- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.36 release. There are 218 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 05 Jul 2025 14:39:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.36-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.36-rc1 Kevin Hao <haokexin(a)gmail.com> spi: fsl-qspi: Fix double cleanup in probe error path Sasha Levin <sashal(a)kernel.org> btrfs: fix use-after-free on inode when scanning root during em shrinking Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix extent range end unlock in cow_file_range() Han Xu <han.xu(a)nxp.com> spi: fsl-qspi: use devm function instead of driver remove Miquel Raynal <miquel.raynal(a)bootlin.com> spi: fsl-qspi: Support per spi-mem operation frequency switches Miquel Raynal <miquel.raynal(a)bootlin.com> spi: spi-mem: Add a new controller capability Miquel Raynal <miquel.raynal(a)bootlin.com> spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency Qingfang Deng <dqfext(a)gmail.com> net: stmmac: Fix accessing freed irq affinity_hint Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix instruction hazard in gfx12 trap handler Jonathan Kim <jonathan.kim(a)amd.com> drm/amdkfd: remove gfx 12 trap handler page size cap Andres Traumann <andres.traumann.01(a)gmail.com> ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi Bibo Mao <maobibo(a)loongson.cn> LoongArch: Set hugetlb mmap base address aligned with pmd size Sasha Levin <sashal(a)kernel.org> riscv/atomic: Do proper sign extension also for unsigned in arch_cmpxchg Filipe Manana <fdmanana(a)suse.com> btrfs: do regular iput instead of delayed iput during extent map shrinking Filipe Manana <fdmanana(a)suse.com> btrfs: make the extent map shrinker run asynchronously as a work queue job Filipe Manana <fdmanana(a)suse.com> btrfs: skip inodes without loaded extent maps when shrinking extent maps Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Add shadow buffering for deferred I/O Sasha Levin <sashal(a)kernel.org> drm/msm/dp: account for widebus and yuv420 during mode validation Sasha Levin <sashal(a)kernel.org> usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY Sasha Levin <sashal(a)kernel.org> drm/xe: Carve out wopcm portion from the stolen memory Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-common: fix ad3541/2r ranges Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r: extract common code (no changes in behavior intended) Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r: changes to use FIELD_PREP Qu Wenruo <wqu(a)suse.com> btrfs: do proper folio cleanup when cow_file_range() failed Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: realtek: add RTL8125D-internal PHY Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: realtek: merge the drivers for internal NBase-T PHY's Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add support for RTL8125D Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/vma: reset VMA iterator on commit_merge() OOM failure Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: flag partial buffer mappings Jens Axboe <axboe(a)kernel.dk> io_uring/net: mark iov as dynamically allocated even for single segments Jens Axboe <axboe(a)kernel.dk> io_uring/net: always use current transfer count for buffer put Jens Axboe <axboe(a)kernel.dk> io_uring/net: only consider msg_inq if larger than 1 Jens Axboe <axboe(a)kernel.dk> io_uring/net: only retry recv bundle for a full transfer Jens Axboe <axboe(a)kernel.dk> io_uring/net: improve recv bundles Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: don't rely on user vaddr alignment Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: fix folio unpinning Penglei Jiang <superman.xpt(a)gmail.com> io_uring: fix potential page leak in io_sqe_buffer_register() Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix Tx L4 checksum Chang S. Bae <chang.seok.bae(a)intel.com> x86/pkeys: Simplify PKRU update in signal frame Chang S. Bae <chang.seok.bae(a)intel.com> x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix mpv playback corruption on weston Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: switch job hw_fence to amdgpu_fence Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe: Fix early wedge on GuC load failure Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix taking invalid lock on wedge Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix memset on iomem Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check dce_hwseq before dereferencing it Frank Min <Frank.Min(a)amd.com> drm/amdgpu: Add kicker device detection Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: Fix RMCM programming seq errors Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: add back fix Matthew Auld <matthew.auld(a)intel.com> drm/xe/sched: stop re-submitting signalled jobs Matthew Auld <matthew.auld(a)intel.com> drm/xe/vm: move rebind_work init earlier Zhongwei Zhang <Zhongwei.Zhang(a)amd.com> drm/amd/display: Correct non-OLED pre_T11_delay. John Olender <john.olender(a)gmail.com> drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix phy de-init and flag it so Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/gpu: Fix crash when throttling GPU immediately during boot Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Maíra Canal <mcanal(a)igalia.com> drm/etnaviv: Protect the scheduler's pending list with its lock Thomas Zimmermann <tzimmermann(a)suse.de> drm/cirrus-qemu: Fix pitch programming Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix comment on modeset lock anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Chen Yu <yu.c.chen(a)intel.com> scsi: megaraid_sas: Fix invalid node index Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Iusico Maxim <iusico.maxim(a)libero.it> HID: lenovo: Restrict F7/9/11 mode to compact keyboards only Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page David Hildenbrand <david(a)redhat.com> mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the creation of page_pool Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> spi: spi-cadence-quadspi: Fix pm runtime unbalance Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Filipe Manana <fdmanana(a)suse.com> btrfs: fix a race between renames and directory logging Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fabio Estevam <festevam(a)gmail.com> serial: imx: Restore original RXTL for console to fix data loss Aidan Stewart <astewart(a)tektelic.com> serial: core: restore of_node information in sysfs Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Avadhut Naik <avadhut.naik(a)amd.com> EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs David Howells <dhowells(a)redhat.com> cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code David Howells <dhowells(a)redhat.com> cifs: Fix the smbd_response slab to allow usercopy Stefan Metzmacher <metze(a)samba.org> smb: client: make use of common smbdirect_socket_parameters Stefan Metzmacher <metze(a)samba.org> smb: smbdirect: introduce smbdirect_socket_parameters Stefan Metzmacher <metze(a)samba.org> smb: client: make use of common smbdirect_socket Stefan Metzmacher <metze(a)samba.org> smb: smbdirect: add smbdirect_socket.h Stefan Metzmacher <metze(a)samba.org> smb: smbdirect: add smbdirect.h with public structures Stefan Metzmacher <metze(a)samba.org> smb: client: make use of common smbdirect_pdu.h Stefan Metzmacher <metze(a)samba.org> smb: smbdirect: add smbdirect_pdu.h with protocol definitions Paulo Alcantara <pc(a)manguebit.org> smb: client: fix potential deadlock when reconnecting channels Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Process deferred GGTT node removals on device unwind Jayesh Choudhary <j-choudhary(a)ti.com> drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type Wolfram Sang <wsa+renesas(a)sang-engineering.com> drm/bridge: ti-sn65dsi86: make use of debugfs_init callback Arnd Bergmann <arnd(a)arndb.de> drm/i915: fix build error some more Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Adjust output for discovery error handling Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/discovery: optionally use fw based ip discovery Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Salvatore Bonaccorso <carnil(a)debian.org> ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: replace underscores with dashes in names Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Adin Scannell <amscanne(a)meta.com> libbpf: Fix possible use-after-free for externs Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Create separate links for VLAN interfaces Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: ionic: Fix DMA mapping tests Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Thomas Zeitlhofer <thomas.zeitlhofer+lkml(a)ze-it.at> HID: wacom: fix crash in wacom_aes_battery_handler() Haoxiang Li <haoxiang_li2024(a)163.com> drm/xe/display: Add check for alloc_ordered_workqueue() Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Nam Cao <namcao(a)linutronix.de> Revert "riscv: misaligned: fix sleeping function called during misaligned access handling" Nam Cao <namcao(a)linutronix.de> Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" Yu Kuai <yukuai3(a)huawei.com> lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Oliver Schramm <oliver.schramm97(a)gmail.com> ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Niklas Cassel <cassel(a)kernel.org> ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't leave consecutive consumed OOB skbs. Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Trigger device recovery on engine reset/resume failure Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Add debugfs interface for setting HWS priority bands Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Make command queue ID allocated on XArray Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Remove copy engine support Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Do not fail on cmdq if failed to allocate preemption buffers Janne Grunau <j(a)jannau.net> PCI: apple: Set only available ports up Zhang Zekun <zhangzekun11(a)huawei.com> PCI: apple: Use helper function for_each_child_of_node_scoped() Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent David Sterba <dsterba(a)suse.com> btrfs: use unsigned types for constants defined as bit shifts Qu Wenruo <wqu(a)suse.com> btrfs: factor out nocow ordered extent and extent map generation into a helper Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 Qu Wenruo <wqu(a)suse.com> btrfs: handle csum tree error with rescue=ibadroots correctly Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Ziqi Chen <quic_ziqichen(a)quicinc.com> scsi: ufs: core: Don't perform UFS clkscaling during host async scan Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Shuming Fan <shumingf(a)realtek.com> ASoC: rt1320: fix speaker noise when volume bar is 100% Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Andy Chiu <andybnac(a)gmail.com> riscv: add a data fence for CMODX in the kernel mode Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: f_hid: wake up readers on disable/unbind Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Chenyuan Yang <chenyuan0y(a)gmail.com> misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() Purva Yeshi <purvayeshi550(a)gmail.com> iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support for Rev C0 and later devices Benjamin Berg <benjamin.berg(a)intel.com> um: use proper care when taking mmap lock during segfault Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Lin.Cao <lincao12(a)amd.com> drm/scheduler: signal scheduled fence when kill job Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: seq64 memory unmap uses uninterruptible lock Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yifan Zhang <yifan1.zhang(a)amd.com> amd/amdkfd: fix a kfd_process ref leak Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Hannes Reinecke <hare(a)kernel.org> nvme-tcp: sanitize request list handling Hannes Reinecke <hare(a)kernel.org> nvme-tcp: fix I/O stalls on congested sockets Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add workaround for errata ERR051624 Hector Martin <marcan(a)marcan.st> PCI: apple: Fix missing OF node reference in apple_pcie_setup_port Wenbin Yao <quic_wenbyao(a)quicinc.com> PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Lukas Wunner <lukas(a)wunner.de> Revert "iommu/amd: Prevent binding other PCI drivers to IOMMU PCI devices" Rudraksha Gupta <guptarud(a)gmail.com> rust: arm: fix unknown (to Clang) argument '-mno-fdpic' FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: module: place cleanup_module() in .exit.text section Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: provide zero as a unique ID to the Mac client Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Scott Mayhew <smayhew(a)redhat.com> NFSv4: xattr handlers should check for absent nfs filehandles Robert Richter <rrichter(a)amd.com> cxl/region: Add a dev_err() on missing target list entries Guang Yuan Wu <gwu(a)ddn.com> fuse: fix race between concurrent setattrs from multiple nodes Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Matthew Sakai <msakai(a)redhat.com> dm vdo indexer: don't read request structure after enqueuing Nikhil Jha <njha(a)janestreet.com> sunrpc: don't immediately retransmit on seqno miss Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Sagi Grimberg <sagi(a)grimberg.me> NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when timestamps are delegated Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE mode Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers Pali Rohár <pali(a)kernel.org> cifs: Correctly set SMB1 SessionKey field in Session Setup Request ------------- Diffstat: Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Documentation/netlink/specs/tc.yaml | 4 +- Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3399-rockpro64.dtsi | 12 + arch/loongarch/mm/mmap.c | 6 +- arch/riscv/include/asm/cmpxchg.h | 2 +- arch/riscv/include/asm/pgtable.h | 1 - arch/riscv/kernel/traps_misaligned.c | 4 +- arch/riscv/mm/cacheflush.c | 15 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/um/kernel/trap.c | 129 +++- arch/x86/include/uapi/asm/debugreg.h | 21 +- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/fpu/signal.c | 11 +- arch/x86/kernel/fpu/xstate.h | 22 +- arch/x86/kernel/traps.c | 34 +- arch/x86/um/asm/checksum.h | 3 + drivers/accel/ivpu/ivpu_debugfs.c | 84 +++ drivers/accel/ivpu/ivpu_drv.c | 6 + drivers/accel/ivpu/ivpu_drv.h | 10 +- drivers/accel/ivpu/ivpu_hw.c | 21 + drivers/accel/ivpu/ivpu_hw.h | 5 + drivers/accel/ivpu/ivpu_job.c | 203 +++--- drivers/accel/ivpu/ivpu_job.h | 2 + drivers/accel/ivpu/ivpu_jsm_msg.c | 46 +- drivers/ata/ahci.c | 2 +- drivers/cxl/core/region.c | 7 + drivers/dma/idxd/cdev.c | 4 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/edac/amd64_edac.c | 57 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 64 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_seq64.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 17 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 6 +- drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 703 +++++++++++---------- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 82 +-- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../dc/dml2/dml21/dml21_translation_helper.c | 1 + .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 5 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 1 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 9 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/ast/ast_mode.c | 6 +- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 32 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 109 ++-- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/drm_fbdev_dma.c | 219 +++++-- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 +- drivers/gpu/drm/i915/display/vlv_dsi.c | 4 +- drivers/gpu/drm/i915/i915_pmu.c | 2 +- drivers/gpu/drm/msm/dp/dp_display.c | 11 +- drivers/gpu/drm/msm/dp/dp_drm.c | 5 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 1 + drivers/gpu/drm/scheduler/sched_entity.c | 1 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/tiny/cirrus.c | 1 - drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/xe/display/xe_display.c | 2 + drivers/gpu/drm/xe/xe_ggtt.c | 11 + drivers/gpu/drm/xe/xe_gpu_scheduler.h | 10 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 + drivers/gpu/drm/xe/xe_guc_ct.c | 7 +- drivers/gpu/drm/xe/xe_guc_ct.h | 5 + drivers/gpu/drm/xe/xe_guc_pc.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 23 + drivers/gpu/drm/xe/xe_guc_types.h | 5 + drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 70 +- drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/hid/hid-lenovo.c | 11 +- drivers/hid/wacom_sys.c | 7 +- drivers/hwmon/pmbus/max34440.c | 48 +- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/adc/ad_sigma_delta.c | 4 + drivers/iio/dac/Makefile | 2 +- drivers/iio/dac/ad3552r-common.c | 248 ++++++++ drivers/iio/dac/ad3552r.c | 553 +++------------- drivers/iio/dac/ad3552r.h | 223 +++++++ drivers/iio/pressure/zpa2326.c | 2 +- drivers/iommu/amd/init.c | 3 - drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/dm-vdo/indexer/volume.c | 24 +- drivers/md/md-bitmap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 34 +- drivers/mfd/max14577.c | 1 + drivers/misc/tps6594-pfsm.c | 3 + drivers/mtd/nand/spi/core.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 +- drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 12 +- drivers/net/ethernet/realtek/r8169.h | 1 + drivers/net/ethernet/realtek/r8169_main.c | 23 +- drivers/net/ethernet/realtek/r8169_phy_config.c | 10 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 11 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 6 +- drivers/net/phy/realtek.c | 54 +- drivers/nvme/host/tcp.c | 22 +- drivers/pci/controller/dwc/pci-imx6.c | 15 + drivers/pci/controller/dwc/pcie-designware.c | 5 +- drivers/pci/controller/pcie-apple.c | 7 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/megaraid/megaraid_sas_base.c | 6 +- drivers/spi/spi-cadence-quadspi.c | 12 +- drivers/spi/spi-fsl-qspi.c | 48 +- drivers/spi/spi-mem.c | 34 + drivers/staging/rtl8723bs/core/rtw_security.c | 44 +- drivers/tty/serial/8250/8250_pci1xxxx.c | 10 + drivers/tty/serial/imx.c | 17 +- drivers/tty/serial/serial_base_bus.c | 1 + drivers/tty/serial/uartlite.c | 25 +- drivers/ufs/core/ufshcd.c | 6 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_hid.c | 19 +- drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/typec/altmodes/displayport.c | 4 + drivers/usb/typec/mux.c | 4 +- drivers/usb/typec/tcpm/tcpm.c | 3 +- fs/btrfs/backref.h | 4 +- fs/btrfs/direct-io.c | 4 +- fs/btrfs/disk-io.c | 5 +- fs/btrfs/extent_io.h | 2 +- fs/btrfs/extent_map.c | 132 +++- fs/btrfs/extent_map.h | 3 +- fs/btrfs/fs.h | 2 + fs/btrfs/inode.c | 299 +++++---- fs/btrfs/ordered-data.c | 14 +- fs/btrfs/raid56.c | 5 +- fs/btrfs/super.c | 13 +- fs/btrfs/tests/extent-io-tests.c | 6 +- fs/btrfs/volumes.c | 6 + fs/btrfs/zstd.c | 2 +- fs/ceph/file.c | 2 +- fs/f2fs/file.c | 38 ++ fs/f2fs/super.c | 30 +- fs/fuse/dir.c | 11 + fs/jfs/jfs_dmap.c | 41 +- fs/namespace.c | 8 +- fs/nfs/inode.c | 51 +- fs/nfs/nfs4proc.c | 25 +- fs/overlayfs/util.c | 4 +- fs/proc/task_mmu.c | 2 +- fs/smb/client/cifs_debug.c | 23 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifspdu.h | 6 +- fs/smb/client/cifssmb.c | 1 + fs/smb/client/connect.c | 58 +- fs/smb/client/misc.c | 8 + fs/smb/client/sess.c | 21 +- fs/smb/client/smb2ops.c | 14 +- fs/smb/client/smbdirect.c | 513 +++++++-------- fs/smb/client/smbdirect.h | 62 +- fs/smb/client/trace.h | 24 +- fs/smb/common/smbdirect/smbdirect.h | 37 ++ fs/smb/common/smbdirect/smbdirect_pdu.h | 55 ++ fs/smb/common/smbdirect/smbdirect_socket.h | 43 ++ fs/smb/server/connection.h | 1 + fs/smb/server/smb2pdu.c | 72 ++- fs/smb/server/smb2pdu.h | 3 + include/linux/spi/spi-mem.h | 14 +- include/net/bluetooth/hci_core.h | 2 + include/uapi/drm/ivpu_accel.h | 6 +- include/uapi/linux/vm_sockets.h | 4 + io_uring/kbuf.c | 1 + io_uring/kbuf.h | 1 + io_uring/net.c | 46 +- io_uring/rsrc.c | 23 +- io_uring/rsrc.h | 1 + lib/group_cpus.c | 9 +- lib/maple_tree.c | 4 +- mm/damon/sysfs-schemes.c | 1 + mm/gup.c | 14 +- mm/vma.c | 27 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/hci_core.c | 34 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/mac80211/chan.c | 3 + net/mac80211/ieee80211_i.h | 12 + net/mac80211/iface.c | 12 +- net/mac80211/link.c | 94 ++- net/mac80211/util.c | 2 +- net/sunrpc/clnt.c | 9 +- net/unix/af_unix.c | 31 +- rust/Makefile | 2 +- rust/macros/module.rs | 1 + sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/rt1320-sdw.c | 17 +- sound/soc/codecs/wcd9335.c | 40 +- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + tools/lib/bpf/libbpf.c | 10 +- .../selftests/bpf/progs/test_global_map_resize.c | 16 + 218 files changed, 3862 insertions(+), 2248 deletions(-)

2 days, 1 hour

15
242
0 0

[PATCH 1/1] drm/i915/dp: Refine TPS4-based HBR3 rejection and add quirk to limit eDP to HBR2

by Ankit Nautiyal

Refine the logic introduced in commit 584cf613c24a ("drm/i915/dp: Reject HBR3 when sink doesn't support TPS4") to allow HBR3 on eDP panels that report DPCD revision 1.4, even if TPS4 is not supported. This aligns with the DisplayPort specification, which does not mandate TPS4 support for eDP with DPCD rev 1.4. This change avoids regressions on panels that require HBR3 to operate at their native resolution but do not advertise TPS4 support. Additionally, some ICL/TGL platforms with combo PHY ports suffer from signal integrity issues at HBR3. While certain systems include a Parade PS8461 mux to mitigate this, its presence cannot be reliably detected. Furthermore, broken or missing VBT entries make it unsafe to rely on VBT for enforcing link rate limits. To address the HBR3-related issues on such platforms and eDP panels, introduce a device specific quirk to cap the eDP link rate to HBR2 (540000 kHz). This will override any higher advertised rates from the sink or DPCD for specific devices. Currently, the quirk is added for Dell XPS 13 7390 2-in-1 which is reported in gitlab issue #5969 [1]. [1] https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/5969 [2] https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14517 Fixes: 584cf613c24a ("drm/i915/dp: Reject HBR3 when sink doesn't support TPS4") Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Ville Syrj_l_ <ville.syrjala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.15+ Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/5969 Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14517 Signed-off-by: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 31 +++++++++++++++++++-- drivers/gpu/drm/i915/display/intel_quirks.c | 9 ++++++ drivers/gpu/drm/i915/display/intel_quirks.h | 1 + 3 files changed, 39 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index f48912f308df..362e376fca27 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -171,6 +171,15 @@ int intel_dp_link_symbol_clock(int rate) return DIV_ROUND_CLOSEST(rate * 10, intel_dp_link_symbol_size(rate)); } +static bool intel_dp_reject_hbr3_due_to_tps4(struct intel_dp *intel_dp) +{ + /* TPS4 is not mandatory for eDP with DPCD rev 1.4 */ + if (intel_dp_is_edp(intel_dp) && intel_dp->dpcd[DP_DPCD_REV] == 0x14) + return false; + + return !drm_dp_tps4_supported(intel_dp->dpcd); +} + static int max_dprx_rate(struct intel_dp *intel_dp) { struct intel_display *display = to_intel_display(intel_dp); @@ -187,13 +196,22 @@ static int max_dprx_rate(struct intel_dp *intel_dp) * HBR3 without TPS4, and are unable to produce a stable * output. Reject HBR3 when TPS4 is not available. */ - if (max_rate >= 810000 && !drm_dp_tps4_supported(intel_dp->dpcd)) { + if (max_rate >= 810000 && intel_dp_reject_hbr3_due_to_tps4(intel_dp)) { drm_dbg_kms(display->drm, "[ENCODER:%d:%s] Rejecting HBR3 due to missing TPS4 support\n", encoder->base.base.id, encoder->base.name); max_rate = 540000; } + /* + * Some platforms + eDP panels may not reliably support HBR3 + * due to signal integrity limitations, despite advertising it. + * Cap the link rate to HBR2 to avoid unstable configurations for the + * known machines. + */ + if (intel_dp_is_edp(intel_dp) && intel_has_quirk(display, QUIRK_EDP_LIMIT_RATE_HBR2)) + max_rate = min(max_rate, 540000); + return max_rate; } @@ -4304,13 +4322,22 @@ intel_edp_set_sink_rates(struct intel_dp *intel_dp) * HBR3 without TPS4, and are unable to produce a stable * output. Reject HBR3 when TPS4 is not available. */ - if (rate >= 810000 && !drm_dp_tps4_supported(intel_dp->dpcd)) { + if (rate >= 810000 && intel_dp_reject_hbr3_due_to_tps4(intel_dp)) { drm_dbg_kms(display->drm, "[ENCODER:%d:%s] Rejecting HBR3 due to missing TPS4 support\n", encoder->base.base.id, encoder->base.name); break; } + /* + * Some platforms cannot reliably drive HBR3 rates due to PHY limitations, + * even if the sink advertises support. Reject any sink rates above HBR2 on + * the known machines for stable output. + */ + if (rate >= 810000 && + intel_has_quirk(display, QUIRK_EDP_LIMIT_RATE_HBR2)) + break; + intel_dp->sink_rates[i] = rate; } intel_dp->num_sink_rates = i; diff --git a/drivers/gpu/drm/i915/display/intel_quirks.c b/drivers/gpu/drm/i915/display/intel_quirks.c index a32fae510ed2..d2e16b79d6be 100644 --- a/drivers/gpu/drm/i915/display/intel_quirks.c +++ b/drivers/gpu/drm/i915/display/intel_quirks.c @@ -80,6 +80,12 @@ static void quirk_fw_sync_len(struct intel_dp *intel_dp) drm_info(display->drm, "Applying Fast Wake sync pulse count quirk\n"); } +static void quirk_edp_limit_rate_hbr2(struct intel_display *display) +{ + intel_set_quirk(display, QUIRK_EDP_LIMIT_RATE_HBR2); + drm_info(display->drm, "Applying eDP Limit rate to HBR2 quirk\n"); +} + struct intel_quirk { int device; int subsystem_vendor; @@ -231,6 +237,9 @@ static struct intel_quirk intel_quirks[] = { { 0x3184, 0x1019, 0xa94d, quirk_increase_ddi_disabled_time }, /* HP Notebook - 14-r206nv */ { 0x0f31, 0x103c, 0x220f, quirk_invert_brightness }, + + /* Dell XPS 13 7390 2-in-1 */ + { 0x8a12, 0x1028, 0x08b0, quirk_edp_limit_rate_hbr2 }, }; static const struct intel_dpcd_quirk intel_dpcd_quirks[] = { diff --git a/drivers/gpu/drm/i915/display/intel_quirks.h b/drivers/gpu/drm/i915/display/intel_quirks.h index cafdebda7535..06da0e286c67 100644 --- a/drivers/gpu/drm/i915/display/intel_quirks.h +++ b/drivers/gpu/drm/i915/display/intel_quirks.h @@ -20,6 +20,7 @@ enum intel_quirk_id { QUIRK_LVDS_SSC_DISABLE, QUIRK_NO_PPS_BACKLIGHT_POWER_HOOK, QUIRK_FW_SYNC_LEN, + QUIRK_EDP_LIMIT_RATE_HBR2, }; void intel_init_quirks(struct intel_display *display); -- 2.45.2

2 days, 2 hours

2
2
0 0

[PATCH 6.15.y v2] mm/vmalloc: fix data race in show_numa_info()

by Jeongjun Park

commit 5c5f0468d172ddec2e333d738d2a1f85402cf0bc upstream. The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0: show_numa_info mm/vmalloc.c:4936 [inline] vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 .... write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1: show_numa_info mm/vmalloc.c:4934 [inline] vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 .... value changed: 0x0000008f -> 0x00000000 ================================================================== According to this report,there is a read/write data-race because m->private is accessible to multiple CPUs. To fix this, instead of allocating the heap in proc_vmalloc_init() and passing the heap address to m->private, vmalloc_info_show() should allocate the heap. Link: https://lkml.kernel.org/r/20250508165620.15321-1-aha310510@gmail.com Fixes: 8e1d743f2c26 ("mm: vmalloc: support multiple nodes in vmallocinfo") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Suggested-by: Eric Dumazet <edumazet(a)google.com> Suggested-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 63 +++++++++++++++++++++++++++++----------------------- 1 file changed, 35 insertions(+), 28 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 00cf1b575c89..3fb534dcf14d 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3100,7 +3100,7 @@ static void clear_vm_uninitialized_flag(struct vm_struct *vm) /* * Before removing VM_UNINITIALIZED, * we should make sure that vm has proper values. - * Pair with smp_rmb() in show_numa_info(). + * Pair with smp_rmb() in vread_iter() and vmalloc_info_show(). */ smp_wmb(); vm->flags &= ~VM_UNINITIALIZED; @@ -4934,28 +4934,29 @@ bool vmalloc_dump_obj(void *object) #endif #ifdef CONFIG_PROC_FS -static void show_numa_info(struct seq_file *m, struct vm_struct *v) -{ - if (IS_ENABLED(CONFIG_NUMA)) { - unsigned int nr, *counters = m->private; - unsigned int step = 1U << vm_area_page_order(v); - if (!counters) - return; +/* + * Print number of pages allocated on each memory node. + * + * This function can only be called if CONFIG_NUMA is enabled + * and VM_UNINITIALIZED bit in v->flags is disabled. + */ +static void show_numa_info(struct seq_file *m, struct vm_struct *v, + unsigned int *counters) +{ + unsigned int nr; + unsigned int step = 1U << vm_area_page_order(v); - if (v->flags & VM_UNINITIALIZED) - return; - /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ - smp_rmb(); + if (!counters) + return; - memset(counters, 0, nr_node_ids * sizeof(unsigned int)); + memset(counters, 0, nr_node_ids * sizeof(unsigned int)); - for (nr = 0; nr < v->nr_pages; nr += step) - counters[page_to_nid(v->pages[nr])] += step; - for_each_node_state(nr, N_HIGH_MEMORY) - if (counters[nr]) - seq_printf(m, " N%u=%u", nr, counters[nr]); - } + for (nr = 0; nr < v->nr_pages; nr += step) + counters[page_to_nid(v->pages[nr])] += step; + for_each_node_state(nr, N_HIGH_MEMORY) + if (counters[nr]) + seq_printf(m, " N%u=%u", nr, counters[nr]); } static void show_purge_info(struct seq_file *m) @@ -4983,6 +4984,10 @@ static int vmalloc_info_show(struct seq_file *m, void *p) struct vmap_area *va; struct vm_struct *v; int i; + unsigned int *counters; + + if (IS_ENABLED(CONFIG_NUMA)) + counters = kmalloc(nr_node_ids * sizeof(unsigned int), GFP_KERNEL); for (i = 0; i < nr_vmap_nodes; i++) { vn = &vmap_nodes[i]; @@ -4999,6 +5004,11 @@ static int vmalloc_info_show(struct seq_file *m, void *p) } v = va->vm; + if (v->flags & VM_UNINITIALIZED) + continue; + + /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ + smp_rmb(); seq_printf(m, "0x%pK-0x%pK %7ld", v->addr, v->addr + v->size, v->size); @@ -5033,7 +5043,9 @@ static int vmalloc_info_show(struct seq_file *m, void *p) if (is_vmalloc_addr(v->pages)) seq_puts(m, " vpages"); - show_numa_info(m, v); + if (IS_ENABLED(CONFIG_NUMA)) + show_numa_info(m, v, counters); + seq_putc(m, '\n'); } spin_unlock(&vn->busy.lock); @@ -5043,19 +5055,14 @@ static int vmalloc_info_show(struct seq_file *m, void *p) * As a final step, dump "unpurged" areas. */ show_purge_info(m); + if (IS_ENABLED(CONFIG_NUMA)) + kfree(counters); return 0; } static int __init proc_vmalloc_init(void) { - void *priv_data = NULL; - - if (IS_ENABLED(CONFIG_NUMA)) - priv_data = kmalloc(nr_node_ids * sizeof(unsigned int), GFP_KERNEL); - - proc_create_single_data("vmallocinfo", - 0400, NULL, vmalloc_info_show, priv_data); - + proc_create_single("vmallocinfo", 0400, NULL, vmalloc_info_show); return 0; } module_init(proc_vmalloc_init); --

2 days, 10 hours

2
1
0 0

FAILED: patch "[PATCH] maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fba46a5d83ca8decb338722fb4899026d8d9ead2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063033-shrink-submersed-b5de@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fba46a5d83ca8decb338722fb4899026d8d9ead2 Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Date: Mon, 16 Jun 2025 14:45:20 -0400 Subject: [PATCH] maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_PREALLOC flag should also always be set on zero allocations so that detection of underflow allocations will print a WARN_ON() during consumption. User visible effect of this flaw is a WARN_ON() followed by a null pointer dereference when subsequent requests for larger number of nodes is ignored, such as the vma merge retry in mmap_region() caused by drivers altering the vma flags (which happens in v6.6, at least) Link: https://lkml.kernel.org/r/20250616184521.3382795-3-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Reported-by: Hailong Liu <hailong.liu(a)oppo.com> Link: https://lore.kernel.org/all/1652f7eb-a51b-4fee-8058-c73af63bacd1@oppo.com/ Link: https://lore.kernel.org/all/20250428184058.1416274-1-Liam.Howlett@oracle.co… Link: https://lore.kernel.org/all/20250429014754.1479118-1-Liam.Howlett@oracle.co… Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Hailong Liu <hailong.liu(a)oppo.com> Cc: zhangpeng.00(a)bytedance.com <zhangpeng.00(a)bytedance.com> Cc: Steve Kang <Steve.Kang(a)unisoc.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/maple_tree.c b/lib/maple_tree.c index affe979bd14d..00524e55a21e 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -5527,8 +5527,9 @@ int mas_preallocate(struct ma_state *mas, void *entry, gfp_t gfp) mas->store_type = mas_wr_store_type(&wr_mas); request = mas_prealloc_calc(&wr_mas, entry); if (!request) - return ret; + goto set_flag; + mas->mas_flags &= ~MA_STATE_PREALLOC; mas_node_count_gfp(mas, request, gfp); if (mas_is_err(mas)) { mas_set_alloc_req(mas, 0); @@ -5538,6 +5539,7 @@ int mas_preallocate(struct ma_state *mas, void *entry, gfp_t gfp) return ret; } +set_flag: mas->mas_flags |= MA_STATE_PREALLOC; return ret; }

2 days, 10 hours

3
2
0 0

[PATCH 6.12.y v2] mm/vmalloc: fix data race in show_numa_info()

by Jeongjun Park

commit 5c5f0468d172ddec2e333d738d2a1f85402cf0bc upstream. The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0: show_numa_info mm/vmalloc.c:4936 [inline] vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 .... write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1: show_numa_info mm/vmalloc.c:4934 [inline] vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 .... value changed: 0x0000008f -> 0x00000000 ================================================================== According to this report,there is a read/write data-race because m->private is accessible to multiple CPUs. To fix this, instead of allocating the heap in proc_vmalloc_init() and passing the heap address to m->private, vmalloc_info_show() should allocate the heap. Link: https://lkml.kernel.org/r/20250508165620.15321-1-aha310510@gmail.com Fixes: 8e1d743f2c26 ("mm: vmalloc: support multiple nodes in vmallocinfo") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Suggested-by: Eric Dumazet <edumazet(a)google.com> Suggested-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 63 +++++++++++++++++++++++++++++----------------------- 1 file changed, 35 insertions(+), 28 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index cc04e501b1c5..7888600b6a79 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3095,7 +3095,7 @@ static void clear_vm_uninitialized_flag(struct vm_struct *vm) /* * Before removing VM_UNINITIALIZED, * we should make sure that vm has proper values. - * Pair with smp_rmb() in show_numa_info(). + * Pair with smp_rmb() in vread_iter() and vmalloc_info_show(). */ smp_wmb(); vm->flags &= ~VM_UNINITIALIZED; @@ -4938,28 +4938,29 @@ bool vmalloc_dump_obj(void *object) #endif #ifdef CONFIG_PROC_FS -static void show_numa_info(struct seq_file *m, struct vm_struct *v) -{ - if (IS_ENABLED(CONFIG_NUMA)) { - unsigned int nr, *counters = m->private; - unsigned int step = 1U << vm_area_page_order(v); - if (!counters) - return; +/* + * Print number of pages allocated on each memory node. + * + * This function can only be called if CONFIG_NUMA is enabled + * and VM_UNINITIALIZED bit in v->flags is disabled. + */ +static void show_numa_info(struct seq_file *m, struct vm_struct *v, + unsigned int *counters) +{ + unsigned int nr; + unsigned int step = 1U << vm_area_page_order(v); - if (v->flags & VM_UNINITIALIZED) - return; - /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ - smp_rmb(); + if (!counters) + return; - memset(counters, 0, nr_node_ids * sizeof(unsigned int)); + memset(counters, 0, nr_node_ids * sizeof(unsigned int)); - for (nr = 0; nr < v->nr_pages; nr += step) - counters[page_to_nid(v->pages[nr])] += step; - for_each_node_state(nr, N_HIGH_MEMORY) - if (counters[nr]) - seq_printf(m, " N%u=%u", nr, counters[nr]); - } + for (nr = 0; nr < v->nr_pages; nr += step) + counters[page_to_nid(v->pages[nr])] += step; + for_each_node_state(nr, N_HIGH_MEMORY) + if (counters[nr]) + seq_printf(m, " N%u=%u", nr, counters[nr]); } static void show_purge_info(struct seq_file *m) @@ -4987,6 +4988,10 @@ static int vmalloc_info_show(struct seq_file *m, void *p) struct vmap_area *va; struct vm_struct *v; int i; + unsigned int *counters; + + if (IS_ENABLED(CONFIG_NUMA)) + counters = kmalloc(nr_node_ids * sizeof(unsigned int), GFP_KERNEL); for (i = 0; i < nr_vmap_nodes; i++) { vn = &vmap_nodes[i]; @@ -5003,6 +5008,11 @@ static int vmalloc_info_show(struct seq_file *m, void *p) } v = va->vm; + if (v->flags & VM_UNINITIALIZED) + continue; + + /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ + smp_rmb(); seq_printf(m, "0x%pK-0x%pK %7ld", v->addr, v->addr + v->size, v->size); @@ -5037,7 +5047,9 @@ static int vmalloc_info_show(struct seq_file *m, void *p) if (is_vmalloc_addr(v->pages)) seq_puts(m, " vpages"); - show_numa_info(m, v); + if (IS_ENABLED(CONFIG_NUMA)) + show_numa_info(m, v, counters); + seq_putc(m, '\n'); } spin_unlock(&vn->busy.lock); @@ -5047,19 +5059,14 @@ static int vmalloc_info_show(struct seq_file *m, void *p) * As a final step, dump "unpurged" areas. */ show_purge_info(m); + if (IS_ENABLED(CONFIG_NUMA)) + kfree(counters); return 0; } static int __init proc_vmalloc_init(void) { - void *priv_data = NULL; - - if (IS_ENABLED(CONFIG_NUMA)) - priv_data = kmalloc(nr_node_ids * sizeof(unsigned int), GFP_KERNEL); - - proc_create_single_data("vmallocinfo", - 0400, NULL, vmalloc_info_show, priv_data); - + proc_create_single("vmallocinfo", 0400, NULL, vmalloc_info_show); return 0; } module_init(proc_vmalloc_init); --

2 days, 10 hours

2
1
0 0

[PATCH 5.15.y v3] xen: replace xen_remap() with memremap()

by Teddy Astie

From: Juergen Gross <jgross(a)suse.com> [ upstream commit 41925b105e345ebc84cedb64f59d20cb14a62613 ] xen_remap() is used to establish mappings for frames not under direct control of the kernel: for Xenstore and console ring pages, and for grant pages of non-PV guests. Today xen_remap() is defined to use ioremap() on x86 (doing uncached mappings), and ioremap_cache() on Arm (doing cached mappings). Uncached mappings for those use cases are bad for performance, so they should be avoided if possible. As all use cases of xen_remap() don't require uncached mappings (the mapped area is always physical RAM), a mapping using the standard WB cache mode is fine. As sparse is flagging some of the xen_remap() use cases to be not appropriate for iomem(), as the result is not annotated with the __iomem modifier, eliminate xen_remap() completely and replace all use cases with memremap() specifying the MEMREMAP_WB caching mode. xen_unmap() can be replaced with memunmap(). Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Juergen Gross <jgross(a)suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Acked-by: Stefano Stabellini <sstabellini(a)kernel.org> Link: https://lore.kernel.org/r/20220530082634.6339-1-jgross@suse.com Signed-off-by: Juergen Gross <jgross(a)suse.com> Signed-off-by: Teddy Astie <teddy.astie(a)vates.tech> [backport to 5.15.y] --- v3: - add missing hvc_xen.c change v2: - also remove xen_remap/xen_unmap on ARM --- arch/x86/include/asm/xen/page.h | 3 --- drivers/tty/hvc/hvc_xen.c | 2 +- drivers/xen/grant-table.c | 6 +++--- drivers/xen/xenbus/xenbus_probe.c | 3 +-- include/xen/arm/page.h | 3 --- 5 files changed, 5 insertions(+), 12 deletions(-) diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h index 1a162e559753..c183b7f9efef 100644 --- a/arch/x86/include/asm/xen/page.h +++ b/arch/x86/include/asm/xen/page.h @@ -355,9 +355,6 @@ unsigned long arbitrary_virt_to_mfn(void *vaddr); void make_lowmem_page_readonly(void *vaddr); void make_lowmem_page_readwrite(void *vaddr); -#define xen_remap(cookie, size) ioremap((cookie), (size)) -#define xen_unmap(cookie) iounmap((cookie)) - static inline bool xen_arch_need_swiotlb(struct device *dev, phys_addr_t phys, dma_addr_t dev_addr) diff --git a/drivers/tty/hvc/hvc_xen.c b/drivers/tty/hvc/hvc_xen.c index 141acc662eba..6a11a4177a16 100644 --- a/drivers/tty/hvc/hvc_xen.c +++ b/drivers/tty/hvc/hvc_xen.c @@ -270,7 +270,7 @@ static int xen_hvm_console_init(void) if (r < 0 || v == 0) goto err; gfn = v; - info->intf = xen_remap(gfn << XEN_PAGE_SHIFT, XEN_PAGE_SIZE); + info->intf = memremap(gfn << XEN_PAGE_SHIFT, XEN_PAGE_SIZE, MEMREMAP_WB); if (info->intf == NULL) goto err; info->vtermno = HVC_COOKIE; diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c index 0a2d24d6ac6f..a10e0741bec5 100644 --- a/drivers/xen/grant-table.c +++ b/drivers/xen/grant-table.c @@ -743,7 +743,7 @@ int gnttab_setup_auto_xlat_frames(phys_addr_t addr) if (xen_auto_xlat_grant_frames.count) return -EINVAL; - vaddr = xen_remap(addr, XEN_PAGE_SIZE * max_nr_gframes); + vaddr = memremap(addr, XEN_PAGE_SIZE * max_nr_gframes, MEMREMAP_WB); if (vaddr == NULL) { pr_warn("Failed to ioremap gnttab share frames (addr=%pa)!\n", &addr); @@ -751,7 +751,7 @@ int gnttab_setup_auto_xlat_frames(phys_addr_t addr) } pfn = kcalloc(max_nr_gframes, sizeof(pfn[0]), GFP_KERNEL); if (!pfn) { - xen_unmap(vaddr); + memunmap(vaddr); return -ENOMEM; } for (i = 0; i < max_nr_gframes; i++) @@ -770,7 +770,7 @@ void gnttab_free_auto_xlat_frames(void) if (!xen_auto_xlat_grant_frames.count) return; kfree(xen_auto_xlat_grant_frames.pfn); - xen_unmap(xen_auto_xlat_grant_frames.vaddr); + memunmap(xen_auto_xlat_grant_frames.vaddr); xen_auto_xlat_grant_frames.pfn = NULL; xen_auto_xlat_grant_frames.count = 0; diff --git a/drivers/xen/xenbus/xenbus_probe.c b/drivers/xen/xenbus/xenbus_probe.c index 2068f83556b7..77ca24611293 100644 --- a/drivers/xen/xenbus/xenbus_probe.c +++ b/drivers/xen/xenbus/xenbus_probe.c @@ -982,8 +982,7 @@ static int __init xenbus_init(void) #endif xen_store_gfn = (unsigned long)v; xen_store_interface = - xen_remap(xen_store_gfn << XEN_PAGE_SHIFT, - XEN_PAGE_SIZE); + memremap(xen_store_gfn << XEN_PAGE_SHIFT, XEN_PAGE_SIZE, MEMREMAP_WB); break; default: pr_warn("Xenstore state unknown\n"); diff --git a/include/xen/arm/page.h b/include/xen/arm/page.h index ac1b65470563..f831cfeca000 100644 --- a/include/xen/arm/page.h +++ b/include/xen/arm/page.h @@ -109,9 +109,6 @@ static inline bool set_phys_to_machine(unsigned long pfn, unsigned long mfn) return __set_phys_to_machine(pfn, mfn); } -#define xen_remap(cookie, size) ioremap_cache((cookie), (size)) -#define xen_unmap(cookie) iounmap((cookie)) - bool xen_arch_need_swiotlb(struct device *dev, phys_addr_t phys, dma_addr_t dev_addr); -- 2.50.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech

2 days, 10 hours

2
1
0 0

Re: [PATCH] mod_devicetable: Enlarge the maximum platform_device_id name length

by Sasha Levin

[ Sasha's backport helper bot ] Hi, Summary of potential issues: ⚠️ Found matching upstream commit but patch is missing proper reference to it Found matching upstream commit: 655862865c97ff55e4f3f2aaa7708f42f0ea3bd8 Note: The patch differs from the upstream commit: --- 1: 655862865c97f ! 1: b545ae48a3db0 mod_devicetable: Enlarge the maximum platform_device_id name length @@ Commit message /* last cacheline: 32 bytes */ }; - Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> - Link: https://lore.kernel.org/r/20250415231420.work.066-kees@kernel.org Signed-off-by: Kees Cook <kees(a)kernel.org> ## include/linux/mod_devicetable.h ## --- Results of testing on various branches: | Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.15.y | Success | Success | | stable/linux-6.12.y | Success | Success | | stable/linux-6.6.y | Success | Success | | stable/linux-6.1.y | Success | Success | | stable/linux-5.15.y | Success | Success | | stable/linux-5.10.y | Success | Success | | stable/linux-5.4.y | Success | Success |

2 days, 10 hours

1
0
0 0

[PATCH 5.15] ice: safer stats processing

by Przemek Kitszel

From: Jesse Brandeburg <jesse.brandeburg(a)intel.com> [ Upstream commit 1a0f25a52e08b1f67510cabbb44888d2b3c46359 ] Fix an issue of stats growing indefinitely, minor conflict resolved: struct ice_tx_ring replaced by struct ice_ring, as the split is not yet present on 5.15 line. -Przemek Original commit message: The driver was zeroing live stats that could be fetched by ndo_get_stats64 at any time. This could result in inconsistent statistics, and the telltale sign was when reading stats frequently from /proc/net/dev, the stats would go backwards. Fix by collecting stats into a local, and delaying when we write to the structure so it's not incremental. Fixes: fcea6f3da546 ("ice: Add stats and ethtool support") Signed-off-by: Jesse Brandeburg <jesse.brandeburg(a)intel.com> Tested-by: Gurucharan G <gurucharanx.g(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Reported-by: Masakazu Asama <masakazu.asama(a)gmail.com> Closes: https://lore.kernel.org/intel-wired-lan/CAP8M2pGttT4JBjt+i4GJkxy7yERbqWJ5a8… Signed-off-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> --- CC: Jesse Brandeburg <jbrandeburg(a)cloudflare.com> CC: Sasha Levin <sashal(a)kernel.org> CC: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CC: intel-wired-lan(a)lists.osuosl.org CC: kernel-team(a)lists.ubuntu.com the issue was reported against Ubuntu 22.04, do you backport stable patches by default, or should I post one more, directed to you? --- drivers/net/ethernet/intel/ice/ice_main.c | 29 ++++++++++++++--------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c index 91840ea92b0d..04e3f6c424c0 100644 --- a/drivers/net/ethernet/intel/ice/ice_main.c +++ b/drivers/net/ethernet/intel/ice/ice_main.c @@ -5731,14 +5731,15 @@ ice_fetch_u64_stats_per_ring(struct ice_ring *ring, u64 *pkts, u64 *bytes) /** * ice_update_vsi_tx_ring_stats - Update VSI Tx ring stats counters * @vsi: the VSI to be updated + * @vsi_stats: the stats struct to be updated * @rings: rings to work on * @count: number of rings */ static void -ice_update_vsi_tx_ring_stats(struct ice_vsi *vsi, struct ice_ring **rings, - u16 count) +ice_update_vsi_tx_ring_stats(struct ice_vsi *vsi, + struct rtnl_link_stats64 *vsi_stats, + struct ice_ring **rings, u16 count) { - struct rtnl_link_stats64 *vsi_stats = &vsi->net_stats; u16 i; for (i = 0; i < count; i++) { @@ -5761,15 +5762,13 @@ ice_update_vsi_tx_ring_stats(struct ice_vsi *vsi, struct ice_ring **rings, */ static void ice_update_vsi_ring_stats(struct ice_vsi *vsi) { - struct rtnl_link_stats64 *vsi_stats = &vsi->net_stats; + struct rtnl_link_stats64 *vsi_stats; u64 pkts, bytes; int i; - /* reset netdev stats */ - vsi_stats->tx_packets = 0; - vsi_stats->tx_bytes = 0; - vsi_stats->rx_packets = 0; - vsi_stats->rx_bytes = 0; + vsi_stats = kzalloc(sizeof(*vsi_stats), GFP_ATOMIC); + if (!vsi_stats) + return; /* reset non-netdev (extended) stats */ vsi->tx_restart = 0; @@ -5781,7 +5780,8 @@ static void ice_update_vsi_ring_stats(struct ice_vsi *vsi) rcu_read_lock(); /* update Tx rings counters */ - ice_update_vsi_tx_ring_stats(vsi, vsi->tx_rings, vsi->num_txq); + ice_update_vsi_tx_ring_stats(vsi, vsi_stats, vsi->tx_rings, + vsi->num_txq); /* update Rx rings counters */ ice_for_each_rxq(vsi, i) { @@ -5796,10 +5796,17 @@ static void ice_update_vsi_ring_stats(struct ice_vsi *vsi) /* update XDP Tx rings counters */ if (ice_is_xdp_ena_vsi(vsi)) - ice_update_vsi_tx_ring_stats(vsi, vsi->xdp_rings, + ice_update_vsi_tx_ring_stats(vsi, vsi_stats, vsi->xdp_rings, vsi->num_xdp_txq); rcu_read_unlock(); + + vsi->net_stats.tx_packets = vsi_stats->tx_packets; + vsi->net_stats.tx_bytes = vsi_stats->tx_bytes; + vsi->net_stats.rx_packets = vsi_stats->rx_packets; + vsi->net_stats.rx_bytes = vsi_stats->rx_bytes; + + kfree(vsi_stats); } /** -- 2.46.0

2 days, 10 hours

2
1
0 0

[PATCH V2] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") reuses TPM2 support code for the CC platforms, when launching a TDX virtual machine with coco measurement enabled, the following error log is generated: [Firmware Bug]: Failed to parse event in TPM Final Events Log Call Trace: efi_config_parse_tables() efi_tpm_eventlog_init() tpm2_calc_event_log_size() __calc_tpm2_event_size() The pcr_idx value in the Intel TDX log header is 1, causing the function __calc_tpm2_event_size() to fail to recognize the log header, ultimately leading to the "Failed to parse event in TPM Final Events Log" error. According to UEFI Specification 2.10, Section 38.4.1: For TDX, TPM PCR 0 maps to MRTD, so the log header uses TPM PCR 1 instead. To successfully parse the TDX event log header, the check for a pcr_idx value of 0 must be skipped. According to Table 6 in Section 10.2.1 of the TCG PC Client Specification, the index field does not require the PCR index to be fixed at zero. Therefore, skipping the check for a pcr_idx value of 0 for CC platforms is safe. Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#intel-trust… Link: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05… Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: stable(a)vger.kernel.org --- V2: - limit the fix for CC only suggested by Jarkko and Sathyanarayanan drivers/char/tpm/eventlog/tpm2.c | 3 ++- drivers/firmware/efi/libstub/tpm.c | 13 +++++++++---- drivers/firmware/efi/tpm.c | 3 ++- include/linux/tpm_eventlog.h | 14 +++++++++++--- 4 files changed, 24 insertions(+), 9 deletions(-) diff --git a/drivers/char/tpm/eventlog/tpm2.c b/drivers/char/tpm/eventlog/tpm2.c index 37a0580..87a8b7f 100644 --- a/drivers/char/tpm/eventlog/tpm2.c +++ b/drivers/char/tpm/eventlog/tpm2.c @@ -36,7 +36,8 @@ static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header) { - return __calc_tpm2_event_size(event, event_header, false); + return __calc_tpm2_event_size(event, event_header, false, + cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)); } static void *tpm2_bios_measurements_start(struct seq_file *m, loff_t *pos) diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index a5c6c4f..9728060 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -50,7 +50,8 @@ void efi_enable_reset_attack_mitigation(void) static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_location, efi_physical_addr_t log_last_entry, efi_bool_t truncated, - struct efi_tcg2_final_events_table *final_events_table) + struct efi_tcg2_final_events_table *final_events_table, + bool is_cc_event) { efi_guid_t linux_eventlog_guid = LINUX_EFI_TPM_EVENT_LOG_GUID; efi_status_t status; @@ -87,7 +88,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca last_entry_size = __calc_tpm2_event_size((void *)last_entry_addr, (void *)(long)log_location, - false); + false, + is_cc_event); } else { last_entry_size = sizeof(struct tcpa_event) + ((struct tcpa_event *) last_entry_addr)->event_size; @@ -123,7 +125,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca header = data + offset + final_events_size; event_size = __calc_tpm2_event_size(header, (void *)(long)log_location, - false); + false, + is_cc_event); /* If calc fails this is a malformed log */ if (!event_size) break; @@ -157,6 +160,7 @@ void efi_retrieve_eventlog(void) efi_tcg2_protocol_t *tpm2 = NULL; efi_bool_t truncated; efi_status_t status; + bool is_cc_event = false; status = efi_bs_call(locate_protocol, &tpm2_guid, NULL, (void **)&tpm2); if (status == EFI_SUCCESS) { @@ -186,11 +190,12 @@ void efi_retrieve_eventlog(void) final_events_table = get_efi_config_table(EFI_CC_FINAL_EVENTS_TABLE_GUID); + is_cc_event = true; } if (status != EFI_SUCCESS || !log_location) return; efi_retrieve_tcg2_eventlog(version, log_location, log_last_entry, - truncated, final_events_table); + truncated, final_events_table, is_cc_event); } diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index cdd4310..a94816d 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -23,7 +23,8 @@ static int __init tpm2_calc_event_log_size(void *data, int count, void *size_inf while (count > 0) { header = data + size; - event_size = __calc_tpm2_event_size(header, size_info, true); + event_size = __calc_tpm2_event_size(header, size_info, true, + cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)); if (event_size == 0) return -1; size += event_size; diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 891368e..b3380c9 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -143,6 +143,7 @@ struct tcg_algorithm_info { * @event: Pointer to the event whose size should be calculated * @event_header: Pointer to the initial event containing the digest lengths * @do_mapping: Whether or not the event needs to be mapped + * @is_cc_event: Whether or not the event is from a CC platform * * The TPM2 event log format can contain multiple digests corresponding to * separate PCR banks, and also contains a variable length of the data that @@ -159,7 +160,8 @@ struct tcg_algorithm_info { static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header, - bool do_mapping) + bool do_mapping, + bool is_cc_event) { struct tcg_efi_specid_event_head *efispecid; struct tcg_event_field *event_field; @@ -201,8 +203,14 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev count = event->count; event_type = event->event_type; - /* Verify that it's the log header */ - if (event_header->pcr_idx != 0 || + /* + * Verify that it's the log header. According to the TCG PC Client + * Specification, when identifying a log header, the check for a + * pcr_idx value of 0 is not required. For CC platforms, skipping + * this check during log header is necessary; otherwise, the CC + * platform's log header may fail to be recognized. + */ + if ((!is_cc_event && event_header->pcr_idx != 0) || event_header->event_type != NO_ACTION || memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { size = 0; -- 2.7.4

2 days, 15 hours

2
1
0 0

[PATCH v5] riscv: hwprobe: Fix stale vDSO data for late-initialized keys at boot

by Jingwei Wang

The hwprobe vDSO data for some keys, like MISALIGNED_VECTOR_PERF, is determined by an asynchronous kthread. This can create a race condition where the kthread finishes after the vDSO data has already been populated, causing userspace to read stale values. To fix this, a completion-based framework is introduced to robustly synchronize the async probes with the vDSO data population. The waiting function, init_hwprobe_vdso_data(), now blocks on wait_for_completion() until all probes signal they are done. Furthermore, to prevent this potential blocking from impacting boot performance, the initialization is deferred to late_initcall. This is safe as the data is only required by userspace (which starts much later) and moves the synchronization delay off the critical boot path. Reported-by: Tsukasa OI <research_trasio(a)irq.a4lg.com> Closes: https://lore.kernel.org/linux-riscv/760d637b-b13b-4518-b6bf-883d55d44e7f@ir… Fixes: e7c9d66e313b ("RISC-V: Report vector unaligned access speed hwprobe") Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Alexandre Ghiti <alexghiti(a)rivosinc.com> Cc: Olof Johansson <olof(a)lixom.net> Cc: stable(a)vger.kernel.org Signed-off-by: Jingwei Wang <wangjingwei(a)iscas.ac.cn> --- Changes in v5: - Reworked the synchronization logic to a robust "sentinel-count" pattern based on feedback from Alexandre. - Fixed a "multiple definition" linker error for nommu builds by changing the header-file stub functions to `static inline`, as pointed out by Olof. - Updated the commit message to better explain the rationale for moving the vDSO initialization to `late_initcall`. Changes in v4: - Reworked the synchronization mechanism based on feedback from Palmer and Alexandre. - Instead of a post-hoc refresh, this version introduces a robust completion-based framework using an atomic counter to ensure async probes are finished before populating the vDSO. - Moved the vdso data initialization to a late_initcall to avoid impacting boot time. Changes in v3: - Retained existing blank line. Changes in v2: - Addressed feedback from Yixun's regarding #ifdef CONFIG_MMU usage. - Updated commit message to provide a high-level summary. - Added Fixes tag for commit e7c9d66e313b. v1: https://lore.kernel.org/linux-riscv/20250521052754.185231-1-wangjingwei@isc… arch/riscv/include/asm/hwprobe.h | 8 +++++++- arch/riscv/kernel/sys_hwprobe.c | 20 +++++++++++++++++++- arch/riscv/kernel/unaligned_access_speed.c | 9 +++++++-- 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/arch/riscv/include/asm/hwprobe.h b/arch/riscv/include/asm/hwprobe.h index 7fe0a379474ae2c6..3b2888126e659ea1 100644 --- a/arch/riscv/include/asm/hwprobe.h +++ b/arch/riscv/include/asm/hwprobe.h @@ -40,5 +40,11 @@ static inline bool riscv_hwprobe_pair_cmp(struct riscv_hwprobe *pair, return pair->value == other_pair->value; } - +#ifdef CONFIG_MMU +void riscv_hwprobe_register_async_probe(void); +void riscv_hwprobe_complete_async_probe(void); +#else +static inline void riscv_hwprobe_register_async_probe(void) {} +static inline void riscv_hwprobe_complete_async_probe(void) {} +#endif #endif diff --git a/arch/riscv/kernel/sys_hwprobe.c b/arch/riscv/kernel/sys_hwprobe.c index 0b170e18a2beba57..ee02aeb03e7bd3d8 100644 --- a/arch/riscv/kernel/sys_hwprobe.c +++ b/arch/riscv/kernel/sys_hwprobe.c @@ -5,6 +5,8 @@ * more details. */ #include <linux/syscalls.h> +#include <linux/completion.h> +#include <linux/atomic.h> #include <asm/cacheflush.h> #include <asm/cpufeature.h> #include <asm/hwprobe.h> @@ -467,6 +469,20 @@ static int do_riscv_hwprobe(struct riscv_hwprobe __user *pairs, #ifdef CONFIG_MMU +static DECLARE_COMPLETION(boot_probes_done); +static atomic_t pending_boot_probes = ATOMIC_INIT(1); + +void riscv_hwprobe_register_async_probe(void) +{ + atomic_inc(&pending_boot_probes); +} + +void riscv_hwprobe_complete_async_probe(void) +{ + if (atomic_dec_and_test(&pending_boot_probes)) + complete(&boot_probes_done); +} + static int __init init_hwprobe_vdso_data(void) { struct vdso_arch_data *avd = vdso_k_arch_data; @@ -474,6 +490,8 @@ static int __init init_hwprobe_vdso_data(void) struct riscv_hwprobe pair; int key; + if (unlikely(!atomic_dec_and_test(&pending_boot_probes))) + wait_for_completion(&boot_probes_done); /* * Initialize vDSO data with the answers for the "all CPUs" case, to * save a syscall in the common case. @@ -504,7 +522,7 @@ static int __init init_hwprobe_vdso_data(void) return 0; } -arch_initcall_sync(init_hwprobe_vdso_data); +late_initcall(init_hwprobe_vdso_data); #endif /* CONFIG_MMU */ diff --git a/arch/riscv/kernel/unaligned_access_speed.c b/arch/riscv/kernel/unaligned_access_speed.c index ae2068425fbcd207..4b8ad2673b0f7470 100644 --- a/arch/riscv/kernel/unaligned_access_speed.c +++ b/arch/riscv/kernel/unaligned_access_speed.c @@ -379,6 +379,7 @@ static void check_vector_unaligned_access(struct work_struct *work __always_unus static int __init vec_check_unaligned_access_speed_all_cpus(void *unused __always_unused) { schedule_on_each_cpu(check_vector_unaligned_access); + riscv_hwprobe_complete_async_probe(); return 0; } @@ -473,8 +474,12 @@ static int __init check_unaligned_access_all_cpus(void) per_cpu(vector_misaligned_access, cpu) = unaligned_vector_speed_param; } else if (!check_vector_unaligned_access_emulated_all_cpus() && IS_ENABLED(CONFIG_RISCV_PROBE_VECTOR_UNALIGNED_ACCESS)) { - kthread_run(vec_check_unaligned_access_speed_all_cpus, - NULL, "vec_check_unaligned_access_speed_all_cpus"); + riscv_hwprobe_register_async_probe(); + if (IS_ERR(kthread_run(vec_check_unaligned_access_speed_all_cpus, + NULL, "vec_check_unaligned_access_speed_all_cpus"))) { + pr_warn("Failed to create vec_unalign_check kthread\n"); + riscv_hwprobe_complete_async_probe(); + } } /* -- 2.50.0

2 days, 17 hours

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror