[PATCH] crypto: zstd - fix double-free in per-CPU stream cleanup
by Giovanni Cabiddu
The crypto/zstd module has a double-free bug that occurs when multiple
tfms are allocated and freed.
The issue happens because zstd_streams (per-CPU contexts) are freed in
zstd_exit() during every tfm destruction, rather than being managed at
the module level. When multiple tfms exist, each tfm exit attempts to
free the same shared per-CPU streams, resulting in a double-free.
This leads to a stack trace similar to:
BUG: Bad page state in process kworker/u16:1 pfn:106fd93
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93
flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)
page_type: 0xffffffff()
raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: nonzero entire_mapcount
Modules linked in: ...
CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B
Hardware name: ...
Workqueue: btrfs-delalloc btrfs_work_helper
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
bad_page+0x71/0xd0
free_unref_page_prepare+0x24e/0x490
free_unref_page+0x60/0x170
crypto_acomp_free_streams+0x5d/0xc0
crypto_acomp_exit_tfm+0x23/0x50
crypto_destroy_tfm+0x60/0xc0
...
Change the lifecycle management of zstd_streams to free the streams only
once during module cleanup.
Fixes: f5ad93ffb541 ("crypto: zstd - convert to acomp")
Cc: stable(a)vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com>
Reviewed-by: Suman Kumar Chakraborty <suman.kumar.chakraborty(a)intel.com>
---
crypto/zstd.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/crypto/zstd.c b/crypto/zstd.c
index dc5b36141ff8..cbbd0413751a 100644
--- a/crypto/zstd.c
+++ b/crypto/zstd.c
@@ -75,11 +75,6 @@ static int zstd_init(struct crypto_acomp *acomp_tfm)
return ret;
}
-static void zstd_exit(struct crypto_acomp *acomp_tfm)
-{
- crypto_acomp_free_streams(&zstd_streams);
-}
-
static int zstd_compress_one(struct acomp_req *req, struct zstd_ctx *ctx,
const void *src, void *dst, unsigned int *dlen)
{
@@ -297,7 +292,6 @@ static struct acomp_alg zstd_acomp = {
.cra_module = THIS_MODULE,
},
.init = zstd_init,
- .exit = zstd_exit,
.compress = zstd_compress,
.decompress = zstd_decompress,
};
@@ -310,6 +304,7 @@ static int __init zstd_mod_init(void)
static void __exit zstd_mod_fini(void)
{
crypto_unregister_acomp(&zstd_acomp);
+ crypto_acomp_free_streams(&zstd_streams);
}
module_init(zstd_mod_init);
base-commit: 8faa5c4b47998c5930314a3bb8ee53534cfdc1ce
--
2.51.1
1 month, 1 week
- 2
- 1
Linux 6.17.9
by Greg Kroah-Hartman
I'm announcing the release of the 6.17.9 kernel.
All users of the 6.17 kernel series must upgrade.
The updated 6.17.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dts | 4
arch/arm/boot/dts/nxp/imx/imx51-zii-rdu1.dts | 4
arch/arm/boot/dts/nxp/imx/imx6ull-engicam-microgea-rmm.dts | 2
arch/arm/crypto/Kconfig | 2
arch/arm64/boot/dts/freescale/imx8-ss-img.dtsi | 2
arch/arm64/boot/dts/freescale/imx8mp-kontron-bl-osm-s.dts | 24
arch/arm64/boot/dts/rockchip/rk3566-bigtreetech-cb2.dtsi | 6
arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2
arch/arm64/boot/dts/rockchip/rk3576.dtsi | 2
arch/arm64/boot/dts/rockchip/rk3588-opp.dtsi | 2
arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 2
arch/arm64/kernel/probes/kprobes.c | 5
arch/arm64/kvm/sys_regs.c | 59 -
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/io.h | 5
arch/loongarch/include/asm/pgtable.h | 11
arch/loongarch/kernel/mem.c | 7
arch/loongarch/kernel/numa.c | 23
arch/loongarch/kernel/setup.c | 5
arch/loongarch/kernel/traps.c | 4
arch/loongarch/kvm/intc/eiointc.c | 2
arch/loongarch/kvm/timer.c | 2
arch/loongarch/kvm/vcpu.c | 5
arch/loongarch/mm/init.c | 2
arch/loongarch/mm/ioremap.c | 2
arch/riscv/Makefile | 2
arch/riscv/kernel/cpu-hotplug.c | 1
arch/riscv/kernel/setup.c | 7
arch/x86/include/asm/kvm_host.h | 3
arch/x86/include/uapi/asm/vmx.h | 7
arch/x86/kernel/acpi/cppc.c | 2
arch/x86/kernel/cpu/amd.c | 7
arch/x86/kernel/cpu/microcode/amd.c | 1
arch/x86/kvm/svm/nested.c | 20
arch/x86/kvm/svm/svm.c | 71 -
arch/x86/kvm/vmx/common.h | 2
arch/x86/kvm/vmx/nested.c | 21
arch/x86/kvm/vmx/vmx.c | 29
arch/x86/kvm/vmx/vmx.h | 5
arch/x86/kvm/x86.c | 75 +
drivers/acpi/cppc_acpi.c | 6
drivers/acpi/numa/hmat.c | 46
drivers/acpi/numa/srat.c | 2
drivers/bluetooth/btusb.c | 13
drivers/cpufreq/intel_pstate.c | 9
drivers/crypto/hisilicon/qm.c | 2
drivers/edac/altera_edac.c | 22
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 12
drivers/gpu/drm/amd/amdgpu/amdgpu_isp.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4
drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 5
drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 5
drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 5
drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 73 -
drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 12
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_pp_smu.c | 1
drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 2
drivers/gpu/drm/amd/display/dc/dm_services_types.h | 2
drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 6
drivers/gpu/drm/amd/include/dm_pp_interface.h | 1
drivers/gpu/drm/amd/pm/amdgpu_dpm_internal.c | 67 +
drivers/gpu/drm/amd/pm/inc/amdgpu_dpm_internal.h | 2
drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 4
drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 6
drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 70 -
drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 11
drivers/gpu/drm/clients/drm_client_setup.c | 4
drivers/gpu/drm/i915/display/intel_psr.c | 3
drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4
drivers/gpu/drm/i915/i915_vma.c | 16
drivers/gpu/drm/mediatek/mtk_crtc.c | 7
drivers/gpu/drm/panthor/panthor_gem.c | 18
drivers/gpu/drm/vmwgfx/vmwgfx_cursor_plane.c | 16
drivers/gpu/drm/vmwgfx/vmwgfx_cursor_plane.h | 1
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5
drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1
drivers/gpu/drm/xe/xe_device.c | 14
drivers/gpu/drm/xe/xe_guc_ct.c | 3
drivers/gpu/drm/xe/xe_wa.c | 11
drivers/hid/hid-ids.h | 4
drivers/hid/hid-logitech-hidpp.c | 21
drivers/hid/hid-nintendo.c | 2
drivers/hid/hid-ntrig.c | 7
drivers/hid/hid-playstation.c | 2
drivers/hid/hid-quirks.c | 2
drivers/hid/hid-uclogic-params.c | 4
drivers/hid/intel-thc-hid/intel-quickspi/pci-quickspi.c | 6
drivers/hid/intel-thc-hid/intel-quickspi/quickspi-dev.h | 2
drivers/infiniband/hw/mlx5/cq.c | 15
drivers/iommu/iommufd/io_pagetable.c | 12
drivers/iommu/iommufd/ioas.c | 4
drivers/irqchip/irq-riscv-intc.c | 3
drivers/isdn/hardware/mISDN/hfcsusb.c | 18
drivers/mmc/host/dw_mmc-rockchip.c | 4
drivers/mmc/host/pxamci.c | 56 -
drivers/mmc/host/sdhci-of-dwcmshc.c | 2
drivers/mtd/nand/onenand/onenand_samsung.c | 2
drivers/net/ethernet/freescale/fec_main.c | 2
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 15
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 79 +
drivers/net/ethernet/mellanox/mlx5/core/cq.c | 24
drivers/net/ethernet/mellanox/mlx5/core/en.h | 1
drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h | 5
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3
drivers/net/ethernet/mellanox/mlx5/core/en_common.c | 11
drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 33
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19
drivers/net/ethernet/mellanox/mlx5/core/eq.c | 8
drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c | 16
drivers/net/ethernet/mellanox/mlx5/core/lib/aso.c | 8
drivers/net/ethernet/mellanox/mlx5/core/main.c | 11
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/send.c | 15
drivers/net/ethernet/mellanox/mlx5/core/steering/sws/dr_send.c | 29
drivers/net/ethernet/mellanox/mlx5/core/wc.c | 4
drivers/net/ethernet/ti/am65-cpsw-qos.c | 51
drivers/net/phy/mdio_bus.c | 5
drivers/net/phy/micrel.c | 515 ++++++----
drivers/net/virtio_net.c | 16
drivers/net/wireless/ath/ath11k/wmi.c | 3
drivers/net/wireless/intel/iwlwifi/mld/link.c | 7
drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 13
drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 12
drivers/pmdomain/arm/scmi_pm_domain.c | 13
drivers/pmdomain/imx/gpc.c | 2
drivers/pmdomain/samsung/exynos-pm-domains.c | 29
drivers/pwm/pwm-adp5585.c | 4
drivers/regulator/fixed.c | 1
drivers/spi/spi.c | 10
drivers/vdpa/mlx5/net/mlx5_vnet.c | 6
fs/afs/cell.c | 78 +
fs/afs/dynroot.c | 3
fs/afs/internal.h | 12
fs/afs/mntpt.c | 3
fs/afs/proc.c | 3
fs/afs/super.c | 2
fs/afs/vl_alias.c | 3
fs/binfmt_misc.c | 4
fs/btrfs/inode.c | 4
fs/btrfs/scrub.c | 2
fs/btrfs/tree-log.c | 2
fs/btrfs/zoned.c | 60 -
fs/erofs/decompressor_zstd.c | 11
fs/exfat/namei.c | 6
fs/file_attr.c | 4
fs/fuse/virtio_fs.c | 2
fs/hostfs/hostfs_kern.c | 29
fs/namespace.c | 32
fs/nfs/client.c | 8
fs/nfs/dir.c | 23
fs/nfs/inode.c | 18
fs/nfs/nfs3client.c | 14
fs/nfs/nfs4client.c | 15
fs/nfs/nfs4proc.c | 22
fs/nfs/pnfs_nfs.c | 66 -
fs/nfs/sysfs.c | 1
fs/nfs/write.c | 3
fs/nfsd/nfs4state.c | 3
fs/nfsd/nfs4xdr.c | 3
fs/nfsd/nfsd.h | 1
fs/nfsd/nfsfh.c | 6
fs/nilfs2/segment.c | 7
fs/proc/generic.c | 12
fs/smb/client/fs_context.c | 2
fs/smb/client/smb2inode.c | 2
fs/smb/client/transport.c | 2
fs/smb/server/smb2pdu.c | 2
fs/smb/server/transport_tcp.c | 5
include/linux/compiler_types.h | 5
include/linux/filter.h | 20
include/linux/huge_mm.h | 55 -
include/linux/map_benchmark.h | 1
include/linux/mlx5/cq.h | 2
include/linux/mlx5/driver.h | 3
include/linux/nfs_xdr.h | 1
include/net/bluetooth/hci.h | 5
include/uapi/linux/mount.h | 2
io_uring/register.c | 7
io_uring/rsrc.c | 16
io_uring/rw.c | 3
kernel/bpf/trampoline.c | 5
kernel/bpf/verifier.c | 6
kernel/crash_core.c | 2
kernel/futex/core.c | 12
kernel/gcov/gcc_4_7.c | 4
kernel/kexec_handover.c | 8
kernel/power/swap.c | 17
kernel/sched/ext.c | 4
kernel/time/posix-timers.c | 12
kernel/trace/ftrace.c | 20
lib/maple_tree.c | 30
mm/damon/stat.c | 9
mm/damon/sysfs.c | 10
mm/filemap.c | 20
mm/huge_memory.c | 38
mm/kmsan/core.c | 3
mm/kmsan/hooks.c | 6
mm/kmsan/shadow.c | 2
mm/ksm.c | 113 ++
mm/memory.c | 20
mm/mm_init.c | 2
mm/mremap.c | 2
mm/secretmem.c | 2
mm/shmem.c | 9
mm/slub.c | 6
mm/swap_state.c | 13
mm/truncate.c | 6
net/bluetooth/6lowpan.c | 97 +
net/bluetooth/hci_conn.c | 33
net/bluetooth/hci_event.c | 56 -
net/bluetooth/hci_sync.c | 2
net/bluetooth/l2cap_core.c | 1
net/bluetooth/mgmt.c | 1
net/core/netpoll.c | 7
net/dsa/tag_brcm.c | 6
net/handshake/tlshd.c | 1
net/hsr/hsr_device.c | 5
net/hsr/hsr_forward.c | 22
net/ipv4/route.c | 5
net/mac80211/iface.c | 14
net/mac80211/rx.c | 10
net/netfilter/nft_ct.c | 5
net/sched/act_bpf.c | 6
net/sched/act_connmark.c | 12
net/sched/act_ife.c | 12
net/sched/cls_bpf.c | 6
net/sched/sch_generic.c | 17
net/sctp/transport.c | 13
net/smc/smc_clc.c | 1
net/strparser/strparser.c | 2
net/tipc/net.c | 2
net/unix/garbage.c | 14
rust/Makefile | 2
scripts/decode_stacktrace.sh | 43
scripts/gendwarfksyms/gendwarfksyms.c | 3
scripts/gendwarfksyms/gendwarfksyms.h | 2
scripts/gendwarfksyms/symbols.c | 4
sound/hda/codecs/hdmi/nvhdmi-mcp.c | 4
sound/hda/codecs/realtek/alc269.c | 1
sound/soc/codecs/cs4271.c | 10
sound/soc/codecs/da7213.c | 65 -
sound/soc/codecs/da7213.h | 1
sound/soc/codecs/lpass-va-macro.c | 2
sound/soc/codecs/max98090.c | 6
sound/soc/codecs/nau8821.c | 22
sound/soc/codecs/nau8821.h | 2
sound/soc/codecs/tas2781-i2c.c | 9
sound/soc/renesas/rcar/ssiu.c | 3
sound/soc/sdw_utils/soc_sdw_utils.c | 20
sound/usb/endpoint.c | 5
sound/usb/mixer.c | 2
tools/build/feature/Makefile | 4
tools/perf/Makefile.config | 5
tools/perf/builtin-lock.c | 2
tools/perf/tests/shell/lock_contention.sh | 21
tools/perf/util/header.c | 10
tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 4
tools/testing/selftests/iommu/iommufd.c | 2
tools/testing/selftests/iommu/iommufd_utils.h | 4
tools/testing/selftests/net/forwarding/local_termination.sh | 2
tools/testing/selftests/net/mptcp/mptcp_connect.c | 18
tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2
tools/testing/selftests/net/mptcp/mptcp_join.sh | 90 -
tools/testing/selftests/net/mptcp/mptcp_lib.sh | 21
tools/testing/selftests/user_events/perf_test.c | 2
virt/kvm/guest_memfd.c | 45
277 files changed, 2494 insertions(+), 1381 deletions(-)
Abdun Nihaal (3):
HID: playstation: Fix memory leak in dualshock4_get_calibration_data()
HID: uclogic: Fix potential memory leak in error path
isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
Abhishek Tamboli (1):
HID: intel-thc-hid: intel-quickspi: Add ARL PCI Device Id's
Akiva Goldberger (1):
mlx5: Fix default values in create CQ
Aksh Garg (2):
net: ethernet: ti: am65-cpsw-qos: fix IET verify/response timeout
net: ethernet: ti: am65-cpsw-qos: fix IET verify retry mechanism
Al Viro (1):
simplify nfs_atomic_open_v23()
Aleksei Nikiforov (1):
mm/kmsan: fix kmsan kmalloc hook when no stack depots are allocated yet
Alex Deucher (1):
drm/amdgpu: set default gfx reset masks for gfx6-8
Alexander Sverdlin (1):
selftests: net: local_termination: Wait for interfaces to come up
Alok Tiwari (1):
virtio-fs: fix incorrect check for fsvq->kobj
Anand Moon (1):
arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1
Andrei Vagin (1):
fs/namespace: correctly handle errors returned by grab_requested_mnt_ns
Andrey Albershteyn (1):
fs: return EOPNOTSUPP from file_setattr/file_getattr syscalls
Andrey Leonchikov (2):
arm64: dts: rockchip: Fix PCIe power enable pin for BigTreeTech CB2 and Pi2
arm64: dts: rockchip: Fix USB power enable pin for BTT CB2 and Pi2
Andrii Melnychenko (1):
netfilter: nft_ct: add seqadj extension for natted connections
André Draszik (1):
pmdomain: samsung: plug potential memleak during probe
Ankit Khushwaha (1):
selftests/user_events: fix type cast for write_index packed member in perf_test
Arnaldo Carvalho de Melo (1):
perf build: Don't fail fast path feature detection when binutils-devel is not available
Balasubramani Vivekanandan (1):
drm/xe/guc: Synchronize Dead CT worker with unbind
Benjamin Berg (1):
wifi: mac80211: skip rate verification for not captured PSDUs
Bibo Mao (3):
LoongArch: KVM: Restore guest PMU if it is enabled
LoongArch: KVM: Add delay until timer interrupt injected
LoongArch: KVM: Fix max supported vCPUs set with EIOINTC
Boris Brezillon (1):
drm/panthor: Flush shmem writes before mapping buffers CPU-uncached
Borislav Petkov (AMD) (1):
x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
Breno Leitao (1):
net: netpoll: fix incorrect refcount handling causing incorrect cleanup
Buday Csaba (1):
net: mdio: fix resource leak in mdiobus_register_device()
Caleb Sander Mateos (1):
io_uring/rsrc: don't use blk_rq_nr_phys_segments() as number of bvecs
Carlos Llamas (1):
scripts/decode_stacktrace.sh: fix build ID and PC source parsing
Carolina Jubran (1):
net/mlx5e: Fix missing error assignment in mlx5e_xfrm_add_state()
Christian König (2):
drm/amdgpu: remove two invalid BUG_ON()s
drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Chuang Wang (1):
ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
Chuck Lever (1):
NFSD: Skip close replay processing if XDR encoding fails
Chukun Pan (1):
arm64: dts: rockchip: drop reset from rk3576 i2c9 node
Claudiu Beznea (1):
ASoC: da7213: Use component driver suspend/resume
Cosmin Ratiu (3):
net/mlx5: Fix typo of MLX5_EQ_DOORBEL_OFFSET
net/mlx5: Store the global doorbell in mlx5_priv
net/mlx5e: Prepare for using different CQ doorbells
Cristian Ciocaltea (1):
ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
D. Wythe (1):
net/smc: fix mismatch between CLC header and proposal
Dai Ngo (1):
NFS: Fix LTP test failures when timestamps are delegated
Dan Carpenter (1):
mtd: onenand: Pass correct pointer to IRQ handler
Danil Skrebenkov (1):
RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors
Dario Binacchi (1):
ARM: dts: imx6ull-engicam-microgea-rmm: fix report-rate-hz value
Dave Jiang (1):
acpi/hmat: Fix lockdep warning for hmem_register_resource()
David Howells (1):
afs: Fix dynamic lookup to fail on cell lookup failure
Dawn Gardner (1):
ALSA: hda/realtek: Fix mute led for HP Omen 17-cb0xxx
Dev Jain (1):
mm/mremap: honour writable bit in mremap pte batching
Dragan Simic (1):
arm64: dts: rockchip: Make RK3588 GPU OPP table naming less generic
Eduard Zingerman (1):
bpf: account for current allocated stack depth in widen_imprecise_scalars()
Edward Adam Davis (2):
nilfs2: avoid having an active sc_timer before freeing sci
cifs: client: fix memory leak in smb3_fs_context_parse_param
Eric Biggers (1):
lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
Eric Dumazet (3):
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
net_sched: limit try_bulk_dequeue_skb() batches
bpf: Add bpf_prog_run_data_pointers()
Eslam Khafagy (1):
posix-timers: Plug potential memory leak in do_timer_create()
Felix Maurer (2):
hsr: Fix supervision frame sending on HSRv0
hsr: Follow standard for HSRv0 supervision frames
Feng Jiang (1):
riscv: Build loader.bin exclusively for Canaan K210
Filipe Manana (1):
btrfs: do not update last_log_commit when logging inode due to a new name
Frieder Schrempf (1):
arm64: dts: imx8mp-kontron: Fix USB OTG role switching
Gal Pressman (3):
net/mlx5e: Fix maxrate wraparound in threshold between units
net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
net/mlx5e: Fix potentially misleading debug message
Gao Xiang (1):
erofs: avoid infinite loop due to incomplete zstd-compressed data
Gautham R. Shenoy (4):
ACPI: CPPC: Detect preferred core availability on online CPUs
ACPI: CPPC: Check _CPC validity for only the online CPUs
ACPI: CPPC: Perform fast check switch only for online CPUs
ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
Geert Uytterhoeven (1):
ASoC: da7213: Convert to DEFINE_RUNTIME_DEV_PM_OPS()
Greg Kroah-Hartman (1):
Linux 6.17.9
Haein Lee (1):
ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
Han Gao (1):
riscv: acpi: avoid errors caused by probing DT devices when ACPI is used
Hans de Goede (1):
spi: Try to get ACPI GPIO IRQ earlier
Hao Ge (1):
codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext
Haotian Zhang (4):
regulator: fixed: fix GPIO descriptor leak on register failure
ASoC: cs4271: Fix regulator leak on probe failure
ASoC: codecs: va-macro: fix resource leak in probe error path
ASoC: rsnd: fix OF node reference leak in rsnd_ssiu_probe()
Henrique Carvalho (1):
smb: client: fix cifs_pick_channel when channel needs reconnect
Hongbo Li (1):
hostfs: Fix only passing host root in boot stage with new mount
Horatiu Vultur (4):
net: phy: micrel: Introduce lanphy_modify_page_reg
net: phy: micrel: Replace hardcoded pages with defines
net: phy: micrel: lan8814 fix reset of the QSGMII interface
net: phy: micrel: Fix lan8814_config_init
Huacai Chen (4):
LoongArch: Consolidate early_ioremap()/ioremap_prot()
LoongArch: Use correct accessor to read FWPC/MWPC
LoongArch: Consolidate max_pfn & max_low_pfn calculation
LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY
Ian Forbes (2):
drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
drm/vmwgfx: Restore Guest-Backed only cursor plane support
Ian Rogers (1):
perf test shell lock_contention: Extra debug diagnostics
Isaac J. Manjarres (1):
mm/mm_init: fix hash table order logging in alloc_large_system_hash()
Jaehun Gou (1):
exfat: fix improper check of dentry.stream.valid_size
Jani Nikula (1):
drm/i915/psr: fix pipe to vblank conversion
Janusz Krzysztofik (1):
drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
Jason Gunthorpe (1):
iommufd: Make vfio_compat's unmap succeed if the range is already empty
Jason-JH Lin (1):
drm/mediatek: Add pm_runtime support for GCE power control
Jedrzej Jagielski (2):
ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation
ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd
Jens Axboe (1):
io_uring/rw: ensure allocated iovec gets cleared for early failure
Jesse.Zhang (2):
drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process
Jihed Chaibi (1):
ARM: dts: imx51-zii-rdu1: Fix audmux node names
Johannes Berg (2):
wifi: iwlwifi: mvm: fix beacon template/fixed rate
wifi: mac80211: reject address change while connecting
Jonas Gorski (1):
net: dsa: tag_brcm: do not mark link local traffic as offloaded
Jonathan Kim (2):
drm/amdkfd: fix suspend/resume all calls in mes based eviction path
drm/amdkfd: relax checks for over allocation of save area
Joshua Rogers (1):
ksmbd: close accepted socket when per-IP limit rejects connection
Joshua Watt (2):
NFS4: Fix state renewals missing after boot
NFS4: Apply delay_retrans to async operations
Jouni Högander (1):
drm/xe: Do clean shutdown also when using flr
João Paulo Gonçalves (1):
arm64: dts: imx8-ss-img: Avoid gpio0_mipi_csi GPIOs being deferred
Kairui Song (2):
mm/shmem: fix THP allocation and fallback loop
mm, swap: fix potential UAF issue for VMA readahead
Kiryl Shutsemau (1):
mm/memory: do not populate page table entries beyond i_size
Kuniyuki Iwashima (2):
tipc: Fix use-after-free in tipc_mon_reinit_self().
af_unix: Initialise scc_index in unix_add_edge().
Lance Yang (1):
mm/secretmem: fix use-after-free race in fault handler
Luiz Augusto von Dentz (2):
Bluetooth: hci_conn: Fix not cleaning up PA_LINK connections
Bluetooth: hci_event: Fix not handling PA Sync Lost event
Luke Wang (1):
pwm: adp5585: Correct mismatched pwm chip info
Marc Zyngier (1):
KVM: arm64: Make all 32bit ID registers fully writable
Marek Szyprowski (1):
pmdomain: samsung: Rework legacy splash-screen handover workaround
Mario Limonciello (2):
drm/amd: Fix suspend failure with secure display TA
x86/CPU/AMD: Add additional fixed RDSEED microcode revisions
Mario Limonciello (AMD) (3):
drm/amd/display: Don't stretch non-native images by default in eDP
PM: hibernate: Emit an error when image writing fails
PM: hibernate: Use atomic64_t for compressed_size variable
Martin Kaiser (1):
maple_tree: fix tracepoint string pointers
Masami Ichikawa (1):
HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
Matthieu Baerts (NGI0) (8):
selftests: mptcp: connect: fix fallback note due to OoO
selftests: mptcp: join: rm: set backup flag
selftests: mptcp: join: endpoints: longer transfer
selftests: mptcp: connect: trunc: read all recv data
selftests: mptcp: join: userspace: longer transfer
selftests: mptcp: join: properly kill background tasks
scripts/decode_stacktrace.sh: symbol: avoid trailing whitespaces
scripts/decode_stacktrace.sh: symbol: preserve alignment
Miaoqian Lin (3):
ASoC: sdw_utils: fix device reference leak in is_sdca_endpoint_present()
crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value
pmdomain: imx: Fix reference count leak in imx_gpc_remove
Miri Korenblit (1):
wifi: iwlwifi: mld: always take beacon ies in link grading
Naohiro Aota (2):
btrfs: zoned: fix conventional zone capacity calculation
btrfs: zoned: fix stripe width calculation
Nate Karstens (1):
strparser: Fix signed/unsigned mismatch bug
NeilBrown (1):
nfsd: fix refcount leak in nfsd_set_fh_dentry()
Nick Hu (1):
irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops
Nicolas Escande (1):
wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
Nicolin Chen (1):
iommufd/selftest: Fix ioctl return value in _test_cmd_trigger_vevents()
Niravkumar L Rabara (2):
EDAC/altera: Handle OCRAM ECC enable after warm reset
EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
Nitin Gote (2):
drm/xe/xe3lpg: Extend Wa_15016589081 for xe3lpg
drm/xe/xe3: Add WA_14024681466 for Xe3_LPG
Oleg Makarenko (1):
HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel
Olga Kornievskaia (2):
nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes
NFSD: free copynotify stateid in nfs4_free_ol_stateid()
Pauli Virtanen (5):
Bluetooth: MGMT: cancel mesh send timer when hdev removed
Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
Bluetooth: L2CAP: export l2cap_chan_hold for modules
Pavel Begunkov (1):
io_uring: fix unexpected placement on same size resizing
Pedro Demarchi Gomes (1):
ksm: use range-walk function to jump over holes in scan_get_next_rmap_item
Peter Oberparleiter (1):
gcov: add support for GCC 15
Peter Zijlstra (2):
futex: Optimize per-cpu reference counting
compiler_types: Move unused static inline functions warning to W=2
Pratyush Yadav (1):
kho: warn and exit when unpreserved page wasn't preserved
Qinxin Xia (1):
dma-mapping: benchmark: Restore padding to ensure uABI remained consistent
Quanmin Yan (2):
mm/damon/sysfs: change next_update_jiffies to a global variable
mm/damon/stat: change last_refresh_jiffies to a global variable
Rafał Miłecki (1):
ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY
Rakuram Eswaran (1):
mmc: pxamci: Simplify pxamci_probe() error handling using devm APIs
Randy Dunlap (1):
drm/client: fix MODULE_PARM_DESC string for "active"
Ranganath V N (2):
net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
Raphael Pinsonneault-Thibeault (1):
Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
Ravi Bangoria (2):
perf lock: Fix segfault due to missing kernel map
perf test: Fix lock contention test
Sami Tolvanen (1):
gendwarfksyms: Skip files with no exports
Scott Mayhew (1):
NFS: check if suid/sgid was cleared after a write as needed
Sean Christopherson (3):
KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying
KVM: x86: Rename local "ecx" variables to "msr" and "pmc" as appropriate
KVM: VMX: Inject #UD if guest tries to execute SEAMCALL or TDCALL
Sharique Mohammad (1):
ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
Shawn Lin (2):
mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
mmc: dw_mmc-rockchip: Fix wrong internal phase calculate
Shenghao Ding (1):
ASoC: tas2781: fix getting the wrong device number
Shuai Xue (1):
acpi,srat: Fix incorrect device handle check for Generic Initiator
Shuhao Fu (1):
smb: client: fix refcount leak in smb2_set_path_attr
Song Liu (1):
ftrace: Fix BPF fexit with livepatch
Sourabh Jain (1):
crash: fix crashkernel resource shrink
Srinivas Pandruvada (1):
cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes
Steven Rostedt (1):
selftests/tracing: Run sample events to clear page cache events
Stuart Hayhurst (1):
HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL
Sudeep Holla (1):
pmdomain: arm: scmi: Fix genpd leak on provider registration failure
Sukrit Bhatnagar (1):
KVM: VMX: Fix check for valid GVA on an EPT violation
Sultan Alsawaf (1):
drm/amd/amdgpu: Ensure isp_kernel_buffer_alloc() creates a new BO
Takashi Iwai (2):
ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver
ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
Tangudu Tilak Tirumalesh (1):
drm/xe/xe3: Extend wa_14023061436
Tejas Upadhyay (1):
drm/xe: Move declarations under conditional branch
Thomas Falcon (1):
perf header: Write bpf_prog (infos|btfs)_cnt to data file
Tianyang Zhang (1):
LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY
Timur Kristóf (5):
drm/amd/display: Add pixel_clock to amd_pp_display_configuration
drm/amd/pm: Use pm_display_cfg in legacy DPM (v2)
drm/amd/display: Disable fastboot on DCE 6 too
drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
drm/amd: Disable ASPM on SI
Tristan Lobb (1):
HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
Trond Myklebust (6):
pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect()
pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS
NFS: Check the TLS certificate fields in nfs_match_client()
NFSv2/v3: Fix error handling in nfs_atomic_open_v23()
NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
Umesh Nerlige Ramappa (1):
drm/i915: Fix conversion between clock ticks and nanoseconds
Vicki Pfau (1):
HID: nintendo: Wait longer for initial probe
Vitaly Prosyak (1):
drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces
Wei Fang (1):
net: fec: correct rx_bytes statistic for the case SHIFT16 is set
Wei Yang (1):
fs/proc: fix uaf in proc_readdir_de()
Xi Ruoyao (1):
rust: Add -fno-isolate-erroneous-paths-dereference to bindgen_skip_c_flags
Xin Li (1):
KVM: x86: Add support for RDMSR/WRMSRNS w/ immediate on Intel
Xuan Zhuo (1):
virtio-net: fix incorrect flags recording in big mode
Yang Shi (1):
arm64: kprobes: check the return value of set_memory_rox()
Yang Xiuwei (1):
NFS: sysfs: fix leak when nfs_client kobject add fails
Yosry Ahmed (3):
KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv()
KVM: nSVM: Fix and simplify LBR virtualization handling with nested
ZhangGuoDong (2):
smb/server: fix possible memory leak in smb2_read()
smb/server: fix possible refcount leak in smb2_sess_setup()
Zi Yan (3):
mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order
mm/huge_memory: fix folio split check for anon folios in swapcache
mm/huge_memory: do not change split_huge_page*() target order silently
Zilin Guan (4):
net/handshake: Fix memory leak in tls_handshake_accept()
binfmt_misc: restore write access before closing files opened by open_exec()
btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe()
btrfs: release root after error in data_reloc_print_warning_inode()
Zqiang (1):
sched_ext: Fix unsafe locking in the scx_dump_state()
1 month, 1 week
- 1
- 1
Linux 6.12.59
by Greg Kroah-Hartman
I'm announcing the release of the 6.12.59 kernel.
All users of the 6.12 kernel series must upgrade.
The updated 6.12.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dts | 4
arch/arm/boot/dts/nxp/imx/imx51-zii-rdu1.dts | 4
arch/arm/crypto/Kconfig | 2
arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2
arch/arm64/boot/dts/rockchip/rk3588-opp.dtsi | 2
arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 2
arch/arm64/kernel/probes/kprobes.c | 5
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/pgtable.h | 11
arch/loongarch/kernel/traps.c | 4
arch/loongarch/kvm/timer.c | 2
arch/loongarch/kvm/vcpu.c | 5
arch/riscv/Makefile | 2
arch/riscv/kernel/cpu-hotplug.c | 1
arch/riscv/kernel/setup.c | 7
arch/x86/kernel/acpi/cppc.c | 2
arch/x86/kernel/cpu/microcode/amd.c | 1
arch/x86/kvm/svm/svm.c | 4
arch/x86/kvm/vmx/common.h | 34
arch/x86/kvm/vmx/vmx.c | 25
drivers/acpi/cppc_acpi.c | 6
drivers/acpi/numa/hmat.c | 46
drivers/acpi/numa/srat.c | 2
drivers/bluetooth/btusb.c | 13
drivers/crypto/hisilicon/qm.c | 2
drivers/edac/altera_edac.c | 22
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 12
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4
drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2
drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 12
drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5
drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4
drivers/gpu/drm/i915/i915_vma.c | 16
drivers/gpu/drm/mediatek/mtk_crtc.c | 7
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5
drivers/gpu/drm/xe/xe_device.c | 14
drivers/gpu/drm/xe/xe_guc_ct.c | 3
drivers/hid/hid-ids.h | 4
drivers/hid/hid-logitech-hidpp.c | 21
drivers/hid/hid-nintendo.c | 2
drivers/hid/hid-ntrig.c | 7
drivers/hid/hid-playstation.c | 2
drivers/hid/hid-quirks.c | 2
drivers/hid/hid-uclogic-params.c | 4
drivers/iommu/iommufd/io_pagetable.c | 12
drivers/iommu/iommufd/ioas.c | 4
drivers/irqchip/irq-riscv-intc.c | 3
drivers/isdn/hardware/mISDN/hfcsusb.c | 18
drivers/mmc/host/dw_mmc-rockchip.c | 4
drivers/mmc/host/sdhci-of-dwcmshc.c | 2
drivers/mtd/nand/onenand/onenand_samsung.c | 2
drivers/net/dsa/sja1105/sja1105_static_config.c | 6
drivers/net/ethernet/freescale/fec_main.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 33
drivers/net/ethernet/ti/am65-cpsw-qos.c | 51
drivers/net/phy/mdio_bus.c | 5
drivers/net/phy/micrel.c | 515 ++++++----
drivers/net/virtio_net.c | 16
drivers/net/wireless/ath/ath11k/pci.c | 2
drivers/net/wireless/ath/ath11k/wmi.c | 3
drivers/pmdomain/arm/scmi_pm_domain.c | 13
drivers/pmdomain/imx/gpc.c | 2
drivers/pmdomain/samsung/exynos-pm-domains.c | 11
drivers/regulator/fixed.c | 1
drivers/spi/spi.c | 10
drivers/uio/uio_hv_generic.c | 32
fs/btrfs/inode.c | 4
fs/btrfs/scrub.c | 2
fs/btrfs/tree-log.c | 2
fs/btrfs/zoned.c | 4
fs/erofs/decompressor_zstd.c | 11
fs/exfat/namei.c | 6
fs/ext4/inode.c | 5
fs/ext4/xattr.c | 32
fs/ext4/xattr.h | 10
fs/f2fs/compress.c | 2
fs/fuse/virtio_fs.c | 2
fs/hostfs/hostfs_kern.c | 29
fs/namespace.c | 32
fs/nfs/dir.c | 23
fs/nfs/inode.c | 18
fs/nfs/nfs3client.c | 14
fs/nfs/nfs4client.c | 15
fs/nfs/nfs4proc.c | 22
fs/nfs/pnfs_nfs.c | 34
fs/nfs/sysfs.c | 1
fs/nfs/write.c | 3
fs/nfsd/nfs4state.c | 3
fs/nfsd/nfs4xdr.c | 3
fs/nfsd/nfsd.h | 1
fs/nfsd/nfsfh.c | 6
fs/nilfs2/segment.c | 7
fs/proc/base.c | 12
fs/proc/generic.c | 12
fs/proc/task_mmu.c | 8
fs/proc/task_nommu.c | 4
fs/smb/client/fs_context.c | 2
fs/smb/client/smb2inode.c | 2
fs/smb/client/transport.c | 2
fs/smb/server/smb2pdu.c | 2
fs/smb/server/transport_tcp.c | 5
include/linux/compiler_types.h | 5
include/linux/filter.h | 20
include/linux/huge_mm.h | 21
include/linux/kvm_host.h | 7
include/linux/map_benchmark.h | 1
include/linux/netpoll.h | 1
include/linux/nfs_xdr.h | 1
include/net/bluetooth/mgmt.h | 2
include/net/cfg80211.h | 78 +
include/net/tc_act/tc_connmark.h | 1
include/uapi/linux/mount.h | 2
io_uring/napi.c | 19
kernel/bpf/trampoline.c | 5
kernel/bpf/verifier.c | 6
kernel/crash_core.c | 2
kernel/gcov/gcc_4_7.c | 4
kernel/power/swap.c | 17
kernel/sched/ext.c | 4
kernel/trace/ftrace.c | 20
mm/filemap.c | 20
mm/huge_memory.c | 32
mm/ksm.c | 113 ++
mm/memory.c | 23
mm/mm_init.c | 2
mm/percpu.c | 8
mm/secretmem.c | 2
mm/shmem.c | 9
mm/slub.c | 6
mm/truncate.c | 27
net/bluetooth/6lowpan.c | 97 +
net/bluetooth/l2cap_core.c | 1
net/bluetooth/mgmt.c | 260 +++--
net/bluetooth/mgmt_util.c | 46
net/bluetooth/mgmt_util.h | 3
net/core/netpoll.c | 56 -
net/handshake/tlshd.c | 1
net/hsr/hsr_device.c | 3
net/ipv4/route.c | 5
net/mac80211/chan.c | 2
net/mac80211/ieee80211_i.h | 4
net/mac80211/iface.c | 14
net/mac80211/link.c | 4
net/mac80211/mlme.c | 18
net/mac80211/rx.c | 10
net/mptcp/protocol.c | 36
net/netfilter/nf_tables_api.c | 66 -
net/sched/act_bpf.c | 6
net/sched/act_connmark.c | 30
net/sched/act_ife.c | 12
net/sched/cls_bpf.c | 6
net/sched/sch_generic.c | 17
net/sctp/transport.c | 13
net/smc/smc_clc.c | 1
net/strparser/strparser.c | 2
net/tipc/net.c | 2
net/unix/garbage.c | 14
net/wireless/core.c | 56 +
net/wireless/trace.h | 21
rust/Makefile | 16
sound/pci/hda/hda_component.c | 4
sound/soc/codecs/cs4271.c | 10
sound/soc/codecs/lpass-va-macro.c | 2
sound/soc/codecs/max98090.c | 6
sound/soc/codecs/tas2781-i2c.c | 9
sound/usb/endpoint.c | 5
sound/usb/mixer.c | 2
tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 4
tools/testing/selftests/iommu/iommufd.c | 2
tools/testing/selftests/net/forwarding/local_termination.sh | 2
tools/testing/selftests/net/mptcp/mptcp_connect.c | 18
tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2
tools/testing/selftests/net/mptcp/mptcp_join.sh | 90 -
tools/testing/selftests/net/mptcp/mptcp_lib.sh | 21
tools/testing/selftests/user_events/perf_test.c | 2
virt/kvm/guest_memfd.c | 89 +
182 files changed, 2089 insertions(+), 907 deletions(-)
Abdun Nihaal (3):
HID: playstation: Fix memory leak in dualshock4_get_calibration_data()
HID: uclogic: Fix potential memory leak in error path
isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
Aksh Garg (2):
net: ethernet: ti: am65-cpsw-qos: fix IET verify/response timeout
net: ethernet: ti: am65-cpsw-qos: fix IET verify retry mechanism
Al Viro (1):
simplify nfs_atomic_open_v23()
Alexander Sverdlin (1):
selftests: net: local_termination: Wait for interfaces to come up
Alok Tiwari (1):
virtio-fs: fix incorrect check for fsvq->kobj
Anand Moon (1):
arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1
Andrei Vagin (1):
fs/namespace: correctly handle errors returned by grab_requested_mnt_ns
André Draszik (1):
pmdomain: samsung: plug potential memleak during probe
Ankit Khushwaha (1):
selftests/user_events: fix type cast for write_index packed member in perf_test
Balasubramani Vivekanandan (1):
drm/xe/guc: Synchronize Dead CT worker with unbind
Benjamin Berg (3):
wifi: mac80211: skip rate verification for not captured PSDUs
wifi: cfg80211: add an hrtimer based delayed work item
wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work
Bibo Mao (2):
LoongArch: KVM: Restore guest PMU if it is enabled
LoongArch: KVM: Add delay until timer interrupt injected
Borislav Petkov (AMD) (1):
x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
Breno Leitao (3):
net: netpoll: Individualize the skb pool
net: netpoll: flush skb pool during cleanup
net: netpoll: fix incorrect refcount handling causing incorrect cleanup
Buday Csaba (1):
net: mdio: fix resource leak in mdiobus_register_device()
Chao Yu (1):
f2fs: fix to avoid overflow while left shift operation
Christian König (2):
drm/amdgpu: remove two invalid BUG_ON()s
drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Chuang Wang (1):
ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
Chuck Lever (1):
NFSD: Skip close replay processing if XDR encoding fails
D. Wythe (1):
net/smc: fix mismatch between CLC header and proposal
Dai Ngo (1):
NFS: Fix LTP test failures when timestamps are delegated
Dan Carpenter (1):
mtd: onenand: Pass correct pointer to IRQ handler
Danil Skrebenkov (1):
RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors
Dave Jiang (1):
acpi/hmat: Fix lockdep warning for hmem_register_resource()
Denis Arefev (1):
ALSA: hda: Fix missing pointer check in hda_component_manager_init function
Dragan Simic (1):
arm64: dts: rockchip: Make RK3588 GPU OPP table naming less generic
Eduard Zingerman (1):
bpf: account for current allocated stack depth in widen_imprecise_scalars()
Edward Adam Davis (2):
nilfs2: avoid having an active sc_timer before freeing sci
cifs: client: fix memory leak in smb3_fs_context_parse_param
Eric Biggers (1):
lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
Eric Dumazet (4):
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
net_sched: act_connmark: use RCU in tcf_connmark_dump()
net_sched: limit try_bulk_dequeue_skb() batches
bpf: Add bpf_prog_run_data_pointers()
Felix Maurer (1):
hsr: Fix supervision frame sending on HSRv0
Feng Jiang (1):
riscv: Build loader.bin exclusively for Canaan K210
Filipe Manana (1):
btrfs: do not update last_log_commit when logging inode due to a new name
Gal Pressman (3):
net/mlx5e: Fix maxrate wraparound in threshold between units
net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
net/mlx5e: Fix potentially misleading debug message
Gao Xiang (1):
erofs: avoid infinite loop due to incomplete zstd-compressed data
Gautham R. Shenoy (4):
ACPI: CPPC: Detect preferred core availability on online CPUs
ACPI: CPPC: Check _CPC validity for only the online CPUs
ACPI: CPPC: Perform fast check switch only for online CPUs
ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
Greg Kroah-Hartman (1):
Linux 6.12.59
Haein Lee (1):
ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
Han Gao (1):
riscv: acpi: avoid errors caused by probing DT devices when ACPI is used
Hans de Goede (1):
spi: Try to get ACPI GPIO IRQ earlier
Hao Ge (1):
codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext
Haotian Zhang (3):
regulator: fixed: fix GPIO descriptor leak on register failure
ASoC: cs4271: Fix regulator leak on probe failure
ASoC: codecs: va-macro: fix resource leak in probe error path
Henrique Carvalho (1):
smb: client: fix cifs_pick_channel when channel needs reconnect
Hongbo Li (1):
hostfs: Fix only passing host root in boot stage with new mount
Horatiu Vultur (4):
net: phy: micrel: Introduce lanphy_modify_page_reg
net: phy: micrel: Replace hardcoded pages with defines
net: phy: micrel: lan8814 fix reset of the QSGMII interface
net: phy: micrel: Fix lan8814_config_init
Huacai Chen (2):
LoongArch: Use correct accessor to read FWPC/MWPC
LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY
Ian Forbes (1):
drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
Isaac J. Manjarres (1):
mm/mm_init: fix hash table order logging in alloc_large_system_hash()
Jaehun Gou (1):
exfat: fix improper check of dentry.stream.valid_size
Janusz Krzysztofik (1):
drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
Jason Gunthorpe (1):
iommufd: Make vfio_compat's unmap succeed if the range is already empty
Jason-JH Lin (1):
drm/mediatek: Add pm_runtime support for GCE power control
Jesse.Zhang (1):
drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
Jialin Wang (1):
proc: proc_maps_open allow proc_mem_open to return NULL
Jihed Chaibi (1):
ARM: dts: imx51-zii-rdu1: Fix audmux node names
Johannes Berg (1):
wifi: mac80211: reject address change while connecting
John Sperbeck (1):
net: netpoll: ensure skb_pool list is always initialized
Jonathan Kim (1):
drm/amdkfd: relax checks for over allocation of save area
Joshua Rogers (1):
ksmbd: close accepted socket when per-IP limit rejects connection
Joshua Watt (2):
NFS4: Fix state renewals missing after boot
NFS4: Apply delay_retrans to async operations
Jouni Högander (1):
drm/xe: Do clean shutdown also when using flr
Kairui Song (1):
mm/shmem: fix THP allocation and fallback loop
Kiryl Shutsemau (2):
mm/memory: do not populate page table entries beyond i_size
mm/truncate: unmap large folio on split failure
Kuniyuki Iwashima (2):
tipc: Fix use-after-free in tipc_mon_reinit_self().
af_unix: Initialise scc_index in unix_add_edge().
Lance Yang (1):
mm/secretmem: fix use-after-free race in fault handler
Long Li (1):
uio_hv_generic: Set event for all channels on the device
Luiz Augusto von Dentz (1):
Bluetooth: MGMT: Fix possible UAFs
Manivannan Sadhasivam (1):
wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
Mario Limonciello (1):
drm/amd: Fix suspend failure with secure display TA
Mario Limonciello (AMD) (2):
PM: hibernate: Emit an error when image writing fails
PM: hibernate: Use atomic64_t for compressed_size variable
Masami Ichikawa (1):
HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
Matthieu Baerts (NGI0) (6):
selftests: mptcp: connect: fix fallback note due to OoO
selftests: mptcp: join: rm: set backup flag
selftests: mptcp: join: endpoints: longer transfer
selftests: mptcp: connect: trunc: read all recv data
selftests: mptcp: join: userspace: longer transfer
selftests: mptcp: join: properly kill background tasks
Miaoqian Lin (2):
crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value
pmdomain: imx: Fix reference count leak in imx_gpc_remove
Michal Hocko (1):
mm, percpu: do not consider sleepable allocations atomic
Miguel Ojeda (2):
rust: kbuild: treat `build_error` and `rustdoc` as kernel objects
rust: kbuild: workaround `rustdoc` doctests modifier bug
Naohiro Aota (1):
btrfs: zoned: fix conventional zone capacity calculation
Nate Karstens (1):
strparser: Fix signed/unsigned mismatch bug
NeilBrown (1):
nfsd: fix refcount leak in nfsd_set_fh_dentry()
Nick Hu (1):
irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops
Nicolas Escande (1):
wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
Niravkumar L Rabara (2):
EDAC/altera: Handle OCRAM ECC enable after warm reset
EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
Oleg Makarenko (1):
HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel
Olga Kornievskaia (2):
nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes
NFSD: free copynotify stateid in nfs4_free_ol_stateid()
Olivier Langlois (1):
io_uring/napi: fix io_napi_entry RCU accesses
Pablo Neira Ayuso (2):
Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications"
netfilter: nf_tables: reject duplicate device on updates
Paolo Abeni (1):
mptcp: fix MSG_PEEK stream corruption
Pauli Virtanen (6):
Bluetooth: MGMT: cancel mesh send timer when hdev removed
Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
Bluetooth: L2CAP: export l2cap_chan_hold for modules
Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
Pedro Demarchi Gomes (1):
ksm: use range-walk function to jump over holes in scan_get_next_rmap_item
Penglei Jiang (1):
proc: fix the issue of proc_mem_open returning NULL
Peter Oberparleiter (1):
gcov: add support for GCC 15
Peter Zijlstra (1):
compiler_types: Move unused static inline functions warning to W=2
Qinxin Xia (1):
dma-mapping: benchmark: Restore padding to ensure uABI remained consistent
Rafał Miłecki (1):
ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY
Ranganath V N (2):
net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
Raphael Pinsonneault-Thibeault (1):
Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
Scott Mayhew (1):
NFS: check if suid/sgid was cleared after a write as needed
Sean Christopherson (3):
KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn()
KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying
KVM: VMX: Split out guts of EPT violation to common/exposed function
Sharique Mohammad (1):
ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
Shawn Lin (2):
mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
mmc: dw_mmc-rockchip: Fix wrong internal phase calculate
Shenghao Ding (1):
ASoC: tas2781: fix getting the wrong device number
Shuai Xue (1):
acpi,srat: Fix incorrect device handle check for Generic Initiator
Shuhao Fu (1):
smb: client: fix refcount leak in smb2_set_path_attr
Song Liu (1):
ftrace: Fix BPF fexit with livepatch
Sourabh Jain (1):
crash: fix crashkernel resource shrink
Steven Rostedt (1):
selftests/tracing: Run sample events to clear page cache events
Stuart Hayhurst (1):
HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL
Sudeep Holla (1):
pmdomain: arm: scmi: Fix genpd leak on provider registration failure
Sukrit Bhatnagar (1):
KVM: VMX: Fix check for valid GVA on an EPT violation
Takashi Iwai (1):
ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
Tejas Upadhyay (1):
drm/xe: Move declarations under conditional branch
Tianyang Zhang (1):
LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY
Timur Kristóf (1):
drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
Tristan Lobb (1):
HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
Trond Myklebust (4):
pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS
NFSv2/v3: Fix error handling in nfs_atomic_open_v23()
NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
Umesh Nerlige Ramappa (1):
drm/i915: Fix conversion between clock ticks and nanoseconds
Vicki Pfau (1):
HID: nintendo: Wait longer for initial probe
Vitaly Prosyak (1):
drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces
Vladimir Oltean (1):
net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()
Wei Fang (1):
net: fec: correct rx_bytes statistic for the case SHIFT16 is set
Wei Yang (1):
fs/proc: fix uaf in proc_readdir_de()
Xi Ruoyao (1):
rust: Add -fno-isolate-erroneous-paths-dereference to bindgen_skip_c_flags
Xuan Zhuo (1):
virtio-net: fix incorrect flags recording in big mode
Yan Zhao (1):
KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file
Yang Shi (1):
arm64: kprobes: check the return value of set_memory_rox()
Yang Xiuwei (1):
NFS: sysfs: fix leak when nfs_client kobject add fails
Ye Bin (2):
ext4: introduce ITAIL helper
ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
Yosry Ahmed (1):
KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
ZhangGuoDong (2):
smb/server: fix possible memory leak in smb2_read()
smb/server: fix possible refcount leak in smb2_sess_setup()
Zi Yan (2):
mm/huge_memory: do not change split_huge_page*() target order silently
mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order
Zilin Guan (3):
net/handshake: Fix memory leak in tls_handshake_accept()
btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe()
btrfs: release root after error in data_reloc_print_warning_inode()
Zqiang (1):
sched_ext: Fix unsafe locking in the scx_dump_state()
1 month, 1 week
- 1
- 1
Linux 6.6.117
by Greg Kroah-Hartman
I'm announcing the release of the 6.6.117 kernel.
All users of the 6.6 kernel series must upgrade.
The updated 6.6.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/admin-guide/cgroup-v2.rst | 9
MAINTAINERS | 1
Makefile | 2
arch/arc/include/asm/bitops.h | 2
arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dts | 4
arch/arm/boot/dts/nvidia/tegra20-asus-tf101.dts | 5
arch/arm/boot/dts/nxp/imx/imx51-zii-rdu1.dts | 4
arch/arm/crypto/Kconfig | 2
arch/arm/mach-at91/pm_suspend.S | 8
arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2
arch/arm64/boot/dts/xilinx/zynqmp-zcu106-revA.dts | 4
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/pgtable.h | 11
arch/loongarch/kernel/traps.c | 4
arch/mips/boot/dts/lantiq/danube.dtsi | 6
arch/mips/boot/dts/lantiq/danube_easy50712.dts | 4
arch/mips/lantiq/xway/sysctrl.c | 2
arch/powerpc/kernel/eeh_driver.c | 2
arch/riscv/kernel/cpu-hotplug.c | 1
arch/riscv/kernel/entry.S | 18
arch/riscv/kernel/setup.c | 7
arch/riscv/kernel/stacktrace.c | 27
arch/riscv/mm/ptdump.c | 2
arch/riscv/net/bpf_jit_comp64.c | 5
arch/s390/Kconfig | 1
arch/s390/include/asm/pci.h | 1
arch/s390/pci/pci_event.c | 7
arch/s390/pci/pci_irq.c | 9
arch/sparc/include/asm/elf_64.h | 1
arch/sparc/include/asm/io_64.h | 6
arch/sparc/kernel/module.c | 1
arch/um/drivers/ssl.c | 5
arch/x86/entry/vsyscall/vsyscall_64.c | 17
arch/x86/kernel/cpu/microcode/amd.c | 3
arch/x86/kernel/fpu/core.c | 3
arch/x86/kernel/kvm.c | 20
arch/x86/kvm/svm/svm.c | 4
arch/x86/net/bpf_jit_comp.c | 2
block/blk-cgroup.c | 23
drivers/accel/habanalabs/common/memory.c | 2
drivers/accel/habanalabs/gaudi/gaudi.c | 19
drivers/accel/habanalabs/gaudi2/gaudi2.c | 15
drivers/accel/habanalabs/gaudi2/gaudi2_coresight.c | 2
drivers/acpi/acpi_video.c | 4
drivers/acpi/acpica/dsmethod.c | 10
drivers/acpi/button.c | 4
drivers/acpi/cppc_acpi.c | 6
drivers/acpi/numa/hmat.c | 322 +++++--
drivers/acpi/numa/srat.c | 2
drivers/acpi/prmt.c | 19
drivers/acpi/property.c | 24
drivers/acpi/scan.c | 2
drivers/base/node.c | 18
drivers/base/regmap/regmap-slimbus.c | 6
drivers/bluetooth/btmtksdio.c | 12
drivers/bluetooth/btrtl.c | 4
drivers/bluetooth/btusb.c | 30
drivers/bluetooth/hci_bcsp.c | 3
drivers/char/misc.c | 40
drivers/clk/at91/clk-master.c | 3
drivers/clk/at91/clk-sam9x60-pll.c | 75 -
drivers/clk/sunxi-ng/ccu-sun6i-rtc.c | 11
drivers/clk/ti/clk-33xx.c | 2
drivers/clocksource/timer-vf-pit.c | 22
drivers/cpufreq/longhaul.c | 3
drivers/cpufreq/tegra186-cpufreq.c | 27
drivers/cpuidle/cpuidle.c | 8
drivers/cpuidle/governors/menu.c | 73 -
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 1
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 5
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 2
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-prng.c | 1
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-trng.c | 1
drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2
drivers/crypto/aspeed/aspeed-acry.c | 8
drivers/crypto/caam/ctrl.c | 4
drivers/crypto/hisilicon/qm.c | 2
drivers/crypto/intel/qat/qat_common/qat_uclo.c | 2
drivers/dma/dw-edma/dw-edma-core.c | 22
drivers/dma/mv_xor.c | 4
drivers/dma/sh/shdma-base.c | 25
drivers/dma/sh/shdmac.c | 17
drivers/edac/altera_edac.c | 22
drivers/extcon/extcon-adc-jack.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 66 +
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 19
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 10
drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9
drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 23
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14
drivers/gpu/drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c | 16
drivers/gpu/drm/amd/display/dc/core/dc.c | 19
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 14
drivers/gpu/drm/amd/display/dc/dc_helper.c | 5
drivers/gpu/drm/amd/display/dc/dc_stream.h | 3
drivers/gpu/drm/amd/display/dc/dm_services.h | 2
drivers/gpu/drm/amd/display/dc/dml/dcn301/dcn301_fpu.c | 20
drivers/gpu/drm/amd/display/dc/link/link_detection.c | 5
drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c | 9
drivers/gpu/drm/amd/display/include/dal_asic_id.h | 5
drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5
drivers/gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2
drivers/gpu/drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2
drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 12
drivers/gpu/drm/bridge/display-connector.c | 3
drivers/gpu/drm/drm_gem_atomic_helper.c | 6
drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2
drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4
drivers/gpu/drm/i915/i915_vma.c | 16
drivers/gpu/drm/mediatek/mtk_drm_drv.c | 10
drivers/gpu/drm/mediatek/mtk_drm_plane.c | 24
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3
drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10
drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2
drivers/gpu/drm/scheduler/sched_entity.c | 37
drivers/gpu/drm/tidss/tidss_crtc.c | 7
drivers/gpu/drm/tidss/tidss_dispc.c | 16
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5
drivers/hid/hid-asus.c | 6
drivers/hid/hid-ids.h | 6
drivers/hid/hid-ntrig.c | 7
drivers/hid/hid-quirks.c | 2
drivers/hid/hid-uclogic-params.c | 4
drivers/hid/i2c-hid/i2c-hid-acpi.c | 8
drivers/hid/i2c-hid/i2c-hid-core.c | 28
drivers/hid/i2c-hid/i2c-hid.h | 2
drivers/hwmon/asus-ec-sensors.c | 2
drivers/hwmon/dell-smm-hwmon.c | 7
drivers/hwmon/k10temp.c | 10
drivers/hwmon/sbtsi_temp.c | 46 -
drivers/hwmon/sy7636a-hwmon.c | 1
drivers/iio/adc/imx93_adc.c | 18
drivers/iio/adc/spear_adc.c | 9
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11
drivers/infiniband/hw/hns/hns_roce_qp.c | 2
drivers/infiniband/hw/irdma/pble.c | 2
drivers/infiniband/hw/irdma/verbs.c | 4
drivers/infiniband/hw/irdma/verbs.h | 8
drivers/iommu/amd/init.c | 28
drivers/iommu/apple-dart.c | 5
drivers/iommu/intel/debugfs.c | 10
drivers/iommu/intel/perf.c | 10
drivers/iommu/intel/perf.h | 5
drivers/iommu/iommufd/io_pagetable.c | 12
drivers/iommu/iommufd/ioas.c | 4
drivers/irqchip/irq-gic-v2m.c | 13
drivers/irqchip/irq-loongson-pch-lpc.c | 9
drivers/irqchip/irq-riscv-intc.c | 3
drivers/irqchip/irq-sifive-plic.c | 6
drivers/isdn/hardware/mISDN/hfcsusb.c | 18
drivers/media/i2c/Kconfig | 2
drivers/media/i2c/adv7180.c | 48 -
drivers/media/i2c/ir-kbd-i2c.c | 6
drivers/media/i2c/og01a1b.c | 6
drivers/media/i2c/ov08x40.c | 2
drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2
drivers/media/pci/ivtv/ivtv-driver.h | 3
drivers/media/pci/ivtv/ivtv-fileops.c | 18
drivers/media/pci/ivtv/ivtv-irq.c | 4
drivers/media/platform/amphion/vpu_v4l2.c | 7
drivers/media/platform/verisilicon/hantro_drv.c | 2
drivers/media/platform/verisilicon/hantro_v4l2.c | 6
drivers/media/rc/imon.c | 61 -
drivers/media/rc/redrat3.c | 2
drivers/media/tuners/xc4000.c | 8
drivers/media/tuners/xc5000.c | 12
drivers/media/usb/uvc/uvc_driver.c | 15
drivers/memstick/core/memstick.c | 8
drivers/mfd/da9063-i2c.c | 27
drivers/mfd/madera-core.c | 4
drivers/mfd/stmpe-i2c.c | 1
drivers/mfd/stmpe.c | 3
drivers/mmc/host/renesas_sdhi_core.c | 6
drivers/mmc/host/sdhci-msm.c | 15
drivers/mmc/host/sdhci-of-dwcmshc.c | 2
drivers/mtd/nand/onenand/onenand_samsung.c | 2
drivers/net/dsa/b53/b53_common.c | 15
drivers/net/dsa/b53/b53_regs.h | 3
drivers/net/dsa/dsa_loop.c | 9
drivers/net/dsa/microchip/ksz9477.c | 98 +-
drivers/net/dsa/microchip/ksz9477_reg.h | 3
drivers/net/dsa/microchip/ksz_common.c | 4
drivers/net/dsa/microchip/ksz_common.h | 2
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4
drivers/net/ethernet/cadence/macb_main.c | 4
drivers/net/ethernet/freescale/fec_main.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2
drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5
drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2
drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2
drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2
drivers/net/ethernet/intel/ice/ice_main.c | 2
drivers/net/ethernet/intel/ice/ice_trace.h | 10
drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 33
drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 10
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 5
drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 12
drivers/net/ethernet/microchip/lan966x/lan966x_ethtool.c | 18
drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 2
drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 4
drivers/net/ethernet/microchip/lan966x/lan966x_vcap_impl.c | 8
drivers/net/ethernet/microchip/sparx5/Kconfig | 2
drivers/net/ethernet/realtek/Kconfig | 2
drivers/net/ethernet/realtek/r8169_main.c | 6
drivers/net/ethernet/renesas/sh_eth.c | 4
drivers/net/ethernet/sfc/mae.c | 4
drivers/net/ethernet/smsc/smsc911x.c | 14
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 23
drivers/net/ethernet/wangxun/libwx/wx_hw.c | 3
drivers/net/ethernet/wangxun/libwx/wx_type.h | 4
drivers/net/hamradio/6pack.c | 57 -
drivers/net/ipvlan/ipvlan_l3s.c | 1
drivers/net/mdio/of_mdio.c | 1
drivers/net/phy/dp83867.c | 8
drivers/net/phy/fixed_phy.c | 1
drivers/net/phy/marvell.c | 39
drivers/net/phy/mdio_bus.c | 5
drivers/net/phy/phy.c | 13
drivers/net/usb/asix_devices.c | 12
drivers/net/usb/qmi_wwan.c | 6
drivers/net/usb/usbnet.c | 2
drivers/net/virtio_net.c | 41
drivers/net/wireless/ath/ath10k/mac.c | 12
drivers/net/wireless/ath/ath10k/wmi.c | 40
drivers/net/wireless/ath/ath11k/core.c | 54 +
drivers/net/wireless/ath/ath11k/wmi.c | 3
drivers/net/wireless/ath/ath12k/dp.h | 2
drivers/net/wireless/ath/ath12k/mac.c | 34
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 3
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 2
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 1
drivers/net/wireless/realtek/rtw88/sdio.c | 4
drivers/net/wireless/virtual/mac80211_hwsim.c | 7
drivers/ntb/hw/epf/ntb_hw_epf.c | 103 +-
drivers/nvme/host/core.c | 8
drivers/nvme/host/fc.c | 10
drivers/nvme/target/fc.c | 16
drivers/pci/controller/cadence/pcie-cadence-host.c | 2
drivers/pci/controller/cadence/pcie-cadence.c | 4
drivers/pci/controller/cadence/pcie-cadence.h | 6
drivers/pci/controller/dwc/pcie-designware.c | 4
drivers/pci/p2pdma.c | 2
drivers/pci/pci-driver.c | 2
drivers/pci/pci.c | 5
drivers/pci/quirks.c | 3
drivers/phy/cadence/cdns-dphy.c | 4
drivers/phy/renesas/r8a779f0-ether-serdes.c | 28
drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5
drivers/pinctrl/pinctrl-keembay.c | 7
drivers/pinctrl/pinctrl-single.c | 4
drivers/pmdomain/apple/pmgr-pwrstate.c | 1
drivers/pmdomain/samsung/exynos-pm-domains.c | 11
drivers/power/supply/qcom_battmgr.c | 8
drivers/power/supply/sbs-charger.c | 16
drivers/ptp/ptp_clock.c | 13
drivers/regulator/fixed.c | 1
drivers/remoteproc/qcom_q6v5.c | 5
drivers/remoteproc/wkup_m3_rproc.c | 6
drivers/rtc/rtc-pcf2127.c | 19
drivers/rtc/rtc-rx8025.c | 2
drivers/scsi/libfc/fc_encode.h | 2
drivers/scsi/lpfc/lpfc_debugfs.h | 3
drivers/scsi/lpfc/lpfc_els.c | 6
drivers/scsi/lpfc/lpfc_init.c | 7
drivers/scsi/lpfc/lpfc_scsi.c | 14
drivers/scsi/mpi3mr/mpi3mr_fw.c | 10
drivers/scsi/mpt3sas/mpt3sas_transport.c | 3
drivers/scsi/pm8001/pm8001_ctl.c | 24
drivers/scsi/pm8001/pm8001_init.c | 1
drivers/scsi/pm8001/pm8001_sas.h | 4
drivers/soc/aspeed/aspeed-socinfo.c | 4
drivers/soc/qcom/smem.c | 2
drivers/soc/tegra/fuse/fuse-tegra30.c | 122 ++
drivers/spi/spi-loopback-test.c | 12
drivers/spi/spi-rpc-if.c | 2
drivers/spi/spi.c | 10
drivers/tee/tee_core.c | 2
drivers/thunderbolt/tb.c | 2
drivers/ufs/core/ufshcd-crypto.c | 34
drivers/ufs/core/ufshcd-crypto.h | 36
drivers/ufs/core/ufshcd.c | 25
drivers/ufs/host/ufs-mediatek.c | 179 +++-
drivers/ufs/host/ufshcd-pci.c | 70 +
drivers/usb/cdns3/cdnsp-gadget.c | 8
drivers/usb/gadget/function/f_fs.c | 8
drivers/usb/gadget/function/f_hid.c | 4
drivers/usb/gadget/function/f_ncm.c | 3
drivers/usb/host/xhci-plat.c | 1
drivers/usb/mon/mon_bin.c | 14
drivers/vfio/iova_bitmap.c | 5
drivers/vfio/vfio_main.c | 2
drivers/video/backlight/lp855x_bl.c | 2
drivers/video/fbdev/aty/atyfb_base.c | 8
drivers/video/fbdev/core/bitblit.c | 33
drivers/video/fbdev/core/fbcon.c | 19
drivers/video/fbdev/core/fbmem.c | 1
drivers/video/fbdev/pvr2fb.c | 2
drivers/video/fbdev/valkyriefb.c | 2
drivers/watchdog/s3c2410_wdt.c | 10
fs/9p/v9fs.c | 9
fs/btrfs/extent_io.c | 8
fs/btrfs/file.c | 10
fs/btrfs/scrub.c | 2
fs/btrfs/tree-log.c | 2
fs/ceph/dir.c | 3
fs/ceph/file.c | 6
fs/ceph/locks.c | 5
fs/exfat/fatent.c | 11
fs/ext4/fast_commit.c | 2
fs/ext4/xattr.c | 2
fs/f2fs/compress.c | 2
fs/f2fs/extent_cache.c | 6
fs/fuse/inode.c | 11
fs/hpfs/namei.c | 18
fs/jfs/inode.c | 8
fs/jfs/jfs_txnmgr.c | 9
fs/nfs/nfs3client.c | 15
fs/nfs/nfs4client.c | 17
fs/nfs/nfs4proc.c | 15
fs/nfs/nfs4state.c | 3
fs/nfs/pnfs_nfs.c | 34
fs/nfs/sysfs.c | 1
fs/nfs/write.c | 3
fs/nfsd/nfs4proc.c | 7
fs/nfsd/nfs4state.c | 3
fs/ntfs3/inode.c | 1
fs/open.c | 10
fs/orangefs/xattr.c | 12
fs/proc/generic.c | 12
fs/smb/client/cached_dir.c | 16
fs/smb/client/file.c | 115 ++
fs/smb/client/fs_context.c | 2
fs/smb/client/smb2inode.c | 2
fs/smb/client/smb2ops.c | 3
fs/smb/client/smb2pdu.c | 7
fs/smb/client/transport.c | 12
fs/smb/server/smb2pdu.c | 2
fs/smb/server/transport_tcp.c | 12
include/linux/blk_types.h | 11
include/linux/cgroup.h | 1
include/linux/compiler_types.h | 5
include/linux/fbcon.h | 2
include/linux/filter.h | 22
include/linux/map_benchmark.h | 1
include/linux/memcontrol.h | 8
include/linux/memory-tiers.h | 39
include/linux/netpoll.h | 1
include/linux/node.h | 26
include/linux/pci.h | 2
include/linux/shdma-base.h | 2
include/linux/swap.h | 3
include/linux/vm_event_item.h | 1
include/net/bluetooth/hci.h | 1
include/net/bluetooth/hci_core.h | 8
include/net/bluetooth/mgmt.h | 2
include/net/cls_cgroup.h | 2
include/net/gro.h | 3
include/net/nfc/nci_core.h | 2
include/net/tc_act/tc_connmark.h | 1
include/net/xdp.h | 5
include/ufs/ufs_quirks.h | 3
include/ufs/ufshcd.h | 44 +
include/ufs/ufshci.h | 4
kernel/bpf/helpers.c | 2
kernel/bpf/ringbuf.c | 2
kernel/bpf/verifier.c | 6
kernel/cgroup/cgroup.c | 24
kernel/events/uprobes.c | 7
kernel/futex/syscalls.c | 106 +-
kernel/gcov/gcc_4_7.c | 4
kernel/sched/fair.c | 15
kernel/trace/ftrace.c | 2
kernel/trace/trace_events_hist.c | 6
lib/crypto/Makefile | 2
mm/filemap.c | 24
mm/memcontrol.c | 290 +++---
mm/memory-tiers.c | 162 +++
mm/memory.c | 24
mm/mm_init.c | 2
mm/page_io.c | 8
mm/percpu.c | 8
mm/secretmem.c | 2
mm/truncate.c | 27
mm/vmscan.c | 3
mm/vmstat.c | 1
mm/workingset.c | 54 -
mm/zswap.c | 4
net/8021q/vlan.c | 2
net/bluetooth/6lowpan.c | 97 +-
net/bluetooth/hci_event.c | 18
net/bluetooth/hci_sync.c | 21
net/bluetooth/iso.c | 8
net/bluetooth/l2cap_core.c | 1
net/bluetooth/mgmt.c | 7
net/bluetooth/rfcomm/tty.c | 26
net/bluetooth/sco.c | 7
net/bridge/br.c | 5
net/bridge/br_forward.c | 5
net/bridge/br_if.c | 1
net/bridge/br_input.c | 4
net/bridge/br_mst.c | 10
net/bridge/br_private.h | 13
net/core/filter.c | 1
net/core/gro.c | 3
net/core/netpoll.c | 71 -
net/core/page_pool.c | 12
net/core/skbuff.c | 10
net/core/sock.c | 15
net/dsa/dsa.c | 7
net/dsa/tag_brcm.c | 10
net/ethernet/eth.c | 5
net/handshake/tlshd.c | 1
net/hsr/hsr_device.c | 3
net/ipv4/esp4.c | 4
net/ipv4/netfilter/nf_reject_ipv4.c | 25
net/ipv4/nexthop.c | 6
net/ipv4/route.c | 5
net/ipv4/udp_tunnel_nic.c | 2
net/ipv6/addrconf.c | 4
net/ipv6/ah6.c | 50 -
net/ipv6/esp6.c | 4
net/ipv6/netfilter/nf_reject_ipv6.c | 30
net/ipv6/raw.c | 2
net/ipv6/udp.c | 2
net/mac80211/iface.c | 14
net/mac80211/mlme.c | 2
net/mac80211/rx.c | 10
net/mptcp/protocol.c | 54 -
net/mptcp/protocol.h | 2
net/netfilter/nf_tables_api.c | 30
net/rds/rds.h | 2
net/sched/act_bpf.c | 6
net/sched/act_connmark.c | 30
net/sched/act_ife.c | 12
net/sched/cls_bpf.c | 6
net/sched/sch_generic.c | 17
net/sctp/diag.c | 21
net/sctp/transport.c | 13
net/smc/smc_clc.c | 1
net/strparser/strparser.c | 2
net/tipc/net.c | 2
net/unix/garbage.c | 14
net/xfrm/espintcp.c | 4
security/integrity/ima/ima_appraise.c | 23
sound/drivers/serial-generic.c | 12
sound/pci/hda/patch_realtek.c | 17
sound/soc/codecs/cs4271.c | 10
sound/soc/codecs/lpass-va-macro.c | 2
sound/soc/codecs/max98090.c | 6
sound/soc/codecs/tas2781-i2c.c | 9
sound/soc/codecs/tlv320aic3x.c | 32
sound/soc/fsl/fsl_sai.c | 3
sound/soc/intel/avs/pcm.c | 2
sound/soc/meson/aiu-encoder-i2s.c | 9
sound/soc/qcom/qdsp6/q6asm.c | 2
sound/soc/qcom/sc8280xp.c | 3
sound/soc/stm/stm32_sai_sub.c | 8
sound/usb/endpoint.c | 5
sound/usb/mixer.c | 9
sound/usb/mixer_s1810c.c | 28
sound/usb/validate.c | 9
tools/bpf/bpftool/btf_dumper.c | 2
tools/bpf/bpftool/prog.c | 2
tools/include/linux/bitmap.h | 1
tools/lib/bpf/bpf_tracing.h | 2
tools/lib/thermal/Makefile | 9
tools/perf/util/symbol.c | 1
tools/power/cpupower/lib/cpuidle.c | 5
tools/power/cpupower/lib/cpupower.c | 2
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 30
tools/testing/selftests/Makefile | 2
tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2
tools/testing/selftests/bpf/test_xsk.sh | 2
tools/testing/selftests/drivers/net/netdevsim/Makefile | 21
tools/testing/selftests/drivers/net/netdevsim/settings | 1
tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 4
tools/testing/selftests/iommu/iommufd.c | 2
tools/testing/selftests/net/fcnal-test.sh | 432 +++++-----
tools/testing/selftests/net/forwarding/local_termination.sh | 2
tools/testing/selftests/net/gro.c | 101 ++
tools/testing/selftests/net/mptcp/mptcp_connect.c | 18
tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2
tools/testing/selftests/net/mptcp/mptcp_join.sh | 54 -
tools/testing/selftests/net/psock_tpacket.c | 4
tools/testing/selftests/net/traceroute.sh | 13
tools/testing/selftests/user_events/perf_test.c | 2
usr/include/headers_check.pl | 2
503 files changed, 4860 insertions(+), 2077 deletions(-)
Aaron Kling (1):
cpufreq: tegra186: Initialize all cores to max frequencies
Abdun Nihaal (4):
sfc: fix potential memory leak in efx_mae_process_mport()
Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2()
HID: uclogic: Fix potential memory leak in error path
isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
Adrian Hunter (3):
scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers
scsi: ufs: core: Add a quirk to suppress link_startup_again
scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL
Akhil P Oommen (1):
drm/msm/a6xx: Fix GMU firmware parser
Al Viro (3):
allow finish_no_open(file, ERR_PTR(-E...))
sparc64: fix prototypes of reads[bwl]()
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
Albin Babu Varghese (1):
fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
Aleksander Jan Bajkowski (5):
mips: lantiq: danube: add missing properties to cpu node
mips: lantiq: danube: add model to EASY50712 dts
mips: lantiq: danube: add missing device_type in pci node
mips: lantiq: xway: sysctrl: rename stp clock
mips: lantiq: danube: rename stp node on EASY50712 reference board
Alex Deucher (4):
drm/amd/display: add more cyan skillfish devices
drm/amd: add more cyan skillfish PCI ids
drm/amdgpu: don't enable SMU on cyan skillfish
drm/amdgpu: add support for cyan skillfish gpu_info
Alex Hung (1):
drm/amd/display: Fix black screen with HDMI outputs
Alex Mastro (1):
vfio: return -ENOTTY for unsupported device feature
Alexander Stein (2):
mfd: stmpe: Remove IRQ domain upon removal
mfd: stmpe-i2c: Add missing MODULE_LICENSE
Alexander Sverdlin (1):
selftests: net: local_termination: Wait for interfaces to come up
Alexey Klimov (2):
regmap: slimbus: fix bus_context pointer in regmap init calls
ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup()
Alice Chao (2):
scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO mode change
scsi: ufs: host: mediatek: Fix invalid access in vccqx handling
Alistair Francis (1):
nvme: Use non zero KATO for persistent discovery connections
Alok Tiwari (2):
udp_tunnel: use netdev_warn() instead of netdev_WARN()
scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
Amber Lin (1):
drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
Amery Hung (1):
bpf: Clear pfmemalloc flag when freeing all fragments
Amirreza Zarrabi (1):
tee: allow a driver to allocate a tee_device without a pool
Anand Moon (1):
arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1
Andreas Kemnade (1):
hwmon: sy7636a: add alias
Andrew Davis (1):
remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper
Andrii Nakryiko (1):
libbpf: Fix powerpc's stack register definition in bpf_tracing.h
André Draszik (1):
pmdomain: samsung: plug potential memleak during probe
Ankit Khushwaha (1):
selftests/user_events: fix type cast for write_index packed member in perf_test
Antheas Kapenekakis (1):
HID: asus: add Z13 folio to generic group for multitouch to work
Anthony Iliopoulos (1):
NFSv4.1: fix mount hang after CREATE_SESSION failure
Anton Blanchard (1):
riscv: Improve exception and system call latency
Antonino Maniscalco (1):
drm/msm: make sure to not queue up recovery more than once
Anubhav Singh (2):
selftests/net: fix out-of-order delivery of FIN in gro:tcp test
selftests/net: use destination options instead of hop-by-hop
Ariel D'Alessandro (1):
drm/mediatek: Disable AFBC support on Mediatek DRM driver
Arkadiusz Bokowy (1):
Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
Armin Wolf (1):
hwmon: (dell-smm) Add support for Dell OptiPlex 7040
Arnd Bergmann (1):
mfd: madera: Work around false-positive -Wininitialized warning
Arseniy Krasnov (1):
Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'
Ashish Kalra (1):
iommu/amd: Skip enabling command/event buffers for kdump
Avadhut Naik (1):
hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models
Baochen Qiang (1):
Revert "wifi: ath10k: avoid unnecessary wait for service ready message"
Bart Van Assche (1):
scsi: ufs: core: Disable timestamp functionality if not supported
Bartosz Golaszewski (1):
pinctrl: keembay: release allocated memory in detach path
Ben Copeland (1):
hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
Benjamin Berg (1):
wifi: mac80211: skip rate verification for not captured PSDUs
Benjamin Lin (1):
wifi: mt76: mt7996: Temporarily disable EPCS
Biju Das (2):
mmc: host: renesas_sdhi: Fix the actual clock
spi: rpc-if: Add resume support for RZ/G3E
Borislav Petkov (AMD) (1):
x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
Brahmajit Das (1):
net: intel: fm10k: Fix parameter idx set but not used
Breno Leitao (4):
net: netpoll: Individualize the skb pool
net: netpoll: flush skb pool during cleanup
net: netpoll: fix incorrect refcount handling causing incorrect cleanup
memcg: fix data-race KCSAN bug in rstats
Bruno Thomsen (1):
rtc: pcf2127: fix watchdog interrupt mask on pcf2131
Buday Csaba (1):
net: mdio: fix resource leak in mdiobus_register_device()
Bui Quang Minh (1):
virtio-net: fix received length check in big packets
Carolina Jubran (1):
net/mlx5e: Don't query FEC statistics when FEC is disabled
Cen Zhang (1):
Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
Cezary Rojewski (1):
ASoC: Intel: avs: Unprepare a stream when XRUN occurs
Chandrakanth Patil (1):
scsi: mpi3mr: Fix controller init failure on fault during queue creation
Chang S. Bae (1):
x86/fpu: Ensure XFD state on signal delivery
Chao Yu (1):
f2fs: fix to avoid overflow while left shift operation
Charalampos Mitrodimas (1):
net: ipv6: fix field-spanning memcpy warning in AH output
Chelsy Ratnawat (1):
media: fix uninitialized symbol warnings
Chen Wang (1):
PCI: cadence: Check for the existence of cdns_pcie::ops before using it
Chen Yufeng (1):
usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget
Chen-Yu Tsai (1):
clk: sunxi-ng: sun6i-rtc: Add A523 specifics
Chenghao Duan (1):
riscv: bpf: Fix uninitialized symbol 'retval_off'
Chi Zhang (1):
pinctrl: single: fix bias pull up/down handling in pin_config_set
Chi Zhiling (1):
exfat: limit log print for IO error
Chris Lu (1):
Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset
Christian Bruel (1):
irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
Christian König (1):
drm/amdgpu: reject gang submissions under SRIOV
Christoph Paasch (1):
net: When removing nexthops, don't call synchronize_net if it is not necessary
Christopher Ruehl (1):
power: supply: qcom_battmgr: add OOI chemistry
Chuande Chen (1):
hwmon: (sbtsi_temp) AMD CPU extended temperature range support
Chuang Wang (1):
ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
Chuck Lever (1):
NFSD: Fix crash in nfsd4_read_release()
ChunHao Lin (1):
r8169: set EEE speed down ratio to 1
Chunyan Zhang (1):
riscv: stacktrace: Disable KASAN checks for non-current tasks
Clay King (1):
drm/amd/display: ensure committing streams is seamless
Clément Léger (1):
riscv: stacktrace: fix backtracing through exceptions
Coiby Xu (1):
ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
Colin Foster (1):
smsc911x: add second read of EEPROM mac when possible corruption seen
Cryolitia PukNgae (1):
ALSA: usb-audio: apply quirk for MOONDROP Quark2
D. Wythe (1):
net/smc: fix mismatch between CLC header and proposal
Damien Le Moal (2):
block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
block: make REQ_OP_ZONE_OPEN a write operation
Dan Carpenter (1):
mtd: onenand: Pass correct pointer to IRQ handler
Daniel Lezcano (1):
clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel
Daniel Palmer (2):
fbdev: atyfb: Check if pll_ops->init_pll failed
eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP
Daniel Wagner (2):
nvmet-fc: avoid scheduling association deletion twice
nvme-fc: use lock accessing port_state and rport state
Danil Skrebenkov (1):
RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors
Dave Jiang (8):
base/node / acpi: Change 'node_hmem_attrs' to 'access_coordinates'
acpi: numa: Create enum for memory_target access coordinates indexing
acpi: numa: Add genport target allocation to the HMAT parsing
acpi: Break out nesting for hmat_parse_locality()
acpi: numa: Add setting of generic port system locality attributes
base/node / ACPI: Enumerate node access class for 'struct access_coordinate'
acpi/hmat: Fix lockdep warning for hmem_register_resource()
ACPI: HMAT: Remove register of memory node for generic target
David Ahern (2):
selftests: Disable dad for ipv6 in fcnal-test.sh
selftests: Replace sleep with slowwait
David Francis (1):
drm/amdgpu: Allow kfd CRIU with no buffer objects
David Howells (1):
cifs: Fix uncached read into ITER_KVEC iterator
David Wei (1):
netdevsim: add Makefile for selftests
Dennis Beier (1):
cpufreq/longhaul: handle NULL policy in longhaul_exit
Devendra K Verma (1):
dmaengine: dw-edma: Set status for callback_result
Dmitry Baryshkov (1):
drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
Domenico Cerasuolo (1):
mm: memcg: add per-memcg zswap writeback stat
Dragos Tatulea (2):
page_pool: Clamp pool size to max 16K pages
net/mlx5e: SHAMPO, Fix skb size check for 64K pages
Eduard Zingerman (1):
bpf: account for current allocated stack depth in widen_imprecise_scalars()
Edward Adam Davis (1):
cifs: client: fix memory leak in smb3_fs_context_parse_param
Emanuele Ghidoli (1):
net: phy: dp83867: Disable EEE support as not implemented
Emil Dahl Juhl (1):
tools: lib: thermal: don't preserve owner in install
Eric Biggers (6):
lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
scsi: ufs: core: Add UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE
scsi: ufs: core: fold ufshcd_clear_keyslot() into its caller
scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE
scsi: ufs: core: Add fill_crypto_prdt variant op
scsi: ufs: core: Add UFSHCD_QUIRK_KEYS_IN_PRDT
Eric Dumazet (7):
net: call cond_resched() less often in __release_sock()
ipv6: np->rxpmtu race annotation
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
net_sched: act_connmark: use RCU in tcf_connmark_dump()
net_sched: limit try_bulk_dequeue_skb() batches
bpf: Add bpf_prog_run_data_pointers()
netpoll: remove netpoll_srcu
Eric Huang (1):
drm/amdkfd: fix vram allocation failure for a special case
Fabien Proriol (1):
power: supply: sbs-charger: Support multiple devices
Farhan Ali (1):
s390/pci: Restore IRQ unconditionally for the zPCI device
Felix Maurer (1):
hsr: Fix supervision frame sending on HSRv0
Fenglin Wu (1):
power: supply: qcom_battmgr: handle charging state change notifications
Filipe Manana (1):
btrfs: do not update last_log_commit when logging inode due to a new name
Fiona Ebner (1):
smb: client: transport: avoid reconnects triggered by pending task work
Florian Fuchs (1):
fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
Florian Westphal (1):
netfilter: nf_reject: don't reply to icmp error messages
Forest Crossman (1):
usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
Francisco Gutierrez (1):
scsi: pm80xx: Fix race condition caused by static variables
Gal Pressman (5):
net/mlx5e: Use extack in get module eeprom by page callback
net/mlx5e: Fix return value in case of module EEPROM read error
net/mlx5e: Fix maxrate wraparound in threshold between units
net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
net/mlx5e: Fix potentially misleading debug message
Gaurav Jain (1):
crypto: caam - double the entropy delay interval for retry
Gautham R. Shenoy (3):
ACPI: CPPC: Check _CPC validity for only the online CPUs
ACPI: CPPC: Perform fast check switch only for online CPUs
ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
Geert Uytterhoeven (1):
kbuild: uapi: Strip comments before size type check
Geoffrey McRae (1):
drm/amdkfd: return -ENOTTY for unsupported IOCTLs
Gerd Bayer (1):
s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump
Gokul Sivakumar (1):
wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode
Greg Kroah-Hartman (1):
Linux 6.6.117
Haein Lee (1):
ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
Haibo Chen (1):
iio: adc: imx93_adc: load calibrated values even calibration failed
Han Gao (1):
riscv: acpi: avoid errors caused by probing DT devices when ACPI is used
Hangbin Liu (1):
net: vlan: sync VLAN features with lower device
Hans de Goede (3):
ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method()
spi: Try to get ACPI GPIO IRQ earlier
Hao Yao (1):
media: ov08x40: Fix the horizontal flip control
Haotian Zhang (4):
crypto: aspeed - fix double free caused by devm
regulator: fixed: fix GPIO descriptor leak on register failure
ASoC: cs4271: Fix regulator leak on probe failure
ASoC: codecs: va-macro: fix resource leak in probe error path
Harikrishna Shenoy (1):
phy: cadence: cdns-dphy: Enable lower resolutions in dphy
Hector Martin (1):
iommu/apple-dart: Clear stream error indicator bits for T8110 DARTs
Heiko Carstens (1):
s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP
Heiner Kallweit (1):
net: phy: fixed_phy: let fixed_phy_unregister free the phy_device
Henrique Carvalho (3):
smb: client: fix potential cfid UAF in smb2_query_info_compound
smb: client: fix potential UAF in smb2_close_cached_fid()
smb: client: fix cifs_pick_channel when channel needs reconnect
Horatiu Vultur (1):
lan966x: Fix sleeping in atomic context
Hoyoung Seo (1):
scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS
Huacai Chen (2):
LoongArch: Use correct accessor to read FWPC/MWPC
LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY
Huang Ying (3):
memory tiering: add abstract distance calculation algorithms management
acpi, hmat: refactor hmat_register_target_initiators()
acpi, hmat: calculate abstract distance with HMAT
Ian Forbes (1):
drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
Ian Rogers (1):
tools bitmap: Add missing asm-generic/bitsperlong.h include
Ido Schimmel (2):
bridge: Redirect to backup port when port is administratively down
selftests: traceroute: Use require_command()
Ilan Peer (1):
wifi: mac80211: Fix HE capabilities element check
Ilia Gavrilov (1):
Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
Inochi Amaoto (1):
irqchip/sifive-plic: Respect mask state when setting affinity
Isaac J. Manjarres (1):
mm/mm_init: fix hash table order logging in alloc_large_system_hash()
Ivan Pravdin (1):
Bluetooth: bcsp: receive data only if registered
Jacob Moroni (3):
RDMA/irdma: Fix SD index calculation
RDMA/irdma: Remove unused struct irdma_cq fields
RDMA/irdma: Set irdma_cq cq_num field during CQ create
Jakub Kicinski (3):
selftests: net: replace sleeps in fcnal-test with waits
page_pool: always add GFP_NOWARN for ATOMIC allocations
selftests: netdevsim: set test timeout to 10 minutes
Janne Grunau (1):
pmdomain: apple: Add "apple,t8103-pmgr-pwrstate"
Janusz Krzysztofik (1):
drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
Jason Gunthorpe (2):
iommufd: Make vfio_compat's unmap succeed if the range is already empty
iommufd: Don't overflow during division for dirty tracking
Jayesh Choudhary (1):
drm/tidss: Set crtc modesetting parameters with adjusted mode
Jens Kehne (1):
mfd: da9063: Split chip variant reading in two bus transactions
Jens Reidel (1):
soc: qcom: smem: Fix endian-unaware access of num_entries
Jerome Brunet (1):
NTB: epf: Allow arbitrary BAR mapping
Jesse.Zhang (1):
drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
Jiawen Wu (1):
net: libwx: fix device bus LAN ID
Jiayi Li (1):
memstick: Add timeout to prevent indefinite waiting
Jihed Chaibi (1):
ARM: dts: imx51-zii-rdu1: Fix audmux node names
Jijie Shao (1):
net: hns3: return error code when function fails
Jiri Olsa (1):
uprobe: Do not emulate/sstep original instruction when ip is changed
Johan Hovold (2):
Bluetooth: rfcomm: fix modem control handling
drm/mediatek: Fix device use-after-free on unbind
Johannes Berg (1):
wifi: mac80211: reject address change while connecting
John Keeping (1):
ALSA: serial-generic: remove shared static buffer
John Smith (2):
drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
John Sperbeck (1):
net: netpoll: ensure skb_pool list is always initialized
Jonas Gorski (4):
net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx
net: dsa: b53: fix resetting speed and pause on forced link
net: dsa: b53: fix enabling ip multicast
net: dsa: b53: stop reading ARL entries if search is done
Josephine Pfeiffer (1):
riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro
Joshua Rogers (2):
smb: client: validate change notify buffer before copy
ksmbd: close accepted socket when per-IP limit rejects connection
Joshua Watt (1):
NFS4: Fix state renewals missing after boot
Josua Mayer (1):
rtc: pcf2127: clear minute/second interrupt
Julian Sun (1):
ext4: increase IO priority of fastcommit
Junjie Cao (1):
fbdev: bitblit: bound-check glyph index in bit_putcs*
Junxian Huang (1):
RDMA/hns: Fix wrong WQE data when QP wraps around
Juraj Šarinay (1):
net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
Justin Tee (3):
scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET
scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup
scsi: lpfc: Define size of debugfs entry for xri rebalancing
Kailang Yang (1):
ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
Kalesh AP (1):
bnxt_en: Fix a possible memory leak in bnxt_ptp_init
Karthi Kandasamy (1):
drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream
Karthik M (1):
wifi: ath12k: free skb during idr cleanup callback
Kaushlendra Kumar (4):
ACPI: button: Call input_free_device() on failing input device registration
tools/cpupower: fix error return value in cpupower_write_sysfs()
tools/cpupower: Fix incorrect size in cpuidle_state_disable()
tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
Kees Cook (1):
arc: Fix __fls() const-foldability via __builtin_clzl()
Kent Russell (1):
drm/amdkfd: Handle lack of READ permissions in SVM mapping
Kirill A. Shutemov (1):
x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
Kiryl Shutsemau (2):
mm/memory: do not populate page table entries beyond i_size
mm/truncate: unmap large folio on split failure
Koakuma (1):
sparc/module: Add R_SPARC_UA64 relocation handling
Konstantin Sinyuk (1):
accel/habanalabs/gaudi2: read preboot status after recovering from dirty state
Krishna Kurapati (1):
usb: xhci: plat: Facilitate using autosuspend for xhci plat devices
Krzysztof Kozlowski (4):
extcon: adc-jack: Fix wakeup source leaks on device unbind
drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
extcon: adc-jack: Cleanup wakeup source only if it was enabled
Kumar Kartikeya Dwivedi (1):
bpf: Do not limit bpf_cgroup_from_id to current's namespace
Kuniyuki Iwashima (3):
net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV.
tipc: Fix use-after-free in tipc_mon_reinit_self().
af_unix: Initialise scc_index in unix_add_edge().
Lance Yang (1):
mm/secretmem: fix use-after-free race in fault handler
Laurent Pinchart (2):
media: pci: ivtv: Don't create fake v4l2_fh
media: amphion: Delete v4l2_fh synchronously in .release()
Len Brown (2):
tools/power x86_energy_perf_policy: Enhance HWP enable
tools/power x86_energy_perf_policy: Prefer driver HWP limits
Li RongQing (1):
x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT
Li Zhijian (1):
mm/memory-tier: fix abstract distance calculation overflow
Lijo Lazar (2):
drm/amd/pm: Use cached metrics data on aldebaran
drm/amd/pm: Use cached metrics data on arcturus
Lizhi Xu (1):
usbnet: Prevents free active kevent
Loic Poulain (2):
wifi: ath10k: Fix memory leak on unsupported WMI command
wifi: ath10k: Fix connection after GTK rekeying
Luiz Augusto von Dentz (4):
Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
Bluetooth: ISO: Fix another instance of dst_type handling
Bluetooth: hci_core: Fix tracking of periodic advertisement
Bluetooth: SCO: Fix UAF on sco_conn_free
Lukas Wunner (1):
thunderbolt: Use is_pciehp instead of is_hotplug_bridge
Manivannan Sadhasivam (1):
scsi: ufs: core: Add a quirk for handling broken LSDBS field in controller capabilities register
Marcos Del Sol Vives (1):
PCI: Disable MSI on RDC PCI to PCIe bridges
Mario Limonciello (2):
PCI/PM: Skip resuming to D0 if device is disconnected
drm/amd: Fix suspend failure with secure display TA
Mario Limonciello (AMD) (3):
drm/amd: Avoid evicting resources at S5
HID: i2c-hid: Resolve touchpad issues on Dell systems during S4
x86/microcode/AMD: Add more known models to entry sign checking
Mark Pearson (1):
wifi: ath11k: Add missing platform IDs for quirk table
Martin Willi (1):
wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup
Masami Ichikawa (1):
HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
Matthias Schiffer (1):
clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
Matthieu Baerts (NGI0) (3):
selftests: mptcp: connect: fix fallback note due to OoO
selftests: mptcp: join: rm: set backup flag
selftests: mptcp: connect: trunc: read all recv data
Mehdi Djait (1):
media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR
Miaoqian Lin (3):
net: usb: asix_devices: Check return value of usbnet_get_endpoints
fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value
Michael Dege (1):
phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet
Michael Riesch (1):
phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0
Michael Strauss (1):
drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration
Michal Hocko (1):
mm, percpu: do not consider sleepable allocations atomic
Mike Marshall (1):
orangefs: fix xattr related buffer overflow...
Miklos Szeredi (1):
fuse: zero initialize inode private data
Ming Wang (1):
irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller
Miroslav Lichvar (1):
ptp: Limit time setting of PTP clocks
Moti Haimovski (1):
accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
Nai-Chen Cheng (1):
selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency
Namjae Jeon (1):
ksmbd: use sock_create_kern interface to create kernel socket
Nate Karstens (1):
strparser: Fix signed/unsigned mismatch bug
Nathan Chancellor (1):
lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
Nhat Pham (1):
cachestat: do not flush stats in recency check
Nick Hu (1):
irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops
Nicolas Escande (1):
wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
Nicolas Ferre (2):
ARM: at91: pm: save and restore ACR during PLL disable/enable
clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register
Niklas Cassel (1):
PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify()
Niklas Schnelle (2):
powerpc/eeh: Use result of error_detected() in uevent
s390/pci: Use pci_uevent_ers() in PCI recovery
Niklas Söderlund (4):
media: adv7180: Add missing lock in suspend callback
media: adv7180: Do not write format to device in set_fmt
media: adv7180: Only validate format in querystd
net: sh_eth: Disable WoL if system can not suspend
Nikolay Aleksandrov (2):
net: bridge: fix use-after-free due to MST port state bypass
net: bridge: fix MST static key usage
Niravkumar L Rabara (2):
EDAC/altera: Handle OCRAM ECC enable after warm reset
EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
Nithyanantham Paramasivam (1):
wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
Noorain Eqbal (1):
bpf: Sync pending IRQ work before freeing ring buffer
Oleg Makarenko (1):
HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel
Oleksij Rempel (2):
net: stmmac: Correctly handle Rx checksum offload errors
net: phy: clear link parameters on admin link down
Olga Kornievskaia (2):
NFSv4: handle ERR_GRACE on delegation recalls
NFSD: free copynotify stateid in nfs4_free_ol_stateid()
Olivier Moysan (1):
ASoC: stm32: sai: manage context in set_sysclk callback
Ondrej Mosnacek (1):
bpf: Do not audit capability check in do_jit()
Ovidiu Panait (1):
crypto: sun8i-ce - remove channel timeout field
Owen Gu (1):
usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
Pablo Neira Ayuso (1):
netfilter: nf_tables: reject duplicate device on updates
Pankaj Raghav (1):
filemap: cap PTE range to be created to allowed zero fill in folio_map_range()
Paolo Abeni (4):
mptcp: drop bogus optimization in __mptcp_check_push()
mptcp: restore window probe
mptcp: fix MSG_PEEK stream corruption
net: allow small head cache usage with large MAX_SKB_FRAGS values
Paul Hsieh (1):
drm/amd/display: update dpp/disp clock from smu clock table
Paul Kocialkowski (1):
media: verisilicon: Explicitly disable selection api ioctls for decoders
Pauli Virtanen (5):
Bluetooth: MGMT: cancel mesh send timer when hdev removed
Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
Bluetooth: L2CAP: export l2cap_chan_hold for modules
Peter Oberparleiter (1):
gcov: add support for GCC 15
Peter Wang (5):
scsi: ufs: host: mediatek: Fix auto-hibern8 timer configuration
scsi: ufs: host: mediatek: Change reset sequence for improved stability
scsi: ufs: host: mediatek: Enhance recovery on resume failure
scsi: ufs: host: mediatek: Enhance recovery on hibernation exit failure
scsi: ufs: host: mediatek: Disable auto-hibern8 during power mode changes
Peter Zijlstra (1):
compiler_types: Move unused static inline functions warning to W=2
Petr Machata (1):
net: bridge: Install FDB for bridge MAC on VLAN 0
Philipp Stanner (1):
drm/sched: Fix race in drm_sched_entity_select_rq()
Pierre Gondois (1):
sched/fair: Use all little CPUs for CPU-bound workloads
Pierre-Eric Pelloux-Prayer (1):
drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb
Ping-Ke Shih (1):
wifi: rtw88: sdio: use indirect IO for device registers before power-on
Pranav Tyagi (1):
futex: Don't leak robust_list pointer on exec race
Primoz Fiser (1):
ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007
Qendrim Maxhuni (1):
net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
Qianfeng Rong (3):
crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof()
scsi: pm8001: Use int instead of u32 to store error codes
media: redrat3: use int type to store negative error codes
Qingfang Deng (2):
6pack: drop redundant locking and refcounting
net: stmmac: Fix accessing freed irq affinity_hint
Qinxin Xia (1):
dma-mapping: benchmark: Restore padding to ensure uABI remained consistent
Qu Wenruo (1):
btrfs: ensure no dirty metadata is written back for an fs with errors
Quan Zhou (1):
wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
Quanmin Yan (1):
fbcon: Set fb_display[i]->mode to NULL when the mode is released
Radhey Shyam Pandey (1):
arm64: zynqmp: Revert usb node drive strength and slew rate for zcu106
Rafael J. Wysocki (3):
cpuidle: governors: menu: Rearrange main loop in menu_select()
cpuidle: governors: menu: Select polling state in some more cases
cpuidle: Fail cpuidle device registration if there is one already
Rafał Miłecki (1):
ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY
Randall P. Embry (2):
9p: fix /sys/fs/9p/caches overwriting itself
9p: sysfs_init: don't hardcode error to ENOMEM
Ranganath V N (2):
net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
Ranjan Kumar (1):
scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate
Raphael Pinsonneault-Thibeault (2):
Bluetooth: hci_event: validate skb length for unknown CC opcode
Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
Ricardo B. Marlière (2):
selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2
selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh
Ricardo Ribalda (1):
media: uvcvideo: Use heuristic to find stream entity
Richard Gobert (1):
selftests/net: fix GRO coalesce test and add ext header coalesce tests
Robert Marko (1):
net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X
Rodrigo Gobbi (1):
iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register
Rohan G Thomas (1):
net: phy: marvell: Fix 88e1510 downshift counter errata
Rong Zhang (1):
hwmon: (k10temp) Add device ID for Strix Halo
Rosen Penev (1):
dmaengine: mv_xor: match alloc_wc and free_wc
Roy Vegard Ovesen (2):
ALSA: usb-audio: fix control pipe direction
ALSA: usb-audio: add mono main switch to Presonus S1824c
Ryan Chen (1):
soc: aspeed: socinfo: Add AST27xx silicon IDs
Ryan Wanner (1):
clk: at91: clk-master: Add check for divide by 3
Sabrina Dubroca (1):
espintcp: fix skb leaks
Sakari Ailus (1):
ACPI: property: Return present device nodes only on fwnode interface
Saket Dumbre (1):
ACPICA: Update dsmethod.c to get rid of unused variable warning
Sangwook Shin (1):
watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
Sarthak Garg (1):
mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
Sascha Hauer (1):
tools: lib: thermal: use pkg-config to locate libnl3
Sathishkumar S (1):
drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
Scott Mayhew (1):
NFS: check if suid/sgid was cleared after a write as needed
Seyediman Seyedarab (2):
drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot()
Shang song (Lenovo) (1):
ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
Sharique Mohammad (1):
ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
Shaurya Rane (1):
jfs: fix uninitialized waitqueue in transaction manager
Shawn Lin (1):
mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
Shenghao Ding (1):
ASoC: tas2781: fix getting the wrong device number
Shengjiu Wang (1):
ASoC: fsl_sai: fix bit order for DSD format
Shuai Xue (1):
acpi,srat: Fix incorrect device handle check for Generic Initiator
Shuhao Fu (1):
smb: client: fix refcount leak in smb2_set_path_attr
Shyam Prasad N (1):
cifs: stop writeback extension when change of size is detected
Srinivas Kandagatla (1):
ASoC: qdsp6: q6asm: do not sleep while atomic
Srinivasan Shanmugam (1):
drm/amdgpu: Fix function header names in amdgpu_connectors.c
Stefan Wahren (1):
ethernet: Extend device_get_mac_address() to use NVMEM
Stefan Wiehler (3):
sctp: Hold RCU read lock while iterating over address list
sctp: Prevent TOCTOU out-of-bounds write
sctp: Hold sock lock while iterating over address list
Stephan Gerhold (1):
remoteproc: qcom: q6v5: Avoid handling handover twice
Steven Rostedt (1):
selftests/tracing: Run sample events to clear page cache events
Sungho Kim (1):
PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
Svyatoslav Ryhel (4):
soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups
ARM: tegra: transformer-20: add missing magnetometer interrupt
ARM: tegra: transformer-20: fix audio-codec interrupt
video: backlight: lp855x_bl: Set correct EPROM start for LP8556
Takashi Iwai (2):
ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
Tetsuo Handa (3):
media: imon: make send_packet() more robust
ntfs3: pretend $Extend records as regular files
jfs: Verify inode mode when loading from disk
Thadeu Lima de Souza Cascardo (1):
char: misc: restrict the dynamic range to exclude reserved minors
Thomas Andreatta (1):
dmaengine: sh: setup_xref error handling
Thomas Weißschuh (3):
spi: loopback-test: Don't use %pK through printk
bpf: Don't use %pK through printk
ice: Don't use %pK through printk or tracepoints
Thomas Zimmermann (1):
drm/sysfb: Do not dereference NULL pointer in plane reset
Théo Lebrun (1):
net: macb: avoid dealing with endianness in macb_set_hwaddr()
Tianyang Zhang (1):
LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY
Tiezhu Yang (1):
net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
Timur Kristóf (4):
drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2)
drm/amd/display: Fix DVI-D/HDMI adapters
drm/amd/display: Disable VRR on DCE 6
drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
Tiwei Bie (1):
um: Fix help message for ssl-non-raw
Tom Stellard (1):
bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21
Tomer Tayar (1):
accel/habanalabs: return ENOMEM if less than requested pages were pinned
Tomeu Vizoso (1):
drm/etnaviv: fix flush sequence logic
Tomi Valkeinen (3):
drm/tidss: Use the crtc_* timings when programming the HW
drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value
drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST
Tristan Lobb (1):
HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
Tristram Ha (1):
net: dsa: microchip: Fix reserved multicast address table programming
Trond Myklebust (4):
pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
NFS: enable nconnect for RDMA
pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS
NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
Tvrtko Ursulin (1):
drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
Ujwal Kundur (1):
rds: Fix endianness annotation for RDS_MPATH_HASH
Umesh Nerlige Ramappa (1):
drm/i915: Fix conversion between clock ticks and nanoseconds
Uwe Kleine-König (1):
crypto: aspeed-acry - Convert to platform remove callback returning void
Valerio Setti (1):
ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
Vered Yavniely (1):
accel/habanalabs/gaudi2: fix BMON disable configuration
Viacheslav Dubeyko (2):
ceph: add checking of wait_for_completion_killable() return value
ceph: refactor wake_up_bit() pattern of calling
Vincent Guittot (1):
sched/pelt: Avoid underestimation of task utilization
Vladimir Oltean (1):
net: dsa: improve shutdown sequence
Vladimir Riabchun (1):
ftrace: Fix softlockup in ftrace_module_enable
Vladimir Zapolskiy (1):
media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer
Wake Liu (2):
selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8
selftests/net: Ensure assert() triggers in psock_tpacket.c
Wang Liang (2):
selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh
net: fix NULL pointer dereference in l3mdev_l3_rcv
Wayne Lin (1):
drm/amd/display: Enable mst when it's detected but yet to be initialized
Wei Fang (1):
net: fec: correct rx_bytes statistic for the case SHIFT16 is set
Wei Yang (1):
fs/proc: fix uaf in proc_readdir_de()
William Wu (1):
usb: gadget: f_hid: Fix zero length packet transfer
Wonkon Kim (1):
scsi: ufs: core: Initialize value of an attribute returned by uic cmd
Xin Hao (1):
mm: memcg: add THP swap out info for anonymous reclaim
Xion Wang (1):
char: Use list_del_init() in misc_deregister() to reinitialize list pointer
Xuan Zhuo (1):
virtio-net: fix incorrect flags recording in big mode
Yafang Shao (1):
net/cls_cgroup: Fix task_get_classid() during qdisc run
Yang Wang (1):
drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
Yang Xiuwei (1):
NFS: sysfs: fix leak when nfs_client kobject add fails
Yifan Zhang (1):
amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
Yikang Yue (1):
fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink
Ying Huang (1):
memory tiers: use default_dram_perf_ref_source in log message
Yosry Ahmed (7):
KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
mm: memcg: change flush_next_time to flush_last_time
mm: memcg: move vmstats structs definition above flushing code
mm: memcg: make stats flushing threshold per-memcg
mm: workingset: move the stats flush into workingset_test_recent()
mm: memcg: restore subtree stats flushing
mm: memcg: optimize parent iteration in memcg_rstat_updated()
Yu Kuai (1):
blk-cgroup: fix possible deadlock while configuring policy
Yue Haibing (1):
ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
Yuhao Jiang (1):
ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
Yuta Hayama (1):
rtc: rx8025: fix incorrect register reference
ZhangGuoDong (2):
smb/server: fix possible memory leak in smb2_read()
smb/server: fix possible refcount leak in smb2_sess_setup()
Zijun Hu (2):
char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor
char: misc: Does not request module for miscdevice with dynamic minor
Zilin Guan (3):
tracing: Fix memory leaks in create_field_var()
net/handshake: Fix memory leak in tls_handshake_accept()
btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe()
austinchang (1):
btrfs: mark dirty extent range for out of bound prealloc extents
chuguangqing (1):
fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
jingxian.li (1):
Revert "perf dso: Add missed dso__put to dso__load_kcore"
raub camaioni (1):
usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
wangzijie (1):
f2fs: fix infinite loop in __insert_extent_tree()
wenglianfa (1):
RDMA/hns: Fix the modification of max_send_sge
1 month, 1 week
- 1
- 1
[PATCH] NFC: Fix error handling in nfc_genl_dump_targets
by Ma Ke
nfc_genl_dump_targets() increments the device reference count via
nfc_get_device() but fails to decrement it properly. nfc_get_device()
calls class_find_device() which internally calls get_device() to
increment the reference count. No corresponding put_device() is made
to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when
the dump operation completes or encounters an error, ensuring balanced
reference counting.
Found by code review.
Cc: stable(a)vger.kernel.org
Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface")
Signed-off-by: Ma Ke <make24(a)iscas.ac.cn>
---
net/nfc/netlink.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index a18e2c503da6..9ae138ee91dd 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
cb->args[0] = i;
+ if (rc < 0 || i >= dev->n_targets) {
+ nfc_put_device(dev);
+ cb->args[1] = 0;
+ }
+
return skb->len;
}
--
2.17.1
1 month, 1 week
- 2
- 2
[PATCH AUTOSEL 6.17-5.10] platform/x86: huawei-wmi: add keys for HONOR models
by Sasha Levin
From: Jia Ston <ston.jia(a)outlook.com>
[ Upstream commit 5c72329716d0858621021193330594d5d26bf44d ]
HONOR MagicBook X16/X14 models produced in 2025 cannot use the Print
Screen and YOYO keys properly, with the system reporting them as
unknown key presses (codes: 0x028b and 0x028e).
To resolve this, a key_entry is added for both the HONOR Print Screen
key and the HONOR YOYO key, ensuring they function correctly on these
models.
Signed-off-by: Ston Jia <ston.jia(a)outlook.com>
Link: https://patch.msgid.link/20251029051804.220111-1-ston.jia@outlook.com
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
LLM Generated explanations, may be completely bogus:
### Comprehensive Analysis
1. **Commit Message and Issue Analysis**
The commit addresses a functional hardware defect on HONOR MagicBook
X16/X14 laptops (2025 models). The "Print Screen" and "YOYO" keys do
not generate input events, instead triggering "Unknown key pressed"
warning logs with scancodes `0x028b` and `0x028e`. This means users
cannot use these hardware features, which constitutes a real-world bug
for owners of these devices.
2. **Code Review and Mechanism**
The fix is a surgical addition to the `huawei_wmi_keymap` array in
`drivers/platform/x86/huawei-wmi.c`.
- **Mechanism:** The driver uses `sparse_keymap_entry_from_scancode`
to translate WMI events into input events. Without these entries,
the lookup fails, and the driver drops the event.
- **Change:** Two lines are added:
```c
{ KE_KEY, 0x28b, { KEY_NOTIFICATION_CENTER } },
{ KE_KEY, 0x28e, { KEY_PRINT } },
```
- **Dependencies:** `KEY_NOTIFICATION_CENTER` was introduced in
Linux 5.10. This patch is suitable for stable trees 5.10, 5.15,
6.1, and 6.6 without modification. Older LTS versions (4.19, 5.4)
would require a minor adjustment (using a different keycode or
backporting the definition), but the patch remains conceptually
valid for them.
3. **Stable Kernel Rules Assessment**
- **Exception Category:** This commit falls squarely under the
**"QUIRKS and WORKAROUNDS"** and **"TRIVIAL SUBSYSTEM-SPECIFIC
ADDITIONS"** exceptions defined in stable kernel rules. Adding
keymap entries is functionally identical to adding PCI/USB IDs: it
enables hardware that is currently present but non-functional.
- **Feature vs. Fix:** While the commit says "add keys," it is
fixing broken hardware support. The keys physically exist but do
not work; enabling them is a fix, not a new software feature.
- **New Hardware on Stable:** While the hardware is from 2025, it is
common for users to run Long Term Support (LTS) kernels (e.g.,
Ubuntu LTS, RHEL, or community LTS kernels like 6.6.y) on new
hardware. Refusing to backport hardware enablement forces these
users to run bleeding-edge kernels or suffer broken functionality.
4. **Risk vs. Benefit**
- **Regression Risk:** **Negligible.** The change adds data to a
static array. It only affects the handling of two specific
scancodes (`0x28b`, `0x28e`) which previously resulted in an error
log. It cannot affect existing key mappings or other hardware.
- **Benefit:** Restores functionality for the "Print Screen" key
(essential for workflows) and the specific "YOYO" key on supported
laptops.
5. **Conclusion**
Although the commit lacks a "Cc: stable" tag, it meets all objective
criteria for a stable backport. It is an obviously correct, low-risk,
hardware-enabling fix that fits the "Quirks" exception. It should be
included to ensure this hardware works correctly on supported LTS
releases.
### TODO Items
- No further investigation required.
**YES**
drivers/platform/x86/huawei-wmi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/platform/x86/huawei-wmi.c b/drivers/platform/x86/huawei-wmi.c
index c3772df34679f..8a4c54089ace3 100644
--- a/drivers/platform/x86/huawei-wmi.c
+++ b/drivers/platform/x86/huawei-wmi.c
@@ -81,6 +81,10 @@ static const struct key_entry huawei_wmi_keymap[] = {
{ KE_KEY, 0x289, { KEY_WLAN } },
// Huawei |M| key
{ KE_KEY, 0x28a, { KEY_CONFIG } },
+ // HONOR YOYO key
+ { KE_KEY, 0x28b, { KEY_NOTIFICATION_CENTER } },
+ // HONOR print screen
+ { KE_KEY, 0x28e, { KEY_PRINT } },
// Keyboard backlit
{ KE_IGNORE, 0x293, { KEY_KBDILLUMTOGGLE } },
{ KE_IGNORE, 0x294, { KEY_KBDILLUMUP } },
--
2.51.0
1 month, 1 week
- 1
- 20
[PATCH] ksmbd: vfs: fix race on m_flags in vfs_cache
by Qianchang Zhao
ksmbd maintains delete-on-close and pending-delete state in
ksmbd_inode->m_flags. In vfs_cache.c this field is accessed under
inconsistent locking: some paths read and modify m_flags under
ci->m_lock while others do so without taking the lock at all.
Examples:
- ksmbd_query_inode_status() and __ksmbd_inode_close() use
ci->m_lock when checking or updating m_flags.
- ksmbd_inode_pending_delete(), ksmbd_set_inode_pending_delete(),
ksmbd_clear_inode_pending_delete() and ksmbd_fd_set_delete_on_close()
used to read and modify m_flags without ci->m_lock.
This creates a potential data race on m_flags when multiple threads
open, close and delete the same file concurrently. In the worst case
delete-on-close and pending-delete bits can be lost or observed in an
inconsistent state, leading to confusing delete semantics (files that
stay on disk after delete-on-close, or files that disappear while still
in use).
Fix it by:
- Making ksmbd_query_inode_status() look at m_flags under ci->m_lock
after dropping inode_hash_lock.
- Adding ci->m_lock protection to all helpers that read or modify
m_flags (ksmbd_inode_pending_delete(), ksmbd_set_inode_pending_delete(),
ksmbd_clear_inode_pending_delete(), ksmbd_fd_set_delete_on_close()).
- Keeping the existing ci->m_lock protection in __ksmbd_inode_close(),
and moving the actual unlink/xattr removal outside the lock.
This unifies the locking around m_flags and removes the data race while
preserving the existing delete-on-close behaviour.
Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com>
Reported-by: Zhitong Liu <liuzhitong1993(a)gmail.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Qianchang Zhao <pioooooooooip(a)gmail.com>
---
fs/smb/server/vfs_cache.c | 114 +++++++++++++++++++++++++++++---------
1 file changed, 87 insertions(+), 27 deletions(-)
diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c
index dfed6fce8..b44e0d618 100644
--- a/fs/smb/server/vfs_cache.c
+++ b/fs/smb/server/vfs_cache.c
@@ -112,40 +112,88 @@ int ksmbd_query_inode_status(struct dentry *dentry)
read_lock(&inode_hash_lock);
ci = __ksmbd_inode_lookup(dentry);
- if (ci) {
- ret = KSMBD_INODE_STATUS_OK;
- if (ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS))
- ret = KSMBD_INODE_STATUS_PENDING_DELETE;
- atomic_dec(&ci->m_count);
- }
read_unlock(&inode_hash_lock);
+ if (!ci)
+ return ret;
+ down_read(&ci->m_lock);
+ if (ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS))
+ ret = KSMBD_INODE_STATUS_PENDING_DELETE;
+ else
+ ret = KSMBD_INODE_STATUS_OK;
+ up_read(&ci->m_lock);
+
+ atomic_dec(&ci->m_count);
return ret;
}
bool ksmbd_inode_pending_delete(struct ksmbd_file *fp)
{
- return (fp->f_ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS));
+ struct ksmbd_inode *ci;
+ bool ret;
+
+ if (!fp)
+ return false;
+
+ ci = fp->f_ci;
+ if (!ci)
+ return false;
+
+ down_read(&ci->m_lock);
+ ret = ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS);
+ up_read(&ci->m_lock);
+
+ return ret;
}
void ksmbd_set_inode_pending_delete(struct ksmbd_file *fp)
{
- fp->f_ci->m_flags |= S_DEL_PENDING;
+ struct ksmbd_inode *ci;
+
+ if (!fp)
+ return;
+
+ ci = fp->f_ci;
+ if (!ci)
+ return;
+
+ down_write(&ci->m_lock);
+ ci->m_flags |= S_DEL_PENDING;
+ up_write(&ci->m_lock);
}
void ksmbd_clear_inode_pending_delete(struct ksmbd_file *fp)
{
- fp->f_ci->m_flags &= ~S_DEL_PENDING;
+ struct ksmbd_inode *ci;
+
+ if (!fp)
+ return;
+
+ ci = fp->f_ci;
+ if (!ci)
+ return;
+
+ down_write(&ci->m_lock);
+ ci->m_flags &= ~S_DEL_PENDING;
+ up_write(&ci->m_lock);
}
-void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp,
- int file_info)
+void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp, int file_info)
{
- if (ksmbd_stream_fd(fp)) {
- fp->f_ci->m_flags |= S_DEL_ON_CLS_STREAM;
+ struct ksmbd_inode *ci;
+
+ if (!fp)
+ return;
+
+ ci = fp->f_ci;
+ if (!ci)
return;
- }
- fp->f_ci->m_flags |= S_DEL_ON_CLS;
+ down_write(&ci->m_lock);
+ if (ksmbd_stream_fd(fp))
+ ci->m_flags |= S_DEL_ON_CLS_STREAM;
+ else
+ ci->m_flags |= S_DEL_ON_CLS;
+ up_write(&ci->m_lock);
}
static void ksmbd_inode_hash(struct ksmbd_inode *ci)
@@ -255,29 +303,41 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp)
struct ksmbd_inode *ci = fp->f_ci;
int err;
struct file *filp;
+ bool remove_stream_xattr = false;
+ bool do_unlink = false;
filp = fp->filp;
- if (ksmbd_stream_fd(fp) && (ci->m_flags & S_DEL_ON_CLS_STREAM)) {
- ci->m_flags &= ~S_DEL_ON_CLS_STREAM;
- err = ksmbd_vfs_remove_xattr(file_mnt_idmap(filp),
- &filp->f_path,
- fp->stream.name,
- true);
- if (err)
- pr_err("remove xattr failed : %s\n",
- fp->stream.name);
+
+ if (ksmbd_stream_fd(fp)) {
+ down_write(&ci->m_lock);
+ if (ci->m_flags & S_DEL_ON_CLS_STREAM) {
+ ci->m_flags &= ~S_DEL_ON_CLS_STREAM;
+ remove_stream_xattr = true;
+ }
+ up_write(&ci->m_lock);
+
+ if (remove_stream_xattr) {
+ err = ksmbd_vfs_remove_xattr(file_mnt_idmap(filp),
+ &filp->f_path,
+ fp->stream.name,
+ true);
+ if (err)
+ pr_err("remove xattr failed : %s\n",
+ fp->stream.name);
+ }
}
if (atomic_dec_and_test(&ci->m_count)) {
down_write(&ci->m_lock);
if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) {
ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING);
- up_write(&ci->m_lock);
- ksmbd_vfs_unlink(filp);
- down_write(&ci->m_lock);
+ do_unlink = true;
}
up_write(&ci->m_lock);
+ if (do_unlink)
+ ksmbd_vfs_unlink(filp);
+
ksmbd_inode_free(ci);
}
}
--
2.34.1
1 month, 1 week
- 2
- 1
LPO 94914 Monday, November 24, 2025 at 08:03:35 AM
by Gusikowski Inc
Dear Stable,
I hope this message finds you well. I am reaching out to follow up regarding the products listed in the attached document, as I am currently gathering the necessary information to move forward with our evaluation and procurement process. Your insights and clarification will be greatly appreciated.
To better understand your offerings, could you please provide more detailed information on the following:
Pricing structure for each product, including any volume discounts or tiered pricing options.
Availability and stock levels, especially for high-demand items or products with known lead times.
Technical specifications, features, and product variations, so we can accurately assess compatibility with our needs.
Current promotions, special offers, or bundled packages that may apply to this order.
Shipping and logistics details, including available carriers, estimated delivery timelines, and any additional fees we should be aware of.
If there are catalogs, brochures, or updated product sheets available, please feel free to include them as well. Any additional insight you can share regarding after-sales support, warranty terms, or return policies would also be helpful as we work toward a final decision.
Due to the timelines of our internal review, I would greatly appreciate your prompt response at your earliest convenience. Your assistance plays a vital role in helping us move forward efficiently and confidently.
Thank you again for your time, cooperation, and support. I look forward to hearing from you soon and continuing our discussion.
Warm regards,
Olive Bailey
Head of Procurement
1 month, 1 week
- 1
- 0
Supply Inquiry for Mexico 2026 FIFA
by Valeria R Elena
Dear Sir,
I'm one of the registered and authorized International procurement consultants of the Mexico 2026 FIFA world cup.
The government of Mexico through the Mexico 2026 FIFA World Cup Local Organizing Committee has approved a massive procurement of your products for nationwide distribution to Airports facilities, offices, stadiums, Hostels, Hotels, Shops, etc as part of their national and regional sensitization
programs towards the hosting of the FIFA world cup 2026. The packaging of the products will be customized with the Mexico 2026 Logo.
The Local Organizing Committee is looking for a capable company to handle the supply under a bidding process.
I wish to know if your company will be interested to participate in this project so that we could discuss our possible collaboration to ensure a successful bidding.
More details would be provided upon hearing from you.
Best regards,
Best Regards,
Dr. Ms Valeria R Elena
Green Palms México Ltd
Mexico City
La Ciudad de los Palacios
1 month, 1 week
- 1
- 0
FAILED: patch "[PATCH] fs/proc: fix uaf in proc_readdir_de()" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 895b4c0c79b092d732544011c3cecaf7322c36a1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112019-mantra-unwind-1db7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 895b4c0c79b092d732544011c3cecaf7322c36a1 Mon Sep 17 00:00:00 2001
From: Wei Yang <albinwyang(a)tencent.com>
Date: Sat, 25 Oct 2025 10:42:33 +0800
Subject: [PATCH] fs/proc: fix uaf in proc_readdir_de()
Pde is erased from subdir rbtree through rb_erase(), but not set the node
to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE()
set the erased node to EMPTY, then pde_subdir_next() will return NULL to
avoid uaf access.
We found an uaf issue while using stress-ng testing, need to run testcase
getdent and tun in the same time. The steps of the issue is as follows:
1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current
pde is tun3;
2) in the [time windows] unregister netdevice tun3 and tun2, and erase
them from rbtree. erase tun3 first, and then erase tun2. the
pde(tun2) will be released to slab;
3) continue to getdent process, then pde_subdir_next() will return
pde(tun2) which is released, it will case uaf access.
CPU 0 | CPU 1
-------------------------------------------------------------------------
traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2
sys_getdents64() |
iterate_dir() |
proc_readdir() |
proc_readdir_de() | snmp6_unregister_dev()
pde_get(de); | proc_remove()
read_unlock(&proc_subdir_lock); | remove_proc_subtree()
| write_lock(&proc_subdir_lock);
[time window] | rb_erase(&root->subdir_node, &parent->subdir);
| write_unlock(&proc_subdir_lock);
read_lock(&proc_subdir_lock); |
next = pde_subdir_next(de); |
pde_put(de); |
de = next; //UAF |
rbtree of dev_snmp6
|
pde(tun3)
/ \
NULL pde(tun2)
Link: https://lkml.kernel.org/r/20251025024233.158363-1-albin_yang@163.com
Signed-off-by: Wei Yang <albinwyang(a)tencent.com>
Cc: Al Viro <viro(a)zeniv.linux.org.uk>
Cc: Christian Brauner <brauner(a)kernel.org>
Cc: wangzijie <wangzijie1(a)honor.com>
Cc: Alexey Dobriyan <adobriyan(a)gmail.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 176281112273..501889856461 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -698,6 +698,12 @@ void pde_put(struct proc_dir_entry *pde)
}
}
+static void pde_erase(struct proc_dir_entry *pde, struct proc_dir_entry *parent)
+{
+ rb_erase(&pde->subdir_node, &parent->subdir);
+ RB_CLEAR_NODE(&pde->subdir_node);
+}
+
/*
* Remove a /proc entry and free it if it's not currently in use.
*/
@@ -720,7 +726,7 @@ void remove_proc_entry(const char *name, struct proc_dir_entry *parent)
WARN(1, "removing permanent /proc entry '%s'", de->name);
de = NULL;
} else {
- rb_erase(&de->subdir_node, &parent->subdir);
+ pde_erase(de, parent);
if (S_ISDIR(de->mode))
parent->nlink--;
}
@@ -764,7 +770,7 @@ int remove_proc_subtree(const char *name, struct proc_dir_entry *parent)
root->parent->name, root->name);
return -EINVAL;
}
- rb_erase(&root->subdir_node, &parent->subdir);
+ pde_erase(root, parent);
de = root;
while (1) {
@@ -776,7 +782,7 @@ int remove_proc_subtree(const char *name, struct proc_dir_entry *parent)
next->parent->name, next->name);
return -EINVAL;
}
- rb_erase(&next->subdir_node, &de->subdir);
+ pde_erase(next, de);
de = next;
continue;
}
1 month, 1 week
- 3
- 2