiang(a)kernel.org>
erofs: allocate extra bvec pages directly instead of retrying
Yue Hu <huyue2(a)coolpad.com>
erofs: clean up z_erofs_pcluster_readmore()
Yue Hu <huyue2(a)coolpad.com>
erofs: remove the member readahead from struct z_erofs_decompress_frontend
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Mikko Perttunen <mperttunen(a)nvidia.com>
drm/tegra: nvdec: Fix dma_alloc_coherent error check
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Zhang Rui <rui.zhang(a)intel.com>
platform/x86: think-lmi: Fix sysfs group cleanup
Kuen-Han Tsai <khtsai(a)google.com>
usb: dwc3: Abort suspend on soft disconnect failure
Pawel Laszczak <pawell(a)cadence.com>
usb: cdnsp: Fix issue with CV Bad Descriptor test
Lee Jones <lee(a)kernel.org>
usb: cdnsp: Replace snprintf() with the safer scnprintf() variant
Pawel Laszczak <pawell(a)cadence.com>
usb:cdnsp: remove TRB_FLUSH_ENDPOINT command
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - support Acer NGR 200 Controller
Raju Rangoju <Raju.Rangoju(a)amd.com>
usb: xhci: quirk for data loss in ISOC transfers
Basavaraj Natikar <Basavaraj.Natikar(a)amd.com>
xhci: Allow RPM on the USB controller (1022:43f7) by default
Filipe Manana <fdmanana(a)suse.com>
btrfs: propagate last_unlink_trans earlier when doing a rmdir
Shivank Garg <shivankg(a)amd.com>
fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Wei Yang <richard.weiyang(a)gmail.com>
maple_tree: fix mt_destroy_walk() on root leaf node
Achill Gilgenast <fossdd(a)pwned.life>
kallsyms: fix build without execinfo
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix error handling in ttm_buffer_object_transfer
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be>
wifi: prevent A-MSDU attacks in mesh networks
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Håkon Bugge <haakon.bugge(a)oracle.com>
md/md-bitmap: fix GPF in bitmap_get_stats()
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
Sean Christopherson <seanjc(a)google.com>
KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Dan Carpenter <dan.carpenter(a)linaro.org>
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
Alexey Dobriyan <adobriyan(a)gmail.com>
x86/boot: Compile boot code with -std=gnu11 too
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Liam R. Howlett <Liam.Howlett(a)oracle.com>
maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix not disabling advertising instance
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Rong Zhang <i(a)rong.moe>
platform/x86: ideapad-laptop: use usleep_range() for EC polling
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
-------------
Diffstat:
Makefile | 4 +-
arch/um/drivers/vector_kern.c | 42 +--
arch/x86/Kconfig | 2 +-
arch/x86/Makefile | 2 +-
arch/x86/include/asm/cpufeatures.h | 2 +-
arch/x86/kernel/cpu/mce/amd.c | 15 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kvm/svm/sev.c | 4 +
arch/x86/kvm/xen.c | 15 +-
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/nbd.c | 6 +-
drivers/char/ipmi/ipmi_msghandler.c | 3 +-
drivers/gpu/drm/drm_gem.c | 10 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/tegra/nvdec.c | 6 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-quirks.c | 3 +
drivers/input/joystick/xpad.c | 2 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/md/md-bitmap.c | 3 +-
drivers/md/raid1.c | 1 +
drivers/md/raid10.c | 10 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/ibm/ibmvnic.h | 8 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 2 +-
drivers/net/phy/smsc.c | 28 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/platform/x86/ideapad-laptop.c | 19 +-
drivers/powercap/intel_rapl_common.c | 22 +-
drivers/pwm/pwm-mediatek.c | 13 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/cdns3/cdnsp-debug.h | 358 +++++++++++++-------------
drivers/usb/cdns3/cdnsp-ep0.c | 18 +-
drivers/usb/cdns3/cdnsp-gadget.c | 6 +-
drivers/usb/cdns3/cdnsp-gadget.h | 11 +-
drivers/usb/cdns3/cdnsp-ring.c | 27 +-
drivers/usb/dwc3/core.c | 9 +-
drivers/usb/dwc3/gadget.c | 22 +-
drivers/usb/gadget/function/u_serial.c | 6 +-
drivers/usb/host/xhci-mem.c | 4 +
drivers/usb/host/xhci-pci.c | 30 ++-
drivers/usb/host/xhci.h | 1 +
drivers/vhost/scsi.c | 7 +-
fs/anon_inodes.c | 23 +-
fs/btrfs/free-space-tree.c | 16 +-
fs/btrfs/inode.c | 28 +-
fs/erofs/data.c | 2 +
fs/erofs/zdata.c | 124 ++++-----
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
fs/smb/server/smb2pdu.c | 29 +--
fs/smb/server/transport_rdma.c | 5 +-
fs/smb/server/vfs.c | 1 +
include/drm/drm_file.h | 3 +
include/drm/spsc_queue.h | 4 +-
include/linux/fs.h | 2 +
include/net/netfilter/nf_flow_table.h | 2 +-
include/trace/events/erofs.h | 16 +-
kernel/events/core.c | 2 +-
lib/maple_tree.c | 7 +-
mm/kasan/report.c | 13 +-
mm/secretmem.c | 11 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 +++--
net/bluetooth/hci_sync.c | 2 +-
net/ipv6/addrconf.c | 9 +-
net/netlink/af_netlink.c | 90 ++++---
net/rxrpc/call_accept.c | 3 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 +++-
net/wireless/util.c | 52 +++-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/yc/acp6x-mach.c | 7 +
sound/soc/fsl/fsl_asrc.c | 3 +-
tools/include/linux/kallsyms.h | 4 +
86 files changed, 876 insertions(+), 582 deletions(-)
9 hours, 20 minutes
- 5
- 92
[PATCH 6.6 000/109] 6.6.99-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.6.99 release.
There are 109 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.99-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.6.99-rc1
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potential use-after-free in oplock/lease break ack
Yeoreum Yun <yeoreum.yun(a)arm.com>
kasan: remove kasan_find_vm_area() to prevent possible deadlock
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix potential race in cifs_put_tcon()
Willem de Bruijn <willemb(a)google.com>
selftests/bpf: adapt one more case in test_lru_map to the new target_free
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Willem de Bruijn <willemb(a)google.com>
bpf: Adjust free target to avoid global starvation of LRU map
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix assertion when building free space tree
Long Li <longli(a)microsoft.com>
net: mana: Record doorbell physical address in PF mode
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Yasmin Fitzgerald <sunoflife1.git(a)gmail.com>
ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
Yuzuru10 <yuzuru_10(a)proton.me>
ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
Fengnan Chang <changfengnan(a)bytedance.com>
io_uring: make fallocate be hashed work
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Ronnie Sahlberg <rsahlberg(a)whamcloud.com>
ublk: sanity check add_dev input for underflow
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Mingming Cao <mmc(a)linux.ibm.com>
ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Mikko Perttunen <mperttunen(a)nvidia.com>
drm/tegra: nvdec: Fix dma_alloc_coherent error check
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Shyam Prasad N <sprasad(a)microsoft.com>
cifs: all initializations for tcon should happen in tcon_info_alloc
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix DFS interlink failover
Paulo Alcantara <pc(a)manguebit.com>
smb: client: avoid unnecessary reconnects when refreshing referrals
Kuen-Han Tsai <khtsai(a)google.com>
usb: dwc3: Abort suspend on soft disconnect failure
Pawel Laszczak <pawell(a)cadence.com>
usb: cdnsp: Fix issue with CV Bad Descriptor test
Lee Jones <lee(a)kernel.org>
usb: cdnsp: Replace snprintf() with the safer scnprintf() variant
Pawel Laszczak <pawell(a)cadence.com>
usb:cdnsp: remove TRB_FLUSH_ENDPOINT command
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix inode lookup error handling during log replay
Filipe Manana <fdmanana(a)suse.com>
btrfs: return a btrfs_inode from btrfs_iget_logging()
Filipe Manana <fdmanana(a)suse.com>
btrfs: remove redundant root argument from fixup_inode_link_count()
Filipe Manana <fdmanana(a)suse.com>
btrfs: remove redundant root argument from btrfs_update_inode_fallback()
Filipe Manana <fdmanana(a)suse.com>
btrfs: remove noinline from btrfs_update_inode()
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_read_folio()
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Mikhail Paulyshka <me(a)mixaill.net>
x86/rdrand: Disable RDSEED on AMD Cyan Skillfish
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Alexander Gordeev <agordeev(a)linux.ibm.com>
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts.py after maple tree conversion
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: de-reference per-CPU MCE interrupts
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts display after MCP on x86
Baolin Wang <baolin.wang(a)linux.alibaba.com>
mm: fix the inaccurate memory statistics issue for users
Wei Yang <richard.weiyang(a)gmail.com>
maple_tree: fix mt_destroy_walk() on root leaf node
Achill Gilgenast <fossdd(a)pwned.life>
kallsyms: fix build without execinfo
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/framebuffer: Acquire internal references on GEM handles
Kuen-Han Tsai <khtsai(a)google.com>
Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix error handling in ttm_buffer_object_transfer
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/gem: Acquire references on GEM handles for framebuffers
Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be>
wifi: prevent A-MSDU attacks in mesh networks
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Håkon Bugge <haakon.bugge(a)oracle.com>
md/md-bitmap: fix GPF in bitmap_get_stats()
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
Sean Christopherson <seanjc(a)google.com>
KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Add default names for MCA banks and blocks
Dan Carpenter <dan.carpenter(a)linaro.org>
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Christian Eggers <ceggers(a)arri.de>
Bluetooth: HCI: Set extended advertising data synchronously
Leo Yan <leo.yan(a)arm.com>
perf: build: Setup PKG_CONFIG_LIBDIR for cross compilation
Liam R. Howlett <Liam.Howlett(a)oracle.com>
maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
David Howells <dhowells(a)redhat.com>
rxrpc: Fix bug due to prealloc collision
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Force predictable MDI-X state on LAN87xx
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
EricChan <chenchuangyu(a)xiaomi.com>
net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Jiayuan Chen <jiayuan.chen(a)linux.dev>
tcp: Correct signedness in skb remaining space calculation
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: fix `vsock_proto` declaration
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Mario Limonciello <mario.limonciello(a)amd.com>
pinctrl: amd: Clear GPIO debounce for suspend
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix not disabling advertising instance
Richard Fitzgerald <rf(a)opensource.cirrus.com>
ASoC: cs35l56: probe() should fail if the device ID is not recognized
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Luo Gengkun <luogengkun(a)huaweicloud.com>
perf/core: Fix the WARN_ON_ONCE is out of lock protected region
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Linus Torvalds <torvalds(a)linux-foundation.org>
eventpoll: don't decrement ep refcount while still holding the ep mutex
-------------
Diffstat:
Documentation/bpf/map_hash.rst | 8 +-
Documentation/bpf/map_lru_hash_update.dot | 6 +-
Makefile | 4 +-
arch/um/drivers/vector_kern.c | 42 +--
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/kernel/cpu/amd.c | 7 +
arch/x86/kernel/cpu/mce/amd.c | 28 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kvm/svm/sev.c | 4 +
arch/x86/kvm/xen.c | 15 +-
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/nbd.c | 6 +-
drivers/block/ublk_drv.c | 3 +-
drivers/char/ipmi/ipmi_msghandler.c | 3 +-
drivers/gpu/drm/drm_framebuffer.c | 31 +-
drivers/gpu/drm/drm_gem.c | 74 ++++-
drivers/gpu/drm/drm_internal.h | 2 +
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/tegra/nvdec.c | 6 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-quirks.c | 3 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/md/md-bitmap.c | 3 +-
drivers/md/raid1.c | 1 +
drivers/md/raid10.c | 10 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/ibm/ibmvnic.h | 8 +-
drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 +
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 2 +-
drivers/net/phy/smsc.c | 57 +++-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pinctrl/pinctrl-amd.c | 11 +
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/pwm/pwm-mediatek.c | 13 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++-----------
drivers/usb/cdns3/cdnsp-ep0.c | 18 +-
drivers/usb/cdns3/cdnsp-gadget.c | 6 +-
drivers/usb/cdns3/cdnsp-gadget.h | 11 +-
drivers/usb/cdns3/cdnsp-ring.c | 27 +-
drivers/usb/dwc3/core.c | 9 +-
drivers/usb/dwc3/gadget.c | 22 +-
drivers/usb/gadget/function/u_serial.c | 12 +-
fs/btrfs/btrfs_inode.h | 2 +-
fs/btrfs/free-space-tree.c | 16 +-
fs/btrfs/inode.c | 18 +-
fs/btrfs/transaction.c | 2 +-
fs/btrfs/tree-log.c | 331 +++++++++++--------
fs/erofs/data.c | 2 +
fs/eventpoll.c | 12 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
fs/proc/task_mmu.c | 14 +-
fs/smb/client/cifsglob.h | 3 +
fs/smb/client/cifsproto.h | 13 +-
fs/smb/client/connect.c | 47 ++-
fs/smb/client/dfs.c | 73 ++---
fs/smb/client/dfs.h | 42 ++-
fs/smb/client/dfs_cache.c | 198 +++++++-----
fs/smb/client/fs_context.h | 1 +
fs/smb/client/misc.c | 9 +
fs/smb/client/namespace.c | 2 +-
fs/smb/server/smb2pdu.c | 29 +-
fs/smb/server/transport_rdma.c | 5 +-
fs/smb/server/vfs.c | 1 +
include/drm/drm_file.h | 3 +
include/drm/drm_framebuffer.h | 7 +
include/drm/spsc_queue.h | 4 +-
include/linux/mm.h | 5 +
include/net/af_vsock.h | 2 +-
include/net/netfilter/nf_flow_table.h | 2 +-
io_uring/opdef.c | 1 +
kernel/bpf/bpf_lru_list.c | 9 +-
kernel/bpf/bpf_lru_list.h | 1 +
kernel/events/core.c | 6 +-
lib/maple_tree.c | 14 +-
mm/kasan/report.c | 13 +-
mm/vmalloc.c | 22 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 +++-
net/bluetooth/hci_event.c | 39 +--
net/bluetooth/hci_sync.c | 215 ++++++++-----
net/ipv4/tcp.c | 2 +-
net/ipv6/addrconf.c | 9 +-
net/netlink/af_netlink.c | 90 +++---
net/rxrpc/call_accept.c | 4 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 +++-
net/wireless/util.c | 52 ++-
scripts/gdb/linux/constants.py.in | 7 +
scripts/gdb/linux/interrupts.py | 16 +-
scripts/gdb/linux/mapletree.py | 252 +++++++++++++++
scripts/gdb/linux/xarray.py | 28 ++
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/yc/acp6x-mach.c | 7 +
sound/soc/codecs/cs35l56-shared.c | 2 +-
sound/soc/fsl/fsl_asrc.c | 3 +-
tools/arch/x86/include/asm/msr-index.h | 1 +
tools/build/feature/Makefile | 25 +-
tools/include/linux/kallsyms.h | 4 +
tools/perf/Makefile.perf | 27 +-
tools/testing/selftests/bpf/test_lru_map.c | 105 +++---
114 files changed, 1887 insertions(+), 1029 deletions(-)
9 hours, 23 minutes
- 3
- 111
[PATCH 6.12 000/163] 6.12.39-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.39 release.
There are 163 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.39-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.39-rc1
Mark Brown <broonie(a)kernel.org>
arm64: Filter out SME hwcaps when FEAT_SME isn't implemented
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potential use-after-free in oplock/lease break ack
Yeoreum Yun <yeoreum.yun(a)arm.com>
kasan: remove kasan_find_vm_area() to prevent possible deadlock
Jiawen Wu <jiawenwu(a)trustnetic.com>
net: wangxun: revert the adjustment of the IRQ vector sequence
Gao Xiang <xiang(a)kernel.org>
erofs: fix rare pcluster memory leak after unmounting
Willem de Bruijn <willemb(a)google.com>
selftests/bpf: adapt one more case in test_lru_map to the new target_free
Daniel J. Ogorchock <djogorchock(a)gmail.com>
HID: nintendo: avoid bluetooth suspend/resume stalls
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Fangrui Song <i(a)maskray.me>
riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment
Willem de Bruijn <willemb(a)google.com>
bpf: Adjust free target to avoid global starvation of LRU map
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix assertion when building free space tree
Long Li <longli(a)microsoft.com>
net: mana: Record doorbell physical address in PF mode
Akira Inoue <niyarium(a)gmail.com>
HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
Shuai Zhang <quic_shuaz(a)quicinc.com>
driver: bluetooth: hci_qca:fix unable to load the BT driver
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Tim Crawford <tcrawford(a)system76.com>
ALSA: hda/realtek: Add quirks for some Clevo laptops
Yasmin Fitzgerald <sunoflife1.git(a)gmail.com>
ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
Yuzuru10 <yuzuru_10(a)proton.me>
ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
Fengnan Chang <changfengnan(a)bytedance.com>
io_uring: make fallocate be hashed work
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606
Tamura Dai <kirinode0(a)gmail.com>
ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Ronnie Sahlberg <rsahlberg(a)whamcloud.com>
ublk: sanity check add_dev input for underflow
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Jianbo Liu <jianbol(a)nvidia.com>
net/mlx5e: Add new prio for promiscuous mode
Carolina Jubran <cjubran(a)nvidia.com>
net/mlx5e: Fix race between DIM disable and net_dim()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Shuicheng Lin <shuicheng.lin(a)intel.com>
drm/xe/pm: Correct comment of xe_pm_set_vram_threshold()
Hangbin Liu <liuhangbin(a)gmail.com>
selftests: net: lib: fix shift count out of range
Petr Machata <petrm(a)nvidia.com>
selftests: net: lib: Move logging from forwarding/lib.sh here
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits
Mingming Cao <mmc(a)linux.ibm.com>
ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Eric Dumazet <edumazet(a)google.com>
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_readahead()
Gao Xiang <xiang(a)kernel.org>
erofs: refine readahead tracepoint
Gao Xiang <xiang(a)kernel.org>
erofs: tidy up zdata.c
Gao Xiang <xiang(a)kernel.org>
erofs: get rid of `z_erofs_next_pcluster_t`
Chunhai Guo <guochunhai(a)vivo.com>
erofs: free pclusters if no cached folio is attached
Michal Wajdeczko <michal.wajdeczko(a)intel.com>
drm/xe/pf: Clear all LMTT pages on alloc
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: fix uaf in nbd_genl_connect() error path
Henry Martin <bsdhenrymartin(a)gmail.com>
wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()
Ben Skeggs <bskeggs(a)nvidia.com>
drm/nouveau/gsp: fix potential leak of memory used during acpi init
Felix Fietkau <nbd(a)nbd.name>
wifi: rt2x00: fix remove callback type mismatch
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: fix non-transmitted BSSID profile search
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: mac80211: correctly identify S1G short beacon
Nigel Croxon <ncroxon(a)redhat.com>
raid10: cleanup memleak at raid10_make_request
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Mikko Perttunen <mperttunen(a)nvidia.com>
drm/tegra: nvdec: Fix dma_alloc_coherent error check
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: cfg80211: fix S1G beacon head validation in nl80211
David Howells <dhowells(a)redhat.com>
netfs: Fix ref leak on inserted extra subreq in write retry
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count
Gao Xiang <xiang(a)kernel.org>
erofs: address D-cache aliasing
Chao Yu <chao(a)kernel.org>
erofs: fix to add missing tracepoint in erofs_read_folio()
Al Viro <viro(a)zeniv.linux.org.uk>
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
Stefan Metzmacher <metze(a)samba.org>
smb: server: make use of rdma_destroy_qp()
Sascha Hauer <s.hauer(a)pengutronix.de>
clk: scmi: Handle case where child clocks are initialized before their parents
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Mikhail Paulyshka <me(a)mixaill.net>
x86/rdrand: Disable RDSEED on AMD Cyan Skillfish
Xiaolei Wang <xiaolei.wang(a)windriver.com>
clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data
Miguel Ojeda <ojeda(a)kernel.org>
rust: init: allow `dead_code` warnings for Rust >= 1.89.0
Harry Yoo <harry.yoo(a)oracle.com>
lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users()
Alexander Gordeev <agordeev(a)linux.ibm.com>
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts.py after maple tree conversion
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: de-reference per-CPU MCE interrupts
Florian Fainelli <florian.fainelli(a)broadcom.com>
scripts/gdb: fix interrupts display after MCP on x86
Baolin Wang <baolin.wang(a)linux.alibaba.com>
mm: fix the inaccurate memory statistics issue for users
Wei Yang <richard.weiyang(a)gmail.com>
maple_tree: fix mt_destroy_walk() on root leaf node
Achill Gilgenast <fossdd(a)pwned.life>
kallsyms: fix build without execinfo
Zhe Qiao <qiaozhe(a)iscas.ac.cn>
Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()"
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Matthew Brost <matthew.brost(a)intel.com>
drm/xe: Allocate PF queue size on pow2 boundary
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/framebuffer: Acquire internal references on GEM handles
Kuen-Han Tsai <khtsai(a)google.com>
Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Matthew Brost <matthew.brost(a)intel.com>
Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2"
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/bmg: fix compressed VRAM handling
Simona Vetter <simona.vetter(a)ffwll.ch>
drm/gem: Fix race in drm_gem_handle_create_tail()
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix error handling in ttm_buffer_object_transfer
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/gem: Acquire references on GEM handles for framebuffers
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: Don't call mmput from MMU notifier callback
Alessio Belle <alessio.belle(a)imgtec.com>
drm/imagination: Fix kernel crash when hard resetting the GPU
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the wrong config for tx interrupt
Deren Wu <deren.wu(a)mediatek.com>
wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()
Deren Wu <deren.wu(a)mediatek.com>
wifi: mt76: mt7921: prevent decap offload config before STA initialization
Vitor Soares <vitor.soares(a)toradex.com>
wifi: mwifiex: discard erroneous disassoc frames on STA interface
Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be>
wifi: prevent A-MSDU attacks in mesh networks
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Fix invalid state detection
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
Håkon Bugge <haakon.bugge(a)oracle.com>
md/md-bitmap: fix GPF in bitmap_get_stats()
Haoxiang Li <haoxiang_li2024(a)163.com>
net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 multicast route creation.
Arun Raghavan <arun(a)asymptotic.io>
ASoC: fsl_sai: Force a software reset when starting in consumer mode
Thorsten Blum <thorsten.blum(a)linux.dev>
ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()
Liam Merwick <liam.merwick(a)oracle.com>
KVM: Allow CPU to reschedule while setting per-page memory attributes
Sean Christopherson <seanjc(a)google.com>
KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight
Nikunj A Dadhania <nikunj(a)amd.com>
KVM: SVM: Add missing member in SNP_LAUNCH_START command structure
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table.
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Ensure user polling settings are honored when restarting timer
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Add default names for MCA banks and blocks
Dan Carpenter <dan.carpenter(a)linaro.org>
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
David Howells <dhowells(a)redhat.com>
rxrpc: Fix bug due to prealloc collision
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Chintan Vankar <c-vankar(a)ti.com>
net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Force predictable MDI-X state on LAN87xx
Oleksij Rempel <o.rempel(a)pengutronix.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
EricChan <chenchuangyu(a)xiaomi.com>
net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Jiayuan Chen <jiayuan.chen(a)linux.dev>
tcp: Correct signedness in skb remaining space calculation
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: fix `vsock_proto` declaration
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Luo Jie <quic_luoj(a)quicinc.com>
net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol()
Luo Jie <quic_luoj(a)quicinc.com>
net: phy: qcom: move the WoL function to shared library
Kevin Brodsky <kevin.brodsky(a)arm.com>
arm64: poe: Handle spurious Overlay faults
Jason Xing <kernelxing(a)tencent.com>
bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL
kuyo chang <kuyo.chang(a)mediatek.com>
sched/deadline: Fix dl_server runtime calculation formula
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Mario Limonciello <mario.limonciello(a)amd.com>
pinctrl: amd: Clear GPIO debounce for suspend
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix not disabling advertising instance
Richard Fitzgerald <rf(a)opensource.cirrus.com>
ASoC: cs35l56: probe() should fail if the device ID is not recognized
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Peter Zijlstra <peterz(a)infradead.org>
sched/core: Fix migrate_swap() vs. hotplug
Nam Cao <namcao(a)linutronix.de>
irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ
Luo Gengkun <luogengkun(a)huaweicloud.com>
perf/core: Fix the WARN_ON_ONCE is out of lock protected region
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: add sof_sdw_get_tplg_files ops
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: soc-acpi: add get_function_tplg_files ops
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
Eric Biggers <ebiggers(a)kernel.org>
crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2
Flora Cui <flora.cui(a)amd.com>
drm/amdgpu/ip_discovery: add missing ip_discovery fw
Flora Cui <flora.cui(a)amd.com>
drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Linus Torvalds <torvalds(a)linux-foundation.org>
eventpoll: don't decrement ep refcount while still holding the ep mutex
-------------
Diffstat:
Documentation/bpf/map_hash.rst | 8 +-
Documentation/bpf/map_lru_hash_update.dot | 6 +-
Makefile | 4 +-
arch/arm64/kernel/cpufeature.c | 45 ++--
arch/arm64/kernel/process.c | 5 +
arch/arm64/mm/fault.c | 30 ++-
arch/riscv/kernel/vdso/vdso.lds.S | 2 +-
arch/s390/crypto/sha1_s390.c | 2 +
arch/s390/crypto/sha256_s390.c | 3 +
arch/s390/crypto/sha512_s390.c | 3 +
arch/um/drivers/vector_kern.c | 42 ++--
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/kernel/cpu/amd.c | 7 +
arch/x86/kernel/cpu/mce/amd.c | 28 ++-
arch/x86/kernel/cpu/mce/core.c | 24 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kvm/svm/sev.c | 4 +
arch/x86/kvm/xen.c | 15 +-
drivers/acpi/battery.c | 19 +-
drivers/atm/idt77252.c | 5 +
drivers/block/nbd.c | 6 +-
drivers/block/ublk_drv.c | 3 +-
drivers/bluetooth/hci_qca.c | 13 +-
drivers/char/ipmi/ipmi_msghandler.c | 3 +-
drivers/clk/clk-scmi.c | 20 +-
drivers/clk/imx/clk-imx95-blk-ctl.c | 12 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 30 ++-
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 +-
drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 ++--
drivers/gpu/drm/drm_framebuffer.c | 31 ++-
drivers/gpu/drm/drm_gem.c | 74 +++++-
drivers/gpu/drm/drm_internal.h | 2 +
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/imagination/pvr_power.c | 4 +-
drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 +-
drivers/gpu/drm/tegra/nvdec.c | 6 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 +
drivers/gpu/drm/xe/xe_lmtt.c | 11 +
drivers/gpu/drm/xe/xe_migrate.c | 2 +-
drivers/gpu/drm/xe/xe_pci.c | 1 -
drivers/gpu/drm/xe/xe_pm.c | 8 +-
drivers/hid/hid-ids.h | 6 +
drivers/hid/hid-lenovo.c | 8 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-nintendo.c | 38 +++-
drivers/hid/hid-quirks.c | 3 +
drivers/irqchip/Kconfig | 1 +
drivers/md/md-bitmap.c | 3 +-
drivers/md/raid1.c | 1 +
drivers/md/raid10.c | 10 +-
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/ibm/ibmvnic.h | 8 +-
drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 +-
drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 +-
drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 +
drivers/net/ethernet/renesas/rtsn.c | 5 +
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +-
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +-
drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 +-
drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +-
drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +-
drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +-
drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 +-
drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 3 +-
drivers/net/phy/qcom/at803x.c | 27 ---
drivers/net/phy/qcom/qca808x.c | 2 +-
drivers/net/phy/qcom/qcom-phy-lib.c | 25 ++
drivers/net/phy/qcom/qcom.h | 5 +
drivers/net/phy/smsc.c | 57 ++++-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/marvell/mwifiex/util.c | 4 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 +
drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 +
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 +
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +-
drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 +-
drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 +-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pci/pci-acpi.c | 23 +-
drivers/pinctrl/pinctrl-amd.c | 11 +
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/pwm/core.c | 2 +-
drivers/pwm/pwm-mediatek.c | 13 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/gadget/function/u_serial.c | 12 +-
fs/btrfs/free-space-tree.c | 16 +-
fs/erofs/data.c | 21 +-
fs/erofs/decompressor.c | 12 +-
fs/erofs/fileio.c | 6 +-
fs/erofs/internal.h | 2 +-
fs/erofs/zdata.c | 251 +++++++++-----------
fs/erofs/zutil.c | 7 +-
fs/eventpoll.c | 12 +-
fs/netfs/write_collect.c | 2 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
fs/proc/task_mmu.c | 14 +-
fs/smb/server/smb2pdu.c | 29 +--
fs/smb/server/transport_rdma.c | 5 +-
fs/smb/server/vfs.c | 1 +
include/drm/drm_file.h | 3 +
include/drm/drm_framebuffer.h | 7 +
include/drm/spsc_queue.h | 4 +-
include/linux/ieee80211.h | 45 +++-
include/linux/mm.h | 5 +
include/linux/psp-sev.h | 2 +
include/net/af_vsock.h | 2 +-
include/net/netfilter/nf_flow_table.h | 2 +-
include/sound/soc-acpi.h | 13 ++
include/trace/events/erofs.h | 2 +-
io_uring/opdef.c | 1 +
kernel/bpf/bpf_lru_list.c | 9 +-
kernel/bpf/bpf_lru_list.h | 1 +
kernel/events/core.c | 6 +-
kernel/sched/core.c | 5 +
kernel/sched/deadline.c | 10 +-
kernel/stop_machine.c | 20 +-
lib/alloc_tag.c | 3 +
lib/maple_tree.c | 1 +
mm/kasan/report.c | 13 +-
mm/vmalloc.c | 22 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 64 ++++--
net/bluetooth/hci_event.c | 3 +
net/bluetooth/hci_sync.c | 2 +-
net/ipv4/tcp.c | 2 +-
net/ipv6/addrconf.c | 9 +-
net/mac80211/mlme.c | 7 +-
net/mac80211/parse.c | 6 +-
net/netlink/af_netlink.c | 90 +++++---
net/rxrpc/call_accept.c | 4 +
net/sched/sch_api.c | 23 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 57 ++++-
net/wireless/nl80211.c | 7 +-
net/wireless/util.c | 52 ++++-
rust/kernel/init/macros.rs | 2 +
scripts/gdb/linux/constants.py.in | 7 +
scripts/gdb/linux/interrupts.py | 16 +-
scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++++
scripts/gdb/linux/xarray.py | 28 +++
sound/isa/ad1816a/ad1816a.c | 2 +-
sound/pci/hda/patch_realtek.c | 7 +
sound/soc/amd/yc/acp6x-mach.c | 7 +
sound/soc/codecs/cs35l56-shared.c | 2 +-
sound/soc/fsl/fsl_asrc.c | 3 +-
sound/soc/fsl/fsl_sai.c | 14 +-
sound/soc/intel/boards/Kconfig | 1 +
sound/soc/intel/common/Makefile | 2 +-
sound/soc/intel/common/soc-acpi-intel-arl-match.c | 66 +++++-
sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++++++++
sound/soc/intel/common/sof-function-topology-lib.h | 15 ++
sound/soc/sof/intel/hda.c | 6 +-
tools/arch/x86/include/asm/msr-index.h | 1 +
tools/include/linux/kallsyms.h | 4 +
tools/testing/selftests/bpf/test_lru_map.c | 105 ++++-----
tools/testing/selftests/net/forwarding/lib.sh | 113 ---------
tools/testing/selftests/net/lib.sh | 115 ++++++++++
virt/kvm/kvm_main.c | 3 +
172 files changed, 1953 insertions(+), 867 deletions(-)
9 hours, 24 minutes
- 6
- 169
[TEST REGRESSION] stable-rc/linux-6.12.y: kselftest.seccomp.seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 on bcm2837-rpi-3-b-plus
by KernelCI bot
Hello,
New test failure found on stable-rc/linux-6.12.y:
kselftest.seccomp.seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 running on bcm2837-rpi-3-b-plus
giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
branch: linux-6.12.y
commit HEAD: d50d16f002928cde05a54e0049ddc203323ae7ac
test id: maestro:687779f42ce2c1874ed2365d
status: FAIL
timestamp: 2025-07-16 10:14:31.303039+00:00
log: https://files.kernelci.org/kselftest-seccomp-6876c79234612746bbcf9a7e/log.t…
# Test details:
- test path: kselftest.seccomp.seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4
- platform: bcm2837-rpi-3-b-plus
- compatibles: raspberrypi,3-model-b-plus | rbrcm | bcm2837;
- config: defconfig+arm64-chromebook+kselftest
- architecture: arm64
- compiler: gcc-12
Dashboard: https://d.kernelci.org/t/maestro:687779f42ce2c1874ed2365d
Log excerpt:
=====================================================
t_is_kill_inside pass
seccomp_seccomp_bpf_global_unknown_ret_is_kill_above_allow pass
seccomp_seccomp_bpf_global_KILL_all pass
seccomp_seccomp_bpf_global_KILL_one pass
seccomp_seccomp_bpf_global_KILL_one_arg_one pass
seccomp_seccomp_bpf_global_KILL_one_arg_six pass
seccomp_seccomp_bpf_global_KILL_thread pass
seccomp_seccomp_bpf_global_KILL_process pass
seccomp_seccomp_bpf_global_KILL_unknown pass
seccomp_seccomp_bpf_global_arg_out_of_range pass
seccomp_seccomp_bpf_global_ERRNO_valid pass
seccomp_seccomp_bpf_global_ERRNO_zero pass
seccomp_seccomp_bpf_global_ERRNO_capped pass
seccomp_seccomp_bpf_global_ERRNO_order pass
seccomp_seccomp_bpf_global_negative_ENOSYS pass
seccomp_seccomp_bpf_global_seccomp_syscall pass
seccomp_seccomp_bpf_global_seccomp_syscall_mode_lock pass
seccomp_seccomp_bpf_global_detect_seccomp_filter_flags pass
seccomp_seccomp_bpf_global_TSYNC_first pass
seccomp_seccomp_bpf_global_syscall_restart pass
seccomp_seccomp_bpf_global_filter_flag_log pass
seccomp_seccomp_bpf_global_get_action_avail pass
seccomp_seccomp_bpf_global_get_metadata_Kernel_does_not_support_PTRACE_SECCOMP_GET_METADATA_missing_CONFIG_CHECKPOINT_RESTORE skip
seccomp_seccomp_bpf_global_user_notification_basic pass
seccomp_seccomp_bpf_global_user_notification_with_tsync pass
seccomp_seccomp_bpf_global_user_notification_kill_in_middle pass
seccomp_seccomp_bpf_global_user_notification_signal pass
seccomp_seccomp_bpf_global_user_notification_closed_listener pass
seccomp_seccomp_bpf_global_user_notification_child_pid_ns pass
seccomp_seccomp_bpf_global_user_notification_sibling_pid_ns pass
seccomp_seccomp_bpf_global_user_notification_fault_recv pass
seccomp_seccomp_bpf_global_seccomp_get_notif_sizes pass
seccomp_seccomp_bpf_global_user_notification_continue pass
seccomp_seccomp_bpf_global_user_notification_filter_empty pass
seccomp_seccomp_bpf_global_user_ioctl_notification_filter_empty pass
seccomp_seccomp_bpf_global_user_notification_filter_empty_threaded pass
seccomp_seccomp_bpf_global_user_notification_addfd pass
seccomp_seccomp_bpf_global_user_notification_addfd_rlimit pass
seccomp_seccomp_bpf_global_user_notification_sync pass
seccomp_seccomp_bpf_global_user_notification_fifo pass
seccomp_seccomp_bpf_global_user_notification_wait_killable_pre_notification pass
seccomp_seccomp_bpf_global_user_notification_wait_killable pass
seccomp_seccomp_bpf_global_user_notification_wait_killable_fatal pass
seccomp_seccomp_bpf_global_tsync_vs_dead_thread_leader pass
seccomp_seccomp_bpf_TRAP_dfl pass
seccomp_seccomp_bpf_TRAP_ign pass
seccomp_seccomp_bpf_TRAP_handler pass
seccomp_seccomp_bpf_precedence_allow_ok pass
seccomp_seccomp_bpf_precedence_kill_is_highest pass
seccomp_seccomp_bpf_precedence_kill_is_highest_in_any_order pass
seccomp_seccomp_bpf_precedence_trap_is_second pass
seccomp_seccomp_bpf_precedence_trap_is_second_in_any_order pass
seccomp_seccomp_bpf_precedence_errno_is_third pass
seccomp_seccomp_bpf_precedence_errno_is_third_in_any_order pass
seccomp_seccomp_bpf_precedence_trace_is_fourth pass
seccomp_seccomp_bpf_precedence_trace_is_fourth_in_any_order pass
seccomp_seccomp_bpf_precedence_log_is_fifth pass
seccomp_seccomp_bpf_precedence_log_is_fifth_in_any_order pass
seccomp_seccomp_bpf_TRACE_poke_read_has_side_effects pass
seccomp_seccomp_bpf_TRACE_poke_getpid_runs_normally pass
seccomp_seccomp_bpf_TRACE_syscall_ptrace_negative_ENOSYS pass
seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_allowed pass
seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_redirected pass
seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_errno pass
seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_faked pass
seccomp_seccomp_bpf_TRACE_syscall_ptrace_kill_immediate pass
seccomp_seccomp_bpf_TRACE_syscall_ptrace_skip_after pass
seccomp_seccomp_bpf_TRACE_syscall_ptrace_kill_after pass
seccomp_seccomp_bpf_TRACE_syscall_seccomp_negative_ENOSYS pass
seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_allowed pass
seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_redirected pass
seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_errno pass
seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_faked pass
seccomp_seccomp_bpf_TRACE_syscall_seccomp_kill_immediate pass
seccomp_seccomp_bpf_TRACE_syscall_seccomp_skip_after pass
seccomp_seccomp_bpf_TRACE_syscall_seccomp_kill_after pass
seccomp_seccomp_bpf_TSYNC_siblings_fail_prctl pass
seccomp_seccomp_bpf_TSYNC_two_siblings_with_ancestor pass
seccomp_seccomp_bpf_TSYNC_two_sibling_want_nnp pass
seccomp_seccomp_bpf_TSYNC_two_siblings_with_no_filter pass
seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence pass
seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence_no_tid_in_err pass
seccomp_seccomp_bpf_TSYNC_two_siblings_not_under_filter pass
seccomp_seccomp_bpf_O_SUSPEND_SECCOMP_setoptions_Kernel_does_not_support_PTRACE_O_SUSPEND_SECCOMP_missing_CONFIG_CHECKPOINT_RESTORE skip
seccomp_seccomp_bpf_O_SUSPEND_SECCOMP_seize_Kernel_does_not_support_PTRACE_O_SUSPEND_SECCOMP_missing_CONFIG_CHECKPOINT_RESTORE skip
seccomp_seccomp_bpf pass
seccomp_seccomp_benchmark_native_1_bitmap pass
seccomp_seccomp_benchmark_native_1_filter pass
seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 fail
seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped pass
seccomp_seccomp_benchmark_entry_1_bitmapped pass
seccomp_seccomp_benchmark_entry_2_bitmapped pass
seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total pass
seccomp_seccomp_benchmark fail
+ ../../utils/send-to-lava.sh ./output/result.txt
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=shardfile-seccomp RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_kcmp RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_strict_support RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_strict_cannot_call_prctl RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_no_new_privs_support RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_filter_support RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_filter_without_nnp RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_filter_size_limits RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_filter_chain_limits RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_filter_cannot_move_to_strict RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_filter_get_seccomp RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ALLOW_all RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_empty_prog RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_log_all RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_unknown_ret_is_kill_inside RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_unknown_ret_is_kill_above_allow RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_all RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_one RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_one_arg_one RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_one_arg_six RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_thread RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_process RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_unknown RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_arg_out_of_range RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ERRNO_valid RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ERRNO_zero RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ERRNO_capped RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ERRNO_order RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_negative_ENOSYS RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_seccomp_syscall RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_seccomp_syscall_mode_lock RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_detect_seccomp_filter_flags RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_TSYNC_first RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_syscall_restart RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_filter_flag_log RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_get_action_avail RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_get_metadata_Kernel_does_not_support_PTRACE_SECCOMP_GET_METADATA_missing_CONFIG_CHECKPOINT_RESTORE RESULT=skip>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_basic RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_with_tsync RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_kill_in_middle RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_signal RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_closed_listener RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_child_pid_ns RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_sibling_pid_ns RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_fault_recv RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_seccomp_get_notif_sizes RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_continue RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_filter_empty RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_ioctl_notification_filter_empty RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_filter_empty_threaded RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_addfd RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_addfd_rlimit RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_sync RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_fifo RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_wait_killable_pre_notification RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_wait_killable RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_wait_killable_fatal RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_tsync_vs_dead_thread_leader RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRAP_dfl RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRAP_ign RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRAP_handler RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_allow_ok RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_kill_is_highest RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_kill_is_highest_in_any_order RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_trap_is_second RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_trap_is_second_in_any_order RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_errno_is_third RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_errno_is_third_in_any_order RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_trace_is_fourth RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_trace_is_fourth_in_any_order RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_log_is_fifth RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_log_is_fifth_in_any_order RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_poke_read_has_side_effects RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_poke_getpid_runs_normally RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_negative_ENOSYS RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_allowed RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_redirected RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_errno RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_faked RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_kill_immediate RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_skip_after RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_kill_after RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_negative_ENOSYS RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_allowed RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_redirected RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_errno RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_faked RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_kill_immediate RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_skip_after RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_kill_after RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_siblings_fail_prctl RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_with_ancestor RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_sibling_want_nnp RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_with_no_filter RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence_no_tid_in_err RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_not_under_filter RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_O_SUSPEND_SECCOMP_setoptions_Kernel_does_not_support_PTRACE_O_SUSPEND_SECCOMP_missing_CONFIG_CHECKPOINT_RESTORE RESULT=skip>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_O_SUSPEND_SECCOMP_seize_Kernel_does_not_support_PTRACE_O_SUSPEND_SECCOMP_missing_CONFIG_CHECKPOINT_RESTORE RESULT=skip>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_native_1_bitmap RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_native_1_filter RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 RESULT=fail>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_entry_1_bitmapped RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_entry_2_bitmapped RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total RESULT=pass>
<LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark RESULT=fail>
+ set +x
<LAVA_SIGNAL_ENDRUN 1_kselftest-seccomp 1575830_1.6.2.4.5>
<LAVA_TEST_RUNNER EXIT>
/ #
=====================================================
#kernelci test maestro:687779f42ce2c1874ed2365d
Reported-by: kernelci.org bot <bot(a)kernelci.org>
--
This is an experimental report format. Please send feedback in!
Talk to us at kernelci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
9 hours, 25 minutes
- 3
- 3
[PATCH v2] nvmem: layouts: u-boot-env: remove crc32 endianness conversion
by srini@kernel.org
From: "Michael C. Pratt" <mcpratt(a)pm.me>
On 11 Oct 2022, it was reported that the crc32 verification
of the u-boot environment failed only on big-endian systems
for the u-boot-env nvmem layout driver with the following error.
Invalid calculated CRC32: 0x88cd6f09 (expected: 0x096fcd88)
This problem has been present since the driver was introduced,
and before it was made into a layout driver.
The suggested fix at the time was to use further endianness
conversion macros in order to have both the stored and calculated
crc32 values to compare always represented in the system's endianness.
This was not accepted due to sparse warnings
and some disagreement on how to handle the situation.
Later on in a newer revision of the patch, it was proposed to use
cpu_to_le32() for both values to compare instead of le32_to_cpu()
and store the values as __le32 type to remove compilation errors.
The necessity of this is based on the assumption that the use of crc32()
requires endianness conversion because the algorithm uses little-endian,
however, this does not prove to be the case and the issue is unrelated.
Upon inspecting the current kernel code,
there already is an existing use of le32_to_cpu() in this driver,
which suggests there already is special handling for big-endian systems,
however, it is big-endian systems that have the problem.
This, being the only functional difference between architectures
in the driver combined with the fact that the suggested fix
was to use the exact same endianness conversion for the values
brings up the possibility that it was not necessary to begin with,
as the same endianness conversion for two values expected to be the same
is expected to be equivalent to no conversion at all.
After inspecting the u-boot environment of devices of both endianness
and trying to remove the existing endianness conversion,
the problem is resolved in an equivalent way as the other suggested fixes.
Ultimately, it seems that u-boot is agnostic to endianness
at least for the purpose of environment variables.
In other words, u-boot reads and writes the stored crc32 value
with the same endianness that the crc32 value is calculated with
in whichever endianness a certain architecture runs on.
Therefore, the u-boot-env driver does not need to convert endianness.
Remove the usage of endianness macros in the u-boot-env driver,
and change the type of local variables to maintain the same return type.
If there is a special situation in the case of endianness,
it would be a corner case and should be handled by a unique "compatible".
Even though it is not necessary to use endianness conversion macros here,
it may be useful to use them in the future for consistent error printing.
Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables")
Reported-by: INAGAKI Hiroshi <musashino.open(a)gmail.com>
Link: https://lore.kernel.org/all/20221011024928.1807-1-musashino.open@gmail.com
Cc: stable(a)vger.kernel.org
Signed-off-by: Michael C. Pratt <mcpratt(a)pm.me>
Signed-off-by: Srinivas Kandagatla <srini(a)kernel.org>
---
Changes since v1:
- removed long list of short git ids as it was too much for
small patch.
drivers/nvmem/layouts/u-boot-env.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/nvmem/layouts/u-boot-env.c b/drivers/nvmem/layouts/u-boot-env.c
index 436426d4e8f9..8571aac56295 100644
--- a/drivers/nvmem/layouts/u-boot-env.c
+++ b/drivers/nvmem/layouts/u-boot-env.c
@@ -92,7 +92,7 @@ int u_boot_env_parse(struct device *dev, struct nvmem_device *nvmem,
size_t crc32_data_offset;
size_t crc32_data_len;
size_t crc32_offset;
- __le32 *crc32_addr;
+ uint32_t *crc32_addr;
size_t data_offset;
size_t data_len;
size_t dev_size;
@@ -143,8 +143,8 @@ int u_boot_env_parse(struct device *dev, struct nvmem_device *nvmem,
goto err_kfree;
}
- crc32_addr = (__le32 *)(buf + crc32_offset);
- crc32 = le32_to_cpu(*crc32_addr);
+ crc32_addr = (uint32_t *)(buf + crc32_offset);
+ crc32 = *crc32_addr;
crc32_data_len = dev_size - crc32_data_offset;
data_len = dev_size - data_offset;
--
2.43.0
9 hours, 34 minutes
- 1
- 0
[PATCH 5.10 000/208] 5.10.240-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.10.240 release.
There are 208 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.240-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.10.240-rc1
Borislav Petkov <bp(a)kernel.org>
x86/process: Move the buffer clearing before MONITOR
Borislav Petkov <bp(a)kernel.org>
KVM: SVM: Advertise TSA CPUID bits to guests
Borislav Petkov <bp(a)kernel.org>
KVM: x86: add support for CPUID leaf 0x80000021
Borislav Petkov <bp(a)kernel.org>
x86/bugs: Add a Transient Scheduler Attacks mitigation
Borislav Petkov <bp(a)kernel.org>
x86/bugs: Rename MDS machinery to something more generic
Jann Horn <jannh(a)google.com>
x86/mm: Disable hugetlb page table sharing on 32-bit
Dongli Zhang <dongli.zhang(a)oracle.com>
vhost-scsi: protect vq->log_used with vq->mutex
Hans de Goede <hdegoede(a)redhat.com>
Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Zhang Heng <zhangheng(a)kylinos.cn>
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
Nicolas Pitre <npitre(a)baylibre.com>
vt: add missing notification when switching back to text mode
Xiaowei Li <xiaowei.li(a)simcom.com>
net: usb: qmi_wwan: add SIMCom 8230C composition
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: vector: Reduce stack usage in vector_eth_configure()
Thomas Fourier <fourier.thomas(a)gmail.com>
atm: idt77252: Add missing `dma_map_error()`
Somnath Kotur <somnath.kotur(a)broadcom.com>
bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Shravya KN <shravya.k-n(a)broadcom.com>
bnxt_en: Fix DCB ETS validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
Sean Nyekjaer <sean(a)geanix.com>
can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
Kito Xu <veritas501(a)foxmail.com>
net: appletalk: Fix device refcount leak in atrtr_create()
Wang Jinchao <wangjinchao600(a)gmail.com>
md/raid1: Fix stack memory use after return in raid1_reshape
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
Christian König <christian.koenig(a)amd.com>
dma-buf: fix timeout handling in dma_resv_wait_timeout v2
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - support Acer NGR 200 Controller
Vicki Pfau <vi(a)endrift.com>
Input: xpad - add VID for Turtle Beach controllers
Matt Reynolds <mattreynolds(a)chromium.org>
Input: xpad - add support for Amazon Game Controller
Jakub Kicinski <kuba(a)kernel.org>
netlink: make sure we allow at least one dump skb
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix rmem check in netlink_broadcast_deliver().
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Ensure to disable clocks in error path
Alexandre Belloni <alexandre.belloni(a)bootlin.com>
rtc: lib_test: add MODULE_LICENSE
Thomas Fourier <fourier.thomas(a)gmail.com>
ethernet: atl1: Add missing DMA mapping error checks and count errors
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Revert "ACPI: battery: negate current when discharging"
Kuen-Han Tsai <khtsai(a)google.com>
usb: gadget: u_serial: Fix race condition in TTY wakeup
Matthew Brost <matthew.brost(a)intel.com>
drm/sched: Increment job count before swapping tail spsc queue
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
JP Kobryn <inwardvessel(a)gmail.com>
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce: Don't remove sysfs if thresholding sysfs init fails
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Fix threshold limit reset
Peter Zijlstra <peterz(a)infradead.org>
x86/its: FineIBT-paranoid vs ITS
Eric Biggers <ebiggers(a)google.com>
x86/its: Fix build errors when CONFIG_MODULES=n
Peter Zijlstra <peterz(a)infradead.org>
x86/its: Use dynamic thunks for indirect branches
Thomas Gleixner <tglx(a)linutronix.de>
x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Add "vmexit" option to skip mitigation on some CPUs
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Enable Indirect Target Selection mitigation
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Fix undefined reference to cpu_wants_rethunk_at()
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Add support for ITS-safe return thunk
Josh Poimboeuf <jpoimboe(a)kernel.org>
x86/alternatives: Remove faulty optimization
Borislav Petkov (AMD) <bp(a)alien8.de>
x86/alternative: Optimize returns patching
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Add support for ITS-safe indirect thunk
Peter Zijlstra <peterz(a)infradead.org>
x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions
Peter Zijlstra <peterz(a)infradead.org>
x86/alternatives: Introduce int3_emulate_jcc()
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/its: Enumerate Indirect Target Selection (ITS) bug
Daniel Sneddon <daniel.sneddon(a)linux.intel.com>
x86/bhi: Define SPEC_CTRL_BHI_DIS_S
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
Documentation: x86/bugs/its: Add ITS documentation
David Howells <dhowells(a)redhat.com>
rxrpc: Fix oops due to non-existence of prealloc backlog struct
Oleg Nesterov <oleg(a)redhat.com>
fs/proc: do_task_stat: use __for_each_thread()
Victor Nogueira <victor(a)mojatatu.com>
net/sched: Abort __tc_modify_qdisc if parent class does not exist
Yue Haibing <yuehaibing(a)huawei.com>
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix infinite recursive call of clip_push().
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix memory leak of struct clip_vcc.
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
Oleksij Rempel <linux(a)rempel-privat.de>
net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_* TOCTOU
Andra Paraschiv <andraprs(a)amazon.com>
af_vsock: Assign the vsock transport considering the vsock address flags
Andra Paraschiv <andraprs(a)amazon.com>
af_vsock: Set VMADDR_FLAG_TO_HOST flag on the receive path
Andra Paraschiv <andraprs(a)amazon.com>
vm_sockets: Add VMADDR_FLAG_TO_HOST vsock flag
Andra Paraschiv <andraprs(a)amazon.com>
vm_sockets: Add flags field in the vsock address data structure
Michal Luczaj <mhal(a)rbox.co>
vsock: Fix transport_{g2h,h2g} TOCTOU
Kuniyuki Iwashima <kuniyu(a)google.com>
tipc: Fix use-after-free in tipc_conn_close().
Kuniyuki Iwashima <kuniyu(a)google.com>
netlink: Fix wraparounds of sk->sk_rmem_alloc.
Al Viro <viro(a)zeniv.linux.org.uk>
fix proc_sys_compare() handling of in-lookup dentries
Peter Zijlstra <peterz(a)infradead.org>
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
Kaustabh Chakraborty <kauschluss(a)disroot.org>
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Nathan Chancellor <nathan(a)kernel.org>
staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Rollback non processed entities on error
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Send control events for partial succeeds
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Return the number of processed controls
Seiji Nishikawa <snishika(a)redhat.com>
ACPI: PAD: fix crash in exit_round_robin()
Andrei Kuchynski <akuchynski(a)chromium.org>
usb: typec: displayport: Fix potential deadlock
Oliver Neukum <oneukum(a)suse.com>
Logitech C-270 even more broken
Mathias Nyman <mathias.nyman(a)linux.intel.com>
xhci: dbc: Flush queued requests before stopping dbc
Łukasz Bartosik <ukaszb(a)chromium.org>
xhci: dbctty: disable ECHO flag by default
Fushuai Wang <wangfushuai(a)baidu.com>
dpaa2-eth: fix xdp_rxq_info leak
Ioana Ciornei <ioana.ciornei(a)nxp.com>
net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats
Radu Bulie <radu-andrei.bulie(a)nxp.com>
dpaa2-eth: Update SINGLE_STEP register access
Radu Bulie <radu-andrei.bulie(a)nxp.com>
dpaa2-eth: Update dpni_get_single_step_cfg command
Ioana Ciornei <ioana.ciornei(a)nxp.com>
dpaa2-eth: rename dpaa2_eth_xdp_release_buf into dpaa2_eth_recycle_buf
Filipe Manana <fdmanana(a)suse.com>
btrfs: use btrfs_record_snapshot_destroy() during rmdir
Filipe Manana <fdmanana(a)suse.com>
btrfs: propagate last_unlink_trans earlier when doing a rmdir
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4/flexfiles: Fix handling of NFS level errors in I/O
Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de>
flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix vport loopback for MPV device
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Disable interrupts before resetting the GPU
Sergey Senozhatsky <senozhatsky(a)chromium.org>
mtk-sd: reset host->mrq on prepare_data() error
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
mtk-sd: Prevent memory corruption from DMA map failure
Yue Hu <huyue2(a)yulong.com>
mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data()
Manivannan Sadhasivam <mani(a)kernel.org>
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
Uladzislau Rezki (Sony) <urezki(a)gmail.com>
rcu: Return early if callback is not specified
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPICA: Refuse to evaluate a method if arguments are missing
Johannes Berg <johannes.berg(a)intel.com>
wifi: ath6kl: remove WARN on bad firmware input
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: drop invalid source address OCB frames
Maurizio Lombardi <mlombard(a)redhat.com>
scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
Madhavan Srinivasan <maddy(a)linux.ibm.com>
powerpc: Fix struct termio related ioctl macros
Johannes Berg <johannes.berg(a)intel.com>
ata: pata_cs5536: fix build on 32-bit UML
Takashi Iwai <tiwai(a)suse.de>
ALSA: sb: Force to disable DMAs once when DMA mode is changed
Lion Ackermann <nnamrec(a)gmail.com>
net/sched: Always pass notifications when child class becomes empty
Thomas Fourier <fourier.thomas(a)gmail.com>
nui: Fix dma_mapping_error() check
Kohei Enju <enjuk(a)amazon.com>
rose: fix dangling neighbour pointers in rose_rt_device_down()
Gustavo A. R. Silva <gustavoars(a)kernel.org>
net: rose: Fix fall-through warnings for Clang
Alok Tiwari <alok.a.tiwari(a)oracle.com>
enic: fix incorrect MTU comparison in enic_change_mtu()
Raju Rangoju <Raju.Rangoju(a)amd.com>
amd-xgbe: align CL37 AN sequence as per databook
Dan Carpenter <dan.carpenter(a)linaro.org>
lib: test_objagg: Set error message in check_expect_hints_stats()
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/i915/gt: Fix timeline left held on VMA alloc error
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/i915/selftests: Change mock_request() to return error pointers
James Clark <james.clark(a)linaro.org>
spi: spi-fsl-dspi: Clear completion counter before initiating transfer
Marek Szyprowski <m.szyprowski(a)samsung.com>
drm/exynos: fimd: Guard display clock control with runtime PM calls
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix missing error handling when searching for inode refs during log replay
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix CC counters query for MPV
Bart Van Assche <bvanassche(a)acm.org>
scsi: ufs: core: Fix spelling of a sysfs attribute name
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
Benjamin Coddington <bcodding(a)redhat.com>
NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
Kuniyuki Iwashima <kuniyu(a)google.com>
nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
Mark Zhang <markzhang(a)nvidia.com>
RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
David Thompson <davthompson(a)nvidia.com>
platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
RD Babiera <rdbabiera(a)google.com>
usb: typec: altmodes/displayport: do not index invalid pin_assignments
Ulf Hansson <ulf.hansson(a)linaro.org>
Revert "mmc: sdhci: Disable SD card clock before changing parameters"
Victor Shih <victor.shih(a)genesyslogic.com.tw>
mmc: sdhci: Add a helper function for dump register in dynamic debug mode
HarshaVardhana S A <harshavardhana.sa(a)broadcom.com>
vsock/vmci: Clear the vmci transport packet properly when initializing it
Mateusz Jończyk <mat.jonczyk(a)o2.pl>
rtc: cmos: use spin_lock_irqsave in cmos_interrupt
Dev Jain <dev.jain(a)arm.com>
arm64: Restrict pagetable teardown to avoid false warning
Brett A C Sheffield (Librecast) <bacs(a)librecast.net>
Revert "ipv6: save dontfrag in cork"
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Dexuan Cui <decui(a)microsoft.com>
PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Check return value when getting default PHY config
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Fix connecting to next bridge
Aradhya Bhatia <a-bhatia1(a)ti.com>
drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
Jay Cornwall <jay.cornwall(a)amd.com>
drm/amdkfd: Fix race in GWS queue scheduling
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/udl: Unregister device before cleaning up on disconnect
Qiu-ji Chen <chenqiuji666(a)gmail.com>
drm/tegra: Fix a possible null pointer dereference
Thierry Reding <treding(a)nvidia.com>
drm/tegra: Assign plane type before registration
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix kobject reference count leak
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix memory leak on sysfs attribute creation failure
Qasim Ijaz <qasdev00(a)gmail.com>
HID: wacom: fix memory leak on kobject creation failure
Mark Harmstone <maharmstone(a)fb.com>
btrfs: update superblock's device bytes_used when dropping chunk
Heinz Mauelshagen <heinzm(a)redhat.com>
dm-raid: fix variable in journal device check
Frédéric Danis <frederic.danis(a)collabora.com>
Bluetooth: L2CAP: Fix L2CAP MTU negotiation
Yao Zi <ziyao(a)disroot.org>
dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
Kuniyuki Iwashima <kuniyu(a)google.com>
atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
Simon Horman <horms(a)kernel.org>
net: enetc: Correct endianness handling in _enetc_rd_reg64
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: ubd: Add missing error check in start_io_thread()
Stefano Garzarella <sgarzare(a)redhat.com>
vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
wifi: mac80211: fix beacon interval calculation overflow
Yuan Chen <chenyuan(a)kylinos.cn>
libbpf: Fix null pointer dereference in btf_dump__free on allocation failure
Al Viro <viro(a)zeniv.linux.org.uk>
attach_recursive_mnt(): do not lock the covering tree when sliding something under it
Youngjun Lee <yjjuny.lee(a)samsung.com>
ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
Eric Dumazet <edumazet(a)google.com>
atm: clip: prevent NULL deref in clip_push()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: robotfuzz-osif: disable zero-length read messages
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: tiny-usb: disable zero-length read messages
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: reject invalid perturb period
Niklas Cassel <cassel(a)kernel.org>
PCI: cadence-ep: Correct PBA offset in .set_msix() callback
Long Li <longli(a)microsoft.com>
uio_hv_generic: Align ring size to system page
Saurabh Sengar <ssengar(a)linux.microsoft.com>
uio_hv_generic: Query the ringbuffer size for device
Saurabh Sengar <ssengar(a)linux.microsoft.com>
Drivers: hv: vmbus: Add utility function for querying ring size
Vitaly Kuznetsov <vkuznets(a)redhat.com>
Drivers: hv: Rename 'alloced' to 'allocated'
Haiyang Zhang <haiyangz(a)microsoft.com>
Drivers: hv: vmbus: Fix duplicate CPU assignments within a device
Alexandru Ardelean <alexandru.ardelean(a)analog.com>
uio: uio_hv_generic: use devm_kzalloc() for private data alloc
Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com>
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
Weihang Li <liweihang(a)huawei.com>
RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private
Chao Yu <chao(a)kernel.org>
f2fs: don't over-report free space or inodes in statvfs
Brett Werling <brett.werling(a)garmin.com>
can: tcan4x5x: fix power regulator retrieval during probe
Marek Szyprowski <m.szyprowski(a)samsung.com>
media: omap3isp: use sgtable-based scatterlist wrappers
Vasiliy Kovalev <kovalev(a)altlinux.org>
jfs: validate AG parameters in dbMount() to prevent crashes
Dave Kleikamp <dave.kleikamp(a)oracle.com>
fs/jfs: consolidate sanity checking in dbMount
Amit Sunil Dhamne <amitsd(a)google.com>
usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
Junlin Yang <yangjunlin(a)yulong.com>
usb: typec: tcpci_maxim: add terminating newlines to logging
Junlin Yang <yangjunlin(a)yulong.com>
usb: typec: tcpci_maxim: remove redundant assignment
Badhri Jagan Sridharan <badhri(a)google.com>
usb: typec: tcpci_maxim: Fix uninitialized return variable
Wupeng Ma <mawupeng1(a)huawei.com>
VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
George Kennedy <george.kennedy(a)oracle.com>
VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF
Dave Penkler <dpenkler(a)gmail.com>
usb: usbtmc: Fix read_stb function and get_stb ioctl
Dave Penkler <dpenkler(a)gmail.com>
USB: usbtmc: Add USBTMC_IOCTL_GET_STB
Dave Penkler <dpenkler(a)gmail.com>
USB: usbtmc: Fix reading stale status byte
Kees Cook <kees(a)kernel.org>
ovl: Check for NULL d_inode() in ovl_dentry_upper()
Dmitry Kandybka <d.kandybka(a)gmail.com>
ceph: fix possible integer overflow in ceph_zero_objects()
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
ALSA: hda: Add new pci id for AMD GPU display HD audio controller
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Ignore unsol events for cards being shut down
Jos Wang <joswang(a)lenovo.com>
usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode
Robert Hodaszi <robert.hodaszi(a)digi.com>
usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
usb: Add checks for snprintf() calls in usb_alloc_dev()
Chance Yang <chance.yang(a)kneron.us>
usb: common: usb-conn-gpio: use a unique name for usb connector device
Chen Yufeng <chenyufeng(a)iie.ac.cn>
usb: potential integer overflow in usbg_make_tpg()
Sami Tolvanen <samitolvanen(a)google.com>
um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: pressure: zpa2326: Use aligned_s64 for the timestamp
Linggang Zeng <linggang.zeng(a)easystack.cn>
bcache: fix NULL pointer in cache_set_flush()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: fix dm-raid max_write_behind setting
Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de>
dmaengine: xilinx_dma: Set dma_device directions
Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com>
hwmon: (pmbus/max34440) Fix support for max34451
Sven Schwermer <sven.schwermer(a)disruptive-technologies.com>
leds: multicolor: Fix intensity setting while SW blinking
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
mfd: max14577: Fix wakeup source leaks on device unbind
Peng Fan <peng.fan(a)nxp.com>
mailbox: Not protect module_put with spin_lock_irqsave
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix listxattr to return selinux security label
Pali Rohár <pali(a)kernel.org>
cifs: Fix cifs_query_path_info() for Windows NT servers
-------------
Diffstat:
Documentation/ABI/testing/sysfs-devices-system-cpu | 2 +
Documentation/ABI/testing/sysfs-driver-ufs | 2 +-
Documentation/admin-guide/hw-vuln/index.rst | 1 +
.../hw-vuln/indirect-target-selection.rst | 156 +++++++++++
.../hw-vuln/processor_mmio_stale_data.rst | 4 +-
Documentation/admin-guide/kernel-parameters.txt | 28 ++
Documentation/devicetree/bindings/serial/8250.yaml | 2 +-
Makefile | 4 +-
arch/arm64/mm/mmu.c | 3 +-
arch/powerpc/include/uapi/asm/ioctls.h | 8 +-
arch/s390/Makefile | 2 +-
arch/s390/purgatory/Makefile | 2 +-
arch/um/drivers/ubd_user.c | 2 +-
arch/um/drivers/vector_kern.c | 42 +--
arch/um/include/asm/asm-prototypes.h | 5 +
arch/x86/Kconfig | 22 +-
arch/x86/entry/entry.S | 8 +-
arch/x86/include/asm/alternative.h | 26 ++
arch/x86/include/asm/cpu.h | 13 +
arch/x86/include/asm/cpufeature.h | 5 +-
arch/x86/include/asm/cpufeatures.h | 14 +-
arch/x86/include/asm/disabled-features.h | 2 +-
arch/x86/include/asm/irqflags.h | 4 +-
arch/x86/include/asm/msr-index.h | 13 +-
arch/x86/include/asm/mwait.h | 19 +-
arch/x86/include/asm/nospec-branch.h | 50 ++--
arch/x86/include/asm/required-features.h | 2 +-
arch/x86/include/asm/text-patching.h | 31 +++
arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++-
arch/x86/kernel/cpu/amd.c | 58 ++++
arch/x86/kernel/cpu/bugs.c | 272 +++++++++++++++++-
arch/x86/kernel/cpu/common.c | 77 +++++-
arch/x86/kernel/cpu/mce/amd.c | 15 +-
arch/x86/kernel/cpu/mce/core.c | 8 +-
arch/x86/kernel/cpu/mce/intel.c | 1 +
arch/x86/kernel/cpu/scattered.c | 1 +
arch/x86/kernel/ftrace.c | 4 +-
arch/x86/kernel/kprobes/core.c | 39 +--
arch/x86/kernel/module.c | 14 +-
arch/x86/kernel/process.c | 15 +-
arch/x86/kernel/static_call.c | 2 +-
arch/x86/kernel/vmlinux.lds.S | 8 +
arch/x86/kvm/cpuid.c | 31 ++-
arch/x86/kvm/cpuid.h | 1 +
arch/x86/kvm/svm/vmenter.S | 3 +
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/x86.c | 4 +-
arch/x86/lib/retpoline.S | 39 +++
arch/x86/net/bpf_jit_comp.c | 8 +-
arch/x86/um/asm/checksum.h | 3 +
drivers/acpi/acpi_pad.c | 7 +-
drivers/acpi/acpica/dsmethod.c | 7 +
drivers/acpi/battery.c | 19 +-
drivers/ata/pata_cs5536.c | 2 +-
drivers/atm/idt77252.c | 5 +
drivers/base/cpu.c | 10 +
drivers/dma-buf/dma-resv.c | 2 +-
drivers/dma/xilinx/xilinx_dma.c | 2 +
drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +-
drivers/gpu/drm/bridge/cdns-dsi.c | 27 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 +
drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 +
drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +-
drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-
drivers/gpu/drm/i915/selftests/mock_request.c | 2 +-
drivers/gpu/drm/tegra/dc.c | 17 +-
drivers/gpu/drm/tegra/hub.c | 4 +-
drivers/gpu/drm/tegra/hub.h | 3 +-
drivers/gpu/drm/udl/udl_drv.c | 2 +-
drivers/gpu/drm/v3d/v3d_drv.h | 7 +
drivers/gpu/drm/v3d/v3d_gem.c | 2 +
drivers/gpu/drm/v3d/v3d_irq.c | 38 ++-
drivers/hid/hid-ids.h | 5 +
drivers/hid/hid-quirks.c | 3 +
drivers/hid/wacom_sys.c | 6 +-
drivers/hv/channel_mgmt.c | 121 +++++---
drivers/hv/hyperv_vmbus.h | 19 +-
drivers/hv/vmbus_drv.c | 2 +-
drivers/hwmon/pmbus/max34440.c | 48 +++-
drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 +
drivers/i2c/busses/i2c-tiny-usb.c | 6 +
drivers/iio/pressure/zpa2326.c | 2 +-
drivers/infiniband/core/iwcm.c | 38 +--
drivers/infiniband/core/iwcm.h | 2 +-
drivers/infiniband/hw/mlx5/counters.c | 2 +-
drivers/infiniband/hw/mlx5/devx.c | 2 +-
drivers/infiniband/hw/mlx5/main.c | 33 +++
drivers/input/joystick/xpad.c | 5 +
drivers/input/keyboard/atkbd.c | 3 +-
drivers/leds/led-class-multicolor.c | 3 +-
drivers/mailbox/mailbox.c | 2 +-
drivers/md/bcache/super.c | 7 +-
drivers/md/dm-raid.c | 2 +-
drivers/md/md-bitmap.c | 2 +-
drivers/md/raid1.c | 1 +
drivers/media/platform/omap3isp/ispccdc.c | 8 +-
drivers/media/platform/omap3isp/ispstat.c | 6 +-
drivers/media/usb/uvc/uvc_ctrl.c | 61 ++--
drivers/mfd/max14577.c | 1 +
drivers/misc/vmw_vmci/vmci_host.c | 9 +-
drivers/mmc/host/mtk-sd.c | 39 ++-
drivers/mmc/host/sdhci.c | 9 +-
drivers/mmc/host/sdhci.h | 16 ++
drivers/net/can/m_can/m_can.c | 2 +-
drivers/net/can/m_can/tcan4x5x.c | 9 +-
drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 +
drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 +
drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +-
drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++--
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +-
drivers/net/ethernet/cisco/enic/enic_main.c | 4 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 141 ++++++++--
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 20 +-
.../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +-
drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +-
drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 +
drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 +
drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +-
drivers/net/ethernet/sun/niu.c | 31 ++-
drivers/net/ethernet/sun/niu.h | 4 +
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/microchip.c | 2 +-
drivers/net/phy/smsc.c | 28 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/ath/ath6kl/bmi.c | 4 +-
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +-
drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 +-
drivers/pci/controller/pci-hyperv.c | 17 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++
drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +-
drivers/pwm/pwm-mediatek.c | 15 +-
drivers/regulator/gpio-regulator.c | 4 +-
drivers/rtc/lib_test.c | 2 +
drivers/rtc/rtc-cmos.c | 10 +-
drivers/scsi/qla2xxx/qla_mbx.c | 2 +-
drivers/scsi/qla4xxx/ql4_os.c | 2 +
drivers/scsi/ufs/ufs-sysfs.c | 4 +-
drivers/spi/spi-fsl-dspi.c | 11 +-
drivers/staging/rtl8723bs/core/rtw_security.c | 46 +--
drivers/target/target_core_pr.c | 4 +-
drivers/tty/vt/vt.c | 1 +
drivers/uio/uio_hv_generic.c | 18 +-
drivers/usb/class/cdc-wdm.c | 23 +-
drivers/usb/class/usbtmc.c | 53 ++--
drivers/usb/common/usb-conn-gpio.c | 25 +-
drivers/usb/core/quirks.c | 3 +-
drivers/usb/core/usb.c | 14 +-
drivers/usb/gadget/function/f_tcm.c | 4 +-
drivers/usb/gadget/function/u_serial.c | 6 +-
drivers/usb/host/xhci-dbgcap.c | 4 +
drivers/usb/host/xhci-dbgtty.c | 1 +
drivers/usb/typec/altmodes/displayport.c | 5 +-
drivers/usb/typec/tcpm/tcpci_maxim.c | 20 +-
drivers/vhost/scsi.c | 7 +-
fs/btrfs/inode.c | 36 +--
fs/btrfs/tree-log.c | 4 +-
fs/btrfs/volumes.c | 6 +
fs/ceph/file.c | 2 +-
fs/cifs/misc.c | 8 +
fs/f2fs/super.c | 30 +-
fs/jfs/jfs_dmap.c | 41 +--
fs/namespace.c | 8 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++---
fs/nfs/inode.c | 17 +-
fs/nfs/nfs4proc.c | 12 +-
fs/nfs/pnfs.c | 4 +-
fs/overlayfs/util.c | 4 +-
fs/proc/array.c | 6 +-
fs/proc/inode.c | 2 +-
fs/proc/proc_sysctl.c | 18 +-
include/drm/spsc_queue.h | 4 +-
include/linux/cpu.h | 3 +
include/linux/hyperv.h | 2 +
include/linux/ipv6.h | 1 -
include/linux/module.h | 5 +
include/linux/usb/typec_dp.h | 1 +
include/uapi/linux/usb/tmc.h | 2 +
include/uapi/linux/vm_sockets.h | 30 +-
kernel/events/core.c | 2 +-
kernel/rcu/tree.c | 4 +
lib/test_objagg.c | 4 +-
net/appletalk/ddp.c | 1 +
net/atm/clip.c | 75 +++--
net/atm/resources.c | 3 +-
net/bluetooth/l2cap_core.c | 9 +-
net/ipv6/ip6_output.c | 9 +-
net/mac80211/rx.c | 4 +
net/mac80211/util.c | 2 +-
net/netlink/af_netlink.c | 90 +++---
net/rose/rose_route.c | 15 +-
net/rxrpc/call_accept.c | 3 +
net/sched/sch_api.c | 42 +--
net/sched/sch_sfq.c | 10 +-
net/tipc/topsrv.c | 2 +
net/vmw_vsock/af_vsock.c | 78 +++++-
net/vmw_vsock/vmci_transport.c | 4 +-
sound/isa/sb/sb16_main.c | 4 +
sound/pci/hda/hda_bind.c | 2 +-
sound/pci/hda/hda_intel.c | 3 +
sound/soc/fsl/fsl_asrc.c | 3 +-
sound/usb/stream.c | 2 +
tools/lib/bpf/btf_dump.c | 3 +
203 files changed, 2697 insertions(+), 809 deletions(-)
10 hours, 5 minutes
- 5
- 216
[PATCH 6.12 1/2] arm64: defconfig: enable DRM_DISPLAY_CONNECTOR as a module
by Macpaul Lin
From: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
[ Upstream commit 691b5b53dbcc30bb3572cbb255374990723af0d2 ]
The display connector family of bridges is used on a plenty of ARM64
platforms (including, but not being limited to several Qualcomm Robotics
and Dragonboard platforms). It doesn't make sense for the DRM drivers to
select the driver, so select it via the defconfig.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org>
Link: https://lore.kernel.org/r/20250214-arm64-display-connector-v1-1-306bca76316…
Signed-off-by: Bjorn Andersson <andersson(a)kernel.org>
[ Backport to 6.12.y ]
Signed-off-by: Macpaul Lin <macpaul.lin(a)mediatek.com>
---
arch/arm64/configs/defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
index 7e475f38f3e1..219ef05ee5a7 100644
--- a/arch/arm64/configs/defconfig
+++ b/arch/arm64/configs/defconfig
@@ -911,6 +911,7 @@ CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20=m
CONFIG_DRM_PANEL_SITRONIX_ST7703=m
CONFIG_DRM_PANEL_TRULY_NT35597_WQXGA=m
CONFIG_DRM_PANEL_VISIONOX_VTDR6130=m
+CONFIG_DRM_DISPLAY_CONNECTOR=m
CONFIG_DRM_FSL_LDB=m
CONFIG_DRM_LONTIUM_LT8912B=m
CONFIG_DRM_LONTIUM_LT9611=m
--
2.45.2
10 hours, 49 minutes
- 4
- 4
[PATCH v2] media: pci: ivtv: Add missing check after DMA map
by Thomas Fourier
The DMA map functions can fail and should be tested for errors.
If the mapping fails, free blanking_ptr and set it to 0. As 0 is a
valid DMA address, use blanking_ptr to test if the DMA address
is set.
Fixes: 1a0adaf37c30 ("V4L/DVB (5345): ivtv driver for Conexant cx23416/cx23415 MPEG encoder/decoder")
Cc: stable(a)vger.kernel.org
Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com>
---
v1 -> v2:
- Fix Fixes: line
- Add Cc: stable
drivers/media/pci/ivtv/ivtv-irq.c | 2 +-
drivers/media/pci/ivtv/ivtv-yuv.c | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/media/pci/ivtv/ivtv-irq.c b/drivers/media/pci/ivtv/ivtv-irq.c
index 748c14e87963..4d63daa01eed 100644
--- a/drivers/media/pci/ivtv/ivtv-irq.c
+++ b/drivers/media/pci/ivtv/ivtv-irq.c
@@ -351,7 +351,7 @@ void ivtv_dma_stream_dec_prepare(struct ivtv_stream *s, u32 offset, int lock)
/* Insert buffer block for YUV if needed */
if (s->type == IVTV_DEC_STREAM_TYPE_YUV && f->offset_y) {
- if (yi->blanking_dmaptr) {
+ if (yi->blanking_ptr) {
s->sg_pending[idx].src = yi->blanking_dmaptr;
s->sg_pending[idx].dst = offset;
s->sg_pending[idx].size = 720 * 16;
diff --git a/drivers/media/pci/ivtv/ivtv-yuv.c b/drivers/media/pci/ivtv/ivtv-yuv.c
index 2d9274537725..71f040106647 100644
--- a/drivers/media/pci/ivtv/ivtv-yuv.c
+++ b/drivers/media/pci/ivtv/ivtv-yuv.c
@@ -125,7 +125,7 @@ static int ivtv_yuv_prep_user_dma(struct ivtv *itv, struct ivtv_user_dma *dma,
ivtv_udma_fill_sg_array(dma, y_buffer_offset, uv_buffer_offset, y_size);
/* If we've offset the y plane, ensure top area is blanked */
- if (f->offset_y && yi->blanking_dmaptr) {
+ if (f->offset_y && yi->blanking_ptr) {
dma->SGarray[dma->SG_length].size = cpu_to_le32(720*16);
dma->SGarray[dma->SG_length].src = cpu_to_le32(yi->blanking_dmaptr);
dma->SGarray[dma->SG_length].dst = cpu_to_le32(IVTV_DECODER_OFFSET + yuv_offset[frame]);
@@ -929,6 +929,12 @@ static void ivtv_yuv_init(struct ivtv *itv)
yi->blanking_dmaptr = dma_map_single(&itv->pdev->dev,
yi->blanking_ptr,
720 * 16, DMA_TO_DEVICE);
+ if (dma_mapping_error(&itv->pdev->dev, yi->blanking_dmaptr)) {
+ kfree(yi->blanking_ptr);
+ yi->blanking_ptr = NULL;
+ yi->blanking_dmaptr = 0;
+ IVTV_DEBUG_WARN("Failed to dma_map yuv blanking buffer\n");
+ }
} else {
yi->blanking_dmaptr = 0;
IVTV_DEBUG_WARN("Failed to allocate yuv blanking buffer\n");
--
2.43.0
10 hours, 49 minutes
- 1
- 0
[PATCH v2] KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests
by Nikunj A Dadhania
Require a minimum GHCB version of 2 when starting SEV-SNP guests through
KVM_SEV_INIT2. When a VMM attempts to start an SEV-SNP guest with an
incompatible GHCB version (less than 2), reject the request early rather
than allowing the guest kernel to start with an incorrect protocol version
and fail later with GHCB_SNP_UNSUPPORTED guest termination.
Hypervisor logs the guest termination with GHCB_SNP_UNSUPPORTED error code:
kvm_amd: SEV-ES guest requested termination: 0x0:0x2
SNP guest fails with the below error message:
KVM: unknown exit reason 24
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00a00f11
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT= 00000000 0000ffff
IDT= 00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
Fixes: 4af663c2f64a ("KVM: SEV: Allow per-guest configuration of GHCB protocol version")
Cc: Thomas Lendacky <thomas.lendacky(a)amd.com>
Cc: Sean Christopherson <seanjc(a)google.com>
Cc: Michael Roth <michael.roth(a)amd.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Nikunj A Dadhania <nikunj(a)amd.com>
---
Changes since v1:
* Add failure logs in the commit and drop @stable tag (Sean)
---
arch/x86/kvm/svm/sev.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 95668e84ab86..fdc1309c68cb 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -406,6 +406,7 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp,
struct kvm_sev_info *sev = to_kvm_sev_info(kvm);
struct sev_platform_init_args init_args = {0};
bool es_active = vm_type != KVM_X86_SEV_VM;
+ bool snp_active = vm_type == KVM_X86_SNP_VM;
u64 valid_vmsa_features = es_active ? sev_supported_vmsa_features : 0;
int ret;
@@ -424,6 +425,9 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp,
if (unlikely(sev->active))
return -EINVAL;
+ if (snp_active && data->ghcb_version && data->ghcb_version < 2)
+ return -EINVAL;
+
sev->active = true;
sev->es_active = es_active;
sev->vmsa_features = data->vmsa_features;
@@ -437,7 +441,7 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp,
if (sev->es_active && !sev->ghcb_version)
sev->ghcb_version = GHCB_VERSION_DEFAULT;
- if (vm_type == KVM_X86_SNP_VM)
+ if (snp_active)
sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE;
ret = sev_asid_new(sev);
@@ -455,7 +459,7 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp,
}
/* This needs to happen after SEV/SNP firmware initialization. */
- if (vm_type == KVM_X86_SNP_VM) {
+ if (snp_active) {
ret = snp_guest_req_init(kvm);
if (ret)
goto e_free;
base-commit: 772d50d9b87bec08b56ecee0a880d6b2ee5c7da5
--
2.43.0
10 hours, 58 minutes
- 2
- 1
[PATCH 6.6.y] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented
by Mark Brown
[ Upstream commit a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac ]
We have a number of hwcaps for various SME subfeatures enumerated via
ID_AA64SMFR0_EL1. Currently we advertise these without cross checking
against the main SME feature, advertised in ID_AA64PFR1_EL1.SME which
means that if the two are out of sync userspace can see a confusing
situation where SME subfeatures are advertised without the base SME
hwcap. This can be readily triggered by using the arm64.nosme override
which only masks out ID_AA64PFR1_EL1.SME, and there have also been
reports of VMMs which do the same thing.
Fix this as we did previously for SVE in 064737920bdb ("arm64: Filter
out SVE hwcaps when FEAT_SVE isn't implemented") by filtering out the
SME subfeature hwcaps when FEAT_SME is not present.
Fixes: 5e64b862c482 ("arm64/sme: Basic enumeration support")
Reported-by: Yury Khrustalev <yury.khrustalev(a)arm.com>
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/r/20250620-arm64-sme-filter-hwcaps-v1-1-02b9d3c2d8e…
Signed-off-by: Will Deacon <will(a)kernel.org>
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
arch/arm64/kernel/cpufeature.c | 35 +++++++++++++++++++++--------------
1 file changed, 21 insertions(+), 14 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 82778258855d..b6d381f743f3 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2804,6 +2804,13 @@ static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope)
}
#endif
+#ifdef CONFIG_ARM64_SME
+static bool has_sme_feature(const struct arm64_cpu_capabilities *cap, int scope)
+{
+ return system_supports_sme() && has_user_cpuid_feature(cap, scope);
+}
+#endif
+
static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL),
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES),
@@ -2875,20 +2882,20 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64ISAR2_EL1, MOPS, IMP, CAP_HWCAP, KERNEL_HWCAP_MOPS),
HWCAP_CAP(ID_AA64ISAR2_EL1, BC, IMP, CAP_HWCAP, KERNEL_HWCAP_HBC),
#ifdef CONFIG_ARM64_SME
- HWCAP_CAP(ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME),
- HWCAP_CAP(ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64),
- HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1),
- HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2),
- HWCAP_CAP(ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64),
- HWCAP_CAP(ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64),
- HWCAP_CAP(ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32),
- HWCAP_CAP(ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16),
- HWCAP_CAP(ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16),
- HWCAP_CAP(ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32),
- HWCAP_CAP(ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32),
- HWCAP_CAP(ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32),
- HWCAP_CAP(ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32),
- HWCAP_CAP(ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16),
+ HWCAP_CAP(ID_MATCH_ID(has_sme_feature, AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32),
+ HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32),
#endif /* CONFIG_ARM64_SME */
{},
};
---
base-commit: 9247f4e6573a4d05fe70c3e90dbd53da26e8c5cb
change-id: 20250715-stable-6-6-sme-feat-filt-5e942478105f
Best regards,
--
Mark Brown <broonie(a)kernel.org>
11 hours, 7 minutes
- 1
- 0
[PATCH v2] iommu/amd: Fix geometry.aperture_end for V2 tables
by Jason Gunthorpe
The AMD IOMMU documentation seems pretty clear that the V2 table follows
the normal CPU expectation of sign extension. This is shown in
Figure 25: AMD64 Long Mode 4-Kbyte Page Address Translation
Where bits Sign-Extend [63:57] == [56]. This is typical for x86 which
would have three regions in the page table: lower, non-canonical, upper.
The manual describes that the V1 table does not sign extend in section
2.2.4 Sharing AMD64 Processor and IOMMU Page Tables GPA-to-SPA
Further, Vasant has checked this and indicates the HW has an addtional
behavior that the manual does not yet describe. The AMDv2 table does not
have the sign extended behavior when attached to PASID 0, which may
explain why this has gone unnoticed.
The iommu domain geometry does not directly support sign extended page
tables. The driver should report only one of the lower/upper spaces. Solve
this by removing the top VA bit from the geometry to use only the lower
space.
This will also make the iommu_domain work consistently on all PASID 0 and
PASID != 1.
Adjust dma_max_address() to remove the top VA bit. It now returns:
5 Level:
Before 0x1ffffffffffffff
After 0x0ffffffffffffff
4 Level:
Before 0xffffffffffff
After 0x7fffffffffff
Fixes: 11c439a19466 ("iommu/amd/pgtbl_v2: Fix domain max address")
Link: https://lore.kernel.org/all/8858d4d6-d360-4ef0-935c-bfd13ea54f42@amd.com/
Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com>
---
drivers/iommu/amd/iommu.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
v2:
- Revise the commit message and comment with the new information
from Vasant.
v1: https://patch.msgid.link/r/0-v1-6925ece6b623+296-amdv2_geo_jgg@nvidia.com
diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
index 3117d99cf83d0d..1baa9d3583f369 100644
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2526,8 +2526,21 @@ static inline u64 dma_max_address(enum protection_domain_mode pgtable)
if (pgtable == PD_MODE_V1)
return ~0ULL;
- /* V2 with 4/5 level page table */
- return ((1ULL << PM_LEVEL_SHIFT(amd_iommu_gpt_level)) - 1);
+ /*
+ * V2 with 4/5 level page table. Note that "2.2.6.5 AMD64 4-Kbyte Page
+ * Translation" shows that the V2 table sign extends the top of the
+ * address space creating a reserved region in the middle of the
+ * translation, just like the CPU does. Further Vasant says the docs are
+ * incomplete and this only applies to non-zero PASIDs. If the AMDv2
+ * page table is assigned to the 0 PASID then there is no sign extension
+ * check.
+ *
+ * Since the IOMMU must have a fixed geometry, and the core code does
+ * not understand sign extended addressing, we have to chop off the high
+ * bit to get consistent behavior with attachments of the domain to any
+ * PASID.
+ */
+ return ((1ULL << (PM_LEVEL_SHIFT(amd_iommu_gpt_level) - 1)) - 1);
}
static bool amd_iommu_hd_support(struct amd_iommu *iommu)
base-commit: eb328711b15b17987021dbb674f446b7b008dca5
--
2.43.0
11 hours, 26 minutes
- 3
- 4
[regression] Wireguard fragmentation fails with VXLAN since 8930424777e4 ("tunnels: Accept PACKET_HOST skb_tunnel_check_pmtu().") causing network timeouts
by Salvatore Bonaccorso
Hi,
Charles Bordet reported the following issue (full context in
https://bugs.debian.org/1108860)
> Dear Maintainer,
>
> What led up to the situation?
> We run a production environment using Debian 12 VMs, with a network
> topology involving VXLAN tunnels encapsulated inside Wireguard
> interfaces. This setup has worked reliably for over a year, with MTU set
> to 1500 on all interfaces except the Wireguard interface (set to 1420).
> Wireguard kernel fragmentation allowed this configuration to function
> without issues, even though the effective path MTU is lower than 1500.
>
> What exactly did you do (or not do) that was effective (or ineffective)?
> We performed a routine system upgrade, updating all packages include the
> kernel. After the upgrade, we observed severe network issues (timeouts,
> very slow HTTP/HTTPS, and apt update failures) on all VMs behind the
> router. SSH and small-packet traffic continued to work.
>
> To diagnose, we:
>
> * Restored a backup (with the previous kernel): the problem disappeared.
> * Repeated the upgrade, confirming the issue reappeared.
> * Systematically tested each kernel version from 6.1.124-1 up to
> 6.1.140-1. The problem first appears with kernel 6.1.135-1; all earlier
> versions work as expected.
> * Kernel version from the backports (6.12.32-1) did not resolve the
> problem.
>
> What was the outcome of this action?
>
> * With kernel 6.1.135-1 or later, network timeouts occur for
> large-packet protocols (HTTP, apt, etc.), while SSH and small-packet
> protocols work.
> * With kernel 6.1.133-1 or earlier, everything works as expected.
>
> What outcome did you expect instead?
> We expected the network to function as before, with Wireguard handling
> fragmentation transparently and no application-level timeouts,
> regardless of the kernel version.
While triaging the issue we found that the commit 8930424777e4
("tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu()." introduces
the issue and Charles confirmed that the issue was present as well in
6.12.35 and 6.15.4 (other version up could potentially still be
affected, but we wanted to check it is not a 6.1.y specific
regression).
Reverthing the commit fixes Charles' issue.
Does that ring a bell?
Regards,
Salvatore
11 hours, 31 minutes
- 3
- 2
[PATCH v2 1/1] iommu/sva: Invalidate KVA range on kernel TLB flush
by Lu Baolu
The vmalloc() and vfree() functions manage virtually contiguous, but not
necessarily physically contiguous, kernel memory regions. When vfree()
unmaps such a region, it tears down the associated kernel page table
entries and frees the physical pages.
In the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware
shares and walks the CPU's page tables. Architectures like x86 share
static kernel address mappings across all user page tables, allowing the
IOMMU to access the kernel portion of these tables.
Modern IOMMUs often cache page table entries to optimize walk performance,
even for intermediate page table levels. If kernel page table mappings are
changed (e.g., by vfree()), but the IOMMU's internal caches retain stale
entries, Use-After-Free (UAF) vulnerability condition arises. If these
freed page table pages are reallocated for a different purpose, potentially
by an attacker, the IOMMU could misinterpret the new data as valid page
table entries. This allows the IOMMU to walk into attacker-controlled
memory, leading to arbitrary physical memory DMA access or privilege
escalation.
To mitigate this, introduce a new iommu interface to flush IOMMU caches
and fence pending page table walks when kernel page mappings are updated.
This interface should be invoked from architecture-specific code that
manages combined user and kernel page tables.
Fixes: 26b25a2b98e4 ("iommu: Bind process address spaces to devices")
Cc: stable(a)vger.kernel.org
Reported-by: Jann Horn <jannh(a)google.com>
Co-developed-by: Jason Gunthorpe <jgg(a)nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com>
Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com>
Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com>
Reviewed-by: Vasant Hegde <vasant.hegde(a)amd.com>
Tested-by: Yi Lai <yi1.lai(a)intel.com>
---
arch/x86/mm/tlb.c | 2 ++
drivers/iommu/iommu-sva.c | 34 +++++++++++++++++++++++++++++++++-
include/linux/iommu.h | 4 ++++
3 files changed, 39 insertions(+), 1 deletion(-)
Change log:
v2:
- Remove EXPORT_SYMBOL_GPL(iommu_sva_invalidate_kva_range);
- Replace the mutex with a spinlock to make the interface usable in the
critical regions.
v1: https://lore.kernel.org/linux-iommu/20250704133056.4023816-1-baolu.lu@linux…
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 39f80111e6f1..a41499dfdc3f 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -12,6 +12,7 @@
#include <linux/task_work.h>
#include <linux/mmu_notifier.h>
#include <linux/mmu_context.h>
+#include <linux/iommu.h>
#include <asm/tlbflush.h>
#include <asm/mmu_context.h>
@@ -1540,6 +1541,7 @@ void flush_tlb_kernel_range(unsigned long start, unsigned long end)
kernel_tlb_flush_range(info);
put_flush_tlb_info();
+ iommu_sva_invalidate_kva_range(start, end);
}
/*
diff --git a/drivers/iommu/iommu-sva.c b/drivers/iommu/iommu-sva.c
index 1a51cfd82808..fd76aefa5a88 100644
--- a/drivers/iommu/iommu-sva.c
+++ b/drivers/iommu/iommu-sva.c
@@ -10,6 +10,9 @@
#include "iommu-priv.h"
static DEFINE_MUTEX(iommu_sva_lock);
+static DEFINE_STATIC_KEY_FALSE(iommu_sva_present);
+static LIST_HEAD(iommu_sva_mms);
+static DEFINE_SPINLOCK(iommu_mms_lock);
static struct iommu_domain *iommu_sva_domain_alloc(struct device *dev,
struct mm_struct *mm);
@@ -42,6 +45,7 @@ static struct iommu_mm_data *iommu_alloc_mm_data(struct mm_struct *mm, struct de
return ERR_PTR(-ENOSPC);
}
iommu_mm->pasid = pasid;
+ iommu_mm->mm = mm;
INIT_LIST_HEAD(&iommu_mm->sva_domains);
/*
* Make sure the write to mm->iommu_mm is not reordered in front of
@@ -132,8 +136,15 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm
if (ret)
goto out_free_domain;
domain->users = 1;
- list_add(&domain->next, &mm->iommu_mm->sva_domains);
+ if (list_empty(&iommu_mm->sva_domains)) {
+ scoped_guard(spinlock_irqsave, &iommu_mms_lock) {
+ if (list_empty(&iommu_sva_mms))
+ static_branch_enable(&iommu_sva_present);
+ list_add(&iommu_mm->mm_list_elm, &iommu_sva_mms);
+ }
+ }
+ list_add(&domain->next, &iommu_mm->sva_domains);
out:
refcount_set(&handle->users, 1);
mutex_unlock(&iommu_sva_lock);
@@ -175,6 +186,15 @@ void iommu_sva_unbind_device(struct iommu_sva *handle)
list_del(&domain->next);
iommu_domain_free(domain);
}
+
+ if (list_empty(&iommu_mm->sva_domains)) {
+ scoped_guard(spinlock_irqsave, &iommu_mms_lock) {
+ list_del(&iommu_mm->mm_list_elm);
+ if (list_empty(&iommu_sva_mms))
+ static_branch_disable(&iommu_sva_present);
+ }
+ }
+
mutex_unlock(&iommu_sva_lock);
kfree(handle);
}
@@ -312,3 +332,15 @@ static struct iommu_domain *iommu_sva_domain_alloc(struct device *dev,
return domain;
}
+
+void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end)
+{
+ struct iommu_mm_data *iommu_mm;
+
+ if (!static_branch_unlikely(&iommu_sva_present))
+ return;
+
+ guard(spinlock_irqsave)(&iommu_mms_lock);
+ list_for_each_entry(iommu_mm, &iommu_sva_mms, mm_list_elm)
+ mmu_notifier_arch_invalidate_secondary_tlbs(iommu_mm->mm, start, end);
+}
diff --git a/include/linux/iommu.h b/include/linux/iommu.h
index 156732807994..31330c12b8ee 100644
--- a/include/linux/iommu.h
+++ b/include/linux/iommu.h
@@ -1090,7 +1090,9 @@ struct iommu_sva {
struct iommu_mm_data {
u32 pasid;
+ struct mm_struct *mm;
struct list_head sva_domains;
+ struct list_head mm_list_elm;
};
int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode);
@@ -1571,6 +1573,7 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev,
struct mm_struct *mm);
void iommu_sva_unbind_device(struct iommu_sva *handle);
u32 iommu_sva_get_pasid(struct iommu_sva *handle);
+void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end);
#else
static inline struct iommu_sva *
iommu_sva_bind_device(struct device *dev, struct mm_struct *mm)
@@ -1595,6 +1598,7 @@ static inline u32 mm_get_enqcmd_pasid(struct mm_struct *mm)
}
static inline void mm_pasid_drop(struct mm_struct *mm) {}
+static inline void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end) {}
#endif /* CONFIG_IOMMU_SVA */
#ifdef CONFIG_IOMMU_IOPF
--
2.43.0
12 hours, 8 minutes
- 9
- 29
[PATCH net 5/5] rxrpc: Fix to use conn aborts for conn-wide failures
by David Howells
Fix rxrpc to use connection-level aborts for things that affect the whole
connection, such as the service ID not matching a local service.
Fixes: 57af281e5389 ("rxrpc: Tidy up abort generation infrastructure")
Reported-by: Jeffrey Altman <jaltman(a)auristor.com>
Signed-off-by: David Howells <dhowells(a)redhat.com>
Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com>
cc: Marc Dionne <marc.dionne(a)auristor.com>
cc: Jakub Kicinski <kuba(a)kernel.org>
cc: Paolo Abeni <pabeni(a)redhat.com>
cc: "David S. Miller" <davem(a)davemloft.net>
cc: Eric Dumazet <edumazet(a)google.com>
cc: Simon Horman <horms(a)kernel.org>
cc: linux-afs(a)lists.infradead.org
cc: netdev(a)vger.kernel.org
cc: stable(a)vger.kernel.org
---
include/trace/events/rxrpc.h | 1 +
net/rxrpc/ar-internal.h | 3 +++
net/rxrpc/call_accept.c | 12 ++++++------
net/rxrpc/io_thread.c | 14 ++++++++++++++
net/rxrpc/output.c | 19 ++++++++++---------
net/rxrpc/security.c | 8 ++++----
6 files changed, 38 insertions(+), 19 deletions(-)
diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h
index 8e5a73eb5268..de6f6d25767c 100644
--- a/include/trace/events/rxrpc.h
+++ b/include/trace/events/rxrpc.h
@@ -322,6 +322,7 @@
EM(rxrpc_call_put_kernel, "PUT kernel ") \
EM(rxrpc_call_put_poke, "PUT poke ") \
EM(rxrpc_call_put_recvmsg, "PUT recvmsg ") \
+ EM(rxrpc_call_put_release_recvmsg_q, "PUT rls-rcmq") \
EM(rxrpc_call_put_release_sock, "PUT rls-sock") \
EM(rxrpc_call_put_release_sock_tba, "PUT rls-sk-a") \
EM(rxrpc_call_put_sendmsg, "PUT sendmsg ") \
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index df1a618dbf7d..5b7342d43486 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -44,6 +44,7 @@ enum rxrpc_skb_mark {
RXRPC_SKB_MARK_SERVICE_CONN_SECURED, /* Service connection response has been verified */
RXRPC_SKB_MARK_REJECT_BUSY, /* Reject with BUSY */
RXRPC_SKB_MARK_REJECT_ABORT, /* Reject with ABORT (code in skb->priority) */
+ RXRPC_SKB_MARK_REJECT_CONN_ABORT, /* Reject with connection ABORT (code in skb->priority) */
};
/*
@@ -1253,6 +1254,8 @@ int rxrpc_encap_rcv(struct sock *, struct sk_buff *);
void rxrpc_error_report(struct sock *);
bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why,
s32 abort_code, int err);
+bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason why,
+ s32 abort_code, int err);
int rxrpc_io_thread(void *data);
void rxrpc_post_response(struct rxrpc_connection *conn, struct sk_buff *skb);
static inline void rxrpc_wake_up_io_thread(struct rxrpc_local *local)
diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c
index a4d76f2da684..00982a030744 100644
--- a/net/rxrpc/call_accept.c
+++ b/net/rxrpc/call_accept.c
@@ -374,8 +374,8 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local,
spin_lock(&rx->incoming_lock);
if (rx->sk.sk_state == RXRPC_SERVER_LISTEN_DISABLED ||
rx->sk.sk_state == RXRPC_CLOSE) {
- rxrpc_direct_abort(skb, rxrpc_abort_shut_down,
- RX_INVALID_OPERATION, -ESHUTDOWN);
+ rxrpc_direct_conn_abort(skb, rxrpc_abort_shut_down,
+ RX_INVALID_OPERATION, -ESHUTDOWN);
goto no_call;
}
@@ -422,12 +422,12 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local,
unsupported_service:
read_unlock_irq(&local->services_lock);
- return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered,
- RX_INVALID_OPERATION, -EOPNOTSUPP);
+ return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered,
+ RX_INVALID_OPERATION, -EOPNOTSUPP);
unsupported_security:
read_unlock_irq(&local->services_lock);
- return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered,
- RX_INVALID_OPERATION, -EKEYREJECTED);
+ return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered,
+ RX_INVALID_OPERATION, -EKEYREJECTED);
no_call:
spin_unlock(&rx->incoming_lock);
read_unlock_irq(&local->services_lock);
diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c
index 27b650d30f4d..e939ecf417c4 100644
--- a/net/rxrpc/io_thread.c
+++ b/net/rxrpc/io_thread.c
@@ -97,6 +97,20 @@ bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why,
return false;
}
+/*
+ * Directly produce a connection abort from a packet.
+ */
+bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason why,
+ s32 abort_code, int err)
+{
+ struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
+
+ trace_rxrpc_abort(0, why, sp->hdr.cid, 0, sp->hdr.seq, abort_code, err);
+ skb->mark = RXRPC_SKB_MARK_REJECT_CONN_ABORT;
+ skb->priority = abort_code;
+ return false;
+}
+
static bool rxrpc_bad_message(struct sk_buff *skb, enum rxrpc_abort_reason why)
{
return rxrpc_direct_abort(skb, why, RX_PROTOCOL_ERROR, -EBADMSG);
diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
index 17c33b5cf7dd..8b5903b6e481 100644
--- a/net/rxrpc/output.c
+++ b/net/rxrpc/output.c
@@ -829,7 +829,13 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
msg.msg_controllen = 0;
msg.msg_flags = 0;
- memset(&whdr, 0, sizeof(whdr));
+ whdr = (struct rxrpc_wire_header) {
+ .epoch = htonl(sp->hdr.epoch),
+ .cid = htonl(sp->hdr.cid),
+ .callNumber = htonl(sp->hdr.callNumber),
+ .serviceId = htons(sp->hdr.serviceId),
+ .flags = ~sp->hdr.flags & RXRPC_CLIENT_INITIATED,
+ };
switch (skb->mark) {
case RXRPC_SKB_MARK_REJECT_BUSY:
@@ -837,6 +843,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
size = sizeof(whdr);
ioc = 1;
break;
+ case RXRPC_SKB_MARK_REJECT_CONN_ABORT:
+ whdr.callNumber = 0;
+ fallthrough;
case RXRPC_SKB_MARK_REJECT_ABORT:
whdr.type = RXRPC_PACKET_TYPE_ABORT;
code = htonl(skb->priority);
@@ -850,14 +859,6 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
if (rxrpc_extract_addr_from_skb(&srx, skb) == 0) {
msg.msg_namelen = srx.transport_len;
- whdr.epoch = htonl(sp->hdr.epoch);
- whdr.cid = htonl(sp->hdr.cid);
- whdr.callNumber = htonl(sp->hdr.callNumber);
- whdr.serviceId = htons(sp->hdr.serviceId);
- whdr.flags = sp->hdr.flags;
- whdr.flags ^= RXRPC_CLIENT_INITIATED;
- whdr.flags &= RXRPC_CLIENT_INITIATED;
-
iov_iter_kvec(&msg.msg_iter, WRITE, iov, ioc, size);
ret = do_udp_sendmsg(local->socket, &msg, size);
if (ret < 0)
diff --git a/net/rxrpc/security.c b/net/rxrpc/security.c
index 078d91a6b77f..2bfbf2b2bb37 100644
--- a/net/rxrpc/security.c
+++ b/net/rxrpc/security.c
@@ -140,15 +140,15 @@ const struct rxrpc_security *rxrpc_get_incoming_security(struct rxrpc_sock *rx,
sec = rxrpc_security_lookup(sp->hdr.securityIndex);
if (!sec) {
- rxrpc_direct_abort(skb, rxrpc_abort_unsupported_security,
- RX_INVALID_OPERATION, -EKEYREJECTED);
+ rxrpc_direct_conn_abort(skb, rxrpc_abort_unsupported_security,
+ RX_INVALID_OPERATION, -EKEYREJECTED);
return NULL;
}
if (sp->hdr.securityIndex != RXRPC_SECURITY_NONE &&
!rx->securities) {
- rxrpc_direct_abort(skb, rxrpc_abort_no_service_key,
- sec->no_key_abort, -EKEYREJECTED);
+ rxrpc_direct_conn_abort(skb, rxrpc_abort_no_service_key,
+ sec->no_key_abort, -EKEYREJECTED);
return NULL;
}
12 hours, 23 minutes
- 1
- 0
[PATCH net 4/5] rxrpc: Fix transmission of an abort in response to an abort
by David Howells
Under some circumstances, such as when a server socket is closing, ABORT
packets will be generated in response to incoming packets. Unfortunately,
this also may include generating aborts in response to incoming aborts -
which may cause a cycle. It appears this may be made possible by giving
the client a multicast address.
Fix this such that rxrpc_reject_packet() will refuse to generate aborts in
response to aborts.
Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Signed-off-by: David Howells <dhowells(a)redhat.com>
Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com>
cc: Marc Dionne <marc.dionne(a)auristor.com>
cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com>
cc: LePremierHomme <kwqcheii(a)proton.me>
cc: Linus Torvalds <torvalds(a)linux-foundation.org>
cc: Jakub Kicinski <kuba(a)kernel.org>
cc: Paolo Abeni <pabeni(a)redhat.com>
cc: "David S. Miller" <davem(a)davemloft.net>
cc: Eric Dumazet <edumazet(a)google.com>
cc: Simon Horman <horms(a)kernel.org>
cc: linux-afs(a)lists.infradead.org
cc: netdev(a)vger.kernel.org
cc: stable(a)vger.kernel.org
---
net/rxrpc/output.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
index ef7b3096c95e..17c33b5cf7dd 100644
--- a/net/rxrpc/output.c
+++ b/net/rxrpc/output.c
@@ -814,6 +814,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
__be32 code;
int ret, ioc;
+ if (sp->hdr.type == RXRPC_PACKET_TYPE_ABORT)
+ return; /* Never abort an abort. */
+
rxrpc_see_skb(skb, rxrpc_skb_see_reject);
iov[0].iov_base = &whdr;
12 hours, 23 minutes
- 1
- 0
[PATCH net 2/5] rxrpc: Fix recv-recv race of completed call
by David Howells
If a call receives an event (such as incoming data), the call gets placed
on the socket's queue and a thread in recvmsg can be awakened to go and
process it. Once the thread has picked up the call off of the queue,
further events will cause it to be requeued, and once the socket lock is
dropped (recvmsg uses call->user_mutex to allow the socket to be used in
parallel), a second thread can come in and its recvmsg can pop the call off
the socket queue again.
In such a case, the first thread will be receiving stuff from the call and
the second thread will be blocked on call->user_mutex. The first thread
can, at this point, process both the event that it picked call for and the
event that the second thread picked the call for and may see the call
terminate - in which case the call will be "released", decoupling the call
from the user call ID assigned to it (RXRPC_USER_CALL_ID in the control
message).
The first thread will return okay, but then the second thread will wake up
holding the user_mutex and, if it sees that the call has been released by
the first thread, it will BUG thusly:
kernel BUG at net/rxrpc/recvmsg.c:474!
Fix this by just dequeuing the call and ignoring it if it is seen to be
already released. We can't tell userspace about it anyway as the user call
ID has become stale.
Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Reported-by: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com>
Signed-off-by: David Howells <dhowells(a)redhat.com>
Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com>
cc: LePremierHomme <kwqcheii(a)proton.me>
cc: Marc Dionne <marc.dionne(a)auristor.com>
cc: Jakub Kicinski <kuba(a)kernel.org>
cc: Paolo Abeni <pabeni(a)redhat.com>
cc: "David S. Miller" <davem(a)davemloft.net>
cc: Eric Dumazet <edumazet(a)google.com>
cc: Simon Horman <horms(a)kernel.org>
cc: linux-afs(a)lists.infradead.org
cc: netdev(a)vger.kernel.org
cc: stable(a)vger.kernel.org
---
include/trace/events/rxrpc.h | 3 +++
net/rxrpc/call_accept.c | 1 +
net/rxrpc/recvmsg.c | 19 +++++++++++++++++--
3 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h
index 378d2dfc7392..e7dcfb1369b6 100644
--- a/include/trace/events/rxrpc.h
+++ b/include/trace/events/rxrpc.h
@@ -330,12 +330,15 @@
EM(rxrpc_call_put_userid, "PUT user-id ") \
EM(rxrpc_call_see_accept, "SEE accept ") \
EM(rxrpc_call_see_activate_client, "SEE act-clnt") \
+ EM(rxrpc_call_see_already_released, "SEE alrdy-rl") \
EM(rxrpc_call_see_connect_failed, "SEE con-fail") \
EM(rxrpc_call_see_connected, "SEE connect ") \
EM(rxrpc_call_see_conn_abort, "SEE conn-abt") \
+ EM(rxrpc_call_see_discard, "SEE discard ") \
EM(rxrpc_call_see_disconnected, "SEE disconn ") \
EM(rxrpc_call_see_distribute_error, "SEE dist-err") \
EM(rxrpc_call_see_input, "SEE input ") \
+ EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \
EM(rxrpc_call_see_release, "SEE release ") \
EM(rxrpc_call_see_userid_exists, "SEE u-exists") \
EM(rxrpc_call_see_waiting_call, "SEE q-conn ") \
diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c
index 226b4bf82747..a4d76f2da684 100644
--- a/net/rxrpc/call_accept.c
+++ b/net/rxrpc/call_accept.c
@@ -219,6 +219,7 @@ void rxrpc_discard_prealloc(struct rxrpc_sock *rx)
tail = b->call_backlog_tail;
while (CIRC_CNT(head, tail, size) > 0) {
struct rxrpc_call *call = b->call_backlog[tail];
+ rxrpc_see_call(call, rxrpc_call_see_discard);
rcu_assign_pointer(call->socket, rx);
if (rx->app_ops &&
rx->app_ops->discard_new_call) {
diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c
index 86a27fb55a1c..6990e37697de 100644
--- a/net/rxrpc/recvmsg.c
+++ b/net/rxrpc/recvmsg.c
@@ -447,6 +447,16 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
goto try_again;
}
+ rxrpc_see_call(call, rxrpc_call_see_recvmsg);
+ if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) {
+ rxrpc_see_call(call, rxrpc_call_see_already_released);
+ list_del_init(&call->recvmsg_link);
+ spin_unlock_irq(&rx->recvmsg_lock);
+ release_sock(&rx->sk);
+ trace_rxrpc_recvmsg(call->debug_id, rxrpc_recvmsg_unqueue, 0);
+ rxrpc_put_call(call, rxrpc_call_put_recvmsg);
+ goto try_again;
+ }
if (!(flags & MSG_PEEK))
list_del_init(&call->recvmsg_link);
else
@@ -470,8 +480,13 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
release_sock(&rx->sk);
- if (test_bit(RXRPC_CALL_RELEASED, &call->flags))
- BUG();
+ if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) {
+ rxrpc_see_call(call, rxrpc_call_see_already_released);
+ mutex_unlock(&call->user_mutex);
+ if (!(flags & MSG_PEEK))
+ rxrpc_put_call(call, rxrpc_call_put_recvmsg);
+ goto try_again;
+ }
ret = rxrpc_recvmsg_user_id(call, msg, flags);
if (ret < 0)
12 hours, 23 minutes
- 1
- 0
[PATCH net 1/5] rxrpc: Fix irq-disabled in local_bh_enable()
by David Howells
The rxrpc_assess_MTU_size() function calls down into the IP layer to find
out the MTU size for a route. When accepting an incoming call, this is
called from rxrpc_new_incoming_call() which holds interrupts disabled
across the code that calls down to it. Unfortunately, the IP layer uses
local_bh_enable() which, config dependent, throws a warning if IRQs are
enabled:
WARNING: CPU: 1 PID: 5544 at kernel/softirq.c:387 __local_bh_enable_ip+0x43/0xd0
...
RIP: 0010:__local_bh_enable_ip+0x43/0xd0
...
Call Trace:
<TASK>
rt_cache_route+0x7e/0xa0
rt_set_nexthop.isra.0+0x3b3/0x3f0
__mkroute_output+0x43a/0x460
ip_route_output_key_hash+0xf7/0x140
ip_route_output_flow+0x1b/0x90
rxrpc_assess_MTU_size.isra.0+0x2a0/0x590
rxrpc_new_incoming_peer+0x46/0x120
rxrpc_alloc_incoming_call+0x1b1/0x400
rxrpc_new_incoming_call+0x1da/0x5e0
rxrpc_input_packet+0x827/0x900
rxrpc_io_thread+0x403/0xb60
kthread+0x2f7/0x310
ret_from_fork+0x2a/0x230
ret_from_fork_asm+0x1a/0x30
...
hardirqs last enabled at (23): _raw_spin_unlock_irq+0x24/0x50
hardirqs last disabled at (24): _raw_read_lock_irq+0x17/0x70
softirqs last enabled at (0): copy_process+0xc61/0x2730
softirqs last disabled at (25): rt_add_uncached_list+0x3c/0x90
Fix this by moving the call to rxrpc_assess_MTU_size() out of
rxrpc_init_peer() and further up the stack where it can be done without
interrupts disabled.
It shouldn't be a problem for rxrpc_new_incoming_call() to do it after the
locks are dropped as pmtud is going to be performed by the I/O thread - and
we're in the I/O thread at this point.
Fixes: a2ea9a907260 ("rxrpc: Use irq-disabling spinlocks between app and I/O thread")
Signed-off-by: David Howells <dhowells(a)redhat.com>
Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com>
cc: Marc Dionne <marc.dionne(a)auristor.com>
cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com>
cc: LePremierHomme <kwqcheii(a)proton.me>
cc: Jakub Kicinski <kuba(a)kernel.org>
cc: Paolo Abeni <pabeni(a)redhat.com>
cc: "David S. Miller" <davem(a)davemloft.net>
cc: Eric Dumazet <edumazet(a)google.com>
cc: Simon Horman <horms(a)kernel.org>
cc: linux-afs(a)lists.infradead.org
cc: netdev(a)vger.kernel.org
cc: stable(a)vger.kernel.org
---
net/rxrpc/ar-internal.h | 1 +
net/rxrpc/call_accept.c | 1 +
net/rxrpc/peer_object.c | 6 ++----
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 376e33dce8c1..df1a618dbf7d 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -1383,6 +1383,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *,
const struct sockaddr_rxrpc *);
struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_local *local,
struct sockaddr_rxrpc *srx, gfp_t gfp);
+void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *peer);
struct rxrpc_peer *rxrpc_alloc_peer(struct rxrpc_local *, gfp_t,
enum rxrpc_peer_trace);
void rxrpc_new_incoming_peer(struct rxrpc_local *local, struct rxrpc_peer *peer);
diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c
index 49fccee1a726..226b4bf82747 100644
--- a/net/rxrpc/call_accept.c
+++ b/net/rxrpc/call_accept.c
@@ -406,6 +406,7 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local,
spin_unlock(&rx->incoming_lock);
read_unlock_irq(&local->services_lock);
+ rxrpc_assess_MTU_size(local, call->peer);
if (hlist_unhashed(&call->error_link)) {
spin_lock_irq(&call->peer->lock);
diff --git a/net/rxrpc/peer_object.c b/net/rxrpc/peer_object.c
index e2f35e6c04d6..366431b0736c 100644
--- a/net/rxrpc/peer_object.c
+++ b/net/rxrpc/peer_object.c
@@ -149,8 +149,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *local,
* assess the MTU size for the network interface through which this peer is
* reached
*/
-static void rxrpc_assess_MTU_size(struct rxrpc_local *local,
- struct rxrpc_peer *peer)
+void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *peer)
{
struct net *net = local->net;
struct dst_entry *dst;
@@ -277,8 +276,6 @@ static void rxrpc_init_peer(struct rxrpc_local *local, struct rxrpc_peer *peer,
peer->hdrsize += sizeof(struct rxrpc_wire_header);
peer->max_data = peer->if_mtu - peer->hdrsize;
-
- rxrpc_assess_MTU_size(local, peer);
}
/*
@@ -297,6 +294,7 @@ static struct rxrpc_peer *rxrpc_create_peer(struct rxrpc_local *local,
if (peer) {
memcpy(&peer->srx, srx, sizeof(*srx));
rxrpc_init_peer(local, peer, hash_key);
+ rxrpc_assess_MTU_size(local, peer);
}
_leave(" = %p", peer);
12 hours, 23 minutes
- 1
- 0
Re: [PATCH 6.15 000/192] 6.15.7-rc1 review
by Dileep malepu
> This is the start of the stable review cycle for the 6.15.7 release.
> There are 192 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.7-rc1…
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Tested Linux kernel 6.15.7-rc1 on Fedora 37 (x86_64) with Intel i7-11800H.
All major tests including boot, Wi-Fi, Bluetooth, audio, video, and USB
mass storage detection passed successfully.
Kernel Version : 6.15.7-rc1
Fedora Version : 37 (Thirty Seven)
Processor : 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz
Build Architecture: x86_64
Test Results:
- Boot Test : PASS
- Wi-Fi Test : PASS
- Bluetooth Test : PASS
- Audio Test : PASS
- Video Test : PASS
- USB Mass Storage Drive Detect : PASS
Tested-by: Dileep Malepu <dileep.debian(a)gmail.com>
12 hours, 27 minutes
- 1
- 0
[PATCH] kernel/fork: Increase minimum number of allowed threads
by Hauke Mehrtens
From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
A modern Linux system creates much more than 20 threads at bootup.
When I booted up OpenWrt in qemu the system sometimes failed to boot up
when it wanted to create the 419th thread. The VM had 128MB RAM and the
calculation in set_max_threads() calculated that max_threads should be
set to 419. When the system booted up it tried to notify the user space
about every device it created because CONFIG_UEVENT_HELPER was set and
used. I counted 1299 calles to call_usermodehelper_setup(), all of
them try to create a new thread and call the userspace hotplug script in
it.
This fixes bootup of Linux on systems with low memory.
I saw the problem with qemu 10.0.2 using these commands:
qemu-system-aarch64 -machine virt -cpu cortex-a57 -nographic
Cc: stable(a)vger.kernel.org
Signed-off-by: Hauke Mehrtens <hauke(a)hauke-m.de>
---
kernel/fork.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 7966c9a1c163..388299525f3c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -115,7 +115,7 @@
/*
* Minimum number of threads to boot the kernel
*/
-#define MIN_THREADS 20
+#define MIN_THREADS 600
/*
* Maximum number of threads
--
2.50.1
12 hours, 30 minutes
- 2
- 2
[PATCH v5 2/3] drm/amdgpu: Reset the clear flag in buddy during resume
by Arunpravin Paneer Selvam
- Added a handler in DRM buddy manager to reset the cleared
flag for the blocks in the freelist.
- This is necessary because, upon resuming, the VRAM becomes
cluttered with BIOS data, yet the VRAM backend manager
believes that everything has been cleared.
v2:
- Add lock before accessing drm_buddy_clear_reset_blocks()(Matthew Auld)
- Force merge the two dirty blocks.(Matthew Auld)
- Add a new unit test case for this issue.(Matthew Auld)
- Having this function being able to flip the state either way would be
good. (Matthew Brost)
v3(Matthew Auld):
- Do merge step first to avoid the use of extra reset flag.
Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com>
Suggested-by: Christian König <christian.koenig(a)amd.com>
Acked-by: Christian König <christian.koenig(a)amd.com>
Reviewed-by: Matthew Auld <matthew.auld(a)intel.com>
Cc: stable(a)vger.kernel.org
Fixes: a68c7eaa7a8f ("drm/amdgpu: Enable clear page functionality")
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 17 ++++++++
drivers/gpu/drm/drm_buddy.c | 43 ++++++++++++++++++++
include/drm/drm_buddy.h | 2 +
5 files changed, 65 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
index 723ab95d8c48..ac92220f9fc3 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
@@ -5327,6 +5327,8 @@ int amdgpu_device_resume(struct drm_device *dev, bool notify_clients)
dev->dev->power.disable_depth--;
#endif
}
+
+ amdgpu_vram_mgr_clear_reset_blocks(adev);
adev->in_suspend = false;
if (amdgpu_acpi_smart_shift_update(dev, AMDGPU_SS_DEV_D0))
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h
index 215c198e4aff..2309df3f68a9 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h
@@ -155,6 +155,7 @@ int amdgpu_vram_mgr_reserve_range(struct amdgpu_vram_mgr *mgr,
uint64_t start, uint64_t size);
int amdgpu_vram_mgr_query_page_status(struct amdgpu_vram_mgr *mgr,
uint64_t start);
+void amdgpu_vram_mgr_clear_reset_blocks(struct amdgpu_device *adev);
bool amdgpu_res_cpu_visible(struct amdgpu_device *adev,
struct ttm_resource *res);
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c
index abdc52b0895a..07c936e90d8e 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c
@@ -782,6 +782,23 @@ uint64_t amdgpu_vram_mgr_vis_usage(struct amdgpu_vram_mgr *mgr)
return atomic64_read(&mgr->vis_usage);
}
+/**
+ * amdgpu_vram_mgr_clear_reset_blocks - reset clear blocks
+ *
+ * @adev: amdgpu device pointer
+ *
+ * Reset the cleared drm buddy blocks.
+ */
+void amdgpu_vram_mgr_clear_reset_blocks(struct amdgpu_device *adev)
+{
+ struct amdgpu_vram_mgr *mgr = &adev->mman.vram_mgr;
+ struct drm_buddy *mm = &mgr->mm;
+
+ mutex_lock(&mgr->lock);
+ drm_buddy_reset_clear(mm, false);
+ mutex_unlock(&mgr->lock);
+}
+
/**
* amdgpu_vram_mgr_intersects - test each drm buddy block for intersection
*
diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c
index a1e652b7631d..a94061f373de 100644
--- a/drivers/gpu/drm/drm_buddy.c
+++ b/drivers/gpu/drm/drm_buddy.c
@@ -405,6 +405,49 @@ drm_get_buddy(struct drm_buddy_block *block)
}
EXPORT_SYMBOL(drm_get_buddy);
+/**
+ * drm_buddy_reset_clear - reset blocks clear state
+ *
+ * @mm: DRM buddy manager
+ * @is_clear: blocks clear state
+ *
+ * Reset the clear state based on @is_clear value for each block
+ * in the freelist.
+ */
+void drm_buddy_reset_clear(struct drm_buddy *mm, bool is_clear)
+{
+ u64 root_size, size, start;
+ unsigned int order;
+ int i;
+
+ size = mm->size;
+ for (i = 0; i < mm->n_roots; ++i) {
+ order = ilog2(size) - ilog2(mm->chunk_size);
+ start = drm_buddy_block_offset(mm->roots[i]);
+ __force_merge(mm, start, start + size, order);
+
+ root_size = mm->chunk_size << order;
+ size -= root_size;
+ }
+
+ for (i = 0; i <= mm->max_order; ++i) {
+ struct drm_buddy_block *block;
+
+ list_for_each_entry_reverse(block, &mm->free_list[i], link) {
+ if (is_clear != drm_buddy_block_is_clear(block)) {
+ if (is_clear) {
+ mark_cleared(block);
+ mm->clear_avail += drm_buddy_block_size(mm, block);
+ } else {
+ clear_reset(block);
+ mm->clear_avail -= drm_buddy_block_size(mm, block);
+ }
+ }
+ }
+ }
+}
+EXPORT_SYMBOL(drm_buddy_reset_clear);
+
/**
* drm_buddy_free_block - free a block
*
diff --git a/include/drm/drm_buddy.h b/include/drm/drm_buddy.h
index 9689a7c5dd36..513837632b7d 100644
--- a/include/drm/drm_buddy.h
+++ b/include/drm/drm_buddy.h
@@ -160,6 +160,8 @@ int drm_buddy_block_trim(struct drm_buddy *mm,
u64 new_size,
struct list_head *blocks);
+void drm_buddy_reset_clear(struct drm_buddy *mm, bool is_clear);
+
void drm_buddy_free_block(struct drm_buddy *mm, struct drm_buddy_block *block);
void drm_buddy_free_list(struct drm_buddy *mm,
--
2.43.0
12 hours, 38 minutes
- 3
- 5
[PATCH] misc: rtsx: usb: Ensure mmc child device is active when card is present
by Ricky Wu
When a card is present in the reader, the driver currently defers
autosuspend by returning -EAGAIN during the suspend callback to
trigger USB remote wakeup signaling. However, this does not guarantee
that the mmc child device has been resumed, which may cause issues if
it remains suspended while the card is accessible.
This patch ensures that all child devices, including the mmc host
controller, are explicitly resumed before returning -EAGAIN. This
fixes a corner case introduced by earlier remote wakeup handling,
improving reliability of runtime PM when a card is inserted.
Fixes: 883a87ddf2f1 ("misc: rtsx_usb: Use USB remote wakeup signaling for card insertion detection")
Cc: stable(a)vger.kernel.org
Signed-off-by: Ricky Wu <ricky_wu(a)realtek.com>
---
drivers/misc/cardreader/rtsx_usb.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c
index 148107a4547c..d007a4455ce5 100644
--- a/drivers/misc/cardreader/rtsx_usb.c
+++ b/drivers/misc/cardreader/rtsx_usb.c
@@ -698,6 +698,12 @@ static void rtsx_usb_disconnect(struct usb_interface *intf)
}
#ifdef CONFIG_PM
+static int rtsx_usb_resume_child(struct device *dev, void *data)
+{
+ pm_request_resume(dev);
+ return 0;
+}
+
static int rtsx_usb_suspend(struct usb_interface *intf, pm_message_t message)
{
struct rtsx_ucr *ucr =
@@ -713,8 +719,10 @@ static int rtsx_usb_suspend(struct usb_interface *intf, pm_message_t message)
mutex_unlock(&ucr->dev_mutex);
/* Defer the autosuspend if card exists */
- if (val & (SD_CD | MS_CD))
+ if (val & (SD_CD | MS_CD)) {
+ device_for_each_child(&intf->dev, NULL, rtsx_usb_resume_child);
return -EAGAIN;
+ }
} else {
/* There is an ongoing operation*/
return -EAGAIN;
@@ -724,12 +732,6 @@ static int rtsx_usb_suspend(struct usb_interface *intf, pm_message_t message)
return 0;
}
-static int rtsx_usb_resume_child(struct device *dev, void *data)
-{
- pm_request_resume(dev);
- return 0;
-}
-
static int rtsx_usb_resume(struct usb_interface *intf)
{
device_for_each_child(&intf->dev, NULL, rtsx_usb_resume_child);
--
2.25.1
13 hours, 37 minutes
- 2
- 1