- Linux-stable-mirror - lists.linaro.org

[PATCH v1] mm/mm_init: Fix hash table order logging in alloc_large_system_hash()

by Isaac J. Manjarres

When emitting the order of the allocation for a hash table, alloc_large_system_hash() unconditionally subtracts PAGE_SHIFT from log base 2 of the allocation size. This is not correct if the allocation size is smaller than a page, and yields a negative value for the order as seen below: TCP established hash table entries: 32 (order: -4, 256 bytes, linear) TCP bind hash table entries: 32 (order: -2, 1024 bytes, linear) Use get_order() to compute the order when emitting the hash table information to correctly handle cases where the allocation size is smaller than a page: TCP established hash table entries: 32 (order: 0, 256 bytes, linear) TCP bind hash table entries: 32 (order: 0, 1024 bytes, linear) Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org # v5.4+ Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> --- mm/mm_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/mm_init.c b/mm/mm_init.c index 3db2dea7db4c..7712d887b696 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -2469,7 +2469,7 @@ void *__init alloc_large_system_hash(const char *tablename, panic("Failed to allocate %s hash table\n", tablename); pr_info("%s hash table entries: %ld (order: %d, %lu bytes, %s)\n", - tablename, 1UL << log2qty, ilog2(size) - PAGE_SHIFT, size, + tablename, 1UL << log2qty, get_order(size), size, virt ? (huge ? "vmalloc hugepage" : "vmalloc") : "linear"); if (_hash_shift) -- 2.51.1.851.g4ebd6896fd-goog

1 month

4
5
0 0

[PATCH] drm/sun4i: Fix device node reference leak in sun4i_tcon_of_get_id_from_port

by Miaoqian Lin

Fix a device node reference leak where the remote endpoint node obtained by of_graph_get_remote_endpoint() was not being properly released. Add of_node_put() calls after of_property_read_u32() to fix this. Fixes: e8d5bbf7f4c4 ("drm/sun4i: tcon: get TCON ID and matching engine with remote endpoint ID") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/sun4i/sun4i_tcon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/sun4i/sun4i_tcon.c b/drivers/gpu/drm/sun4i/sun4i_tcon.c index 960e83c8291d..9214769a2857 100644 --- a/drivers/gpu/drm/sun4i/sun4i_tcon.c +++ b/drivers/gpu/drm/sun4i/sun4i_tcon.c @@ -970,6 +970,7 @@ static int sun4i_tcon_of_get_id_from_port(struct device_node *port) continue; ret = of_property_read_u32(remote, "reg", &reg); + of_node_put(remote); if (ret) continue; -- 2.39.5 (Apple Git-154)

1 month

2
1
0 0

[PATCH net v6] virtio-net: fix received length check in big packets

by Bui Quang Minh

Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on negotiated MTU. The number of allocated frags for big packets is stored in vi->big_packets_num_skbfrags. Because the host announced buffer length can be malicious (e.g. the host vhost_net driver's get_rx_bufs is modified to announce incorrect length), we need a check in virtio_net receive path. Currently, the check is not adapted to the new change which can lead to NULL page pointer dereference in the below while loop when receiving length that is larger than the allocated one. This commit fixes the received length check corresponding to the new change. Fixes: 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets") Cc: stable(a)vger.kernel.org Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- Changes in v6: - Fix the length check - Link to v5: https://lore.kernel.org/netdev/20251024150649.22906-1-minhquangbui99@gmail.… Changes in v5: - Move the length check to receive_big - Link to v4: https://lore.kernel.org/netdev/20251022160623.51191-1-minhquangbui99@gmail.… Changes in v4: - Remove unrelated changes, add more comments - Link to v3: https://lore.kernel.org/netdev/20251021154534.53045-1-minhquangbui99@gmail.… Changes in v3: - Convert BUG_ON to WARN_ON_ONCE - Link to v2: https://lore.kernel.org/netdev/20250708144206.95091-1-minhquangbui99@gmail.… Changes in v2: - Remove incorrect give_pages call - Link to v1: https://lore.kernel.org/netdev/20250706141150.25344-1-minhquangbui99@gmail.… --- drivers/net/virtio_net.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index a757cbcab87f..461ad1019c37 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -910,17 +910,6 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, goto ok; } - /* - * Verify that we can indeed put this data into a skb. - * This is here to handle cases when the device erroneously - * tries to receive more than is possible. This is usually - * the case of a broken device. - */ - if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) { - net_dbg_ratelimited("%s: too much data\n", skb->dev->name); - dev_kfree_skb(skb); - return NULL; - } BUG_ON(offset >= PAGE_SIZE); while (len) { unsigned int frag_size = min((unsigned)PAGE_SIZE - offset, len); @@ -2107,9 +2096,19 @@ static struct sk_buff *receive_big(struct net_device *dev, struct virtnet_rq_stats *stats) { struct page *page = buf; - struct sk_buff *skb = - page_to_skb(vi, rq, page, 0, len, PAGE_SIZE, 0); + struct sk_buff *skb; + + /* Make sure that len does not exceed the allocated size in + * add_recvbuf_big. + */ + if (unlikely(len > (vi->big_packets_num_skbfrags + 1) * PAGE_SIZE)) { + pr_debug("%s: rx error: len %u exceeds allocate size %lu\n", + dev->name, len, + (vi->big_packets_num_skbfrags + 1) * PAGE_SIZE); + goto err; + } + skb = page_to_skb(vi, rq, page, 0, len, PAGE_SIZE, 0); u64_stats_add(&stats->bytes, len - vi->hdr_len); if (unlikely(!skb)) goto err; -- 2.43.0

1 month

2
2
0 0

[PATCH v2] w1: therm: Fix off-by-one buffer overflow in alarms_store

by Thorsten Blum

The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'size'. Fix this by parsing the 'buf' parameter directly using simple_strtol() without allocating any intermediate memory or string copying. This removes the overflow while simplifying the code. Cc: stable(a)vger.kernel.org Fixes: e2c94d6f5720 ("w1_therm: adding alarm sysfs entry") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- Compile-tested only. Changes in v2: - Fix buffer overflow instead of truncating the copy using strscpy() - Parse buffer directly using simple_strtol() as suggested by David - Update patch subject and description - Link to v1: https://lore.kernel.org/lkml/20251017170047.114224-2-thorsten.blum@linux.de… --- drivers/w1/slaves/w1_therm.c | 98 ++++++++++++------------------------ 1 file changed, 33 insertions(+), 65 deletions(-) diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c index 9ccedb3264fb..046fa682d57d 100644 --- a/drivers/w1/slaves/w1_therm.c +++ b/drivers/w1/slaves/w1_therm.c @@ -1836,59 +1836,32 @@ static ssize_t alarms_store(struct device *device, struct w1_slave *sl = dev_to_w1_slave(device); struct therm_info info; u8 new_config_register[3]; /* array of data to be written */ - int temp, ret; - char *token = NULL; + long temp; + int ret; s8 tl, th; /* 1 byte per value + temp ring order */ - char *p_args, *orig; + const char *p = buf; + char *endp; - p_args = orig = kmalloc(size, GFP_KERNEL); - /* Safe string copys as buf is const */ - if (!p_args) { - dev_warn(device, - "%s: error unable to allocate memory %d\n", - __func__, -ENOMEM); - return size; + temp = simple_strtol(p, &endp, 10); + if (p == endp || *endp != ' ') { + dev_info(device, "%s: error parsing args %d\n", + __func__, -EINVAL); + goto err; } - strcpy(p_args, buf); - - /* Split string using space char */ - token = strsep(&p_args, " "); - - if (!token) { - dev_info(device, - "%s: error parsing args %d\n", __func__, -EINVAL); - goto free_m; - } - - /* Convert 1st entry to int */ - ret = kstrtoint (token, 10, &temp); - if (ret) { - dev_info(device, - "%s: error parsing args %d\n", __func__, ret); - goto free_m; - } - + /* Cast to short to eliminate out of range values */ tl = int_to_short(temp); - /* Split string using space char */ - token = strsep(&p_args, " "); - if (!token) { - dev_info(device, - "%s: error parsing args %d\n", __func__, -EINVAL); - goto free_m; - } - /* Convert 2nd entry to int */ - ret = kstrtoint (token, 10, &temp); - if (ret) { - dev_info(device, - "%s: error parsing args %d\n", __func__, ret); - goto free_m; + p = endp + 1; + temp = simple_strtol(p, &endp, 10); + if (p == endp) { + dev_info(device, "%s: error parsing args %d\n", + __func__, -EINVAL); + goto err; } - - /* Prepare to cast to short by eliminating out of range values */ + /* Cast to short to eliminate out of range values */ th = int_to_short(temp); - /* Reorder if required th and tl */ + /* Reorder if required */ if (tl > th) swap(tl, th); @@ -1897,35 +1870,30 @@ static ssize_t alarms_store(struct device *device, * (th : byte 2 - tl: byte 3) */ ret = read_scratchpad(sl, &info); - if (!ret) { - new_config_register[0] = th; /* Byte 2 */ - new_config_register[1] = tl; /* Byte 3 */ - new_config_register[2] = info.rom[4];/* Byte 4 */ - } else { - dev_info(device, - "%s: error reading from the slave device %d\n", - __func__, ret); - goto free_m; + if (ret) { + dev_info(device, "%s: error reading from the slave device %d\n", + __func__, ret); + goto err; } + new_config_register[0] = th; /* Byte 2 */ + new_config_register[1] = tl; /* Byte 3 */ + new_config_register[2] = info.rom[4]; /* Byte 4 */ /* Write data in the device RAM */ if (!SLAVE_SPECIFIC_FUNC(sl)) { - dev_info(device, - "%s: Device not supported by the driver %d\n", - __func__, -ENODEV); - goto free_m; + dev_info(device, "%s: Device not supported by the driver %d\n", + __func__, -ENODEV); + goto err; } ret = SLAVE_SPECIFIC_FUNC(sl)->write_data(sl, new_config_register); - if (ret) - dev_info(device, - "%s: error writing to the slave device %d\n", + if (ret) { + dev_info(device, "%s: error writing to the slave device %d\n", __func__, ret); + goto err; + } -free_m: - /* free allocated memory */ - kfree(orig); - +err: return size; } -- 2.51.0

1 month

1
1
0 0

FAILED: patch "[PATCH] ksmbd: transport_ipc: validate payload size before reading" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102920-mace-herbal-edee@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0 Mon Sep 17 00:00:00 2001 From: Qianchang Zhao <pioooooooooip(a)gmail.com> Date: Wed, 22 Oct 2025 15:27:47 +0900 Subject: [PATCH] ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable(a)vger.kernel.org Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Signed-off-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c index 46f87fd1ce1c..2c08cccfa680 100644 --- a/fs/smb/server/transport_ipc.c +++ b/fs/smb/server/transport_ipc.c @@ -263,10 +263,16 @@ static void ipc_msg_handle_free(int handle) static int handle_response(int type, void *payload, size_t sz) { - unsigned int handle = *(unsigned int *)payload; + unsigned int handle; struct ipc_msg_table_entry *entry; int ret = 0; + /* Prevent 4-byte read beyond declared payload size */ + if (sz < sizeof(unsigned int)) + return -EINVAL; + + handle = *(unsigned int *)payload; + ipc_update_last_active(); down_read(&ipc_msg_table_lock); hash_for_each_possible(ipc_msg_table, entry, ipc_table_hlist, handle) {

1 month

2
1
0 0

[PATCH V2] mm/slab: ensure all metadata in slab object are word-aligned

by Harry Yoo

When the SLAB_STORE_USER debug flag is used, any metadata placed after the original kmalloc request size (orig_size) is not properly aligned on 64-bit architectures because its type is unsigned int. When both KASAN and SLAB_STORE_USER are enabled, kasan_alloc_meta is misaligned. Note that 64-bit architectures without HAVE_EFFICIENT_UNALIGNED_ACCESS are assumed to require 64-bit accesses to be 64-bit aligned. See HAVE_64BIT_ALIGNED_ACCESS and commit adab66b71abf ("Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"") for more details. Because not all architectures support unaligned memory accesses, ensure that all metadata (track, orig_size, kasan_{alloc,free}_meta) in a slab object are word-aligned. struct track, kasan_{alloc,free}_meta are aligned by adding __aligned(__alignof__(unsigned long)). For orig_size, use ALIGN(sizeof(unsigned int), sizeof(unsigned long)) to make clear that its size remains unsigned int but it must be aligned to a word boundary. On 64-bit architectures, this reserves 8 bytes for orig_size, which is acceptable since kmalloc's original request size tracking is intended for debugging rather than production use. Cc: stable(a)vger.kernel.org Fixes: 6edf2576a6cc ("mm/slub: enable debugging memory wasting of kmalloc") Acked-by: Andrey Konovalov <andreyknvl(a)gmail.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- v1 -> v2: - Added Andrey's Acked-by. - Added references to HAVE_64BIT_ALIGNED_ACCESS and the commit that resurrected it. - Used __alignof__() instead of sizeof(), as suggested by Pedro (off-list). Note: either __alignof__ or sizeof() produces the exactly same mm/slub.o files, so there's no functional difference. Thanks! mm/kasan/kasan.h | 4 ++-- mm/slub.c | 16 +++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 129178be5e64..b86b6e9f456a 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -265,7 +265,7 @@ struct kasan_alloc_meta { struct kasan_track alloc_track; /* Free track is stored in kasan_free_meta. */ depot_stack_handle_t aux_stack[2]; -}; +} __aligned(__alignof__(unsigned long)); struct qlist_node { struct qlist_node *next; @@ -289,7 +289,7 @@ struct qlist_node { struct kasan_free_meta { struct qlist_node quarantine_link; struct kasan_track free_track; -}; +} __aligned(__alignof__(unsigned long)); #endif /* CONFIG_KASAN_GENERIC */ diff --git a/mm/slub.c b/mm/slub.c index a585d0ac45d4..462a39d57b3a 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -344,7 +344,7 @@ struct track { int cpu; /* Was running on cpu */ int pid; /* Pid context */ unsigned long when; /* When did the operation occur */ -}; +} __aligned(__alignof__(unsigned long)); enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -1196,7 +1196,7 @@ static void print_trailer(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (slub_debug_orig_size(s)) - off += sizeof(unsigned int); + off += ALIGN(sizeof(unsigned int), __alignof__(unsigned long)); off += kasan_metadata_size(s, false); @@ -1392,7 +1392,8 @@ static int check_pad_bytes(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (s->flags & SLAB_KMALLOC) - off += sizeof(unsigned int); + off += ALIGN(sizeof(unsigned int), + __alignof__(unsigned long)); } off += kasan_metadata_size(s, false); @@ -7820,9 +7821,14 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s) */ size += 2 * sizeof(struct track); - /* Save the original kmalloc request size */ + /* + * Save the original kmalloc request size. + * Although the request size is an unsigned int, + * make sure that is aligned to word boundary. + */ if (flags & SLAB_KMALLOC) - size += sizeof(unsigned int); + size += ALIGN(sizeof(unsigned int), + __alignof__(unsigned long)); } #endif -- 2.43.0

1 month

2
2
0 0

[PATCH 5.10] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()

by Andrey Troshin

From: Ian Abbott <abbotti(a)mev.co.uk> commit 3cd212e895ca2d58963fdc6422502b10dd3966bb upstream. syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is allocated to hold `insn->n` samples (each of which is an `unsigned int`). For some instruction types, `insn->n` samples are copied back to user-space, unless an error code is being returned. The problem is that not all the instruction handlers that need to return data to userspace fill in the whole `insn->n` samples, so that there is an information leak. There is a similar syzbot report for `do_insnlist_ioctl()`, although it does not have a reproducer for it at the time of writing. One culprit is `insn_rw_emulate_bits()` which is used as the handler for `INSN_READ` or `INSN_WRITE` instructions for subdevices that do not have a specific handler for that instruction, but do have an `INSN_BITS` handler. For `INSN_READ` it only fills in at most 1 sample, so if `insn->n` is greater than 1, the remaining `insn->n - 1` samples copied to userspace will be uninitialized kernel data. Another culprit is `vm80xx_ai_insn_read()` in the "vm80xx" driver. It never returns an error, even if it fails to fill the buffer. Fix it in `do_insn_ioctl()` and `do_insnlist_ioctl()` by making sure that uninitialized parts of the allocated buffer are zeroed before handling each instruction. Thanks to Arnaud Lecomte for their fix to `do_insn_ioctl()`. That fix replaced the call to `kmalloc_array()` with `kcalloc()`, but it is not always necessary to clear the whole buffer. Fixes: ed9eccbe8970 ("Staging: add comedi core") Reported-by: syzbot+a5e45f768aab5892da5d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=a5e45f768aab5892da5d Reported-by: syzbot+fb4362a104d45ab09cf9(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fb4362a104d45ab09cf9 Cc: stable <stable(a)kernel.org> # 5.13+ Cc: Arnaud Lecomte <contact(a)arnaud-lcm.com> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/20250725125324.80276-1-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Andrey Troshin: backport fix from drivers/comedi/comedi_fops.c to drivers/staging/comedi/comedi_fops.c] Signed-off-by: Andrey Troshin <drtrosh(a)yandex-team.ru> --- Backport fix for CVE-2025-39684 Link: https://nvd.nist.gov/vuln/detail/CVE-2025-39684 --- drivers/staging/comedi/comedi_fops.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c index 854b8bdc57a1..0af6e4a2fad9 100644 --- a/drivers/staging/comedi/comedi_fops.c +++ b/drivers/staging/comedi/comedi_fops.c @@ -1582,6 +1582,9 @@ static int do_insnlist_ioctl(struct comedi_device *dev, memset(&data[n], 0, (MIN_SAMPLES - n) * sizeof(unsigned int)); } + } else { + memset(data, 0, max_t(unsigned int, n, MIN_SAMPLES) * + sizeof(unsigned int)); } ret = parse_insn(dev, insns + i, data, file); if (ret < 0) @@ -1665,6 +1668,8 @@ static int do_insn_ioctl(struct comedi_device *dev, memset(&data[insn->n], 0, (MIN_SAMPLES - insn->n) * sizeof(unsigned int)); } + } else { + memset(data, 0, n_data * sizeof(unsigned int)); } ret = parse_insn(dev, insn, data, file); if (ret < 0) -- 2.34.1

1 month

1
0
0 0

[PATCH 2/2] ASoC: renesas: rz-ssi: Use proper dma_buffer_pos after resume

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> When the driver supports DMA, it enqueues four DMA descriptors per substream before the substream is started. New descriptors are enqueued in the DMA completion callback, and each time a new descriptor is queued, the dma_buffer_pos is incremented. During suspend, the DMA transactions are terminated. There might be cases where the four extra enqueued DMA descriptors are not completed and are instead canceled on suspend. However, the cancel operation does not take into account that the dma_buffer_pos was already incremented. Previously, the suspend code reinitialized dma_buffer_pos to zero, but this is not always correct. To avoid losing any audio periods during suspend/resume and to prevent clip sound, save the completed DMA buffer position in the DMA callback and reinitialize dma_buffer_pos on resume. Cc: stable(a)vger.kernel.org Fixes: 1fc778f7c833a ("ASoC: renesas: rz-ssi: Add suspend to RAM support") Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- sound/soc/renesas/rz-ssi.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index e00940814157..81b883e8ac92 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -85,6 +85,7 @@ struct rz_ssi_stream { struct snd_pcm_substream *substream; int fifo_sample_size; /* sample capacity of SSI FIFO */ int dma_buffer_pos; /* The address for the next DMA descriptor */ + int completed_dma_buf_pos; /* The address of the last completed DMA descriptor. */ int period_counter; /* for keeping track of periods transferred */ int sample_width; int buffer_pos; /* current frame position in the buffer */ @@ -215,6 +216,7 @@ static void rz_ssi_stream_init(struct rz_ssi_stream *strm, rz_ssi_set_substream(strm, substream); strm->sample_width = samples_to_bytes(runtime, 1); strm->dma_buffer_pos = 0; + strm->completed_dma_buf_pos = 0; strm->period_counter = 0; strm->buffer_pos = 0; @@ -437,6 +439,10 @@ static void rz_ssi_pointer_update(struct rz_ssi_stream *strm, int frames) snd_pcm_period_elapsed(strm->substream); strm->period_counter = current_period; } + + strm->completed_dma_buf_pos += runtime->period_size; + if (strm->completed_dma_buf_pos >= runtime->buffer_size) + strm->completed_dma_buf_pos = 0; } static int rz_ssi_pio_recv(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) @@ -778,10 +784,14 @@ static int rz_ssi_dma_request(struct rz_ssi_priv *ssi, struct device *dev) return -ENODEV; } -static int rz_ssi_trigger_resume(struct rz_ssi_priv *ssi) +static int rz_ssi_trigger_resume(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) { + struct snd_pcm_substream *substream = strm->substream; + struct snd_pcm_runtime *runtime = substream->runtime; int ret; + strm->dma_buffer_pos = strm->completed_dma_buf_pos + runtime->period_size; + if (rz_ssi_is_stream_running(&ssi->playback) || rz_ssi_is_stream_running(&ssi->capture)) return 0; @@ -794,16 +804,6 @@ static int rz_ssi_trigger_resume(struct rz_ssi_priv *ssi) ssi->hw_params_cache.channels); } -static void rz_ssi_streams_suspend(struct rz_ssi_priv *ssi) -{ - if (rz_ssi_is_stream_running(&ssi->playback) || - rz_ssi_is_stream_running(&ssi->capture)) - return; - - ssi->playback.dma_buffer_pos = 0; - ssi->capture.dma_buffer_pos = 0; -} - static int rz_ssi_dai_trigger(struct snd_pcm_substream *substream, int cmd, struct snd_soc_dai *dai) { @@ -813,7 +813,7 @@ static int rz_ssi_dai_trigger(struct snd_pcm_substream *substream, int cmd, switch (cmd) { case SNDRV_PCM_TRIGGER_RESUME: - ret = rz_ssi_trigger_resume(ssi); + ret = rz_ssi_trigger_resume(ssi, strm); if (ret) return ret; @@ -852,7 +852,6 @@ static int rz_ssi_dai_trigger(struct snd_pcm_substream *substream, int cmd, case SNDRV_PCM_TRIGGER_SUSPEND: rz_ssi_stop(ssi, strm); - rz_ssi_streams_suspend(ssi); break; case SNDRV_PCM_TRIGGER_STOP: -- 2.43.0

1 month

1
0
0 0

Linux 6.17.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.6 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/serial/renesas,scif.yaml | 1 Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 Documentation/devicetree/bindings/usb/qcom,snps-dwc3.yaml | 3 Makefile | 6 arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 3 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/mm/copypage.c | 11 arch/arm64/tools/sysreg | 4 arch/m68k/include/asm/bitops.h | 25 +- arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 + arch/powerpc/include/asm/pgtable.h | 12 - arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/powerpc/platforms/pseries/cmm.c | 2 arch/riscv/include/asm/hwprobe.h | 7 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/include/asm/vdso/arch_data.h | 6 arch/riscv/kernel/cpu.c | 4 arch/riscv/kernel/cpufeature.c | 10 arch/riscv/kernel/pi/cmdline_early.c | 4 arch/riscv/kernel/pi/fdt_early.c | 40 +++ arch/riscv/kernel/pi/pi.h | 1 arch/riscv/kernel/sys_hwprobe.c | 90 ++++++- arch/riscv/kernel/unaligned_access_speed.c | 9 arch/riscv/kernel/vdso/hwprobe.c | 2 arch/riscv/mm/init.c | 11 arch/s390/mm/pgalloc.c | 13 - arch/x86/kernel/cpu/microcode/amd.c | 2 block/blk-settings.c | 10 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 136 +++++++----- drivers/block/nbd.c | 15 + drivers/comedi/comedi_buf.c | 2 drivers/cpufreq/amd-pstate.c | 6 drivers/cpuidle/governors/menu.c | 21 - drivers/firmware/arm_ffa/driver.c | 37 ++- drivers/firmware/arm_scmi/common.h | 32 ++ drivers/firmware/arm_scmi/driver.c | 54 +--- drivers/gpio/gpio-104-idio-16.c | 1 drivers/gpio/gpio-idio-16.c | 5 drivers/gpio/gpio-ljca.c | 14 - drivers/gpio/gpio-pci-idio-16.c | 1 drivers/gpio/gpio-regmap.c | 53 ++++ drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h | 8 drivers/gpu/drm/drm_panic.c | 54 ++++ drivers/gpu/drm/panthor/panthor_mmu.c | 10 drivers/gpu/drm/xe/xe_ggtt.c | 3 drivers/hwmon/cgbc-hwmon.c | 3 drivers/hwmon/pmbus/isl68137.c | 3 drivers/hwmon/pmbus/max34440.c | 12 - drivers/hwmon/sht3x.c | 27 +- drivers/irqchip/irq-gic-v3-its-fsl-mc-msi.c | 2 drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/vmw_balloon.c | 8 drivers/most/most_usb.c | 13 - drivers/net/bonding/bond_main.c | 47 ++-- drivers/net/can/bxcan.c | 2 drivers/net/can/dev/netlink.c | 6 drivers/net/can/esd/esdacc.c | 2 drivers/net/can/rockchip/rockchip_canfd-tx.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.c | 25 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/hisilicon/Kconfig | 1 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 5 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 25 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 51 +++- drivers/net/ethernet/renesas/ravb_main.c | 24 +- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/ethernet/ti/am65-cpts.c | 63 +++-- drivers/net/ovpn/tcp.c | 26 +- drivers/net/phy/micrel.c | 4 drivers/net/phy/realtek/realtek_main.c | 16 - drivers/net/usb/rtl8150.c | 11 drivers/nvmem/rcar-efuse.c | 1 drivers/of/irq.c | 62 +++-- drivers/pci/msi/irqdomain.c | 2 drivers/pci/pci.c | 6 drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 drivers/platform/mellanox/mlxbf-pmc.c | 1 drivers/platform/x86/dell/alienware-wmi-wmax.c | 12 - drivers/ptp/ptp_ocp.c | 2 drivers/s390/crypto/zcrypt_ep11misc.c | 4 drivers/spi/spi-airoha-snfi.c | 128 ++++++++--- drivers/spi/spi-cadence-quadspi.c | 5 drivers/spi/spi-nxp-fspi.c | 80 ++++++- drivers/spi/spi-rockchip-sfc.c | 12 - drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 12 - drivers/staging/gpib/fmh_gpib/fmh_gpib.c | 5 drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 13 - drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/8250/8250_mtk.c | 6 drivers/tty/serial/sc16is7xx.c | 7 drivers/tty/serial/sh-sci.c | 14 - drivers/usb/core/quirks.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/xhci-dbgcap.c | 15 + drivers/usb/serial/option.c | 10 drivers/usb/typec/tcpm/tcpm.c | 4 drivers/vfio/cdx/Makefile | 6 drivers/vfio/cdx/private.h | 14 + drivers/virtio/virtio_balloon.c | 2 fs/aio.c | 2 fs/btrfs/inode.c | 4 fs/btrfs/ref-verify.c | 2 fs/btrfs/send.c | 56 ++++ fs/btrfs/super.c | 8 fs/dlm/lock.c | 2 fs/dlm/lockspace.c | 2 fs/dlm/recover.c | 2 fs/erofs/zmap.c | 39 ++- fs/exec.c | 2 fs/gfs2/lock_dlm.c | 11 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 ++ fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 --- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 +++ fs/hfsplus/super.c | 25 +- fs/hugetlbfs/inode.c | 4 fs/jfs/jfs_metapage.c | 8 fs/notify/fdinfo.c | 6 fs/ocfs2/move_extents.c | 5 fs/smb/client/cifsglob.h | 2 fs/smb/client/inode.c | 5 fs/smb/client/smbdirect.c | 30 +- fs/smb/client/smbdirect.h | 2 fs/smb/server/transport_ipc.c | 8 fs/smb/server/transport_rdma.c | 11 fs/sysfs/group.c | 26 +- fs/xfs/scrub/nlinks.c | 34 ++- fs/xfs/xfs_super.c | 33 +- include/linux/arm_ffa.h | 21 + include/linux/exportfs.h | 7 include/linux/gpio/regmap.h | 16 + include/linux/hung_task.h | 8 include/linux/migrate.h | 11 include/linux/misc_cgroup.h | 2 include/linux/of_irq.h | 6 include/linux/skbuff.h | 3 include/linux/virtio_net.h | 4 io_uring/fdinfo.c | 8 io_uring/filetable.c | 2 io_uring/sqpoll.c | 65 +++-- io_uring/sqpoll.h | 1 io_uring/waitid.c | 2 kernel/dma/debug.c | 5 kernel/sched/fair.c | 9 kernel/sched/sched.h | 2 kernel/trace/rv/monitors/pagefault/Kconfig | 1 kernel/trace/rv/rv.c | 12 - mm/damon/core.c | 7 mm/damon/sysfs.c | 7 mm/huge_memory.c | 3 mm/migrate.c | 88 +++---- mm/migrate_device.c | 2 mm/mremap.c | 15 - mm/page_owner.c | 3 mm/slub.c | 23 +- mm/zsmalloc.c | 4 net/core/datagram.c | 44 +++ net/core/rtnetlink.c | 3 net/hsr/hsr_netlink.c | 8 net/mptcp/pm_kernel.c | 6 net/sctp/inqueue.c | 13 - net/smc/smc_inet.c | 13 - net/vmw_vsock/af_vsock.c | 38 +-- net/xfrm/espintcp.c | 6 rust/kernel/auxiliary.rs | 8 rust/kernel/device.rs | 4 tools/objtool/check.c | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 8 tools/testing/selftests/net/sctp_hello.c | 17 - tools/testing/selftests/net/sctp_vrf.sh | 73 +++--- 187 files changed, 1853 insertions(+), 832 deletions(-) Akash Goel (1): drm/panthor: Fix kernel panic on partial unmap of a GPU VA region Aksh Garg (1): net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions Aleksander Jan Bajkowski (1): net: phy: realtek: fix rtl8221b-vm-cg name Alexander Aring (2): dlm: move to rinfo for all middle conversion cases dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexei Starovoitov (1): mm: don't spin in add_stack_record when gfp flags don't allow Alexey Simakov (1): sctp: avoid NULL dereference when chunk data buffer is missing Alexis Czezar Torreno (1): hwmon: (pmbus/max34440) Update adpm12160 coeff due to latest FW Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (2): io_uring: fix incorrect unlikely() usage in io_waitid_prep() io_uring: correct __must_hold annotation in io_install_fixed_file Amery Hung (2): net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amit Dhingra (1): btrfs: ref-verify: fix IS_ERR() vs NULL check in btrfs_build_ref_tree() Andreas Gruenbacher (1): gfs2: Fix unlikely race in gdlm_put_lock Andrew Cooper (1): x86/microcode: Fix Entrysign revision check for Zen1/Naples Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (1): sched: Remove never used code in mm_cid_get() Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (2): firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode serial: 8250_dw: handle reset control deassert error Catalin Marinas (1): arm64: mte: Do not warn if the page is already tagged in copy_highpage() Charlene Liu (1): drm/amd/display: increase max link count and fix link->enc NULL pointer access Christoph Hellwig (1): block: require LBA dma_alignment when using PI Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Clément Léger (1): riscv: cpufeature: add validation for zfa, zfh and zfhmin Cosmin Tanislav (2): nvmem: rcar-efuse: add missing MODULE_DEVICE_TABLE tty: serial: sh-sci: fix RSCI FIFO overrun handling Cristian Marussi (2): firmware: arm_scmi: Account for failed debug initialization include: trace: Fix inflight count helper on failed initialization Daniel Golle (1): serial: 8250_mtk: Enable baud clock and manage in runtime PM Danilo Krummrich (1): rust: device: fix device context of Device::parent() Darrick J. Wong (2): xfs: fix locking in xchk_nlinks_collect_dir xfs: always warn about deprecated mount options Dave Penkler (3): staging: gpib: Fix no EOI on 1 and 2 byte writes staging: gpib: Return -EINTR on device clear staging: gpib: Fix sending clear and trigger events David Hildenbrand (3): mm/migrate: remove MIGRATEPAGE_UNMAP treewide: remove MIGRATEPAGE_SUCCESS vmw_balloon: indicate success when effectively deflating during migration David Howells (1): cifs: Fix TCP_Server_Info::credits to be signed David Thompson (1): platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init Deepanshu Kartikey (2): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dewei Meng (1): btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() Enze Li (1): mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme Erick Karanja (1): hwmon: (pmbus/isl68137) Fix child node reference leak on early return Fernando Fernandez Mancera (2): net: hsr: prevent creation of HSR device with slaves from another netns sysfs: check visibility before changing group attribute ownership Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Fuad Tabba (1): arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Gao Xiang (2): erofs: fix crafted invalid cases for encoded extents erofs: avoid infinite loops due to corrupted subpage compact indexes Geert Uytterhoeven (2): m68k: bitops: Fix find_*_bit() signatures dt-bindings: serial: sh-sci: Fix r8a78000 interrupts Greg Kroah-Hartman (1): Linux 6.17.6 Guenter Roeck (1): hwmon: (sht3x) Fix error handling Haibo Chen (3): spi: spi-nxp-fspi: add the support for sample data from DQS pad spi: spi-nxp-fspi: re-config the clock rate when operation require new clock rate spi: spi-nxp-fspi: limit the clock rate for different sample clock source selection Han Xu (1): spi: spi-nxp-fspi: add extra delay after dll locked Hao Ge (2): slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts slab: Fix obj_ext mistakenly considered NULL due to race condition Haotian Zhang (1): gpio: ljca: Fix duplicated IRQ mapping Harald Freudenberger (1): s390/pkey: Forward keygenflags to ep11_unwrapkey Heiko Carstens (1): s390/mm: Use __GFP_ACCOUNT for user page table allocations Heiner Kallweit (1): net: hibmcge: select FIXED_PHY Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Hugo Villeneuve (1): serial: sc16is7xx: remove useless enable of enhanced features Ioana Ciornei (2): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path gpio: regmap: add the .fixed_direction_output configuration parameter Jakub Acs (1): fs/notify: call exportfs_encode_fid with s_umount Jan Kara (1): expfs: Fix exportfs_can_encode_fh() for EXPORT_FH_FID Jason Wang (1): virtio-net: zero unused hash fields Jens Axboe (2): io_uring/sqpoll: switch away from getrusage() for CPU accounting io_uring/sqpoll: be smarter on when to update the stime usage Jianpeng Chang (1): net: enetc: fix the deadlock of enetc_mdio_lock Jiasheng Jiang (1): ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop Jingwei Wang (1): riscv: hwprobe: Fix stale vDSO data for late-initialized keys at boot Jocelyn Falempe (3): drm/panic: Fix drawing the logo on a small narrow screen drm/panic: Fix qr_code, ensure vmargin is positive drm/panic: Fix 24bit pixel crossing page boundaries Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junhui Liu (2): riscv: mm: Return intended SATP mode for noXlvl options riscv: mm: Use mmu-type from FDT to limit SATP mode Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure K Prateek Nayak (1): sched/fair: Block delayed tasks on throttled hierarchy during dequeue Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kees Cook (1): PCI: Test for bit underflow in pcie_set_readrq() Krishna Kurapati (1): dt-bindings: usb: qcom,snps-dwc3: Fix bindings for X1E80100 Krzysztof Kozlowski (1): arm64: dts: broadcom: bcm2712: Add default GIC address cells Kurt Borja (1): platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Lance Yang (1): hung_task: fix warnings caused by unaligned lock pointers Li Qiang (1): hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() Linus Torvalds (1): Unbreak 'make tools/*' for user-space targets Lorenzo Pieralisi (2): of/irq: Convert of_msi_map_id() callers to of_msi_xlate() of/irq: Add msi-parent check to of_msi_xlate() Lorenzo Stoakes (1): mm/mremap: correctly account old mapping after MREMAP_DONTUNMAP remap Ma Ke (1): staging: gpib: Fix device reference leak in fmh_gpib driver Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (4): can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: netlink: can_changelink(): allow disabling of automatic restart Marek Szyprowski (2): dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC spi: rockchip-sfc: Fix DMA-API usage Mario Limonciello (AMD) (1): cpufreq/amd-pstate: Fix a regression leading to EPP 0 after hibernate Mathias Nyman (2): xhci: dbc: enable back DbC in resume if it was enabled before suspend xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathieu Dubois-Briand (1): gpio: regmap: Allow to allocate regmap-irq device Matthew Brost (1): drm/xe: Check return value of GGTT workqueue allocation Matthieu Baerts (NGI0) (4): mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Mattijs Korpershoek (1): spi: cadence-quadspi: Fix pm_runtime unbalance on dma EPROBE_DEFER Michael Grzeschik (1): tcpm: switch check for role_sw device with fw_node Michal Pecio (1): net: usb: rtl8150: Fix frame padding Miguel Ojeda (1): objtool/rust: add one more `noreturn` Rust function Mikhail Kshevetskiy (4): spi: airoha: return an error for continuous mode dirmap creation cases spi: airoha: add support of dual/quad wires spi modes to exec_op() handler spi: airoha: switch back to non-dma mode in the case of error spi: airoha: fix reading/writing of flashes with more than one plane per lun Nam Cao (2): rv: Fully convert enabled_monitors to use list_head as iterator rv: Make rtapp/pagefault monitor depends on CONFIG_MMU Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Nipun Gupta (1): vfio/cdx: update driver to build without CONFIG_GENERIC_MSI_IRQ Ondrej Mosnacek (1): nbd: override creds to kernel when calling sock_{send,recv}msg() Patrisious Haddad (1): net/mlx5: Fix IPsec cleanup over MPV device Paul Walmsley (2): riscv: cpufeature: avoid uninitialized variable in has_thead_homogeneous_vlenb() riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id() Paulo Alcantara (1): smb: client: get rid of d_drop() in cifs_do_rename() Peter Robinson (1): arm64: dts: broadcom: bcm2712: Define VGIC interrupt Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Qiuxu Zhuo (1): mm: prevent poison consumption when splitting THP Rafael J. Wysocki (1): Revert "cpuidle: menu: Avoid discarding useful information" Ralf Lici (3): espintcp: use datagram_poll_queue for socket readiness net: datagram: introduce datagram_poll_queue for custom receive queues ovpn: use datagram_poll_queue for socket readiness in TCP Randy Dunlap (1): cgroup/misc: fix misc_res_type kernel-doc warning Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Robert Marko (1): net: phy: micrel: always set shared->phydev for LAN8814 Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection SeongJae Park (4): mm/damon/core: use damos_commit_quota_goal() for new goal commit mm/damon/core: fix list_add_tail() call on damon_call() mm/damon/sysfs: catch commit test ctx alloc failure mm/damon/sysfs: dealloc commit test ctx always Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (4): smb: client: queue post_recv_credits_work also if the peer raises the credit target smb: client: limit the range of info->receive_credit_target smb: client: make use of ib_wc_status_msg() and skip IB_WC_WR_FLUSH_ERR logging smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Sudeep Holla (1): firmware: arm_ffa: Add support for IMPDEF value in the memory access descriptor Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Ting-Chang Hou (1): btrfs: send: fix duplicated rmdir operations when using extrefs Tonghao Zhang (2): net: bonding: fix possible peer notify event loss or dup issue net: bonding: update the slave array for broadcast mode Viacheslav Dubeyko (5): hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Wang Liang (1): net/smc: fix general protection fault in __smc_diag_dump Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Breathitt Gray (3): gpio: pci-idio-16: Define maximum valid register address offset gpio: 104-idio-16: Define maximum valid register address offset gpio: idio-16: Define fixed direction of the GPIO lines Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xichao Zhao (1): exec: Fix incorrect type for ret Xin Long (1): selftests: net: fix server bind failure in sctp_vrf.sh Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yicong Yang (1): drivers/perf: hisi: Relax the event ID check in the framework tr1x_em (1): platform/x86: alienware-wmi-wmax: Add AWCC support to Dell G15 5530

1 month

1
1
0 0

Linux 6.12.56

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.56 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 Makefile | 6 arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 3 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/mm/copypage.c | 9 arch/arm64/tools/sysreg | 4 arch/m68k/include/asm/bitops.h | 25 - arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 arch/powerpc/include/asm/pgtable.h | 12 arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/cpu.c | 4 arch/riscv/kernel/sys_hwprobe.c | 6 arch/s390/mm/pgalloc.c | 13 arch/x86/kernel/cpu/microcode/amd.c | 2 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 +++-- drivers/block/nbd.c | 15 drivers/bluetooth/btintel.c | 28 - drivers/bluetooth/btintel.h | 3 drivers/comedi/comedi_buf.c | 2 drivers/cpuidle/governors/menu.c | 21 drivers/firmware/arm_scmi/common.h | 24 - drivers/firmware/arm_scmi/driver.c | 47 -- drivers/gpio/gpio-104-idio-16.c | 1 drivers/gpio/gpio-ljca.c | 14 drivers/gpio/gpio-pci-idio-16.c | 1 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h | 8 drivers/gpu/drm/drm_panic.c | 8 drivers/gpu/drm/panthor/panthor_mmu.c | 10 drivers/hwmon/sht3x.c | 27 - drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 drivers/net/bonding/bond_main.c | 40 - drivers/net/can/bxcan.c | 2 drivers/net/can/dev/netlink.c | 6 drivers/net/can/esd/esdacc.c | 2 drivers/net/can/rockchip/rockchip_canfd-tx.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.c | 25 - drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en.h | 7 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h | 6 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 5 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 25 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 128 +++-- drivers/net/ethernet/renesas/ravb_main.c | 24 - drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/ethernet/ti/am65-cpts.c | 63 +- drivers/net/phy/micrel.c | 4 drivers/net/usb/rtl8150.c | 11 drivers/pci/pci.c | 6 drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 drivers/platform/x86/amd/hsmp.c | 5 drivers/ptp/ptp_ocp.c | 2 drivers/spi/spi-airoha-snfi.c | 280 +++++++----- drivers/spi/spi-nxp-fspi.c | 6 drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/8250/8250_mtk.c | 6 drivers/tty/serial/sc16is7xx.c | 7 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/xhci-dbgcap.c | 15 drivers/usb/serial/option.c | 10 drivers/usb/typec/tcpm/tcpm.c | 4 fs/btrfs/super.c | 8 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/gfs2/lock_dlm.c | 11 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 - fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 - fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 + fs/hfsplus/super.c | 25 - fs/notify/fdinfo.c | 6 fs/ocfs2/move_extents.c | 5 fs/smb/client/cifsglob.h | 2 fs/smb/server/transport_ipc.c | 8 fs/smb/server/transport_rdma.c | 11 fs/xfs/scrub/nlinks.c | 34 + fs/xfs/xfs_super.c | 33 - io_uring/fdinfo.c | 8 io_uring/filetable.c | 2 io_uring/sqpoll.c | 65 +- io_uring/sqpoll.h | 1 kernel/dma/debug.c | 5 kernel/power/energy_model.c | 58 +- kernel/sched/sched.h | 2 mm/huge_memory.c | 3 mm/migrate.c | 3 mm/slub.c | 23 net/core/rtnetlink.c | 3 net/sctp/inqueue.c | 13 net/smc/smc_inet.c | 13 net/vmw_vsock/af_vsock.c | 38 - tools/objtool/check.c | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 tools/testing/selftests/net/sctp_hello.c | 17 tools/testing/selftests/net/sctp_vrf.sh | 73 +-- 114 files changed, 1176 insertions(+), 688 deletions(-) Akash Goel (1): drm/panthor: Fix kernel panic on partial unmap of a GPU VA region Aksh Garg (1): net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (1): sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (1): io_uring: correct __must_hold annotation in io_install_fixed_file Amery Hung (2): net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Andreas Gruenbacher (1): gfs2: Fix unlikely race in gdlm_put_lock Andrew Cooper (1): x86/microcode: Fix Entrysign revision check for Zen1/Naples Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (1): sched: Remove never used code in mm_cid_get() Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (2): firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode serial: 8250_dw: handle reset control deassert error Carolina Jubran (1): net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead Catalin Marinas (1): arm64: mte: Do not warn if the page is already tagged in copy_highpage() Charlene Liu (1): drm/amd/display: increase max link count and fix link->enc NULL pointer access Christian Loehle (1): PM: EM: Fix late boot with holes in CPU topology Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Cristian Marussi (1): firmware: arm_scmi: Account for failed debug initialization Daniel Golle (1): serial: 8250_mtk: Enable baud clock and manage in runtime PM Darrick J. Wong (2): xfs: fix locking in xchk_nlinks_collect_dir xfs: always warn about deprecated mount options David Howells (1): cifs: Fix TCP_Server_Info::credits to be signed Deepanshu Kartikey (2): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dewei Meng (1): btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Fuad Tabba (1): arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 6.12.56 Guenter Roeck (1): hwmon: (sht3x) Fix error handling Han Xu (1): spi: spi-nxp-fspi: add extra delay after dll locked Hao Ge (2): slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts slab: Fix obj_ext mistakenly considered NULL due to race condition Haotian Zhang (1): gpio: ljca: Fix duplicated IRQ mapping Heiko Carstens (1): s390/mm: Use __GFP_ACCOUNT for user page table allocations Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Hugo Villeneuve (1): serial: sc16is7xx: remove useless enable of enhanced features Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jakub Acs (1): fs/notify: call exportfs_encode_fid with s_umount Jens Axboe (2): io_uring/sqpoll: switch away from getrusage() for CPU accounting io_uring/sqpoll: be smarter on when to update the stime usage Jianpeng Chang (1): net: enetc: fix the deadlock of enetc_mdio_lock Jiasheng Jiang (1): ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop Jocelyn Falempe (2): drm/panic: Fix drawing the logo on a small narrow screen drm/panic: Fix qr_code, ensure vmargin is positive Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kees Cook (1): PCI: Test for bit underflow in pcie_set_readrq() Kiran K (1): Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP Krzysztof Kozlowski (1): arm64: dts: broadcom: bcm2712: Add default GIC address cells LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Linus Torvalds (1): Unbreak 'make tools/*' for user-space targets Lorenzo Bianconi (1): spi: airoha: do not keep {tx,rx} dma buffer always mapped Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (4): can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: netlink: can_changelink(): allow disabling of automatic restart Marek Szyprowski (1): dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Mathias Nyman (2): xhci: dbc: enable back DbC in resume if it was enabled before suspend xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Matthieu Baerts (NGI0) (2): selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported Michael Grzeschik (1): tcpm: switch check for role_sw device with fw_node Michal Pecio (1): net: usb: rtl8150: Fix frame padding Miguel Ojeda (1): objtool/rust: add one more `noreturn` Rust function Mikhail Kshevetskiy (4): spi: airoha: return an error for continuous mode dirmap creation cases spi: airoha: add support of dual/quad wires spi modes to exec_op() handler spi: airoha: switch back to non-dma mode in the case of error spi: airoha: fix reading/writing of flashes with more than one plane per lun Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Ondrej Mosnacek (1): nbd: override creds to kernel when calling sock_{send,recv}msg() Patrisious Haddad (1): net/mlx5: Fix IPsec cleanup over MPV device Paul Walmsley (1): riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id() Peter Robinson (1): arm64: dts: broadcom: bcm2712: Define VGIC interrupt Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Qiuxu Zhuo (1): mm: prevent poison consumption when splitting THP Rafael J. Wysocki (4): PM: EM: Drop unused parameter from em_adjust_new_capacity() PM: EM: Slightly reduce em_check_capacity_update() overhead PM: EM: Move CPU capacity check to em_adjust_new_capacity() Revert "cpuidle: menu: Avoid discarding useful information" Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Robert Marko (1): net: phy: micrel: always set shared->phydev for LAN8814 Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (1): smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Suma Hegde (1): platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (5): hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Wang Liang (1): net/smc: fix general protection fault in __smc_diag_dump Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Breathitt Gray (2): gpio: pci-idio-16: Define maximum valid register address offset gpio: 104-idio-16: Define maximum valid register address offset Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xichao Zhao (1): exec: Fix incorrect type for ret Xin Long (1): selftests: net: fix server bind failure in sctp_vrf.sh Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yicong Yang (1): drivers/perf: hisi: Relax the event ID check in the framework

1 month

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror