- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] net: dsa: microchip: Don't free uninitialized ksz_irq" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 25b62cc5b22c45face094ae3e8717258e46d1d19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120258-cupid-regally-5bc2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25b62cc5b22c45face094ae3e8717258e46d1d19 Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (Schneider Electric)" <bastien.curutchet(a)bootlin.com> Date: Thu, 20 Nov 2025 10:12:02 +0100 Subject: [PATCH] net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on uninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It leads to freeing uninitialized IRQ numbers and/or domains. Use dsa_switch_for_each_user_port_continue_reverse() in the error path to iterate only over the fully initialized ports. Cc: stable(a)vger.kernel.org Fixes: cc13ab18b201 ("net: dsa: microchip: ptp: enable interrupt for timestamping") Signed-off-by: Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> Link: https://patch.msgid.link/20251120-ksz-fix-v6-3-891f80ae7f8f@bootlin.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/dsa/microchip/ksz_common.c b/drivers/net/dsa/microchip/ksz_common.c index e684568a4eda..a927055423f3 100644 --- a/drivers/net/dsa/microchip/ksz_common.c +++ b/drivers/net/dsa/microchip/ksz_common.c @@ -3082,7 +3082,7 @@ static int ksz_setup(struct dsa_switch *ds) ksz_ptp_irq_free(ds, dp->index); out_pirq: if (dev->irq > 0) - dsa_switch_for_each_user_port(dp, dev->ds) + dsa_switch_for_each_user_port_continue_reverse(dp, dev->ds) ksz_irq_free(&dev->ports[dp->index].pirq); out_girq: if (dev->irq > 0)

3 days, 6 hours

1
0
0 0

FAILED: patch "[PATCH] net: dsa: microchip: Free previously initialized ports on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0f80e21bf6229637e193248fbd284c0ec44bc0fd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120252-revise-greeting-8d54@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0f80e21bf6229637e193248fbd284c0ec44bc0fd Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (Schneider Electric)" <bastien.curutchet(a)bootlin.com> Date: Thu, 20 Nov 2025 10:12:03 +0100 Subject: [PATCH] net: dsa: microchip: Free previously initialized ports on init failures If a port interrupt setup fails after at least one port has already been successfully initialized, the gotos miss some resource releasing: - the already initialized PTP IRQs aren't released - the already initialized port IRQs aren't released if the failure occurs in ksz_pirq_setup(). Merge 'out_girq' and 'out_ptpirq' into a single 'port_release' label. Behind this label, use the reverse loop to release all IRQ resources for all initialized ports. Jump in the middle of the reverse loop if an error occurs in ksz_ptp_irq_setup() to only release the port IRQ of the current iteration. Cc: stable(a)vger.kernel.org Fixes: c9cd961c0d43 ("net: dsa: microchip: lan937x: add interrupt support for port phy link") Signed-off-by: Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> Link: https://patch.msgid.link/20251120-ksz-fix-v6-4-891f80ae7f8f@bootlin.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/dsa/microchip/ksz_common.c b/drivers/net/dsa/microchip/ksz_common.c index a927055423f3..0c10351fe5eb 100644 --- a/drivers/net/dsa/microchip/ksz_common.c +++ b/drivers/net/dsa/microchip/ksz_common.c @@ -3038,12 +3038,12 @@ static int ksz_setup(struct dsa_switch *ds) dsa_switch_for_each_user_port(dp, dev->ds) { ret = ksz_pirq_setup(dev, dp->index); if (ret) - goto out_girq; + goto port_release; if (dev->info->ptp_capable) { ret = ksz_ptp_irq_setup(ds, dp->index); if (ret) - goto out_pirq; + goto pirq_release; } } } @@ -3053,7 +3053,7 @@ static int ksz_setup(struct dsa_switch *ds) if (ret) { dev_err(dev->dev, "Failed to register PTP clock: %d\n", ret); - goto out_ptpirq; + goto port_release; } } @@ -3076,17 +3076,16 @@ static int ksz_setup(struct dsa_switch *ds) out_ptp_clock_unregister: if (dev->info->ptp_capable) ksz_ptp_clock_unregister(ds); -out_ptpirq: - if (dev->irq > 0 && dev->info->ptp_capable) - dsa_switch_for_each_user_port(dp, dev->ds) - ksz_ptp_irq_free(ds, dp->index); -out_pirq: - if (dev->irq > 0) - dsa_switch_for_each_user_port_continue_reverse(dp, dev->ds) +port_release: + if (dev->irq > 0) { + dsa_switch_for_each_user_port_continue_reverse(dp, dev->ds) { + if (dev->info->ptp_capable) + ksz_ptp_irq_free(ds, dp->index); +pirq_release: ksz_irq_free(&dev->ports[dp->index].pirq); -out_girq: - if (dev->irq > 0) + } ksz_irq_free(&dev->girq); + } return ret; }

3 days, 6 hours

1
0
0 0

[PATCH] mm/damon/core: fix memory leak of repeat mode damon_call_control objects

by Enze Li

A memory leak exists in the handling of repeat mode damon_call_control objects by kdamond_call(). While damon_call() correctly allows multiple repeat mode objects (with ->repeat set to true) to be added to the per-context list, kdamond_call() incorrectly processes them. The function moves all repeat mode objects from the context's list to a temporary list (repeat_controls). However, it only moves the first object back to the context's list for future calls, leaving the remaining objects on the temporary list where they are abandoned and leaked. This patch fixes the leak by ensuring all repeat mode objects are properly re-added to the context's list. Fixes: 43df7676e550 ("mm/damon/core: introduce repeat mode damon_call()") Signed-off-by: Enze Li <lienze(a)kylinos.cn> Cc: <stable(a)vger.kernel.org> # 6.17.x --- mm/damon/core.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/mm/damon/core.c b/mm/damon/core.c index 109b050c795a..66b5bae44f22 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -2526,13 +2526,19 @@ static void kdamond_call(struct damon_ctx *ctx, bool cancel) list_add(&control->list, &repeat_controls); } } - control = list_first_entry_or_null(&repeat_controls, - struct damon_call_control, list); - if (!control || cancel) - return; - mutex_lock(&ctx->call_controls_lock); - list_add_tail(&control->list, &ctx->call_controls); - mutex_unlock(&ctx->call_controls_lock); + while (true) { + control = list_first_entry_or_null(&repeat_controls, + struct damon_call_control, list); + if (!control) + break; + /* Unlink from the repeate_controls list. */ + list_del(&control->list); + if (cancel) + continue; + mutex_lock(&ctx->call_controls_lock); + list_add(&control->list, &ctx->call_controls); + mutex_unlock(&ctx->call_controls_lock); + } } /* Returns negative error code if it's not activated but should return */ base-commit: 7d0a66e4bb9081d75c82ec4957c50034cb0ea449 -- 2.52.0

3 days, 7 hours

2
1
0 0

[PATCH v2] e1000: fix OOB in e1000_tbi_should_accept()

by Guangshuo Li

In e1000_tbi_should_accept() we read the last byte of the frame via 'data[length - 1]' to evaluate the TBI workaround. If the descriptor- reported length is zero or larger than the actual RX buffer size, this read goes out of bounds and can hit unrelated slab objects. The issue is observed from the NAPI receive path (e1000_clean_rx_irq): ================================================================== BUG: KASAN: slab-out-of-bounds in e1000_tbi_should_accept+0x610/0x790 Read of size 1 at addr ffff888014114e54 by task sshd/363 CPU: 0 PID: 363 Comm: sshd Not tainted 5.18.0-rc1 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> dump_stack_lvl+0x5a/0x74 print_address_description+0x7b/0x440 print_report+0x101/0x200 kasan_report+0xc1/0xf0 e1000_tbi_should_accept+0x610/0x790 e1000_clean_rx_irq+0xa8c/0x1110 e1000_clean+0xde2/0x3c10 __napi_poll+0x98/0x380 net_rx_action+0x491/0xa20 __do_softirq+0x2c9/0x61d do_softirq+0xd1/0x120 </IRQ> <TASK> __local_bh_enable_ip+0xfe/0x130 ip_finish_output2+0x7d5/0xb00 __ip_queue_xmit+0xe24/0x1ab0 __tcp_transmit_skb+0x1bcb/0x3340 tcp_write_xmit+0x175d/0x6bd0 __tcp_push_pending_frames+0x7b/0x280 tcp_sendmsg_locked+0x2e4f/0x32d0 tcp_sendmsg+0x24/0x40 sock_write_iter+0x322/0x430 vfs_write+0x56c/0xa60 ksys_write+0xd1/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f511b476b10 Code: 73 01 c3 48 8b 0d 88 d3 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d f9 2b 2c 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 8e 9b 01 00 48 89 04 24 RSP: 002b:00007ffc9211d4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000004024 RCX: 00007f511b476b10 RDX: 0000000000004024 RSI: 0000559a9385962c RDI: 0000000000000003 RBP: 0000559a9383a400 R08: fffffffffffffff0 R09: 0000000000004f00 R10: 0000000000000070 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc9211d57f R14: 0000559a9347bde7 R15: 0000000000000003 </TASK> Allocated by task 1: __kasan_krealloc+0x131/0x1c0 krealloc+0x90/0xc0 add_sysfs_param+0xcb/0x8a0 kernel_add_sysfs_param+0x81/0xd4 param_sysfs_builtin+0x138/0x1a6 param_sysfs_init+0x57/0x5b do_one_initcall+0x104/0x250 do_initcall_level+0x102/0x132 do_initcalls+0x46/0x74 kernel_init_freeable+0x28f/0x393 kernel_init+0x14/0x1a0 ret_from_fork+0x22/0x30 The buggy address belongs to the object at ffff888014114000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 1620 bytes to the right of 2048-byte region [ffff888014114000, ffff888014114800] The buggy address belongs to the physical page: page:ffffea0000504400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14110 head:ffffea0000504400 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x100000000010200(slab|head|node=0|zone=1) raw: 0100000000010200 0000000000000000 dead000000000001 ffff888013442000 raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected ================================================================== This happens because the TBI check unconditionally dereferences the last byte without validating the reported length first: u8 last_byte = *(data + length - 1); Fix by rejecting the frame early if the length is zero, or if it exceeds adapter->rx_buffer_len. This preserves the TBI workaround semantics for valid frames and prevents touching memory beyond the RX buffer. Fixes: 2037110c96d5 ("e1000: move tbi workaround code into helper function") Cc: stable(a)vger.kernel.org Suggested-by: Tony Nguyen <tony.nguyen(a)intel.com> Signed-off-by: Guangshuo Li <lgs201920130244(a)gmail.com> --- changelog: v2: - Keep declarations at the beginning of e1000_tbi_should_accept(). - Move the last_byte assignment after the length bounds checks (suggested by Tony Nguyen) --- drivers/net/ethernet/intel/e1000/e1000_main.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c index 3f5feb55cfba..cb49ec49f836 100644 --- a/drivers/net/ethernet/intel/e1000/e1000_main.c +++ b/drivers/net/ethernet/intel/e1000/e1000_main.c @@ -4091,7 +4091,14 @@ static bool e1000_tbi_should_accept(struct e1000_adapter *adapter, u32 length, const u8 *data) { struct e1000_hw *hw = &adapter->hw; - u8 last_byte = *(data + length - 1); + u8 last_byte; + /* Guard against OOB on data[length - 1] */ + if (unlikely(!length)) + return false; + /* Upper bound: length must not exceed rx_buffer_len */ + if (unlikely(length > adapter->rx_buffer_len)) + return false; + last_byte = *(data + length - 1); if (TBI_ACCEPT(hw, status, errors, length, last_byte)) { unsigned long irq_flags; -- 2.43.0

3 days, 9 hours

4
7
0 0

[PATCH] media: imagination: Fix value clamping in calculate_qp_tables

by Thorsten Blum

The local variable 'val' was never clamped to 1 or 255 because the return value of clamp() was not used. Fix this by assigning the clamped value back to 'val'. Cc: stable(a)vger.kernel.org Fixes: a1e294045885 ("media: imagination: Add E5010 JPEG Encoder driver") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- drivers/media/platform/imagination/e5010-jpeg-enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/imagination/e5010-jpeg-enc.c b/drivers/media/platform/imagination/e5010-jpeg-enc.c index c4e0097cb8b7..a36a2acc896c 100644 --- a/drivers/media/platform/imagination/e5010-jpeg-enc.c +++ b/drivers/media/platform/imagination/e5010-jpeg-enc.c @@ -175,12 +175,12 @@ static void calculate_qp_tables(struct e5010_context *ctx) long long delta = v4l2_jpeg_ref_table_chroma_qt[i] * contrast + luminosity; int val = (int)(v4l2_jpeg_ref_table_chroma_qt[i] + delta); - clamp(val, 1, 255); + val = clamp(val, 1, 255); ctx->chroma_qp[i] = quality == -50 ? 1 : val; delta = v4l2_jpeg_ref_table_luma_qt[i] * contrast + luminosity; val = (int)(v4l2_jpeg_ref_table_luma_qt[i] + delta); - clamp(val, 1, 255); + val = clamp(val, 1, 255); ctx->luma_qp[i] = quality == -50 ? 1 : val; } -- Thorsten Blum <thorsten.blum(a)linux.dev> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4

3 days, 9 hours

1
0
0 0

[PATCH 5.10.y] ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up

by lanbincn＠qq.com

From: Vasiliy Kovalev <kovalev(a)altlinux.org> [ Upstream commit c84e125fff2615b4d9c259e762596134eddd2f27 ] The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). Move dput(upper) after its last use to prevent use-after-free. BUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline] BUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 ovl_dentry_remote fs/overlayfs/util.c:162 [inline] ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167 ovl_link_up fs/overlayfs/copy_up.c:610 [inline] ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170 ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223 ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136 vfs_rename+0xf84/0x20a0 fs/namei.c:4893 ... </TASK> Fixes: b07d5cc93e1b ("ovl: update of dentry revalidate flags after copy up") Reported-by: syzbot+316db8a1191938280eb6(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=316db8a1191938280eb6 Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Link: https://lore.kernel.org/r/20250214215148.761147-1-kovalev@altlinux.org Reviewed-by: Amir Goldstein <amir73il(a)gmail.com> Signed-off-by: Christian Brauner <brauner(a)kernel.org> [ Minor context change fixed. ] Signed-off-by: Bin Lan <lanbincn(a)qq.com> --- fs/overlayfs/copy_up.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 65ac504595ba..a1ec45fc77d8 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -469,7 +469,6 @@ static int ovl_link_up(struct ovl_copy_up_ctx *c) err = PTR_ERR(upper); if (!IS_ERR(upper)) { err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper); - dput(upper); if (!err) { /* Restore timestamps on parent (best effort) */ @@ -477,6 +476,7 @@ static int ovl_link_up(struct ovl_copy_up_ctx *c) ovl_dentry_set_upper_alias(c->dentry); ovl_dentry_update_reval(c->dentry, upper); } + dput(upper); } inode_unlock(udir); if (err) -- 2.43.0

3 days, 10 hours

1
0
0 0

[PATCH] rust_binder: remove spin_lock() in rust_shrink_free_page()

by Alice Ryhl

When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and apparently I did not end up running the shrinker callback when I sanity tested the driver before submission. This leads to crashes like the following: ============================================ WARNING: possible recursive locking detected 6.18.0-mainline-maybe-dirty #1 Tainted: G IO -------------------------------------------- kswapd0/68 is trying to acquire lock: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: lock_list_lru_of_memcg+0x128/0x230 but task is already holding lock: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&l->lock); lock(&l->lock); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by kswapd0/68: #0: ffffffff90d2e260 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x597/0x1160 #1: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20 #2: ffffffff90cf3680 (rcu_read_lock){....}-{1:2}, at: lock_list_lru_of_memcg+0x2d/0x230 To fix this, remove the spin_lock() call from rust_shrink_free_page(). Cc: stable(a)vger.kernel.org Fixes: eafedbc7c050 ("rust_binder: add Rust Binder driver") Signed-off-by: Alice Ryhl <aliceryhl(a)google.com> --- drivers/android/binder/page_range.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/android/binder/page_range.rs b/drivers/android/binder/page_range.rs index 9379038f61f513c51ebed6c7e7b6fde32e5b8d06..fdd97112ef5c8b2341e498dc3567b659f05e3fd7 100644 --- a/drivers/android/binder/page_range.rs +++ b/drivers/android/binder/page_range.rs @@ -727,8 +727,5 @@ fn drop(self: Pin<&mut Self>) { drop(mm); drop(page); - // SAFETY: We just unlocked the lru lock, but it should be locked when we return. - unsafe { bindings::spin_lock(&raw mut (*lru).lock) }; - LRU_REMOVED_ENTRY } --- base-commit: 82d12088c297fa1cef670e1718b3d24f414c23f7 change-id: 20251202-binder-shrink-unspin-1ee9872cc2ed Best regards, -- Alice Ryhl <aliceryhl(a)google.com>

3 days, 11 hours

1
0
0 0

[PATCH] netrom: fix possible deadlock between nr_rt_ioctl() and nr_rt_device_down()

by Junjie Cao

syzbot reported a circular locking dependency involving nr_neigh_list_lock, nr_node_list_lock and nr_node->node_lock in the NET/ROM routing code [1]. One of the problematic scenarios looks like this: CPU0 CPU1 ---- ---- nr_rt_device_down() nr_rt_ioctl() lock(nr_neigh_list_lock); nr_del_node() ... lock(nr_node_list_lock); lock(nr_node_list_lock); nr_remove_neigh(); lock(nr_neigh_list_lock); This creates the following lock chain: nr_neigh_list_lock -> nr_node_list_lock -> &nr_node->node_lock while the ioctl path may acquire the locks in the opposite order via nr_dec_obs()/nr_del_node(), which makes lockdep complain about a possible deadlock. Refactor nr_rt_device_down() to avoid nested locking of nr_neigh_list_lock and nr_node_list_lock. The function now performs two separate passes: one that walks all nodes under nr_node_list_lock and drops routes / reference counts, and a second one that removes unused neighbours under nr_neigh_list_lock. This also fixes a reference count leak of nr_neigh in the node route removal path. [1] https://syzkaller.appspot.com/bug?extid=14afda08dc3484d5db82 Reported-by: syzbot+14afda08dc3484d5db82(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=14afda08dc3484d5db82 Tested-by: syzbot+14afda08dc3484d5db82(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Junjie Cao <junjie.cao(a)intel.com> --- net/netrom/nr_route.c | 61 +++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/net/netrom/nr_route.c b/net/netrom/nr_route.c index b94cb2ffbaf8..cc8c47e1340a 100644 --- a/net/netrom/nr_route.c +++ b/net/netrom/nr_route.c @@ -511,37 +511,40 @@ void nr_rt_device_down(struct net_device *dev) struct nr_node *t; int i; - spin_lock_bh(&nr_neigh_list_lock); - nr_neigh_for_each_safe(s, nodet, &nr_neigh_list) { - if (s->dev == dev) { - spin_lock_bh(&nr_node_list_lock); - nr_node_for_each_safe(t, node2t, &nr_node_list) { - nr_node_lock(t); - for (i = 0; i < t->count; i++) { - if (t->routes[i].neighbour == s) { - t->count--; - - switch (i) { - case 0: - t->routes[0] = t->routes[1]; - fallthrough; - case 1: - t->routes[1] = t->routes[2]; - break; - case 2: - break; - } - } - } + spin_lock_bh(&nr_node_list_lock); + nr_node_for_each_safe(t, node2t, &nr_node_list) { + nr_node_lock(t); + for (i = 0; i < t->count; i++) { + s = t->routes[i].neighbour; + if (s->dev == dev) { + s->count--; + nr_neigh_put(s); + t->count--; - if (t->count <= 0) - nr_remove_node_locked(t); - nr_node_unlock(t); + switch (i) { + case 0: + t->routes[0] = t->routes[1]; + fallthrough; + case 1: + t->routes[1] = t->routes[2]; + break; + case 2: + break; + } + i--; } - spin_unlock_bh(&nr_node_list_lock); + } + if (t->count <= 0) + nr_remove_node_locked(t); + nr_node_unlock(t); + } + spin_unlock_bh(&nr_node_list_lock); + + spin_lock_bh(&nr_neigh_list_lock); + nr_neigh_for_each_safe(s, nodet, &nr_neigh_list) { + if (s->dev == dev) nr_remove_neigh_locked(s); - } } spin_unlock_bh(&nr_neigh_list_lock); } @@ -965,8 +968,8 @@ void nr_rt_free(void) struct nr_node *t = NULL; struct hlist_node *nodet; - spin_lock_bh(&nr_neigh_list_lock); spin_lock_bh(&nr_node_list_lock); + spin_lock_bh(&nr_neigh_list_lock); nr_node_for_each_safe(t, nodet, &nr_node_list) { nr_node_lock(t); nr_remove_node_locked(t); @@ -979,6 +982,6 @@ void nr_rt_free(void) } nr_remove_neigh_locked(s); } - spin_unlock_bh(&nr_node_list_lock); spin_unlock_bh(&nr_neigh_list_lock); + spin_unlock_bh(&nr_node_list_lock); } -- 2.43.0

3 days, 11 hours

2
1
0 0

What to Expect When Preparing for the C_THR88_2505 Exam

by 848jermaine＠comfythings.com

Preparing for the C_THR88_2505 Exam requires a clear understanding of the skills and knowledge areas that SAP expects candidates to master. The exam focuses on SAP SuccessFactors Learning, covering core components such as configuration, user management, workflows and content handling. Before you begin your preparation, it helps to review the official SAP exam guide to understand the structure, topic weightage and the level of practical knowledge required. This initial research gives you a strong direction and helps you plan your preparation efficiently. As you work through the topics, you can expect to encounter detailed modules that require both conceptual understanding and hands-on familiarity. Candidates often find it useful to combine theoretical study with practical scenario-based learning to strengthen memory and improve clarity. This is where consistent practice becomes important. Pass4future supports learners by offering reliable preparation materials designed to reinforce key areas through practice questions and structured study content. These resources help you identify weak points early and correct them ahead of the exam. Visit here for free Practice Questions: https://www.pass4future.com/questions/sap/c-thr88-2505 During the final stages of preparation, revision play a major role. The exam includes questions that test real-world understanding, so practicing regularly helps you build confidence and improve speed. Along with Pass4future’s practice materials, candidates should also explore official SAP Learning Hub resources and SAP community documentation for deeper insights. Combining official content with structured practice ensures you develop a complete and balanced understanding of all exam topics. With the right preparation approach, the C_THR88_2505 Exam becomes far more manageable and predictable.

3 days, 12 hours

1
0
0 0

[PATCH 5.4 000/187] 5.4.302-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.302 release. There are 187 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Dec 2025 11:22:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.302-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.302-rc1 Hugh Dickins <hughd(a)google.com> mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge() Peter Xu <peterx(a)redhat.com> mm/mprotect: use long for page accountings and retval Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Fabio M. De Francesco <fabio.maria.de.francesco(a)linux.intel.com> mm/mempool: replace kmap_atomic() with kmap_local_page() Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Input: remove third argument of usb_maxpacket() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: deprecate the third argument of usb_maxpacket() Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/page_alloc: fix hash table order logging in alloc_large_system_hash() Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Chris Morgan <macromorgan(a)hotmail.com> regulator: fixed: use dev_err_probe for register Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Eric Dumazet <edumazet(a)google.com> net_sched: remove need_resched() from qdisc_run() Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). Xin Long <lucien.xin(a)gmail.com> tipc: simplify the finalize work queue Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Xin Long <lucien.xin(a)gmail.com> sctp: get netns from asoc and ep base Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Russell King <rmk+kernel(a)armlinux.org.uk> net: dsa/b53: change b53_force_port_config() pause argument Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Ian Rogers <irogers(a)google.com> tools bitmap: Add missing asm-generic/bitsperlong.h include Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: apply quirk for MOONDROP Quark2 Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Mario Limonciello (AMD) <superm1(a)kernel.org> ACPI: video: force native for Lenovo 82K8 Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_add_action_or_reset() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_clk_get_optional() to get the input clock Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/bitops.h | 2 + arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/mti-malta/malta-init.c | 20 +-- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/kernel/module.c | 1 + arch/x86/entry/vsyscall/vsyscall_64.c | 17 ++- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/resctrl/monitor.c | 10 +- drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/property.c | 24 +++- drivers/acpi/video_detect.c | 8 ++ drivers/ata/libata-scsi.c | 8 ++ drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btusb.c | 13 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clocksource/timer-vf-pit.c | 22 ++-- drivers/cpufreq/longhaul.c | 3 + drivers/dma/dw-edma/dw-edma-core.c | 22 ++++ drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +++- drivers/dma/sh/shdmac.c | 17 ++- drivers/edac/altera_edac.c | 22 +++- drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-quirks.c | 14 ++- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/iio/adc/spear_adc.c | 9 +- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/misc/ati_remote2.c | 2 +- drivers/input/misc/cm109.c | 2 +- drivers/input/misc/powermate.c | 2 +- drivers/input/misc/yealink.c | 2 +- drivers/input/tablet/acecad.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 11 +- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 ++- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +-- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/rc/imon.c | 61 +++++---- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 +++ drivers/net/can/usb/gs_usb.c | 23 ++-- drivers/net/dsa/b53/b53_common.c | 57 ++++++--- drivers/net/dsa/b53/b53_regs.h | 4 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 ++- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 16 ++- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/dp83867.c | 6 + drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/wireless/ath/ath10k/wmi.c | 1 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 21 ++-- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/quirks.c | 1 + drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/regulator/fixed.c | 6 +- drivers/remoteproc/qcom_q6v5.c | 5 + drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_scsi.c | 14 ++- drivers/scsi/pm8001/pm8001_ctl.c | 2 +- drivers/scsi/sg.c | 10 +- drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi.c | 10 ++ drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 128 +++++++++---------- drivers/uio/uio_hv_generic.c | 21 +++- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 ++- drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 ++++- drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + fs/9p/v9fs.c | 9 +- fs/btrfs/transaction.c | 2 +- fs/ceph/locks.c | 5 +- fs/hpfs/namei.c | 18 ++- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 6 +- fs/nfs/nfs4state.c | 3 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- include/linux/ata.h | 1 + include/linux/compiler_types.h | 5 +- include/linux/filter.h | 2 +- include/linux/hugetlb.h | 4 +- include/linux/mm.h | 4 +- include/linux/shdma-base.h | 2 +- include/linux/usb.h | 16 +-- include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +++- kernel/events/uprobes.c | 7 ++ kernel/gcov/gcc_4_7.c | 4 +- kernel/trace/trace_events_hist.c | 6 +- mm/hugetlb.c | 4 +- mm/mempolicy.c | 2 +- mm/mempool.c | 32 ++++- mm/mprotect.c | 124 ++++++++---------- mm/page_alloc.c | 2 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 ++++++++++----- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/sco.c | 7 ++ net/bridge/br_forward.c | 3 +- net/core/netpoll.c | 7 +- net/core/page_pool.c | 6 +- net/core/sock.c | 15 ++- net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv6/ah6.c | 50 +++++--- net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/rx.c | 10 +- net/openvswitch/actions.c | 68 +--------- net/openvswitch/flow_netlink.c | 64 ++-------- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_ife.c | 12 +- net/sched/sch_api.c | 10 -- net/sched/sch_generic.c | 24 ++-- net/sched/sch_hfsc.c | 16 --- net/sched/sch_qfq.c | 2 +- net/sctp/associola.c | 10 +- net/sctp/chunk.c | 2 +- net/sctp/diag.c | 7 ++ net/sctp/endpointola.c | 6 +- net/sctp/input.c | 5 +- net/sctp/output.c | 2 +- net/sctp/outqueue.c | 6 +- net/sctp/sm_make_chunk.c | 7 +- net/sctp/sm_sideeffect.c | 16 +-- net/sctp/sm_statefuns.c | 2 +- net/sctp/socket.c | 12 +- net/sctp/stream.c | 3 +- net/sctp/stream_interleave.c | 23 ++-- net/sctp/transport.c | 15 ++- net/sctp/ulpqueue.c | 15 ++- net/strparser/strparser.c | 2 +- net/tipc/core.c | 4 +- net/tipc/core.h | 8 +- net/tipc/discover.c | 4 +- net/tipc/link.c | 5 + net/tipc/link.h | 1 + net/tipc/net.c | 17 +-- net/vmw_vsock/af_vsock.c | 40 ++++-- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/usb/mixer.c | 11 +- tools/include/linux/bitmap.h | 1 + tools/power/cpupower/lib/cpuidle.c | 5 +- .../x86_energy_perf_policy.c | 26 ++-- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- tools/testing/selftests/net/fcnal-test.sh | 4 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- 206 files changed, 1385 insertions(+), 899 deletions(-)

3 days, 12 hours

8
196
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror