[PATCH 6.18 000/614] 6.18.2-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.18.2 release.
There are 614 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 18 Dec 2025 11:12:22 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.2-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.18.2-rc1
Junrui Luo <moonafterrain(a)outlook.com>
ALSA: wavefront: Fix integer overflow in sample size validation
Junrui Luo <moonafterrain(a)outlook.com>
ALSA: wavefront: Clear substream pointers on close
Denis Arefev <arefev(a)swemel.ru>
ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()
Antheas Kapenekakis <lkml(a)antheas.dev>
ALSA: hda/tas2781: fix speaker id retrieval for multiple probes
Antheas Kapenekakis <lkml(a)antheas.dev>
ALSA: hda/realtek: Add match for ASUS Xbox Ally projects
Junrui Luo <moonafterrain(a)outlook.com>
ALSA: dice: fix buffer overflow in detect_stream_formats()
Sven Peter <sven(a)kernel.org>
usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required
Duoming Zhou <duoming(a)zju.edu.cn>
usb: typec: ucsi: fix use-after-free caused by uec->work
Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt>
usb: phy: Initialize struct usb_phy list_head
Duoming Zhou <duoming(a)zju.edu.cn>
usb: typec: ucsi: fix probe failure in gaokun_ucsi_probe()
Haotien Hsu <haotienh(a)nvidia.com>
usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt
Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org>
efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs
Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org>
efi/cper: Adjust infopfx size to accept an extra space
Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org>
efi/cper: Add a new helper function to print bitmasks
Evan Li <evan.li(a)linux.alibaba.com>
perf/x86/intel: Fix NULL event dereference crash in handle_pmi_common()
Dmitry Antipov <dmantipov(a)yandex.ru>
ocfs2: fix memory leak in ocfs2_merge_rec_left()
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
cpu: Make atomic hotplug callbacks run with interrupts disabled on UP
Dan Carpenter <dan.carpenter(a)linaro.org>
irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
Thaumy Cheng <thaumy.love(a)gmail.com>
perf/core: Fix missing read event generation on task exit
Bart Van Assche <bvanassche(a)acm.org>
scsi: ufs: core: Fix an error handler crash
Duoming Zhou <duoming(a)zju.edu.cn>
scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Haotian Zhang <vulab(a)iscas.ac.cn>
dm log-writes: Add missing set_freezable() for freezable kthread
Alexey Simakov <bigalex934(a)gmail.com>
dm-raid: fix possible NULL dereference with undefined raid type
Hemalatha Pinnamreddy <hemalatha.pinnamreddy2(a)amd.com>
ASoC: amd: acp: update tdm channels for specific DAI
Mohamed Khalfella <mkhalfella(a)purestorage.com>
block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock
Dibin Moolakadan Subrahmanian <dibin.moolakadan.subrahmanian(a)intel.com>
drm/i915/fbdev: Hold runtime PM ref during fbdev BO creation
Jani Nikula <jani.nikula(a)intel.com>
drm/{i915, xe}/fbdev: deduplicate struct drm_mode_fb_cmd2 init
Jani Nikula <jani.nikula(a)intel.com>
drm/{i915, xe}/fbdev: pass struct drm_device to intel_fbdev_fb_alloc()
Jani Nikula <jani.nikula(a)intel.com>
drm/i915/fbdev: make intel_framebuffer_create() error return handling explicit
Jani Nikula <jani.nikula(a)intel.com>
drm/xe/fbdev: use the same 64-byte stride alignment as i915
Liyuan Pang <pangliyuan1(a)huawei.com>
ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad()
Junrui Luo <moonafterrain(a)outlook.com>
ALSA: firewire-motu: add bounds check in put_user loop for DSP events
Javier Martinez Canillas <javierm(a)redhat.com>
regulator: spacemit: Align input supply name with the DT binding
Nuno Sá <nuno.sa(a)analog.com>
rtc: max31335: Fix ignored return value in set_alarm
Haotian Zhang <vulab(a)iscas.ac.cn>
rtc: gamecube: Check the return value of ioremap()
Xiaogang Chen <xiaogang.chen(a)amd.com>
drm/amdkfd: Use huge page size to check split svm range alignment
Andres J Rosa <andyrosa(a)gmail.com>
ALSA: uapi: Fix typo in asound.h comment
Dave Kleikamp <dave.kleikamp(a)oracle.com>
dma/pool: eliminate alloc_pages warning in atomic_pool_expand
Troy Mitchell <troy.mitchell(a)linux.spacemit.com>
i2c: spacemit: fix detect issue
Kathara Sasikumar <katharasasikumar007(a)gmail.com>
docs: hwmon: fix link to g762 devicetree binding
Arnd Bergmann <arnd(a)arndb.de>
gpio: tb10x: fix OF_GPIO dependency
Mike Snitzer <snitzer(a)kernel.org>
nfs/localio: remove 61 byte hole from needless ____cacheline_aligned
Mike Snitzer <snitzer(a)hammerspace.com>
nfs/localio: remove alignment size checking in nfs_is_local_dio_possible
David Howells <dhowells(a)redhat.com>
cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2
David Howells <dhowells(a)redhat.com>
cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB1
René Rebe <rene(a)exactco.de>
drm/nouveau: fix circular dep oops from vendored i2c encoder
Madhur Kumar <madhurkumar004(a)gmail.com>
drm/nouveau: refactor deprecated strcpy
Junrui Luo <moonafterrain(a)outlook.com>
ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
Mark Brown <broonie(a)kernel.org>
regulator: fixed: Rely on the core freeing the enable GPIO
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties()
Caleb Sander Mateos <csander(a)purestorage.com>
io_uring/kbuf: use READ_ONCE() for userspace-mapped memory
Israel Rukshin <israelr(a)nvidia.com>
nvme-auth: use kvfree() for memory allocated with kvcalloc()
Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in>
block: fix memory leak in __blkdev_issue_zero_pages
shechenglong <shechenglong(a)xfusion.com>
block: fix comment for op_is_zone_mgmt() to include RESET_ALL
Arnd Bergmann <arnd(a)arndb.de>
drm/panel: novatek-nt35560: avoid on-stack device structure
Cong Zhang <cong.zhang(a)oss.qualcomm.com>
blk-mq: Abort suspend when wakeup events are pending
Daeho Jeong <daehojeong(a)google.com>
f2fs: revert summary entry count from 2048 to 512 in 16kb block support
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: ak5558: Disable regulator when error happens
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: ak4458: Disable regulator when error happens
Hemalatha Pinnamreddy <hemalatha.pinnamreddy2(a)amd.com>
ASoC: amd: acp: Audio is not resuming after s0ix
Haotian Zhang <vulab(a)iscas.ac.cn>
ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure()
Anton Khirnov <anton(a)khirnov.net>
platform/x86: asus-wmi: use brightness_set_blocking() for kbd led
Armin Wolf <W_Armin(a)gmx.de>
fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8()
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Fix inheritance of the block sizes when automounting
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
Trond Myklebust <trond.myklebust(a)hammerspace.com>
Revert "nfs: ignore SB_RDONLY when mounting nfs"
Trond Myklebust <trond.myklebust(a)hammerspace.com>
Revert "nfs: clear SB_RDONLY before getting superblock"
Trond Myklebust <trond.myklebust(a)hammerspace.com>
Revert "nfs: ignore SB_RDONLY when remounting nfs"
Akash Goel <akash.goel(a)arm.com>
drm/panthor: Prevent potential UAF in group creation
Jonathan Curley <jcurley(a)purestorage.com>
NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Initialise verifiers for visible dentries in nfs_atomic_open()
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Initialise verifiers for visible dentries in readdir and lookup
Armin Wolf <W_Armin(a)gmx.de>
fs/nls: Fix utf16 to utf8 conversion
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Avoid changing nlink when file removes and attribute updates race
Abel Vesa <abel.vesa(a)linaro.org>
kbuild: install-extmod-build: Properly fix CC expansion when ccache is used
Haotian Zhang <vulab(a)iscas.ac.cn>
rtc: amlogic-a4: fix double free caused by devm
Daeho Jeong <daehojeong(a)google.com>
f2fs: maintain one time GC mode is enabled during whole zoned GC cycle
Xi Pardee <xi.pardee(a)linux.intel.com>
platform/x86:intel/pmc: Update Arrow Lake telemetry GUID
John Stultz <jstultz(a)google.com>
sched/core: Fix psi_dequeue() for Proxy Execution
xupengbo <xupengbo(a)oppo.com>
sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out
Eric Sandeen <sandeen(a)redhat.com>
9p: fix cache/debug options printing in v9fs_show_options
Abdun Nihaal <nihaal(a)cse.iitm.ac.in>
fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe()
Ian Rogers <irogers(a)google.com>
perf stat: Allow no events to open if this is a "--null" run
Haotian Zhang <vulab(a)iscas.ac.cn>
pinctrl: single: Fix incorrect type for error return variable
Ian Rogers <irogers(a)google.com>
perf hist: In init, ensure mem_info is put on error paths
Ian Rogers <irogers(a)google.com>
perf kvm: Fix debug assertion
Namhyung Kim <namhyung(a)kernel.org>
perf tools: Fix split kallsyms DSO counting
Namhyung Kim <namhyung(a)kernel.org>
perf tools: Mark split kallsyms DSOs as loaded
Namjae Jeon <linkinjeon(a)kernel.org>
exfat: fix divide-by-zero in exfat_allocate_bitmap
Shuhao Fu <sfual(a)cse.ust.hk>
exfat: fix refcount leak in exfat_find
Namhyung Kim <namhyung(a)kernel.org>
perf jitdump: Add sym/str-tables to build-ID generation
Xiang Mei <xmei5(a)asu.edu>
net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: xrs700x: reject unsupported HSR configurations
Xiaoliang Yang <xiaoliang.yang_1(a)nxp.com>
net: hsr: create an API to get hsr port type
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: fix BCM5325/65 ARL entry VIDs
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: fix BCM5325/65 ARL entry multicast port masks
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: add support for bcm63xx ARL entry format
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: fix CPU port unicast ARL entries for BCM5325/65
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: use same ARL search result offset for BCM5325/65
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: add support for 5389/5397/5398 ARL entry format
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: move ARL entry functions into ops struct
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: split reading search entry into their own functions
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: provide accessors for accessing ARL_SRCH_CTL
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: move writing ARL entries into their own functions
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: move reading ARL entries into their own function
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: b53_arl_read{,25}(): use the entry for comparision
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: fix extracting VID from entry for BCM5325/65
Jonas Gorski <jonas.gorski(a)gmail.com>
net: dsa: b53: fix VLAN_ID_IDX write size for BCM5325/65
Christophe Leroy (CS GROUP) <chleroy(a)kernel.org>
um: Disable KASAN_INLINE when STATIC_LINK is selected
Stefan Metzmacher <metze(a)samba.org>
smb: client: relax WARN_ON_ONCE(SMBDIRECT_SOCKET_*) checks in recv_done() and smbd_conn_upcall()
Stefan Metzmacher <metze(a)samba.org>
smb: server: relax WARN_ON_ONCE(SMBDIRECT_SOCKET_*) checks in recv_done() and smb_direct_cm_handler()
Stefan Metzmacher <metze(a)samba.org>
smb: smbdirect: introduce SMBDIRECT_CHECK_STATUS_{WARN,DISCONNECT}()
Stefan Metzmacher <metze(a)samba.org>
smb: smbdirect: introduce SMBDIRECT_DEBUG_ERR_PTR() helper
Johan Hovold <johan(a)kernel.org>
clk: keystone: fix compile testing
Yu Kuai <yukuai(a)fnnas.com>
md/raid5: fix IO hang when array is broken with IO inflight
Alexandru Gagniuc <mr.nuke.me(a)gmail.com>
remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs
Kumar Kartikeya Dwivedi <memxor(a)gmail.com>
rqspinlock: Use trylock fallback when per-CPU rqnode is busy
Kumar Kartikeya Dwivedi <memxor(a)gmail.com>
rqspinlock: Enclose lock/unlock within lock entry acquisitions
Ivan Stepchenko <sid(a)itb.spb.ru>
mtd: lpddr_cmds: fix signed shifts in lpddr_cmds
Breno Leitao <leitao(a)debian.org>
net: netpoll: initialize work queue before error checks
Hangbin Liu <liuhangbin(a)gmail.com>
selftests: bonding: add delay before each xvlan_over_bond connectivity check
Robert Marko <robimarko(a)gmail.com>
net: phy: aquantia: check for NVMEM deferral
Mickaël Salaün <mic(a)digikod.net>
landlock: Fix handling of disconnected directories
Alex Williamson <alex.williamson(a)nvidia.com>
vfio/pci: Use RCU for error/request triggers to avoid circular locking
Dev Jain <dev.jain(a)arm.com>
arm64/pageattr: Propagate return value from __change_memory_common
Tianchu Chen <flynnnchen(a)tencent.com>
spi: ch341: fix out-of-bounds memory access in ch341_transfer_one
Haotian Zhang <vulab(a)iscas.ac.cn>
mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors
Alexey Kodanev <aleksei.kodanev(a)bell-sw.com>
net: stmmac: fix rx limit check in stmmac_rx_zc()
Antoine Tenart <atenart(a)kernel.org>
net: vxlan: prevent NULL deref in vxlan_xmit_one
Michal Schmidt <mschmidt(a)redhat.com>
iavf: Implement settime64 with -EOPNOTSUPP
Fernando Fernandez Mancera <fmancera(a)suse.de>
netfilter: nft_connlimit: update the count if add was skipped
Fernando Fernandez Mancera <fmancera(a)suse.de>
netfilter: nf_conncount: rework API to use sk_buff directly
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: flowtable: check for maximum number of encapsulations in bridge vlan
Ilias Stamatis <ilstam(a)amazon.com>
Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()"
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195: Fix address range for JPEG decoder core 1
sparkhuang <huangshaobo3(a)xiaomi.com>
regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex
Marek Szyprowski <m.szyprowski(a)samsung.com>
ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend
Marek Szyprowski <m.szyprowski(a)samsung.com>
ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend
Marek Szyprowski <m.szyprowski(a)samsung.com>
ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend
Marek Szyprowski <m.szyprowski(a)samsung.com>
ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend
Marek Szyprowski <m.szyprowski(a)samsung.com>
soc: samsung: exynos-pmu: Fix structure initialization
Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu>
spi: airoha-snfi: en7523: workaround flash damaging if UART_TXD was short to GND
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: catpt: Fix error path in hw_params()
Michael S. Tsirkin <mst(a)redhat.com>
virtio: clean up features qword/dword terms
Alok Tiwari <alok.a.tiwari(a)oracle.com>
vdpa/pds: use %pe for ERR_PTR() in event handler registration
Mike Christie <michael.christie(a)oracle.com>
vhost: Fix kthread worker cgroup failure handling
Alok Tiwari <alok.a.tiwari(a)oracle.com>
vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues
Michael S. Tsirkin <mst(a)redhat.com>
virtio: fix map ops comment
Michael S. Tsirkin <mst(a)redhat.com>
virtio: fix virtqueue_set_affinity() docs
Michael S. Tsirkin <mst(a)redhat.com>
virtio: standardize Returns documentation style
Michael S. Tsirkin <mst(a)redhat.com>
virtio: fix grammar in virtio_map_ops docs
Michael S. Tsirkin <mst(a)redhat.com>
virtio: fix grammar in virtio_queue_info docs
Michael S. Tsirkin <mst(a)redhat.com>
virtio: fix whitespace in virtio_config_ops
Michael S. Tsirkin <mst(a)redhat.com>
virtio: fix typo in virtio_device_ready() comment
Kriish Sharma <kriish.sharma2006(a)gmail.com>
virtio: fix kernel-doc for mapping/free_coherent functions
Alok Tiwari <alok.a.tiwari(a)oracle.com>
virtio_vdpa: fix misleading return in void function
Guenter Roeck <linux(a)roeck-us.net>
of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node
Willem de Bruijn <willemb(a)google.com>
selftests/net: packetdrill: pass send_omit_free to MSG_ZEROCOPY tests
Yongjian Sun <sunyongjian1(a)huawei.com>
ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation
Edward Adam Davis <eadavis(a)qq.com>
bpf: Fix exclusive map memory leak
Matthieu Buffet <matthieu(a)buffet.re>
selftests/landlock: Fix makefile header list
Kevin Brodsky <kevin.brodsky(a)arm.com>
ublk: prevent invalid access with DEBUG
René Rebe <rene(a)exactco.de>
ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4
Haotian Zhang <vulab(a)iscas.ac.cn>
hwmon: sy7636a: Fix regulator_enable resource leak on error path
Eric Huang <jinhuieric.huang(a)amd.com>
drm/amdkfd: assign AID to uuid in topology for SPX mode
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1()
Will Rosenberg <whrosenb(a)asu.edu>
kernfs: fix memory leak of kernfs_iattrs in __kernfs_new_node
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
misc: rp1: Fix an error handling path in rp1_probe()
Christoph Hellwig <hch(a)lst.de>
fs: lift the FMODE_NOCMTIME check into file_update_time_flags
Christoph Hellwig <hch(a)lst.de>
fs: refactor file timestamp update logic
Haotian Zhang <vulab(a)iscas.ac.cn>
greybus: gb-beagleplay: Fix timeout handling in bootloader functions
Alexandre Courbot <acourbot(a)nvidia.com>
firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_xcvr: clear the channel status control memory
Andreas Gruenbacher <agruenba(a)redhat.com>
gfs2: Prevent recursive memory reclaim
Jaroslav Kysela <perex(a)perex.cz>
ASoC: nau8325: add missing build config
Jaroslav Kysela <perex(a)perex.cz>
ASoC: nau8325: use simple i2c probe function
Johan Hovold <johan(a)kernel.org>
clocksource/drivers/nxp-stm: Prevent driver unbind
Johan Hovold <johan(a)kernel.org>
clocksource/drivers/nxp-stm: Fix section mismatches
Johan Hovold <johan(a)kernel.org>
clocksource/drivers/nxp-pit: Prevent driver unbind
Johan Hovold <johan(a)kernel.org>
clocksource/drivers/arm_arch_timer_mmio: Prevent driver unbind
Johan Hovold <johan(a)kernel.org>
clocksource/drivers/stm: Fix double deregistration on probe failure
Haotian Zhang <vulab(a)iscas.ac.cn>
clocksource/drivers/ralink: Fix resource leaks in init error path
Akash Goel <akash.goel(a)arm.com>
drm/panthor: Avoid adding of kernel BOs to extobj list
Guillaume La Roque <glaroque(a)baylibre.com>
arm64: dts: amlogic: meson-g12b: Fix L2 cache reference for S922X CPUs
Jijun Wang <jijun.wang(a)intel.com>
RDMA/irdma: Fix SRQ shadow area address initialization
Jacob Moroni <jmoroni(a)google.com>
RDMA/irdma: Remove doorbell elision logic
Jacob Moroni <jmoroni(a)google.com>
RDMA/irdma: Do not set IBK_LOCAL_DMA_LKEY for GEN3+
Jacob Moroni <jmoroni(a)google.com>
RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY
Anil Samal <anil.samal(a)intel.com>
RDMA/irdma: Add missing mutex destroy
Krzysztof Czurylo <krzysztof.czurylo(a)intel.com>
RDMA/irdma: Fix SIGBUS in AEQ destroy
Tatyana Nikolova <tatyana.e.nikolova(a)intel.com>
RDMA/irdma: Add a missing kfree of struct irdma_pci_f for GEN2
Krzysztof Czurylo <krzysztof.czurylo(a)intel.com>
RDMA/irdma: Fix data race in irdma_free_pble
Krzysztof Czurylo <krzysztof.czurylo(a)intel.com>
RDMA/irdma: Fix data race in irdma_sc_ccq_arm
Stephan Gerhold <stephan.gerhold(a)linaro.org>
iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal
Randy Dunlap <rdunlap(a)infradead.org>
backlight: lp855x: Fix lp855x.h kernel-doc warnings
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
backlight: led-bl: Add devlink to supplier LEDs
Ria Thomas <ria.thomas(a)morsemicro.com>
wifi: ieee80211: correct FILS status codes
Christoph Hellwig <hch(a)lst.de>
iomap: allocate s_dio_done_wq for async reads as well
Christoph Hellwig <hch(a)lst.de>
iomap: always run error completions in user context
David Gow <davidgow(a)google.com>
um: Don't rename vmap to kernel_vmap
Timur Tabi <ttabi(a)nvidia.com>
drm/nouveau: restrict the flush page to a 32-bit address
Shawn Lin <shawn.lin(a)rock-chips.com>
PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix leaf leak in an error path in btrfs_del_items()
Qu Wenruo <wqu(a)suse.com>
btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe()
Boris Burkov <boris(a)bur.io>
btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
Miquel Sabaté Solà <mssola(a)mssola.com>
btrfs: fix double free of qgroup record after failure to add delayed ref head
Alan Maguire <alan.maguire(a)oracle.com>
selftests/bpf: Allow selftests to build with older xxd
Alan Maguire <alan.maguire(a)oracle.com>
bpftool: Allow bpftool to build with openssl < 3
Ryan Huang <tzukui(a)google.com>
iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables
Jianglei Nie <niejianglei2021(a)163.com>
staging: fbtft: core: fix potential memory leak in fbtft_probe_common()
Dinh Nguyen <dinguyen(a)kernel.org>
firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc
Zilin Guan <zilin(a)seu.edu.cn>
mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: mt7996: Add missing locking in mt7996_mac_sta_rc_work()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: mt7996: skip ieee80211_iter_keys() on scanning link remove
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: mt7996: skip deflink accounting for offchannel links
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: Move mt76_abort_scan out of mt76_reset_device()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: mt7996: grab mt76 mutex in mt7996_mac_sta_event()
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix EMI rings for RRO
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix using wrong phy to start in mt7996_mac_restart()
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix MLO set key and group key issues
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix MLD group index assignment
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: set link_valid field when initializing wcid
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix teardown command for an MLD peer
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix several fields in mt7996_mcu_bss_basic_tlv()
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix implicit beamforming support for mt7992
StanleyYP Wang <StanleyYP.Wang(a)mediatek.com>
wifi: mt76: mt7996: fix max nss value when getting rx chainmask
Fedor Pchelkin <pchelkin(a)ispras.ru>
Revert "wifi: mt76: mt792x: improve monitor interface handling"
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: mt7996: Remove useless check in mt7996_msdu_page_get_from_cache()
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: mt7996: Remove unnecessary link_id checks in mt7996_tx
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx()
Shenghao Ding <shenghao-ding(a)ti.com>
ASoC: tas2781: correct the wrong period
Baojun Xu <baojun.xu(a)ti.com>
ASoC: tas2781: Correct the wrong chip ID for reset variable check
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: ahash - Zero positive err value in ahash_update_finish
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: ahash - Fix crypto_ahash_import with partial block data
Selvin Xavier <selvin.xavier(a)broadcom.com>
RDMA/bnxt_re: Pass correct flag for dma mr creation
Selvin Xavier <selvin.xavier(a)broadcom.com>
RDMA/bnxt_re: Fix the inline size for GenP7 devices
Gao Xiang <xiang(a)kernel.org>
erofs: limit the level of fs stacking for file-backed mounts
Gao Xiang <xiang(a)kernel.org>
erofs: correct FSDAX detection
Fangyu Yu <fangyu.yu(a)linux.alibaba.com>
RISC-V: KVM: Fix guest page fault within HLV* instructions
Pengjie Zhang <zhangpengjie2(a)huawei.com>
PM / devfreq: hisi: Fix potential UAF in OPP handling
Haotian Zhang <vulab(a)iscas.ac.cn>
crypto: ccree - Correctly handle return of sg_nents_for_len
Haotian Zhang <vulab(a)iscas.ac.cn>
crypto: starfive - Correctly handle return of sg_nents_for_len
Martin Teichmann <martin.teichmann(a)xfel.eu>
bpf: properly verify tail call behavior
Xing Guo <higuoxing(a)gmail.com>
selftests/bpf: Update test_tag to use sha256
Matt Bobrowski <mattbobrowski(a)google.com>
selftests/bpf: Improve reliability of test_perf_branches_no_hw()
Matt Bobrowski <mattbobrowski(a)google.com>
selftests/bpf: skip test_perf_branches_hw() on unsupported platforms
Dan Carpenter <dan.carpenter(a)linaro.org>
regulator: pca9450: Fix error code in probe()
Gopi Krishna Menon <krishnagopi487(a)gmail.com>
usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE
Jisheng Zhang <jszhang(a)kernel.org>
usb: dwc2: fix hang during suspend if set as peripheral
Jisheng Zhang <jszhang(a)kernel.org>
usb: dwc2: fix hang during shutdown if set as peripheral
Oliver Neukum <oneukum(a)suse.com>
usb: chaoskey: fix locking for O_NONBLOCK
Zhao Yipeng <zhaoyipeng5(a)huawei.com>
ima: Handle error code returned by ima_filter_rule_match()
Ivan Pravdin <ipravdin.official(a)gmail.com>
rtla: Fix -a overriding -t argument
Tomas Glozar <tglozar(a)redhat.com>
rtla/tests: Fix osnoise test calling timerlat
Tomas Glozar <tglozar(a)redhat.com>
rtla/tests: Extend action tests to 5s
Jason Tian <jason(a)os.amperecomputing.com>
RAS: Report all ARM processor CPER information to userspace
Seungjin Bae <eeodqql09(a)gmail.com>
wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
Charles Mirabile <cmirabil(a)redhat.com>
clk: spacemit: Set clk_hw_onecell_data::num before using flex array
Chen Ridong <chenridong(a)huawei.com>
cpuset: Treat cpusets in attaching as populated
Alexander Dahl <ada(a)thorsis.com>
net: phy: adin1100: Fix software power-down ready condition
Matt Bobrowski <mattbobrowski(a)google.com>
selftests/bpf: Use ASSERT_STRNEQ to factor in long slab cache names
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: SDCA: Fix missing dash in HIDE DisCo property
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
phy: rockchip: samsung-hdptx: Fix reported clock rate in high bpc mode
Xiaolei Wang <xiaolei.wang(a)windriver.com>
phy: freescale: Initialize priv->lock
Shawn Lin <shawn.lin(a)rock-chips.com>
phy: rockchip: naneng-combphy: Fix PCIe L1ss support RK3562
Shawn Lin <shawn.lin(a)rock-chips.com>
phy: rockchip: naneng-combphy: Fix PCIe L1ss support RK3528
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe()
Fenglin Wu <fenglin.wu(a)oss.qualcomm.com>
leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM
Yuntao Wang <yuntao.wang(a)linux.dev>
of/fdt: Fix incorrect use of dt_root_addr_cells in early_init_dt_check_kho()
Yuntao Wang <yuntao.wang(a)linux.dev>
of/fdt: Fix the len check in early_init_dt_check_for_usable_mem_range()
Yuntao Wang <yuntao.wang(a)linux.dev>
of/fdt: Fix the len check in early_init_dt_check_for_elfcorehdr()
Yuntao Wang <yuntao.wang(a)linux.dev>
of/fdt: Consolidate duplicate code into helper functions
Haotian Zhang <vulab(a)iscas.ac.cn>
mfd: mt6358-irq: Fix missing irq_domain_remove() in error path
Haotian Zhang <vulab(a)iscas.ac.cn>
mfd: mt6397-irq: Fix missing irq_domain_remove() in error path
Tomas Glozar <tglozar(a)redhat.com>
tools/rtla: Fix --on-threshold always triggering
Costa Shulyupin <costa.shul(a)redhat.com>
tools/rtla: Fix unassigned nr_cpus
Chien Wong <m(a)xv97.com>
wifi: mac80211: fix CMAC functions not handling errors
Aashish Sharma <aashish(a)aashishsharma.net>
iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb
Vineeth Pillai (Google) <vineeth(a)bitbyteword.org>
iommu/vt-d: Set INTEL_IOMMU_FLOPPY_WA depend on BLK_DEV_FD
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: phy: realtek: create rtl8211f_config_rgmii_delay()
Zilin Guan <zilin(a)seu.edu.cn>
scsi: qla2xxx: Fix improper freeing of purex item
Shawn Lin <shawn.lin(a)rock-chips.com>
scsi: ufs: rockchip: Reset controller on PRE_CHANGE of hce enable notify
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: bcm2835: Make sure the channel is enabled after pwm_request()
Leo Yan <leo.yan(a)arm.com>
perf arm_spe: Fix memset subclass in operation
Fernando Fernandez Mancera <fmancera(a)suse.de>
ipv6: clear RA flags when adding a static route
Longbin Li <looong.bin(a)gmail.com>
spi: sophgo: Fix incorrect use of bus width value macros
Akhil P Oommen <akhilpo(a)oss.qualcomm.com>
drm/msm/a6xx: Improve MX rail fallback in RPMH vote init
Akhil P Oommen <akhilpo(a)oss.qualcomm.com>
drm/msm/a6xx: Fix the gemnoc workaround
Akhil P Oommen <akhilpo(a)oss.qualcomm.com>
drm/msm/a6xx: Flush LRZ cache before PT switch
Jay Liu <jay.liu(a)mediatek.com>
drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue
Edward Adam Davis <eadavis(a)qq.com>
fs/ntfs3: Prevent memory leaks in add sub record
Edward Adam Davis <eadavis(a)qq.com>
fs/ntfs3: out1 also needs to put mi
Ovidiu Panait <ovidiu.panait.rb(a)renesas.com>
net: stmmac: Fix VLAN 0 deletion in vlan_del_hw_rx_fltr()
Ritesh Harjani (IBM) <ritesh.list(a)gmail.com>
powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format
Ritesh Harjani (IBM) <ritesh.list(a)gmail.com>
powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit
Pu Lehui <pulehui(a)huawei.com>
bpf: Fix invalid prog->stats access when update_effective_progs fails
Inochi Amaoto <inochiama(a)gmail.com>
net: stmmac: dwmac-sophgo: Add phy interface filter
Inochi Amaoto <inochiama(a)gmail.com>
net: phy: Add helper for fixing RGMII PHY mode based on internal mac delay
Abdun Nihaal <nihaal(a)cse.iitm.ac.in>
wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
Christian Bruel <christian.bruel(a)foss.st.com>
PCI: stm32: Fix EP page_size alignment
Christian Bruel <christian.bruel(a)foss.st.com>
PCI: stm32: Fix LTSSM EP race with start link
Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com>
drm/msm/a2xx: stop over-complaining about the legacy firmware
Huiwen He <hehuiwen(a)kylinos.cn>
drm/msm: fix missing NULL check after kcalloc in crashstate_get_bos()
Huiwen He <hehuiwen(a)kylinos.cn>
drm/msm: Fix NULL pointer dereference in crashstate_get_vm_logs()
Guenter Roeck <linux(a)roeck-us.net>
block/blk-throttle: Fix throttle slice time for SSDs
Alexander Stein <alexander.stein(a)ew.tq-group.com>
arm64: dts: imx95-tqma9596sa: reduce maximum FlexSPI frequency to 66MHz
Markus Niebel <Markus.Niebel(a)ew.tq-group.com>
arm64: dts: imx95-tqma9596sa: fix TPM5 pinctrl node name
Sergey Bashirov <sergeybashirov(a)gmail.com>
NFSD/blocklayout: Fix minlength check in proc_layoutget
Al Viro <viro(a)zeniv.linux.org.uk>
tracefs: fix a leak in eventfs_create_events_dir()
Al Viro <viro(a)zeniv.linux.org.uk>
fuse_ctl_add_conn(): fix nlink breakage in case of early failure
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
iio: core: Clean up device correctly on iio_device_alloc() failure
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
iio: core: add missing mutex_destroy in iio_dev_release()
Haotian Zhang <vulab(a)iscas.ac.cn>
watchdog: starfive: Fix resource leak in probe error path
Haotian Zhang <vulab(a)iscas.ac.cn>
watchdog: wdat_wdt: Fix ACPI table leak in probe function
Nuno Das Neves <nunodasneves(a)linux.microsoft.com>
mshv: Fix create memory region overlap check
Nuno Das Neves <nunodasneves(a)linux.microsoft.com>
mshv: Fix deposit memory in MSHV_ROOT_HVCALL
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Check skb->transport_header is set in bpf_skb_check_mtu
Alexei Starovoitov <ast(a)kernel.org>
selftests/bpf: Fix failure paths in send_signal test
Menglong Dong <menglong8.dong(a)gmail.com>
bpf: Handle return value of ftrace_set_filter_ip in register_fentry
Sahil Chandna <chandna.sahil(a)gmail.com>
bpf: Prevent nesting overflow in bpf_try_get_buffers
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
kbuild: don't enable CC_CAN_LINK if the dummy program generates warnings
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
PCI: Prevent resource tree corruption when BAR resize fails
Aaron Kling <webgeek1234(a)gmail.com>
soc/tegra: fuse: speedo-tegra210: Update speedo IDs
Rene Rebe <rene(a)exactco.de>
ps3disk: use memcpy_{from,to}_bvec index
Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com>
drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype
Praveen Talari <praveen.talari(a)oss.qualcomm.com>
arm64: dts: qcom: qrb2210-rb1: Fix UART3 wakeup IRQ storm
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Use %u to printf unsigned int pwm_chip::npwm and pwm_chip::id
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Simplify printf to emit chip->npwm in $debugfs/pwm
Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com>
s390/fpu: Fix false-positive kmsan report in fpu_vstl()
Zilin Guan <zilin(a)seu.edu.cn>
crypto: iaa - Fix incorrect return value in save_iaa_wq()
Ian Rogers <irogers(a)google.com>
perf vendor metrics s390: Avoid has_event(INSTRUCTIONS)
FUKAUMI Naoki <naoki(a)radxa.com>
arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C
FUKAUMI Naoki <naoki(a)radxa.com>
arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A
FUKAUMI Naoki <naoki(a)radxa.com>
arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
soc: renesas: rz-sysc: Populate readable_reg/writeable_reg in regmap config
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
soc: renesas: r9a09g056-sys: Populate max_register
Siddharth Vadapalli <s-vadapalli(a)ti.com>
PCI: keystone: Exit ks_pcie_probe() for invalid mode
Leon Hwang <leon.hwang(a)linux.dev>
bpf: Free special fields when update [lru_,]percpu_hash maps
Lizhi Hou <lizhi.hou(a)amd.com>
accel/amdxdna: Fix deadlock between context destroy and job timeout
Lizhi Hou <lizhi.hou(a)amd.com>
accel/amdxdna: Clear mailbox interrupt register during channel creation
Chaitanya S Prakash <chaitanyas.prakash(a)arm.com>
arm64/mm: Allow __create_pgd_mapping() to propagate pgtable_alloc() errors
Haotian Zhang <vulab(a)iscas.ac.cn>
leds: netxbig: Fix GPIO descriptor leak in error paths
Haotian Zhang <vulab(a)iscas.ac.cn>
scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls
Tony Battersby <tonyb(a)cybernetics.com>
scsi: qla2xxx: Clear cmds after chip reset
Haotian Zhang <vulab(a)iscas.ac.cn>
ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint()
Joseph Qi <joseph.qi(a)linux.alibaba.com>
ocfs2: use correct endian in ocfs2_dinode_has_extents
Dmitry Antipov <dmantipov(a)yandex.ru>
ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
lib/vsprintf: Check pointer before dereferencing in time_and_date()
Haotian Zhang <vulab(a)iscas.ac.cn>
clk: renesas: r9a06g032: Fix memory leak in error path
Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com>
clk: renesas: r9a09g077: Propagate rate changes to parent clocks
Jayesh Choudhary <j-choudhary(a)ti.com>
drm/tidss: Move OLDI mode validation to OLDI bridge mode_valid hook
Jayesh Choudhary <j-choudhary(a)ti.com>
drm/tidss: Remove max_pclk_khz and min_pclk_khz from tidss display features
Namhyung Kim <namhyung(a)kernel.org>
perf tools: Fix missing feature check for inherit + SAMPLE_READ
Leo Yan <leo.yan(a)arm.com>
coresight: etm4x: Properly control filter in CPU idle with FEAT_TRF
Leo Yan <leo.yan(a)arm.com>
coresight: etm4x: Add context synchronization before enabling trace
Leo Yan <leo.yan(a)arm.com>
coresight: etm4x: Correct polling IDLE bit
Leo Yan <leo.yan(a)arm.com>
coresight: etm3x: Always set tracer's device mode on target CPU
Leo Yan <leo.yan(a)arm.com>
coresight: etm4x: Always set tracer's device mode on target CPU
Leo Yan <leo.yan(a)arm.com>
coresight: Change device mode to atomic type
Bartlomiej Kubik <kubik.bartlomiej(a)gmail.com>
fs/ntfs3: Initialize allocated memory before use
David Wei <dw(a)davidwei.uk>
io_uring/zcrx: call netdev_queue_get_dma_dev() under instance lock
David Wei <dw(a)davidwei.uk>
net: export netdev_get_by_index_lock()
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: defer config unlock in nbd_genl_connect
Abdun Nihaal <nihaal(a)cse.iitm.ac.in>
wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper()
Long Li <leo.lilong(a)huawei.com>
macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
Christophe Leroy <christophe.leroy(a)csgroup.eu>
powerpc/32: Fix unpaired stwcx. on interrupt exit
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/kdump: Fix size calculation for hot-removed memory ranges
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs
Li Nan <linan122(a)huawei.com>
md: init bioset in mddev_init
Li Nan <linan122(a)huawei.com>
md: delete md_redundancy_group when array is becoming inactive
Bean Huo <beanhuo(a)micron.com>
scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc()
Akash Goel <akash.goel(a)arm.com>
drm/panthor: Fix potential memleak of vma structure
Edward Adam Davis <eadavis(a)qq.com>
ntfs3: init run lock for extend inode
Carl Worth <carl(a)os.amperecomputing.com>
coresight: tmc: add the handle of the event to the path
Jihed Chaibi <jihed.chaibi.dev(a)gmail.com>
ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties
Ma Ke <make24(a)iscas.ac.cn>
RDMA/rtrs: server: Fix error handling in get_or_create_srv
Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com>
dt-bindings: PCI: amlogic: Fix the register name of the DBI region
Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com>
iio: imu: bmi270: fix dev_err_probe error msg
Johan Hovold <johan(a)kernel.org>
staging: most: remove broken i2c driver
Mike McGowen <mike.mcgowen(a)microchip.com>
scsi: smartpqi: Fix device resources accessed after device removal
Haotian Zhang <vulab(a)iscas.ac.cn>
scsi: stex: Fix reboot_notifier leak in probe error path
Zheng Qixing <zhengqixing(a)huawei.com>
nbd: defer config put in recv_work
Xiao Ni <xni(a)redhat.com>
md: avoid repeated calls to del_gendisk
Yun Zhou <yun.zhou(a)windriver.com>
md: fix rcu protection in md_wakeup_thread
Xiao Ni <xni(a)redhat.com>
md: delete mddev kobj before deleting gendisk kobj
Gabor Juhos <j4g8y7(a)gmail.com>
regulator: core: disable supply if enabling main regulator fails
Dapeng Mi <dapeng1.mi(a)linux.intel.com>
perf/x86/intel: Correct large PEBS flag check
Dapeng Mi <dapeng1.mi(a)linux.intel.com>
perf/x86: Fix NULL event access and potential PEBS record loss
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: use WRITE_ONCE for user shared memory
FUKAUMI Naoki <naoki(a)radxa.com>
arm64: dts: rockchip: Fix USB Type-C host mode for Radxa ROCK 5B+/5T
Dan Carpenter <dan.carpenter(a)linaro.org>
hfs: fix potential use after free in hfs_correct_next_unused_CNID()
Lizhi Hou <lizhi.hou(a)amd.com>
accel/amdxdna: Fix dma_fence leak when job is canceled
Zhang Yi <yi.zhang(a)huawei.com>
ext4: correct the checking of quota files before moving extents
Manish Dharanenthiran <manish.dharanenthiran(a)oss.qualcomm.com>
wifi: ath12k: Fix timeout error during beacon stats retrieval
Haotian Zhang <vulab(a)iscas.ac.cn>
mfd: da9055: Fix missing regmap_del_irq_chip() in error path
Namhyung Kim <namhyung(a)kernel.org>
perf annotate: Fix build with NO_SLANG=1
Fedor Pchelkin <pchelkin(a)ispras.ru>
wifi: rtw89: usb: fix leak in rtw89_usb_write_port()
Fedor Pchelkin <pchelkin(a)ispras.ru>
wifi: rtw89: usb: use common error path for skbs in rtw89_usb_rx_handler()
Wang Liang <wangliang74(a)huawei.com>
locktorture: Fix memory leak in param_set_cpumask()
Usama Arif <usamaarif642(a)gmail.com>
efi/libstub: Fix page table access in 5-level to 4-level paging transition
Usama Arif <usamaarif642(a)gmail.com>
x86/boot: Fix page table access in 5-level to 4-level paging transition
Xiaoqi Zhuang <xiaoqi.zhuang(a)oss.qualcomm.com>
coresight: ETR: Fix ETR buffer use-after-free issue
Niklas Cassel <cassel(a)kernel.org>
arm64: tegra: Add pinctrl definitions for pcie-ep nodes
Peter Zijlstra <peterz(a)infradead.org>
entry,unwind/deferred: Fix unwind_reset_info() placement
Jihed Chaibi <jihed.chaibi.dev(a)gmail.com>
ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible
Jihed Chaibi <jihed.chaibi.dev(a)gmail.com>
ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible
Yegor Yefremov <yegorslists(a)googlemail.com>
ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels
Geert Uytterhoeven <geert+renesas(a)glider.be>
ARM: dts: am33xx: Add missing serial console speed
Alan Maguire <alan.maguire(a)oracle.com>
libbpf: Fix parsing of multi-split BTF
Vishwaroop A <va(a)nvidia.com>
spi: tegra210-quad: Fix timeout handling
Matthew Brost <matthew.brost(a)intel.com>
drm/xe: Enforce correct user fence signaling order using
Christian Brauner <brauner(a)kernel.org>
cleanup: fix scoped_class()
Songtang Liu <liusongtang(a)bytedance.com>
iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show
Christian Brauner <brauner(a)kernel.org>
ns: initialize ns_list_node for initial namespaces
Christian Brauner <brauner(a)kernel.org>
ns: add NS_COMMON_INIT()
Thomas Richard (TI.com) <thomas.richard(a)bootlin.com>
firmware: ti_sci: Set IO Isolation only if the firmware is capable
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Fix UAF on kernel BO VA nodes
Ketil Johnsen <ketil.johnsen(a)arm.com>
drm/panthor: Fix race with suspend during unplug
Ketil Johnsen <ketil.johnsen(a)arm.com>
drm/panthor: Fix UAF race between device unplug and FW event processing
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Fix group_free_queue() for partially initialized queues
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Handle errors returned by drm_sched_entity_init()
Tingmao Wang <m(a)maowtm.org>
fs/9p: Don't open remote file with APPEND mode when writeback cache is used
Mike Christie <michael.christie(a)oracle.com>
scsi: target: Fix LUN/device R/W and total command stats
Bart Van Assche <bvanassche(a)acm.org>
scsi: target: Do not write NUL characters into ASCII configfs output
Ahelenia Ziemiańska <nabijaczleweli(a)nabijaczleweli.xyz>
power: supply: apm_power: only unset own apm_get_power_status
Val Packett <val(a)packett.cool>
power: supply: qcom_battmgr: support disabling charge control
Val Packett <val(a)packett.cool>
power: supply: qcom_battmgr: clamp charge control thresholds
Ivan Abramov <i.abramov(a)mt-integration.ru>
power: supply: wm831x: Check wm831x_set_bits() return value
Murad Masimov <m.masimov(a)mt-integration.ru>
power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges()
Ivan Abramov <i.abramov(a)mt-integration.ru>
power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges()
Ivan Abramov <i.abramov(a)mt-integration.ru>
power: supply: max17040: Check iio_read_channel_processed() return code
Ivan Abramov <i.abramov(a)mt-integration.ru>
power: supply: cw2015: Check devm_delayed_work_autocancel() return code
Haotian Zhang <vulab(a)iscas.ac.cn>
power: supply: rt5033_charger: Fix device node reference leaks
Frederic Weisbecker <frederic(a)kernel.org>
timers/migration: Fix imbalanced NUMA trees
Frederic Weisbecker <frederic(a)kernel.org>
timers/migration: Remove locking on group connection
Frederic Weisbecker <frederic(a)kernel.org>
timers/migration: Convert "while" loops to use "for"
Taniya Das <taniya.das(a)oss.qualcomm.com>
clk: qcom: tcsrcc-glymur: Update register offsets for clock refs
Shuai Xue <xueshuai(a)linux.alibaba.com>
perf record: skip synthesize event when open evsel failed
Namhyung Kim <namhyung(a)kernel.org>
perf lock contention: Load kernel map before lookup
Geert Uytterhoeven <geert+renesas(a)glider.be>
drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource()
Christian Brauner <brauner(a)kernel.org>
cgroup: add cgroup namespace to tree after owner is set
Marek Vasut <marek.vasut+renesas(a)mailbox.org>
arm64: dts: renesas: sparrow-hawk: Fix full-size DP connector node name and labels
Kuan-Wei Chiu <visitorckw(a)gmail.com>
interconnect: debugfs: Fix incorrect error handling for NULL path
Lizhi Hou <lizhi.hou(a)amd.com>
accel/amdxdna: Fix incorrect command state for timed out job
Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller
Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com>
interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS
Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com>
wifi: ath12k: unassign arvif on scan vdev create failure
Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com>
wifi: ath12k: enforce vdev limit in ath12k_mac_vdev_create()
Baochen Qiang <baochen.qiang(a)oss.qualcomm.com>
wifi: ath12k: fix error handling in creating hardware group
Baochen Qiang <baochen.qiang(a)oss.qualcomm.com>
wifi: ath12k: fix reusing m3 memory
Abdun Nihaal <nihaal(a)cse.iitm.ac.in>
wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload()
Jacob Keller <jacob.e.keller(a)intel.com>
docs: kdoc: fix duplicate section warning message
Arnd Bergmann <arnd(a)arndb.de>
random: use offstack cpumask when necessary
Stanley Chu <yschu(a)nuvoton.com>
i3c: master: svc: Prevent incomplete IBI transaction
Frank Li <Frank.Li(a)nxp.com>
i3c: fix refcount inconsistency in i3c_master_register
Aniket Limaye <a-limaye(a)ti.com>
arm64: dts: ti: k3-j784s4: Fix I2C pinmux pull configuration
Christian Brauner <brauner(a)kernel.org>
pidfs: add missing BUILD_BUG_ON() assert on struct pidfd_info
Christian Brauner <brauner(a)kernel.org>
pidfs: add missing PIDFD_INFO_SIZE_VER1
Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com>
accel/ivpu: Fix race condition when unbinding BOs
Danilo Krummrich <dakr(a)kernel.org>
drm: nova: select NOVA_CORE
Haotian Zhang <vulab(a)iscas.ac.cn>
pinctrl: stm32: fix hwspinlock resource leak in probe function
Haotian Zhang <vulab(a)iscas.ac.cn>
soc: qcom: smem: fix hwspinlock resource leak in probe error paths
Taniya Das <taniya.das(a)oss.qualcomm.com>
clk: qcom: gcc-qcs615: Update the SDCC clock to use shared_floor_ops
Benjamin Berg <benjamin.berg(a)intel.com>
tools/nolibc/dirent: avoid errno in readdir_r
Benjamin Berg <benjamin.berg(a)intel.com>
tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set
Maciej Falkowski <maciej.falkowski(a)linux.intel.com>
accel/ivpu: Remove skip of dma unmap for imported buffers
Tengda Wu <wutengda(a)huaweicloud.com>
x86/dumpstack: Prevent KASAN false positive warnings in __show_regs()
Marek Vasut <marek.vasut+renesas(a)mailbox.org>
drm/rcar-du: dsi: Fix missing parameter in RXSETR_...EN macros
Peter Zijlstra <peterz(a)infradead.org>
task_work: Fix NMI race condition
Zhang Rui <rui.zhang(a)intel.com>
perf/x86/intel/cstate: Remove PC3 support from LunarLake
Arnaud Lecomte <contact(a)arnaud-lcm.com>
bpf: Fix stackmap overflow check in __bpf_get_stackid()
Arnaud Lecomte <contact(a)arnaud-lcm.com>
bpf: Refactor stack map trace depth calculation into helper function
Haotian Zhang <vulab(a)iscas.ac.cn>
mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove
Aryan Srivastava <aryan.srivastava(a)alliedtelesis.co.nz>
mtd: nand: relax ECC parameter validation check
Aryan Srivastava <aryan.srivastava(a)alliedtelesis.co.nz>
Revert "mtd: rawnand: marvell: fix layouts"
Li Qiang <liqiang01(a)kylinos.cn>
wifi: iwlwifi: mld: add null check for kzalloc() in iwl_mld_send_proto_offload()
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/userq: fix SDMA and compute validation
Prike Liang <Prike.Liang(a)amd.com>
drm/amdgpu: add userq object va track helpers
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
ARM: dts: renesas: gose: Remove superfluous port property
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix null deref on srq->rq.queue after resize failure
Loic Poulain <loic.poulain(a)oss.qualcomm.com>
arm64: dts: qcom: qcm2290: Fix camss register prop ordering
Kuniyuki Iwashima <kuniyu(a)google.com>
sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock().
Horatiu Vultur <horatiu.vultur(a)microchip.com>
phy: mscc: Fix PTP for VSC8574 and VSC8572
Michal Suchanek <msuchanek(a)suse.de>
perf hwmon_pmu: Fix uninitialized variable warning
Eric Gonçalves <ghatto404(a)gmail.com>
arm64: dts: qcom: sm8250-samsung-common: correct reserved pins
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sdm845-starqltechn: Fix i2c-gpio node name
Pengyu Luo <mitltlatltl(a)gmail.com>
arm64: dts: qcom: sc8280xp: Fix shifted GPI DMA channels
Val Packett <val(a)packett.cool>
arm64: dts: qcom: x1-dell-thena: remove dp data-lanes
Val Packett <val(a)packett.cool>
arm64: dts: qcom: x1-dell-thena: Add missing pinctrl for eDP HPD
Alexander Martinz <amartinz(a)shiftphones.com>
arm64: dts: qcom: qcm6490-shift-otter: Add missing reserved-memory
Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com>
arm64: dts: qcom: sm8750-mtp: move PCIe GPIOs to pcieport0 node
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8650: set ufs as dma coherent
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: qcm6490-fairphone-fp5: Add supplies to simple-fb node
Gergo Koteles <soyer(a)irl.hu>
arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider
Dzmitry Sankouski <dsankouski(a)gmail.com>
arm64: dts: qcom: sdm845-starqltechn: fix max77705 interrupts
Dzmitry Sankouski <dsankouski(a)gmail.com>
arm64: dts: qcom: sdm845-starqltechn: remove (address|size)-cells
Willy Tarreau <w(a)1wt.eu>
tools/nolibc: x86: fix section mismatch caused by asm "mem*" functions
Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com>
arm64: dts: qcom: lemans: Add missing quirk for HS only USB controller
Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com>
arm64: dts: qcom: x1e80100: Add missing quirk for HS only USB controller
Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com>
arm64: dts: qcom: x1e80100: Fix compile warnings for USB HS controller
Peng Fan <peng.fan(a)nxp.com>
firmware: imx: scu-irq: fix OF node leak in
Randolph Sapp <rs(a)ti.com>
arm64: dts: ti: k3-am62p: Fix memory ranges for GPU
Bhanu Seshu Kumar Valluri <bhanuseshukumar(a)gmail.com>
PCI: endpoint: pci-epf-test: Fix sleeping function being called from atomic context
Thomas Richard <thomas.richard(a)bootlin.com>
leds: upboard: Fix module alias
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: remove duplicate call to ice_deinit_hw() on error paths
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: move ice_deinit_dev() to the end of deinit paths
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: extract ice_init_dev() from ice_init()
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: move ice_init_pf() out of ice_init_dev()
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: move udp_tunnel_nic and misc IRQ setup into ice_init_pf()
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: ice_init_pf: destroy mutexes and xarrays on memory alloc failure
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: move ice_init_interrupt_scheme() prior ice_init_pf()
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: move service task start out of ice_init_pf()
Lizhi Hou <lizhi.hou(a)amd.com>
accel/amdxdna: Fix uninitialized return value
Baochen Qiang <baochen.qiang(a)oss.qualcomm.com>
wifi: ath12k: restore register window after global reset
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Regression fix Uncore MHz printed in hex
Heiko Carstens <hca(a)linux.ibm.com>
s390/ap: Don't leak debug feature files if AP instructions are not available
Bart Van Assche <bvanassche(a)acm.org>
scsi: ufs: core: Move the ufshcd_enable_intr() declaration
Heiko Carstens <hca(a)linux.ibm.com>
s390/smp: Fix fallback CPU detection
Baochen Qiang <baochen.qiang(a)oss.qualcomm.com>
wifi: ath11k: fix peer HE MCS assignment
Baochen Qiang <baochen.qiang(a)oss.qualcomm.com>
wifi: ath11k: fix VHT MCS assignment
nieweiqiang <nieweiqiang(a)huawei.com>
crypto: hisilicon/qm - restore original qos values
Thorsten Blum <thorsten.blum(a)linux.dev>
crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
Haotian Zhang <vulab(a)iscas.ac.cn>
soc: qcom: gsbi: fix double disable caused by devm
Luca Weiss <luca.weiss(a)fairphone.com>
clk: qcom: camcc-sm7150: Fix PLL config of PLL2
Luca Weiss <luca.weiss(a)fairphone.com>
clk: qcom: camcc-sm6350: Fix PLL config of PLL2
Luo Jie <quic_luoj(a)quicinc.com>
clk: qcom: gcc-ipq5424: Correct the icc_first_node_id
Taniya Das <taniya.das(a)oss.qualcomm.com>
clk: qcom: gcc-glymur: Update the halt check flags for pipe clocks
Taniya Das <taniya.das(a)oss.qualcomm.com>
clk: qcom: gcc-sm8750: Add a new frequency for sdcc2 clock
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
clk: qcom: rpmh: Define RPMH_IPA_CLK on QCS615
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
clk: qcom: camcc-sm8550: Specify Titan GDSC power domain as a parent to other
Sherry Sun <sherry.sun(a)nxp.com>
tty: serial: imx: Only configure the wake register when device is set as wakeup source
Li Qiang <liqiang01(a)kylinos.cn>
uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe
Geert Uytterhoeven <geert+renesas(a)glider.be>
PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2
Peter Griffin <peter.griffin(a)linaro.org>
arm64: dts: exynos: gs101: fix sysreg_apm reg property
Peter Griffin <peter.griffin(a)linaro.org>
arm64: dts: exynos: gs101: fix clock module unit reg sizes
Tianyou Li <tianyou.li(a)intel.com>
perf annotate: Check return value of evsel__get_arch() properly
Joy Zou <joy.zou(a)nxp.com>
arm64: dts: imx95-15x15-evk: add fan-supply property for pwm-fan
Tim Harvey <tharvey(a)gateworks.com>
arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1
Tim Harvey <tharvey(a)gateworks.com>
arm64: dts: imx8mp-venice-gw702x: remove off-board uart
Tim Harvey <tharvey(a)gateworks.com>
arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl
Tim Harvey <tharvey(a)gateworks.com>
arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Do not let BPF test infra emit invalid GSO types to stack
Bart Van Assche <bvanassche(a)acm.org>
block/mq-deadline: Switch back to a single dispatch list
Bart Van Assche <bvanassche(a)acm.org>
block/mq-deadline: Introduce dd_start_request()
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
PCI: sg2042: Fix a reference count issue in sg2042_pcie_remove()
T Pratham <t-pratham(a)ti.com>
crypto: aead - Fix reqsize handling
Ian Rogers <irogers(a)google.com>
perf parse-events: Make X modifier more respectful of groups
Randy Dunlap <rdunlap(a)infradead.org>
firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc
Francesco Lavra <flavra(a)baylibre.com>
iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member
Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com>
arm64: dts: qcom: ipq5424: correct the TF-A reserved memory to 512K
Sidharth Seela <sidharthseela(a)gmail.com>
ntfs3: Fix uninit buffer allocated by __getname()
Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com>
ntfs3: fix uninit memory after failed mi_read in mi_format_new
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: authenc - Correctly pass EINPROGRESS back up to the caller
Johan Hovold <johan(a)kernel.org>
irqchip: Pass platform device to platform drivers
Johan Hovold <johan(a)kernel.org>
irqchip: Drop leftover brackets
Johan Hovold <johan(a)kernel.org>
irqchip/qcom-irq-combiner: Fix section mismatch
Johan Hovold <johan(a)kernel.org>
irqchip/starfive-jh8100: Fix section mismatch
Johan Hovold <johan(a)kernel.org>
irqchip/renesas-rzg2l: Fix section mismatch
Johan Hovold <johan(a)kernel.org>
irqchip/imx-mu-msi: Fix section mismatch
Johan Hovold <johan(a)kernel.org>
irqchip/irq-brcmstb-l2: Fix section mismatch
Johan Hovold <johan(a)kernel.org>
irqchip/irq-bcm7120-l2: Fix section mismatch
Johan Hovold <johan(a)kernel.org>
irqchip/irq-bcm7038-l1: Fix section mismatch
Johan Hovold <johan(a)kernel.org>
irqchip/bcm2712-mip: Fix section mismatch
Johan Hovold <johan(a)kernel.org>
irqchip/bcm2712-mip: Fix OF node reference imbalance
Fernand Sieber <sieberf(a)amazon.com>
sched/fair: Forfeit vruntime on yield
Pradeep Kumar Chitrapu <quic_pradeepc(a)quicinc.com>
wifi: ath12k: fix TX and RX MCS rate configurations in HE mode
Baochen Qiang <baochen.qiang(a)oss.qualcomm.com>
wifi: ath12k: fix VHT MCS assignment
Sarika Sharma <sarika.sharma(a)oss.qualcomm.com>
wifi: ath12k: Fix MSDU buffer types handling in RX error path
Baochen Qiang <baochen.qiang(a)oss.qualcomm.com>
wifi: ath11k: restore register window after global reset
Kang Yang <kang.yang(a)oss.qualcomm.com>
wifi: ath10k: move recovery check logic into a new work
Danilo Krummrich <dakr(a)kernel.org>
gpu: nova-core: gsp: do not unwrap() SGEntry
Danilo Krummrich <dakr(a)kernel.org>
gpu: nova-core: gsp: remove useless conversion
Ian Rogers <irogers(a)google.com>
perf parse-events: Fix legacy cache events if event is duplicated in a PMU
Wludzik, Jozef <jozef.wludzik(a)intel.com>
accel/ivpu: Fix race condition when mapping dmabuf
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool: Fix weak symbol detection
Dylan Hatch <dylanbhatch(a)google.com>
objtool: Fix standalone --hacks=jump_label
Peng Fan <peng.fan(a)nxp.com>
remoteproc: imx_rproc: Fix runtime PM cleanup and improve remove path
Mavroudis Chatzilazaridis <mavchatz(a)protonmail.com>
HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync()
Cyrille Pitchen <cyrille.pitchen(a)microchip.com>
drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler()
Marek Vasut <marek.vasut+renesas(a)mailbox.org>
clk: renesas: cpg-mssr: Read back reset registers to assure values latched
Marek Vasut <marek.vasut+renesas(a)mailbox.org>
clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback
Biju Das <biju.das.jz(a)bp.renesas.com>
pinctrl: renesas: rzg2l: Fix PMC restore
Roberto Sassu <roberto.sassu(a)huawei.com>
ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook
Abel Vesa <abel.vesa(a)linaro.org>
pinctrl: qcom: glymur: Fix the gpio and egpio pin functions
Abel Vesa <abel.vesa(a)linaro.org>
pinctrl: qcom: glymur: Drop unnecessary platform data from match table
Ian Rogers <irogers(a)google.com>
perf bpf_counter: Fix opening of "any"(-1) CPU events
Seungjin Bae <eeodqql09(a)gmail.com>
USB: Fix descriptor count when handling invalid MBIM extended descriptor
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
tools/nolibc: handle NULL wstatus argument to waitpid()
Mykyta Yatsenko <yatsenko(a)meta.com>
bpf: Fix handling maps with no BTF and non-constant offsets for the bpf_wq
Kumar Kartikeya Dwivedi <memxor(a)gmail.com>
bpf: Fix sleepable context for async callbacks
Siddharth Chintamaneni <sidchintamaneni(a)gmail.com>
bpf: Cleanup unused func args in rqspinlock implementation
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/vgem-fence: Fix potential deadlock on release
Karol Wachowski <karol.wachowski(a)linux.intel.com>
accel/ivpu: Fix DCT active percent format
Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com>
accel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context()
Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com>
accel/ivpu: Rework bind/unbind of imported buffers
Guido Günther <agx(a)sigxcpu.org>
drm/panel: visionox-rm69299: Don't clear all mode flags
Guido Günther <agx(a)sigxcpu.org>
drm/panel: visionox-rm69299: Fix clock frequency for SHIFT6mq
Karol Wachowski <karol.wachowski(a)linux.intel.com>
accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail
Lizhi Hou <lizhi.hou(a)amd.com>
accel/amdxdna: Call dma_buf_vmap_unlocked() for imported object
Lizhi Hou <lizhi.hou(a)amd.com>
accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array()
Mainak Sen <msen(a)nvidia.com>
gpu: host1x: Fix race in syncpt alloc/free
Konstantin Andreev <andreev(a)swemel.ru>
smack: fix bug: setting task label silently ignores input garbage
Konstantin Andreev <andreev(a)swemel.ru>
smack: fix bug: unprivileged task can create labels
Konstantin Andreev <andreev(a)swemel.ru>
smack: fix bug: invalid label of unix socket file
Konstantin Andreev <andreev(a)swemel.ru>
smack: always "instantiate" inode in smack_inode_init_security()
Konstantin Andreev <andreev(a)swemel.ru>
smack: deduplicate xattr setting in smack_inode_init_security()
Konstantin Andreev <andreev(a)swemel.ru>
smack: deduplicate "does access rule request transmutation"
Konstantin Andreev <andreev(a)swemel.ru>
smack: fix bug: SMACK64TRANSMUTE set on non-directory
-------------
Diffstat:
Documentation/admin-guide/LSM/Smack.rst | 16 +-
.../devicetree/bindings/pci/amlogic,axg-pcie.yaml | 6 +-
Documentation/hwmon/g762.rst | 2 +-
Makefile | 4 +-
arch/arm/boot/dts/renesas/r8a7793-gose.dts | 1 -
.../arm/boot/dts/renesas/r9a06g032-rzn1d400-db.dts | 2 -
arch/arm/boot/dts/samsung/exynos4210-i9100.dts | 1 +
arch/arm/boot/dts/samsung/exynos4210-trats.dts | 1 +
.../boot/dts/samsung/exynos4210-universal_c210.dts | 1 +
arch/arm/boot/dts/samsung/exynos4412-midas.dtsi | 1 +
.../dts/st/stm32mp157c-phycore-stm32mp15-som.dtsi | 8 +-
arch/arm/boot/dts/ti/omap/am335x-bone-common.dtsi | 2 +-
arch/arm/boot/dts/ti/omap/am335x-boneblue.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-chiliboard.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-evm.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-evmsk.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-guardian.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-icev2.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-myirtech-myd.dts | 2 +-
.../boot/dts/ti/omap/am335x-netcom-plus-2xx.dts | 8 +-
.../arm/boot/dts/ti/omap/am335x-osd3358-sm-red.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-pdu001.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-pocketbeagle.dts | 2 +-
arch/arm/boot/dts/ti/omap/am335x-sl50.dts | 2 +-
arch/arm/boot/dts/ti/omap/omap3-beagle-xm.dts | 2 +-
arch/arm/boot/dts/ti/omap/omap3-n900.dts | 2 +-
arch/arm/include/asm/word-at-a-time.h | 10 +-
arch/arm64/boot/dts/amlogic/meson-g12b.dtsi | 4 +-
arch/arm64/boot/dts/exynos/google/gs101.dtsi | 18 +-
.../boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 -
.../boot/dts/freescale/imx8mp-venice-gw702x.dtsi | 51 ---
.../boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 11 -
arch/arm64/boot/dts/freescale/imx95-15x15-evk.dts | 1 +
.../arm64/boot/dts/freescale/imx95-tqma9596sa.dtsi | 4 +-
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +-
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 61 ++++
arch/arm64/boot/dts/qcom/ipq5424.dtsi | 2 +-
arch/arm64/boot/dts/qcom/lemans.dtsi | 1 +
arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 +
arch/arm64/boot/dts/qcom/qcm2290.dtsi | 10 +-
arch/arm64/boot/dts/qcom/qcm6490-fairphone-fp5.dts | 2 +
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 5 +
arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 170 +++++-----
.../arm64/boot/dts/qcom/sdm845-oneplus-common.dtsi | 4 +-
.../boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 +-
.../arm64/boot/dts/qcom/sm8250-samsung-common.dtsi | 3 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 2 +
arch/arm64/boot/dts/qcom/sm8750-mtp.dts | 6 +-
arch/arm64/boot/dts/qcom/x1-dell-thena.dtsi | 5 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 12 +-
.../boot/dts/renesas/r8a779g3-sparrow-hawk.dts | 6 +-
arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 +
.../boot/dts/rockchip/rk3588-rock-5b-5bp-5t.dtsi | 4 +-
.../boot/dts/rockchip/rk3588-rock-5b-plus.dts | 5 +
arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 4 +
arch/arm64/boot/dts/rockchip/rk3588-rock-5t.dts | 4 +
arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 15 +-
arch/arm64/boot/dts/ti/k3-am62p.dtsi | 2 +-
arch/arm64/boot/dts/ti/k3-am69-sk.dts | 8 +-
.../boot/dts/ti/k3-j784s4-j742s2-evm-common.dtsi | 4 +-
arch/arm64/mm/mmu.c | 214 +++++++-----
arch/arm64/mm/pageattr.c | 5 +-
arch/powerpc/kernel/entry_32.S | 10 +-
arch/powerpc/kexec/ranges.c | 2 +-
arch/powerpc/mm/book3s64/hash_utils.c | 10 +-
arch/powerpc/mm/ptdump/hashpagetable.c | 6 +
arch/riscv/kvm/vcpu_insn.c | 22 ++
arch/s390/include/asm/fpu-insn.h | 3 +
arch/s390/kernel/smp.c | 1 +
arch/um/Kconfig | 1 +
arch/um/Makefile | 12 +-
arch/um/include/asm/kasan.h | 4 -
arch/x86/boot/compressed/pgtable_64.c | 11 +-
arch/x86/events/core.c | 5 +-
arch/x86/events/intel/core.c | 7 +-
arch/x86/events/intel/cstate.c | 3 +-
arch/x86/kernel/dumpstack.c | 23 +-
block/blk-lib.c | 6 +-
block/blk-mq.c | 35 +-
block/blk-throttle.c | 9 +-
block/mq-deadline.c | 129 ++++---
crypto/aead.c | 1 +
crypto/ahash.c | 18 +-
crypto/asymmetric_keys/asymmetric_type.c | 12 +-
crypto/authenc.c | 75 +++--
drivers/accel/amdxdna/aie2_ctx.c | 22 +-
drivers/accel/amdxdna/aie2_pci.c | 10 +-
drivers/accel/amdxdna/amdxdna_ctx.c | 1 +
drivers/accel/amdxdna/amdxdna_ctx.h | 1 +
drivers/accel/amdxdna/amdxdna_gem.c | 47 ++-
drivers/accel/amdxdna/amdxdna_mailbox.c | 1 +
drivers/accel/ivpu/ivpu_gem.c | 97 ++++--
drivers/accel/ivpu/ivpu_gem.h | 2 +-
drivers/accel/ivpu/ivpu_hw_btrs.c | 2 +-
drivers/accel/ivpu/ivpu_hw_btrs.h | 2 +-
drivers/accel/ivpu/ivpu_job.c | 6 +-
drivers/accel/ivpu/ivpu_pm.c | 9 +-
drivers/acpi/apei/ghes.c | 27 +-
drivers/acpi/processor_core.c | 2 +-
drivers/acpi/property.c | 1 +
drivers/base/firmware_loader/Kconfig | 2 +-
drivers/block/nbd.c | 5 +-
drivers/block/ps3disk.c | 4 +
drivers/block/ublk_drv.c | 4 +-
drivers/char/random.c | 19 +-
drivers/clk/Makefile | 3 +-
drivers/clk/qcom/camcc-sm6350.c | 13 +-
drivers/clk/qcom/camcc-sm7150.c | 6 +-
drivers/clk/qcom/camcc-sm8550.c | 10 +
drivers/clk/qcom/clk-rpmh.c | 1 +
drivers/clk/qcom/gcc-glymur.c | 24 +-
drivers/clk/qcom/gcc-ipq5424.c | 3 +-
drivers/clk/qcom/gcc-qcs615.c | 6 +-
drivers/clk/qcom/gcc-sm8750.c | 1 +
drivers/clk/qcom/tcsrcc-glymur.c | 54 +--
drivers/clk/renesas/r9a06g032-clocks.c | 6 +-
drivers/clk/renesas/r9a09g077-cpg.c | 4 +-
drivers/clk/renesas/renesas-cpg-mssr.c | 57 ++--
drivers/clk/spacemit/ccu-k1.c | 4 +-
drivers/clocksource/arm_arch_timer_mmio.c | 2 +
drivers/clocksource/timer-nxp-pit.c | 3 +-
drivers/clocksource/timer-nxp-stm.c | 23 +-
drivers/clocksource/timer-ralink.c | 11 +-
drivers/cpufreq/amd-pstate.c | 2 +-
drivers/crypto/ccree/cc_buffer_mgr.c | 6 +-
drivers/crypto/hisilicon/qm.c | 14 +-
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/starfive/jh7110-hash.c | 6 +-
drivers/devfreq/hisi_uncore_freq.c | 3 +-
drivers/firmware/efi/cper-arm.c | 52 ++-
drivers/firmware/efi/cper.c | 60 ++++
drivers/firmware/efi/libstub/x86-5lvl.c | 4 +-
drivers/firmware/imx/imx-scu-irq.c | 4 +-
drivers/firmware/stratix10-svc.c | 1 +
drivers/firmware/ti_sci.c | 21 +-
drivers/firmware/ti_sci.h | 2 +
drivers/gpio/Kconfig | 1 -
drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_userq.c | 44 ++-
drivers/gpu/drm/amd/amdgpu/amdgpu_userq.h | 12 +-
drivers/gpu/drm/amd/amdgpu/mes_userqueue.c | 31 +-
drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 46 ++-
drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 4 +-
drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 +-
drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 27 +-
drivers/gpu/drm/drm_plane.c | 8 +-
drivers/gpu/drm/i915/display/intel_fbdev.c | 43 ++-
drivers/gpu/drm/i915/display/intel_fbdev_fb.c | 42 +--
drivers/gpu/drm/i915/display/intel_fbdev_fb.h | 8 +-
drivers/gpu/drm/imagination/pvr_device.c | 2 +-
drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 +-
drivers/gpu/drm/msm/adreno/a2xx_gpu.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 34 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 10 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.h | 6 -
drivers/gpu/drm/msm/msm_gpu.c | 21 +-
.../gpu/drm/nouveau/dispnv04/nouveau_i2c_encoder.c | 20 --
.../drm/nouveau/include/dispnv04/i2c/encoder_i2c.h | 19 +-
drivers/gpu/drm/nouveau/nouveau_fence.c | 6 +-
drivers/gpu/drm/nouveau/nvkm/subdev/fb/base.c | 2 +-
drivers/gpu/drm/nova/Kconfig | 1 +
drivers/gpu/drm/panel/panel-novatek-nt35560.c | 8 +-
drivers/gpu/drm/panel/panel-visionox-rm69299.c | 4 +-
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/panthor/panthor_gem.c | 20 +-
drivers/gpu/drm/panthor/panthor_mmu.c | 18 +-
drivers/gpu/drm/panthor/panthor_sched.c | 25 +-
.../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 4 +-
drivers/gpu/drm/tidss/tidss_dispc.c | 93 +++--
drivers/gpu/drm/tidss/tidss_dispc.h | 3 -
drivers/gpu/drm/tidss/tidss_drv.h | 2 +
drivers/gpu/drm/tidss/tidss_oldi.c | 22 ++
drivers/gpu/drm/vgem/vgem_fence.c | 2 +-
drivers/gpu/drm/xe/display/intel_fbdev_fb.c | 32 +-
drivers/gpu/drm/xe/xe_exec_queue.c | 3 +
drivers/gpu/host1x/syncpt.c | 4 +-
drivers/gpu/nova-core/firmware/gsp.rs | 8 +-
drivers/greybus/gb-beagleplay.c | 12 +-
drivers/hid/hid-logitech-hidpp.c | 9 +-
drivers/hv/mshv_root_main.c | 89 +++--
drivers/hwmon/sy7636a-hwmon.c | 7 +-
drivers/hwtracing/coresight/coresight-etm-perf.c | 1 +
drivers/hwtracing/coresight/coresight-etm3x-core.c | 59 ++--
drivers/hwtracing/coresight/coresight-etm4x-core.c | 103 ++++--
drivers/hwtracing/coresight/coresight-etm4x.h | 3 -
drivers/hwtracing/coresight/coresight-tmc-etr.c | 10 +-
drivers/i2c/busses/i2c-k1.c | 19 +-
drivers/i3c/master.c | 8 +-
drivers/i3c/master/svc-i3c-master.c | 22 +-
drivers/iio/imu/bmi270/bmi270_spi.c | 2 +-
drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 2 +-
drivers/iio/industrialio-core.c | 17 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +-
drivers/infiniband/hw/bnxt_re/qplib_sp.c | 8 +-
drivers/infiniband/hw/bnxt_re/qplib_sp.h | 2 +-
drivers/infiniband/hw/irdma/cm.c | 2 +-
drivers/infiniband/hw/irdma/ctrl.c | 6 +-
drivers/infiniband/hw/irdma/icrdma_if.c | 6 +-
drivers/infiniband/hw/irdma/ig3rdma_if.c | 4 +
drivers/infiniband/hw/irdma/main.h | 2 +-
drivers/infiniband/hw/irdma/pble.c | 6 +-
drivers/infiniband/hw/irdma/puda.c | 1 -
drivers/infiniband/hw/irdma/uk.c | 31 +-
drivers/infiniband/hw/irdma/user.h | 1 -
drivers/infiniband/hw/irdma/verbs.c | 24 +-
drivers/infiniband/hw/irdma/verbs.h | 3 +-
drivers/infiniband/sw/rxe/rxe_srq.c | 7 +-
drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 +-
drivers/interconnect/debugfs-client.c | 7 +-
drivers/interconnect/qcom/msm8996.c | 1 +
drivers/iommu/amd/debugfs.c | 2 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +-
drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 +-
drivers/iommu/intel/Kconfig | 2 +-
drivers/iommu/intel/iommu.h | 2 +-
drivers/irqchip/irq-bcm2712-mip.c | 11 +-
drivers/irqchip/irq-bcm7038-l1.c | 11 +-
drivers/irqchip/irq-bcm7120-l2.c | 31 +-
drivers/irqchip/irq-brcmstb-l2.c | 25 +-
drivers/irqchip/irq-imx-mu-msi.c | 28 +-
drivers/irqchip/irq-mchp-eic.c | 7 +-
drivers/irqchip/irq-meson-gpio.c | 5 +-
drivers/irqchip/irq-qcom-mpm.c | 6 +-
drivers/irqchip/irq-renesas-rzg2l.c | 37 +-
drivers/irqchip/irq-renesas-rzv2h.c | 32 +-
drivers/irqchip/irq-starfive-jh8100-intc.c | 6 +-
drivers/irqchip/irqchip.c | 10 +-
drivers/irqchip/qcom-irq-combiner.c | 2 +-
drivers/irqchip/qcom-pdc.c | 5 +-
drivers/leds/leds-netxbig.c | 36 +-
drivers/leds/leds-upboard.c | 2 +-
drivers/leds/rgb/leds-qcom-lpg.c | 4 +-
drivers/macintosh/mac_hid.c | 3 +-
drivers/md/dm-log-writes.c | 1 +
drivers/md/dm-raid.c | 2 +
drivers/md/md.c | 92 ++---
drivers/md/md.h | 9 +-
drivers/md/raid5.c | 6 +-
drivers/mfd/da9055-core.c | 1 +
drivers/mfd/mt6358-irq.c | 1 +
drivers/mfd/mt6397-irq.c | 1 +
drivers/misc/rp1/rp1_pci.c | 3 +
drivers/mtd/lpddr/lpddr_cmds.c | 8 +-
drivers/mtd/nand/raw/lpc32xx_slc.c | 2 +
drivers/mtd/nand/raw/marvell_nand.c | 13 +-
drivers/mtd/nand/raw/nand_base.c | 13 +-
drivers/mtd/nand/raw/renesas-nand-controller.c | 5 +-
drivers/net/dsa/b53/b53_common.c | 331 ++++++++++++------
drivers/net/dsa/b53/b53_priv.h | 111 +++++-
drivers/net/dsa/b53/b53_regs.h | 41 ++-
drivers/net/dsa/xrs700x/xrs700x.c | 11 +
drivers/net/ethernet/intel/iavf/iavf_ptp.c | 7 +
drivers/net/ethernet/intel/ice/devlink/devlink.c | 21 +-
drivers/net/ethernet/intel/ice/ice.h | 4 +
drivers/net/ethernet/intel/ice/ice_common.c | 3 +
drivers/net/ethernet/intel/ice/ice_main.c | 169 +++++-----
drivers/net/ethernet/stmicro/stmmac/dwmac-sophgo.c | 20 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_vlan.c | 3 +-
drivers/net/phy/adin1100.c | 2 +-
drivers/net/phy/aquantia/aquantia_firmware.c | 2 +-
drivers/net/phy/mscc/mscc_main.c | 6 +-
drivers/net/phy/phy-core.c | 43 +++
drivers/net/phy/realtek/realtek_main.c | 65 ++--
drivers/net/vxlan/vxlan_core.c | 18 +-
drivers/net/wireless/ath/ath10k/core.c | 20 +-
drivers/net/wireless/ath/ath10k/core.h | 2 +-
drivers/net/wireless/ath/ath10k/mac.c | 2 +-
drivers/net/wireless/ath/ath11k/mac.c | 8 +-
drivers/net/wireless/ath/ath11k/pci.c | 20 +-
drivers/net/wireless/ath/ath11k/wmi.c | 20 +-
drivers/net/wireless/ath/ath11k/wmi.h | 2 +
drivers/net/wireless/ath/ath12k/core.c | 24 +-
drivers/net/wireless/ath/ath12k/core.h | 1 -
drivers/net/wireless/ath/ath12k/dp_rx.c | 70 +++-
drivers/net/wireless/ath/ath12k/hal_rx.c | 10 +-
drivers/net/wireless/ath/ath12k/mac.c | 28 +-
drivers/net/wireless/ath/ath12k/pci.c | 20 +-
drivers/net/wireless/ath/ath12k/qmi.c | 11 +-
drivers/net/wireless/ath/ath12k/qmi.h | 5 +-
drivers/net/wireless/ath/ath12k/wmi.c | 23 +-
drivers/net/wireless/ath/ath12k/wmi.h | 2 +
drivers/net/wireless/ath/ath12k/wow.c | 1 +
drivers/net/wireless/intel/iwlwifi/mld/d3.c | 4 +
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 -
drivers/net/wireless/mediatek/mt76/mt76.h | 9 +
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 2 +
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 1 -
drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 15 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 19 +-
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 18 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 115 ++++---
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 69 ++--
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 11 +-
drivers/net/wireless/mediatek/mt76/wed.c | 10 +-
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 +-
drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 +-
drivers/net/wireless/realtek/rtw89/usb.c | 13 +-
drivers/net/wireless/st/cw1200/bh.c | 6 +-
drivers/nvme/host/auth.c | 2 +-
drivers/of/fdt.c | 85 +++--
drivers/of/of_kunit_helpers.c | 5 +-
drivers/pci/controller/Kconfig | 7 +-
drivers/pci/controller/cadence/pcie-sg2042.c | 3 -
drivers/pci/controller/dwc/pci-keystone.c | 2 +
drivers/pci/controller/dwc/pcie-designware.h | 2 +-
drivers/pci/controller/dwc/pcie-stm32-ep.c | 41 +--
drivers/pci/endpoint/functions/pci-epf-test.c | 5 +-
drivers/pci/setup-bus.c | 5 +
drivers/phy/freescale/phy-fsl-imx8qm-hsio.c | 5 +-
drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 +-
drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 15 +
drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 27 +-
drivers/pinctrl/pinctrl-single.c | 7 +-
drivers/pinctrl/qcom/pinctrl-glymur.c | 6 +-
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 6 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 2 +-
drivers/platform/x86/asus-wmi.c | 8 +-
drivers/platform/x86/intel/pmc/core.h | 2 +-
drivers/power/supply/apm_power.c | 3 +-
drivers/power/supply/cw2015_battery.c | 8 +-
drivers/power/supply/max17040_battery.c | 6 +-
drivers/power/supply/qcom_battmgr.c | 26 +-
drivers/power/supply/rt5033_charger.c | 2 +
drivers/power/supply/rt9467-charger.c | 6 +-
drivers/power/supply/wm831x_power.c | 10 +-
drivers/pwm/core.c | 5 +-
drivers/pwm/pwm-bcm2835.c | 28 +-
drivers/ras/ras.c | 40 ++-
drivers/regulator/core.c | 37 +-
drivers/regulator/fixed.c | 11 +-
drivers/regulator/pca9450-regulator.c | 7 +-
drivers/regulator/spacemit-p1.c | 4 +-
drivers/remoteproc/imx_rproc.c | 9 +-
drivers/remoteproc/qcom_q6v5_wcss.c | 8 +-
drivers/rtc/rtc-amlogic-a4.c | 4 -
drivers/rtc/rtc-gamecube.c | 4 +
drivers/rtc/rtc-max31335.c | 6 +-
drivers/s390/crypto/ap_bus.c | 8 +-
drivers/scsi/imm.c | 1 +
drivers/scsi/qla2xxx/qla_nvme.c | 2 +-
drivers/scsi/qla2xxx/qla_os.c | 20 +-
drivers/scsi/qla2xxx/qla_target.c | 5 +-
drivers/scsi/qla2xxx/qla_target.h | 1 +
drivers/scsi/sim710.c | 2 +
drivers/scsi/smartpqi/smartpqi_init.c | 19 ++
drivers/scsi/stex.c | 1 +
drivers/soc/qcom/qcom_gsbi.c | 8 -
drivers/soc/qcom/smem.c | 3 +-
drivers/soc/renesas/r9a08g045-sysc.c | 69 ++++
drivers/soc/renesas/r9a09g047-sys.c | 79 +++++
drivers/soc/renesas/r9a09g056-sys.c | 69 ++++
drivers/soc/renesas/r9a09g057-sys.c | 101 ++++++
drivers/soc/renesas/rz-sysc.c | 2 +
drivers/soc/renesas/rz-sysc.h | 4 +
drivers/soc/samsung/exynos-pmu.c | 7 +-
drivers/soc/tegra/fuse/speedo-tegra210.c | 58 +++-
drivers/spi/spi-airoha-snfi.c | 25 +-
drivers/spi/spi-ch341.c | 2 +-
drivers/spi/spi-sg2044-nor.c | 4 +-
drivers/spi/spi-tegra210-quad.c | 22 +-
drivers/staging/fbtft/fbtft-core.c | 4 +-
drivers/staging/most/Kconfig | 2 -
drivers/staging/most/Makefile | 1 -
drivers/staging/most/i2c/Kconfig | 13 -
drivers/staging/most/i2c/Makefile | 4 -
drivers/staging/most/i2c/i2c.c | 374 ---------------------
drivers/target/target_core_configfs.c | 1 -
drivers/target/target_core_stat.c | 24 +-
drivers/tty/serial/imx.c | 14 +
drivers/ufs/core/ufshcd-priv.h | 2 +
drivers/ufs/core/ufshcd.c | 27 +-
drivers/ufs/host/ufs-rockchip.c | 19 +-
drivers/uio/uio_fsl_elbc_gpcm.c | 7 +
drivers/usb/core/message.c | 2 +-
drivers/usb/dwc2/platform.c | 17 +-
drivers/usb/dwc3/host.c | 5 +-
drivers/usb/gadget/legacy/raw_gadget.c | 3 +
drivers/usb/gadget/udc/tegra-xudc.c | 6 -
drivers/usb/misc/chaoskey.c | 16 +-
drivers/usb/phy/phy.c | 4 +
drivers/usb/typec/ucsi/ucsi_huawei_gaokun.c | 2 +
drivers/vdpa/mlx5/net/mlx5_vnet.c | 2 +-
drivers/vdpa/pds/vdpa_dev.c | 2 +-
drivers/vfio/pci/vfio_pci_core.c | 68 ++--
drivers/vfio/pci/vfio_pci_intrs.c | 52 +--
drivers/vfio/pci/vfio_pci_priv.h | 4 +
drivers/vhost/net.c | 12 +-
drivers/vhost/vhost.c | 4 +-
drivers/video/backlight/led_bl.c | 13 +
drivers/video/fbdev/ssd1307fb.c | 4 +-
drivers/virtio/virtio.c | 12 +-
drivers/virtio/virtio_debug.c | 10 +-
drivers/virtio/virtio_pci_modern_dev.c | 6 +-
drivers/virtio/virtio_ring.c | 7 +-
drivers/virtio/virtio_vdpa.c | 2 +-
drivers/watchdog/starfive-wdt.c | 4 +-
drivers/watchdog/wdat_wdt.c | 64 ++--
fs/9p/v9fs.c | 4 +-
fs/9p/vfs_file.c | 11 +-
fs/9p/vfs_inode.c | 3 +-
fs/9p/vfs_inode_dotl.c | 2 +-
fs/btrfs/block-group.c | 6 +-
fs/btrfs/ctree.c | 2 +-
fs/btrfs/delayed-ref.c | 43 ++-
fs/btrfs/scrub.c | 2 +-
fs/btrfs/space-info.c | 22 +-
fs/btrfs/space-info.h | 6 +-
fs/erofs/super.c | 38 ++-
fs/exfat/balloc.c | 2 +-
fs/exfat/namei.c | 20 +-
fs/ext4/mballoc.c | 49 ++-
fs/ext4/move_extent.c | 2 +-
fs/f2fs/f2fs.h | 2 +
fs/f2fs/gc.c | 132 +++++---
fs/f2fs/recovery.c | 2 +-
fs/f2fs/segment.c | 38 ++-
fs/f2fs/segment.h | 8 +-
fs/f2fs/super.c | 14 +
fs/f2fs/sysfs.c | 7 +
fs/fuse/control.c | 19 +-
fs/gfs2/glock.c | 5 +-
fs/gfs2/inode.c | 15 +
fs/gfs2/inode.h | 1 +
fs/gfs2/ops_fstype.c | 2 +-
fs/hfs/catalog.c | 2 +-
fs/inode.c | 58 ++--
fs/iomap/direct-io.c | 23 +-
fs/kernfs/dir.c | 5 +-
fs/nfs/client.c | 21 +-
fs/nfs/dir.c | 27 +-
fs/nfs/internal.h | 3 +-
fs/nfs/localio.c | 4 +-
fs/nfs/namespace.c | 11 +-
fs/nfs/nfs4client.c | 18 +-
fs/nfs/nfs4proc.c | 27 +-
fs/nfs/pnfs.c | 1 +
fs/nfs/super.c | 33 +-
fs/nfsd/blocklayout.c | 4 +-
fs/nls/nls_base.c | 27 +-
fs/ntfs3/frecord.c | 8 +-
fs/ntfs3/fsntfs.c | 9 +-
fs/ntfs3/inode.c | 7 +-
fs/ocfs2/alloc.c | 1 -
fs/ocfs2/inode.c | 10 +-
fs/ocfs2/move_extents.c | 8 +-
fs/pidfs.c | 2 +
fs/smb/client/cifssmb.c | 2 +-
fs/smb/client/smb2pdu.c | 2 +-
fs/smb/client/smbdirect.c | 28 +-
fs/smb/common/smbdirect/smbdirect_socket.h | 51 +++
fs/smb/server/transport_rdma.c | 40 ++-
fs/tracefs/event_inode.c | 3 +-
include/asm-generic/mshyperv.h | 17 +-
include/asm-generic/rqspinlock.h | 60 ++--
include/linux/blk_types.h | 5 +-
include/linux/cleanup.h | 15 +-
include/linux/coresight.h | 35 +-
include/linux/cper.h | 12 +-
include/linux/f2fs_fs.h | 5 +-
include/linux/filter.h | 12 +-
include/linux/firmware/qcom/qcom_tzmem.h | 15 +-
include/linux/ieee80211.h | 4 +-
include/linux/if_hsr.h | 9 +
include/linux/irq-entry-common.h | 2 +-
include/linux/irqchip.h | 8 +-
include/linux/netdevice.h | 1 +
include/linux/nfs_fs_sb.h | 5 +
include/linux/ns_common.h | 11 +
include/linux/of_fdt.h | 9 +
include/linux/phy.h | 3 +
include/linux/platform_data/lp855x.h | 4 +-
include/linux/ras.h | 16 +-
include/linux/soc/mediatek/mtk_wed.h | 1 +
include/linux/vfio_pci_core.h | 10 +-
include/linux/virtio.h | 2 +-
include/linux/virtio_config.h | 24 +-
include/linux/virtio_features.h | 29 +-
include/linux/virtio_pci_modern.h | 8 +-
include/net/netfilter/nf_conntrack_count.h | 15 +-
include/ras/ras_event.h | 49 ++-
include/sound/tas2781.h | 2 +-
include/target/target_core_base.h | 12 +-
include/uapi/linux/pidfd.h | 1 +
include/uapi/sound/asound.h | 2 +-
include/ufs/ufshcd.h | 1 -
io_uring/io_uring.c | 10 +-
io_uring/kbuf.c | 10 +-
io_uring/zcrx.c | 16 +-
kernel/bpf/hashtab.c | 10 +-
kernel/bpf/helpers.c | 3 +
kernel/bpf/rqspinlock.c | 36 +-
kernel/bpf/stackmap.c | 62 ++--
kernel/bpf/syscall.c | 6 +-
kernel/bpf/trampoline.c | 4 +-
kernel/bpf/verifier.c | 89 +++--
kernel/cgroup/cpuset.c | 35 +-
kernel/cgroup/namespace.c | 2 +-
kernel/cpu.c | 25 +-
kernel/dma/pool.c | 2 +-
kernel/events/core.c | 22 +-
kernel/locking/locktorture.c | 8 +-
kernel/resource.c | 10 +-
kernel/sched/fair.c | 17 +-
kernel/sched/stats.h | 7 +-
kernel/task_work.c | 8 +-
kernel/time/timer_migration.c | 264 ++++++++-------
lib/vsprintf.c | 6 +-
net/bpf/test_run.c | 5 +
net/core/dev.h | 1 -
net/core/filter.c | 16 +-
net/core/netpoll.c | 2 +-
net/hsr/hsr_device.c | 20 ++
net/hsr/hsr_slave.c | 7 +-
net/ipv6/ip6_fib.c | 4 +
net/mac80211/aes_cmac.c | 63 +++-
net/mac80211/aes_cmac.h | 8 +-
net/mac80211/wpa.c | 20 +-
net/netfilter/nf_conncount.c | 195 +++++++----
net/netfilter/nft_connlimit.c | 34 +-
net/netfilter/nft_flow_offload.c | 9 +-
net/netfilter/xt_connlimit.c | 14 +-
net/openvswitch/conntrack.c | 16 +-
net/sched/sch_cake.c | 60 ++--
net/sctp/socket.c | 5 +-
scripts/cc-can-link.sh | 2 +-
scripts/lib/kdoc/kdoc_parser.py | 16 +-
scripts/package/install-extmod-build | 2 +-
security/integrity/ima/ima_main.c | 40 ++-
security/integrity/ima/ima_policy.c | 2 +-
security/landlock/errata/abi-1.h | 16 +
security/landlock/fs.c | 40 ++-
security/smack/smack.h | 3 +
security/smack/smack_access.c | 93 +++--
security/smack/smack_lsm.c | 277 ++++++++++-----
sound/firewire/dice/dice-extension.c | 4 +-
sound/firewire/motu/motu-hwdep.c | 7 +-
sound/hda/codecs/realtek/alc269.c | 2 +
sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 +
sound/hda/codecs/side-codecs/tas2781_hda_i2c.c | 44 +--
sound/isa/wavefront/wavefront_midi.c | 2 +
sound/isa/wavefront/wavefront_synth.c | 4 +-
sound/soc/amd/acp/acp-i2s.c | 2 +
sound/soc/amd/acp/acp-legacy-common.c | 30 +-
sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 +-
sound/soc/codecs/Kconfig | 5 +
sound/soc/codecs/Makefile | 2 +
sound/soc/codecs/ak4458.c | 10 +-
sound/soc/codecs/ak5558.c | 10 +-
sound/soc/codecs/nau8325.c | 3 +-
sound/soc/codecs/tas2781-comlib-i2c.c | 2 +-
sound/soc/codecs/tas2781-i2c.c | 2 +-
sound/soc/fsl/fsl_xcvr.c | 2 +-
sound/soc/intel/catpt/pcm.c | 4 +-
sound/soc/sdca/sdca_functions.c | 2 +-
tools/bpf/bpftool/sign.c | 6 +
tools/include/nolibc/arch-x86.h | 6 +-
tools/include/nolibc/dirent.h | 6 +-
tools/include/nolibc/stdio.h | 4 +
tools/include/nolibc/sys/wait.h | 18 +-
tools/lib/bpf/btf.c | 4 +-
tools/objtool/check.c | 3 +-
tools/objtool/elf.c | 8 +-
tools/perf/builtin-kvm.c | 2 +-
tools/perf/builtin-record.c | 2 +-
tools/perf/builtin-stat.c | 15 +-
.../pmu-events/arch/s390/cf_z16/transaction.json | 8 +-
.../pmu-events/arch/s390/cf_z17/transaction.json | 8 +-
tools/perf/util/annotate.c | 2 +-
.../util/arm-spe-decoder/arm-spe-pkt-decoder.c | 25 +-
.../util/arm-spe-decoder/arm-spe-pkt-decoder.h | 15 +-
tools/perf/util/bpf_counter.c | 7 +-
tools/perf/util/bpf_lock_contention.c | 6 +-
tools/perf/util/evsel.c | 2 +-
tools/perf/util/genelf.c | 32 +-
tools/perf/util/hist.c | 6 +-
tools/perf/util/hist.h | 8 +-
tools/perf/util/hwmon_pmu.c | 3 +-
tools/perf/util/parse-events.c | 44 ++-
tools/perf/util/parse-events.h | 3 +-
tools/perf/util/parse-events.y | 2 +-
tools/perf/util/symbol.c | 5 +-
tools/power/x86/turbostat/turbostat.c | 12 +-
tools/testing/selftests/bpf/.gitignore | 1 +
tools/testing/selftests/bpf/Makefile | 6 +-
.../selftests/bpf/prog_tests/kmem_cache_iter.c | 3 +-
.../selftests/bpf/prog_tests/perf_branches.c | 22 +-
.../testing/selftests/bpf/prog_tests/send_signal.c | 5 +
.../selftests/bpf/progs/test_perf_branches.c | 3 +
tools/testing/selftests/bpf/test_tag.c | 2 +-
.../drivers/net/bonding/bond_macvlan_ipvlan.sh | 1 +
tools/testing/selftests/landlock/Makefile | 2 +-
.../tcp_syscall_bad_arg_sendmsg-empty-iov.pkt | 4 +
.../net/packetdrill/tcp_zerocopy_basic.pkt | 2 +
.../net/packetdrill/tcp_zerocopy_batch.pkt | 2 +
.../net/packetdrill/tcp_zerocopy_client.pkt | 2 +
.../net/packetdrill/tcp_zerocopy_closed.pkt | 2 +
.../net/packetdrill/tcp_zerocopy_epoll_edge.pkt | 3 +
.../packetdrill/tcp_zerocopy_epoll_exclusive.pkt | 3 +
.../net/packetdrill/tcp_zerocopy_epoll_oneshot.pkt | 3 +
.../packetdrill/tcp_zerocopy_fastopen-client.pkt | 2 +
.../packetdrill/tcp_zerocopy_fastopen-server.pkt | 2 +
.../net/packetdrill/tcp_zerocopy_maxfrags.pkt | 2 +
.../net/packetdrill/tcp_zerocopy_small.pkt | 2 +
tools/tracing/rtla/Makefile.rtla | 2 +-
tools/tracing/rtla/src/common.c | 24 +-
tools/tracing/rtla/src/osnoise_hist.c | 3 +-
tools/tracing/rtla/src/osnoise_top.c | 3 +-
tools/tracing/rtla/src/timerlat.c | 3 +-
tools/tracing/rtla/src/timerlat_hist.c | 3 +-
tools/tracing/rtla/src/timerlat_top.c | 3 +-
tools/tracing/rtla/tests/osnoise.t | 6 +-
tools/tracing/rtla/tests/timerlat.t | 4 +-
616 files changed, 6319 insertions(+), 3850 deletions(-)
16 hours, 31 minutes
- 21
- 646
[BUG] soft lockup in kswapd0 caused by Rust binder
by Ban ZuoXiang
Hello,
Many users [1][2][3] have reported a kernel soft lockup in the
kswapd0 task when running Waydroid (an Android container solution) on
kernels with the new Rust Binder driver.
The issue manifests as a soft lockup where CPU utilization is pegged at
100% system time, stuck in the list_lru_walk path triggered by the Rust
binder's shrinker.
Kernel Log:
12 25 01:23:57 arch-laptop kernel: watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [kswapd0:142]
12 25 01:23:57 arch-laptop kernel: CPU#0 Utilization every 4000ms during lockup:
12 25 01:23:57 arch-laptop kernel: #1: 100% system, 0% softirq, 1% hardirq, 0% idle
12 25 01:23:57 arch-laptop kernel: #2: 100% system, 0% softirq, 1% hardirq, 0% idle
12 25 01:23:57 arch-laptop kernel: #3: 100% system, 0% softirq, 1% hardirq, 0% idle
12 25 01:23:57 arch-laptop kernel: #4: 100% system, 0% softirq, 1% hardirq, 0% idle
12 25 01:23:57 arch-laptop kernel: #5: 100% system, 0% softirq, 1% hardirq, 0% idle
12 25 01:23:57 arch-laptop kernel: Modules linked in: sch_ingress af_key tcp_diag udp_diag inet_diag nfnetlink_log xfrm_user xfrm_algo xfrm_interface xfrm6_tunnel tunnel4 tunnel6 vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vmw_vmci veth overlay loop nft_masq nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables tun rfcomm snd_seq_dummy snd_hrtimer snd_seq cmac algif_hash algif_skcipher af_alg bnep vfat fat iwlmvm intel_rapl_msr amd_atl amdgpu intel_rapl_common mac80211 ptp pps_core libarc4 amdxcp snd_hda_codec_nvhdmi drm_panel_backlight_quirks snd_hda_codec_hdmi gpu_sched snd_usb_audio drm_buddy iwlwifi kvm_amd drm_exec uvcvideo drm_suballoc_helper snd_hda_intel drm_ttm_helper btusb kvm videobuf2_vmalloc spd5118 r8169 snd_hda_codec snd_usbmidi_lib ttm ucsi_acpi btmtk uvc snd_hda_core cfg80211 realtek btrtl irqbypass i2c_algo_bit snd_ump videobuf2_memops asus_nb_wmi typec_ucsi snd_intel_dspcfg sp5100_tco mdio_devres polyval_clmulni videobuf2_v4l2 btbcm amd_pmf
12 25 01:23:57 arch-laptop kernel: ghash_clmulni_intel snd_rawmidi drm_display_helper snd_intel_sdw_acpi asus_wmi libphy typec videobuf2_common i2c_piix4 btintel aesni_intel snd_hwdep snd_seq_device amdtee hid_multitouch bluetooth videodev cec wmi_bmof sparse_keymap rapl pcspkr roles ccp k10temp rfkill video i2c_smbus mdio_bus amd_sfh snd_pcm thunderbolt i2c_hid_acpi platform_profile snd_timer wmi i2c_hid tee snd amd_pmc soundcore mc mousedev joydev mac_hid tcp_bbr sch_fq_pie sch_pie i2c_dev pkcs8_key_parser ntsync crypto_user nfnetlink hid_logitech_hidpp hid_logitech_dj nvme nvme_core nvme_keyring nvme_auth hkdf serio_raw
12 25 01:23:57 arch-laptop kernel: CPU: 0 UID: 0 PID: 142 Comm: kswapd0 Not tainted 6.18.2-zen2-1-zen #1 PREEMPT(full) 817688afc19ca15a22737742591535351aba70f8
12 25 01:23:57 arch-laptop kernel: Hardware name: ASUSTeK COMPUTER INC. ASUS TUF Gaming A15 FA507RM_FA507RM/FA507RM, BIOS FA507RM.315 11/30/2022
12 25 01:23:57 arch-laptop kernel: RIP: 0010:native_queued_spin_lock_slowpath+0x67/0x2e0
12 25 01:23:57 arch-laptop kernel: Code: 0f 92 c2 8b 01 0f b6 d2 c1 e2 08 30 e4 09 d0 3d ff 00 00 00 0f 87 1e 02 00 00 85 c0 74 10 0f b6 01 84 c0 74 09 f3 90 0f b6 01 <84> c0 75 f7 b8 01 00 00 00 66 89 01 65 48 ff 05 ad af ed 01 c3 cc
12 25 01:23:57 arch-laptop kernel: RSP: 0018:ffffd4c4c06e3a30 EFLAGS: 00000202
12 25 01:23:57 arch-laptop kernel: RAX: 0000000000000001 RBX: ffffd4c4c06e3b10 RCX: ffff8d69446aa698
12 25 01:23:57 arch-laptop kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d69446aa698
12 25 01:23:57 arch-laptop kernel: RBP: ffffffff94118f38 R08: 0000000000000000 R09: 0000000000000000
12 25 01:23:57 arch-laptop kernel: R10: ffff8d6fa1e38340 R11: ffff8d6fbe2d6000 R12: ffff8d6c5aaf8000
12 25 01:23:57 arch-laptop kernel: R13: ffffffff91d15410 R14: ffff8d69446aa680 R15: ffff8d69446aa680
12 25 01:23:57 arch-laptop kernel: FS: 0000000000000000(0000) GS:ffff8d700deaf000(0000) knlGS:0000000000000000
12 25 01:23:57 arch-laptop kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
12 25 01:23:57 arch-laptop kernel: CR2: 00000000100af568 CR3: 000000020da24000 CR4: 0000000000f50ef0
12 25 01:23:57 arch-laptop kernel: PKRU: 55555554
12 25 01:23:57 arch-laptop kernel: Call Trace:
12 25 01:23:57 arch-laptop kernel: <TASK>
12 25 01:23:57 arch-laptop kernel: _raw_spin_lock+0x29/0x30
12 25 01:23:57 arch-laptop kernel: __list_lru_walk_one.constprop.0+0x94/0x1d0
12 25 01:23:57 arch-laptop kernel: ? __pfx_rust_shrink_free_page_wrap+0x10/0x10
12 25 01:23:57 arch-laptop kernel: ? __pfx_rust_shrink_free_page_wrap+0x10/0x10
12 25 01:23:57 arch-laptop kernel: list_lru_walk_node+0x46/0x1f0
12 25 01:23:57 arch-laptop kernel: ? __pfx_rust_shrink_free_page_wrap+0x10/0x10
12 25 01:23:57 arch-laptop kernel: rust_helper_list_lru_walk+0x9d/0xe0
12 25 01:23:57 arch-laptop kernel: do_shrink_slab+0x140/0x350
12 25 01:23:57 arch-laptop kernel: shrink_slab+0xd7/0x3e0
12 25 01:23:57 arch-laptop kernel: shrink_one+0xfe/0x1d0
12 25 01:23:57 arch-laptop kernel: shrink_node+0xb4a/0xd60
12 25 01:23:57 arch-laptop kernel: ? pgdat_balanced+0x83/0x140
12 25 01:23:57 arch-laptop kernel: kswapd+0x870/0x1100
12 25 01:23:57 arch-laptop kernel: ? __switch_to+0x103/0x3f0
12 25 01:23:57 arch-laptop kernel: ? __pfx_kswapd+0x10/0x10
12 25 01:23:57 arch-laptop kernel: kthread+0xfc/0x240
12 25 01:23:57 arch-laptop kernel: ? __pfx_kthread+0x10/0x10
12 25 01:23:57 arch-laptop kernel: ret_from_fork+0x1c2/0x1f0
12 25 01:23:57 arch-laptop kernel: ? __pfx_kthread+0x10/0x10
12 25 01:23:57 arch-laptop kernel: ret_from_fork_asm+0x1a/0x30
12 25 01:23:57 arch-laptop kernel: </TASK>
rust/helpers/binder.c:
unsigned long rust_helper_list_lru_walk(struct list_lru *lru,
list_lru_walk_cb isolate, void *cb_arg,
unsigned long nr_to_walk)
{
return list_lru_walk(lru, isolate, cb_arg, nr_to_walk);
}
It appears that there exists a patch addressing this issue:
'rust: binder: stop spinning in shrinker' [4]
I have tested this patch, and it appears to resolve the soft lockup
issue.
Could this patch be picked up to fix the regression?
[1] https://github.com/waydroid/waydroid/issues/2163
[2] https://bbs.archlinux.org/viewtopic.php?id=311223
[3] https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/174
[4] https://lore.kernel.org/all/20251202-binder-shrink-unspin-v1-1-263efb9ad625…
regards,
Ban ZuoXiang
17 hours, 7 minutes
- 2
- 1
[PATCH v2] arm64: errata: Workaround for SI L1 downstream coherency issue
by Lucas Wei
When software issues a Cache Maintenance Operation (CMO) targeting a
dirty cache line, the CPU and DSU cluster may optimize the operation by
combining the CopyBack Write and CMO into a single combined CopyBack
Write plus CMO transaction presented to the interconnect (MCN).
For these combined transactions, the MCN splits the operation into two
separate transactions, one Write and one CMO, and then propagates the
write and optionally the CMO to the downstream memory system or external
Point of Serialization (PoS).
However, the MCN may return an early CompCMO response to the DSU cluster
before the corresponding Write and CMO transactions have completed at
the external PoS or downstream memory. As a result, stale data may be
observed by external observers that are directly connected to the
external PoS or downstream memory.
This erratum affects any system topology in which the following
conditions apply:
- The Point of Serialization (PoS) is located downstream of the
interconnect.
- A downstream observer accesses memory directly, bypassing the
interconnect.
Conditions:
This erratum occurs only when all of the following conditions are met:
1. Software executes a data cache maintenance operation, specifically,
a clean or invalidate by virtual address (DC CVAC, DC CIVAC, or DC
IVAC), that hits on unique dirty data in the CPU or DSU cache. This
results in a combined CopyBack and CMO being issued to the
interconnect.
2. The interconnect splits the combined transaction into separate Write
and CMO transactions and returns an early completion response to the
CPU or DSU before the write has completed at the downstream memory
or PoS.
3. A downstream observer accesses the affected memory address after the
early completion response is issued but before the actual memory
write has completed. This allows the observer to read stale data
that has not yet been updated at the PoS or downstream memory.
The implementation of workaround put a second loop of CMOs at the same
virtual address whose operation meet erratum conditions to wait until
cache data be cleaned to PoC.. This way of implementation mitigates
performance panalty compared to purly duplicate orignial CMO.
Reported-by: kernel test robot <lkp(a)intel.com>
Cc: stable(a)vger.kernel.org # 6.12.x
Signed-off-by: Lucas Wei <lucaswei(a)google.com>
---
Changes in v2:
1. Fixed warning from kernel test robot by changing
arm_si_l1_workaround_4311569 to static
[Reported-by: kernel test robot <lkp(a)intel.com>]
---
Documentation/arch/arm64/silicon-errata.rst | 3 ++
arch/arm64/Kconfig | 19 +++++++++++++
arch/arm64/include/asm/assembler.h | 10 +++++++
arch/arm64/kernel/cpu_errata.c | 31 +++++++++++++++++++++
arch/arm64/mm/cache.S | 13 ++++++++-
arch/arm64/tools/cpucaps | 1 +
6 files changed, 76 insertions(+), 1 deletion(-)
diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst
index a7ec57060f64..98efdf528719 100644
--- a/Documentation/arch/arm64/silicon-errata.rst
+++ b/Documentation/arch/arm64/silicon-errata.rst
@@ -213,6 +213,9 @@ stable kernels.
| ARM | GIC-700 | #2941627 | ARM64_ERRATUM_2941627 |
+----------------+-----------------+-----------------+-----------------------------+
+----------------+-----------------+-----------------+-----------------------------+
+| ARM | SI L1 | #4311569 | ARM64_ERRATUM_4311569 |
++----------------+-----------------+-----------------+-----------------------------+
++----------------+-----------------+-----------------+-----------------------------+
| Broadcom | Brahma-B53 | N/A | ARM64_ERRATUM_845719 |
+----------------+-----------------+-----------------+-----------------------------+
| Broadcom | Brahma-B53 | N/A | ARM64_ERRATUM_843419 |
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 65db12f66b8f..a834d30859cc 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1153,6 +1153,25 @@ config ARM64_ERRATUM_3194386
If unsure, say Y.
+config ARM64_ERRATUM_4311569
+ bool "SI L1: 4311569: workaround for premature CMO completion erratum"
+ default y
+ help
+ This option adds the workaround for ARM SI L1 erratum 4311569.
+
+ The erratum of SI L1 can cause an early response to a combined write
+ and cache maintenance operation (WR+CMO) before the operation is fully
+ completed to the Point of Serialization (POS).
+ This can result in a non-I/O coherent agent observing stale data,
+ potentially leading to system instability or incorrect behavior.
+
+ Enabling this option implements a software workaround by inserting a
+ second loop of Cache Maintenance Operation (CMO) immediately following the
+ end of function to do CMOs. This ensures that the data is correctly serialized
+ before the buffer is handed off to a non-coherent agent.
+
+ If unsure, say Y.
+
config CAVIUM_ERRATUM_22375
bool "Cavium erratum 22375, 24313"
default y
diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
index f0ca7196f6fa..d3d46e5f7188 100644
--- a/arch/arm64/include/asm/assembler.h
+++ b/arch/arm64/include/asm/assembler.h
@@ -381,6 +381,9 @@ alternative_endif
.macro dcache_by_myline_op op, domain, start, end, linesz, tmp, fixup
sub \tmp, \linesz, #1
bic \start, \start, \tmp
+alternative_if ARM64_WORKAROUND_4311569
+ mov \tmp, \start
+alternative_else_nop_endif
.Ldcache_op\@:
.ifc \op, cvau
__dcache_op_workaround_clean_cache \op, \start
@@ -402,6 +405,13 @@ alternative_endif
add \start, \start, \linesz
cmp \start, \end
b.lo .Ldcache_op\@
+alternative_if ARM64_WORKAROUND_4311569
+ .ifnc \op, cvau
+ mov \start, \tmp
+ mov \tmp, xzr
+ cbnz \start, .Ldcache_op\@
+ .endif
+alternative_else_nop_endif
dsb \domain
_cond_uaccess_extable .Ldcache_op\@, \fixup
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 8cb3b575a031..5c0ab6bfd44a 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -141,6 +141,30 @@ has_mismatched_cache_type(const struct arm64_cpu_capabilities *entry,
return (ctr_real != sys) && (ctr_raw != sys);
}
+#ifdef CONFIG_ARM64_ERRATUM_4311569
+static DEFINE_STATIC_KEY_FALSE(arm_si_l1_workaround_4311569);
+static int __init early_arm_si_l1_workaround_4311569_cfg(char *arg)
+{
+ static_branch_enable(&arm_si_l1_workaround_4311569);
+ pr_info("Enabling cache maintenance workaround for ARM SI-L1 erratum 4311569\n");
+
+ return 0;
+}
+early_param("arm_si_l1_workaround_4311569", early_arm_si_l1_workaround_4311569_cfg);
+
+/*
+ * We have some earlier use cases to call cache maintenance operation functions, for example,
+ * dcache_inval_poc() and dcache_clean_poc() in head.S, before making decision to turn on this
+ * workaround. Since the scope of this workaround is limited to non-coherent DMA agents, its
+ * safe to have the workaround off by default.
+ */
+static bool
+need_arm_si_l1_workaround_4311569(const struct arm64_cpu_capabilities *entry, int scope)
+{
+ return static_branch_unlikely(&arm_si_l1_workaround_4311569);
+}
+#endif
+
static void
cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *cap)
{
@@ -870,6 +894,13 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
ERRATA_MIDR_RANGE_LIST(erratum_spec_ssbs_list),
},
#endif
+#ifdef CONFIG_ARM64_ERRATUM_4311569
+ {
+ .capability = ARM64_WORKAROUND_4311569,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
+ .matches = need_arm_si_l1_workaround_4311569,
+ },
+#endif
#ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
{
.desc = "ARM errata 2966298, 3117295",
diff --git a/arch/arm64/mm/cache.S b/arch/arm64/mm/cache.S
index 503567c864fd..ddf0097624ed 100644
--- a/arch/arm64/mm/cache.S
+++ b/arch/arm64/mm/cache.S
@@ -143,9 +143,14 @@ SYM_FUNC_END(dcache_clean_pou)
* - end - kernel end address of region
*/
SYM_FUNC_START(__pi_dcache_inval_poc)
+alternative_if ARM64_WORKAROUND_4311569
+ mov x4, x0
+ mov x5, x1
+ mov x6, #1
+alternative_else_nop_endif
dcache_line_size x2, x3
sub x3, x2, #1
- tst x1, x3 // end cache line aligned?
+again: tst x1, x3 // end cache line aligned?
bic x1, x1, x3
b.eq 1f
dc civac, x1 // clean & invalidate D / U line
@@ -158,6 +163,12 @@ SYM_FUNC_START(__pi_dcache_inval_poc)
3: add x0, x0, x2
cmp x0, x1
b.lo 2b
+alternative_if ARM64_WORKAROUND_4311569
+ mov x0, x4
+ mov x1, x5
+ sub x6, x6, #1
+ cbz x6, again
+alternative_else_nop_endif
dsb sy
ret
SYM_FUNC_END(__pi_dcache_inval_poc)
diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps
index 1b32c1232d28..3b18734f9744 100644
--- a/arch/arm64/tools/cpucaps
+++ b/arch/arm64/tools/cpucaps
@@ -101,6 +101,7 @@ WORKAROUND_2077057
WORKAROUND_2457168
WORKAROUND_2645198
WORKAROUND_2658417
+WORKAROUND_4311569
WORKAROUND_AMPERE_AC03_CPU_38
WORKAROUND_AMPERE_AC04_CPU_23
WORKAROUND_TRBE_OVERWRITE_FILL_MODE
base-commit: edde060637b92607f3522252c03d64ad06369933
--
2.52.0.358.g0dd7633a29-goog
20 hours, 28 minutes
- 1
- 0
[PATCH RESEND v3 4/4] mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather
by David Hildenbrand (Red Hat)
As reported, ever since commit 1013af4f585f ("mm/hugetlb: fix
huge_pmd_unshare() vs GUP-fast race") we can end up in some situations
where we perform so many IPI broadcasts when unsharing hugetlb PMD page
tables that it severely regresses some workloads.
In particular, when we fork()+exit(), or when we munmap() a large
area backed by many shared PMD tables, we perform one IPI broadcast per
unshared PMD table.
There are two optimizations to be had:
(1) When we process (unshare) multiple such PMD tables, such as during
exit(), it is sufficient to send a single IPI broadcast (as long as
we respect locking rules) instead of one per PMD table.
Locking prevents that any of these PMD tables could get reused before
we drop the lock.
(2) When we are not the last sharer (> 2 users including us), there is
no need to send the IPI broadcast. The shared PMD tables cannot
become exclusive (fully unshared) before an IPI will be broadcasted
by the last sharer.
Concurrent GUP-fast could walk into a PMD table just before we
unshared it. It could then succeed in grabbing a page from the
shared page table even after munmap() etc succeeded (and supressed
an IPI). But there is not difference compared to GUP-fast just
sleeping for a while after grabbing the page and re-enabling IRQs.
Most importantly, GUP-fast will never walk into page tables that are
no-longer shared, because the last sharer will issue an IPI
broadcast.
(if ever required, checking whether the PUD changed in GUP-fast
after grabbing the page like we do in the PTE case could handle
this)
So let's rework PMD sharing TLB flushing + IPI sync to use the mmu_gather
infrastructure so we can implement these optimizations and demystify the
code at least a bit. Extend the mmu_gather infrastructure to be able to
deal with our special hugetlb PMD table sharing implementation.
To make initialization of the mmu_gather easier when working on a single
VMA (in particular, when dealing with hugetlb), provide
tlb_gather_mmu_vma().
We'll consolidate the handling for (full) unsharing of PMD tables in
tlb_unshare_pmd_ptdesc() and tlb_flush_unshared_tables(), and track
in "struct mmu_gather" whether we had (full) unsharing of PMD tables.
Because locking is very special (concurrent unsharing+reuse must be
prevented), we disallow deferring flushing to tlb_finish_mmu() and instead
require an explicit earlier call to tlb_flush_unshared_tables().
From hugetlb code, we call huge_pmd_unshare_flush() where we make sure
that the expected lock protecting us from concurrent unsharing+reuse is
still held.
Check with a VM_WARN_ON_ONCE() in tlb_finish_mmu() that
tlb_flush_unshared_tables() was properly called earlier.
Document it all properly.
Notes about tlb_remove_table_sync_one() interaction with unsharing:
There are two fairly tricky things:
(1) tlb_remove_table_sync_one() is a NOP on architectures without
CONFIG_MMU_GATHER_RCU_TABLE_FREE.
Here, the assumption is that the previous TLB flush would send an
IPI to all relevant CPUs. Careful: some architectures like x86 only
send IPIs to all relevant CPUs when tlb->freed_tables is set.
The relevant architectures should be selecting
MMU_GATHER_RCU_TABLE_FREE, but x86 might not do that in stable
kernels and it might have been problematic before this patch.
Also, the arch flushing behavior (independent of IPIs) is different
when tlb->freed_tables is set. Do we have to enlighten them to also
take care of tlb->unshared_tables? So far we didn't care, so
hopefully we are fine. Of course, we could be setting
tlb->freed_tables as well, but that might then unnecessarily flush
too much, because the semantics of tlb->freed_tables are a bit
fuzzy.
This patch changes nothing in this regard.
(2) tlb_remove_table_sync_one() is not a NOP on architectures with
CONFIG_MMU_GATHER_RCU_TABLE_FREE that actually don't need a sync.
Take x86 as an example: in the common case (!pv, !X86_FEATURE_INVLPGB)
we still issue IPIs during TLB flushes and don't actually need the
second tlb_remove_table_sync_one().
This optimized can be implemented on top of this, by checking e.g., in
tlb_remove_table_sync_one() whether we really need IPIs. But as
described in (1), it really must honor tlb->freed_tables then to
send IPIs to all relevant CPUs.
Notes on TLB flushing changes:
(1) Flushing for non-shared PMD tables
We're converting from flush_hugetlb_tlb_range() to
tlb_remove_huge_tlb_entry(). Given that we properly initialize the
MMU gather in tlb_gather_mmu_vma() to be hugetlb aware, similar to
__unmap_hugepage_range(), that should be fine.
(2) Flushing for shared PMD tables
We're converting from various things (flush_hugetlb_tlb_range(),
tlb_flush_pmd_range(), flush_tlb_range()) to tlb_flush_pmd_range().
tlb_flush_pmd_range() achieves the same that
tlb_remove_huge_tlb_entry() would achieve in these scenarios.
Note that tlb_remove_huge_tlb_entry() also calls
__tlb_remove_tlb_entry(), however that is only implemented on
powerpc, which does not support PMD table sharing.
Similar to (1), tlb_gather_mmu_vma() should make sure that TLB
flushing keeps on working as expected.
Further, note that the ptdesc_pmd_pts_dec() in huge_pmd_share() is not a
concern, as we are holding the i_mmap_lock the whole time, preventing
concurrent unsharing. That ptdesc_pmd_pts_dec() usage will be removed
separately as a cleanup later.
There are plenty more cleanups to be had, but they have to wait until
this is fixed.
Fixes: 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race")
Reported-by: Uschakow, Stanislav" <suschako(a)amazon.de>
Closes: https://lore.kernel.org/all/4d3878531c76479d9f8ca9789dc6485d@amazon.de/
Tested-by: Laurence Oberman <loberman(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org>
---
include/asm-generic/tlb.h | 77 +++++++++++++++++++++++-
include/linux/hugetlb.h | 15 +++--
include/linux/mm_types.h | 1 +
mm/hugetlb.c | 123 ++++++++++++++++++++++----------------
mm/mmu_gather.c | 33 ++++++++++
mm/rmap.c | 25 +++++---
6 files changed, 208 insertions(+), 66 deletions(-)
diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h
index 1fff717cae510..4d679d2a206b4 100644
--- a/include/asm-generic/tlb.h
+++ b/include/asm-generic/tlb.h
@@ -46,7 +46,8 @@
*
* The mmu_gather API consists of:
*
- * - tlb_gather_mmu() / tlb_gather_mmu_fullmm() / tlb_finish_mmu()
+ * - tlb_gather_mmu() / tlb_gather_mmu_fullmm() / tlb_gather_mmu_vma() /
+ * tlb_finish_mmu()
*
* start and finish a mmu_gather
*
@@ -364,6 +365,20 @@ struct mmu_gather {
unsigned int vma_huge : 1;
unsigned int vma_pfn : 1;
+ /*
+ * Did we unshare (unmap) any shared page tables? For now only
+ * used for hugetlb PMD table sharing.
+ */
+ unsigned int unshared_tables : 1;
+
+ /*
+ * Did we unshare any page tables such that they are now exclusive
+ * and could get reused+modified by the new owner? When setting this
+ * flag, "unshared_tables" will be set as well. For now only used
+ * for hugetlb PMD table sharing.
+ */
+ unsigned int fully_unshared_tables : 1;
+
unsigned int batch_count;
#ifndef CONFIG_MMU_GATHER_NO_GATHER
@@ -400,6 +415,7 @@ static inline void __tlb_reset_range(struct mmu_gather *tlb)
tlb->cleared_pmds = 0;
tlb->cleared_puds = 0;
tlb->cleared_p4ds = 0;
+ tlb->unshared_tables = 0;
/*
* Do not reset mmu_gather::vma_* fields here, we do not
* call into tlb_start_vma() again to set them if there is an
@@ -484,7 +500,7 @@ static inline void tlb_flush_mmu_tlbonly(struct mmu_gather *tlb)
* these bits.
*/
if (!(tlb->freed_tables || tlb->cleared_ptes || tlb->cleared_pmds ||
- tlb->cleared_puds || tlb->cleared_p4ds))
+ tlb->cleared_puds || tlb->cleared_p4ds || tlb->unshared_tables))
return;
tlb_flush(tlb);
@@ -773,6 +789,63 @@ static inline bool huge_pmd_needs_flush(pmd_t oldpmd, pmd_t newpmd)
}
#endif
+#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING
+static inline void tlb_unshare_pmd_ptdesc(struct mmu_gather *tlb, struct ptdesc *pt,
+ unsigned long addr)
+{
+ /*
+ * The caller must make sure that concurrent unsharing + exclusive
+ * reuse is impossible until tlb_flush_unshared_tables() was called.
+ */
+ VM_WARN_ON_ONCE(!ptdesc_pmd_is_shared(pt));
+ ptdesc_pmd_pts_dec(pt);
+
+ /* Clearing a PUD pointing at a PMD table with PMD leaves. */
+ tlb_flush_pmd_range(tlb, addr & PUD_MASK, PUD_SIZE);
+
+ /*
+ * If the page table is now exclusively owned, we fully unshared
+ * a page table.
+ */
+ if (!ptdesc_pmd_is_shared(pt))
+ tlb->fully_unshared_tables = true;
+ tlb->unshared_tables = true;
+}
+
+static inline void tlb_flush_unshared_tables(struct mmu_gather *tlb)
+{
+ /*
+ * As soon as the caller drops locks to allow for reuse of
+ * previously-shared tables, these tables could get modified and
+ * even reused outside of hugetlb context, so we have to make sure that
+ * any page table walkers (incl. TLB, GUP-fast) are aware of that
+ * change.
+ *
+ * Even if we are not fully unsharing a PMD table, we must
+ * flush the TLB for the unsharer now.
+ */
+ if (tlb->unshared_tables)
+ tlb_flush_mmu_tlbonly(tlb);
+
+ /*
+ * Similarly, we must make sure that concurrent GUP-fast will not
+ * walk previously-shared page tables that are getting modified+reused
+ * elsewhere. So broadcast an IPI to wait for any concurrent GUP-fast.
+ *
+ * We only perform this when we are the last sharer of a page table,
+ * as the IPI will reach all CPUs: any GUP-fast.
+ *
+ * Note that on configs where tlb_remove_table_sync_one() is a NOP,
+ * the expectation is that the tlb_flush_mmu_tlbonly() would have issued
+ * required IPIs already for us.
+ */
+ if (tlb->fully_unshared_tables) {
+ tlb_remove_table_sync_one();
+ tlb->fully_unshared_tables = false;
+ }
+}
+#endif /* CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */
+
#endif /* CONFIG_MMU */
#endif /* _ASM_GENERIC__TLB_H */
diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
index 03c8725efa289..e51b8ef0cebd9 100644
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -240,8 +240,9 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
pte_t *huge_pte_offset(struct mm_struct *mm,
unsigned long addr, unsigned long sz);
unsigned long hugetlb_mask_last_page(struct hstate *h);
-int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep);
+int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep);
+void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma);
void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma,
unsigned long *start, unsigned long *end);
@@ -300,13 +301,17 @@ static inline struct address_space *hugetlb_folio_mapping_lock_write(
return NULL;
}
-static inline int huge_pmd_unshare(struct mm_struct *mm,
- struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep)
+static inline int huge_pmd_unshare(struct mmu_gather *tlb,
+ struct vm_area_struct *vma, unsigned long addr, pte_t *ptep)
{
return 0;
}
+static inline void huge_pmd_unshare_flush(struct mmu_gather *tlb,
+ struct vm_area_struct *vma)
+{
+}
+
static inline void adjust_range_if_pmd_sharing_possible(
struct vm_area_struct *vma,
unsigned long *start, unsigned long *end)
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index 42af2292951d4..d1053b2c1f800 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -1522,6 +1522,7 @@ static inline unsigned int mm_cid_size(void)
struct mmu_gather;
extern void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm);
extern void tlb_gather_mmu_fullmm(struct mmu_gather *tlb, struct mm_struct *mm);
+void tlb_gather_mmu_vma(struct mmu_gather *tlb, struct vm_area_struct *vma);
extern void tlb_finish_mmu(struct mmu_gather *tlb);
struct vm_fault;
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 3c77cdef12a32..2609b6d58f99e 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5096,7 +5096,7 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma,
unsigned long last_addr_mask;
pte_t *src_pte, *dst_pte;
struct mmu_notifier_range range;
- bool shared_pmd = false;
+ struct mmu_gather tlb;
mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, old_addr,
old_end);
@@ -5106,6 +5106,7 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma,
* range.
*/
flush_cache_range(vma, range.start, range.end);
+ tlb_gather_mmu_vma(&tlb, vma);
mmu_notifier_invalidate_range_start(&range);
last_addr_mask = hugetlb_mask_last_page(h);
@@ -5122,8 +5123,7 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma,
if (huge_pte_none(huge_ptep_get(mm, old_addr, src_pte)))
continue;
- if (huge_pmd_unshare(mm, vma, old_addr, src_pte)) {
- shared_pmd = true;
+ if (huge_pmd_unshare(&tlb, vma, old_addr, src_pte)) {
old_addr |= last_addr_mask;
new_addr |= last_addr_mask;
continue;
@@ -5134,15 +5134,16 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma,
break;
move_huge_pte(vma, old_addr, new_addr, src_pte, dst_pte, sz);
+ tlb_remove_huge_tlb_entry(h, &tlb, src_pte, old_addr);
}
- if (shared_pmd)
- flush_hugetlb_tlb_range(vma, range.start, range.end);
- else
- flush_hugetlb_tlb_range(vma, old_end - len, old_end);
+ tlb_flush_mmu_tlbonly(&tlb);
+ huge_pmd_unshare_flush(&tlb, vma);
+
mmu_notifier_invalidate_range_end(&range);
i_mmap_unlock_write(mapping);
hugetlb_vma_unlock_write(vma);
+ tlb_finish_mmu(&tlb);
return len + old_addr - old_end;
}
@@ -5161,7 +5162,6 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
unsigned long sz = huge_page_size(h);
bool adjust_reservation;
unsigned long last_addr_mask;
- bool force_flush = false;
WARN_ON(!is_vm_hugetlb_page(vma));
BUG_ON(start & ~huge_page_mask(h));
@@ -5184,10 +5184,8 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
}
ptl = huge_pte_lock(h, mm, ptep);
- if (huge_pmd_unshare(mm, vma, address, ptep)) {
+ if (huge_pmd_unshare(tlb, vma, address, ptep)) {
spin_unlock(ptl);
- tlb_flush_pmd_range(tlb, address & PUD_MASK, PUD_SIZE);
- force_flush = true;
address |= last_addr_mask;
continue;
}
@@ -5303,14 +5301,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
}
tlb_end_vma(tlb, vma);
- /*
- * There is nothing protecting a previously-shared page table that we
- * unshared through huge_pmd_unshare() from getting freed after we
- * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare()
- * succeeded, flush the range corresponding to the pud.
- */
- if (force_flush)
- tlb_flush_mmu_tlbonly(tlb);
+ huge_pmd_unshare_flush(tlb, vma);
}
void __hugetlb_zap_begin(struct vm_area_struct *vma,
@@ -6409,11 +6400,11 @@ long hugetlb_change_protection(struct vm_area_struct *vma,
pte_t pte;
struct hstate *h = hstate_vma(vma);
long pages = 0, psize = huge_page_size(h);
- bool shared_pmd = false;
struct mmu_notifier_range range;
unsigned long last_addr_mask;
bool uffd_wp = cp_flags & MM_CP_UFFD_WP;
bool uffd_wp_resolve = cp_flags & MM_CP_UFFD_WP_RESOLVE;
+ struct mmu_gather tlb;
/*
* In the case of shared PMDs, the area to flush could be beyond
@@ -6426,6 +6417,7 @@ long hugetlb_change_protection(struct vm_area_struct *vma,
BUG_ON(address >= end);
flush_cache_range(vma, range.start, range.end);
+ tlb_gather_mmu_vma(&tlb, vma);
mmu_notifier_invalidate_range_start(&range);
hugetlb_vma_lock_write(vma);
@@ -6452,7 +6444,7 @@ long hugetlb_change_protection(struct vm_area_struct *vma,
}
}
ptl = huge_pte_lock(h, mm, ptep);
- if (huge_pmd_unshare(mm, vma, address, ptep)) {
+ if (huge_pmd_unshare(&tlb, vma, address, ptep)) {
/*
* When uffd-wp is enabled on the vma, unshare
* shouldn't happen at all. Warn about it if it
@@ -6461,7 +6453,6 @@ long hugetlb_change_protection(struct vm_area_struct *vma,
WARN_ON_ONCE(uffd_wp || uffd_wp_resolve);
pages++;
spin_unlock(ptl);
- shared_pmd = true;
address |= last_addr_mask;
continue;
}
@@ -6522,22 +6513,16 @@ long hugetlb_change_protection(struct vm_area_struct *vma,
pte = huge_pte_clear_uffd_wp(pte);
huge_ptep_modify_prot_commit(vma, address, ptep, old_pte, pte);
pages++;
+ tlb_remove_huge_tlb_entry(h, &tlb, ptep, address);
}
next:
spin_unlock(ptl);
cond_resched();
}
- /*
- * There is nothing protecting a previously-shared page table that we
- * unshared through huge_pmd_unshare() from getting freed after we
- * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare()
- * succeeded, flush the range corresponding to the pud.
- */
- if (shared_pmd)
- flush_hugetlb_tlb_range(vma, range.start, range.end);
- else
- flush_hugetlb_tlb_range(vma, start, end);
+
+ tlb_flush_mmu_tlbonly(&tlb);
+ huge_pmd_unshare_flush(&tlb, vma);
/*
* No need to call mmu_notifier_arch_invalidate_secondary_tlbs() we are
* downgrading page table protection not changing it to point to a new
@@ -6548,6 +6533,7 @@ long hugetlb_change_protection(struct vm_area_struct *vma,
i_mmap_unlock_write(vma->vm_file->f_mapping);
hugetlb_vma_unlock_write(vma);
mmu_notifier_invalidate_range_end(&range);
+ tlb_finish_mmu(&tlb);
return pages > 0 ? (pages << h->order) : pages;
}
@@ -6904,18 +6890,27 @@ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma,
return pte;
}
-/*
- * unmap huge page backed by shared pte.
+/**
+ * huge_pmd_unshare - Unmap a pmd table if it is shared by multiple users
+ * @tlb: the current mmu_gather.
+ * @vma: the vma covering the pmd table.
+ * @addr: the address we are trying to unshare.
+ * @ptep: pointer into the (pmd) page table.
+ *
+ * Called with the page table lock held, the i_mmap_rwsem held in write mode
+ * and the hugetlb vma lock held in write mode.
*
- * Called with page table lock held.
+ * Note: The caller must call huge_pmd_unshare_flush() before dropping the
+ * i_mmap_rwsem.
*
- * returns: 1 successfully unmapped a shared pte page
- * 0 the underlying pte page is not shared, or it is the last user
+ * Returns: 1 if it was a shared PMD table and it got unmapped, or 0 if it
+ * was not a shared PMD table.
*/
-int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep)
+int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep)
{
unsigned long sz = huge_page_size(hstate_vma(vma));
+ struct mm_struct *mm = vma->vm_mm;
pgd_t *pgd = pgd_offset(mm, addr);
p4d_t *p4d = p4d_offset(pgd, addr);
pud_t *pud = pud_offset(p4d, addr);
@@ -6927,18 +6922,36 @@ int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
i_mmap_assert_write_locked(vma->vm_file->f_mapping);
hugetlb_vma_assert_locked(vma);
pud_clear(pud);
- /*
- * Once our caller drops the rmap lock, some other process might be
- * using this page table as a normal, non-hugetlb page table.
- * Wait for pending gup_fast() in other threads to finish before letting
- * that happen.
- */
- tlb_remove_table_sync_one();
- ptdesc_pmd_pts_dec(virt_to_ptdesc(ptep));
+
+ tlb_unshare_pmd_ptdesc(tlb, virt_to_ptdesc(ptep), addr);
+
mm_dec_nr_pmds(mm);
return 1;
}
+/*
+ * huge_pmd_unshare_flush - Complete a sequence of huge_pmd_unshare() calls
+ * @tlb: the current mmu_gather.
+ * @vma: the vma covering the pmd table.
+ *
+ * Perform necessary TLB flushes or IPI broadcasts to synchronize PMD table
+ * unsharing with concurrent page table walkers.
+ *
+ * This function must be called after a sequence of huge_pmd_unshare()
+ * calls while still holding the i_mmap_rwsem.
+ */
+void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma)
+{
+ /*
+ * We must synchronize page table unsharing such that nobody will
+ * try reusing a previously-shared page table while it might still
+ * be in use by previous sharers (TLB, GUP_fast).
+ */
+ i_mmap_assert_write_locked(vma->vm_file->f_mapping);
+
+ tlb_flush_unshared_tables(tlb);
+}
+
#else /* !CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */
pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma,
@@ -6947,12 +6960,16 @@ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma,
return NULL;
}
-int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep)
+int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep)
{
return 0;
}
+void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma)
+{
+}
+
void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma,
unsigned long *start, unsigned long *end)
{
@@ -7219,6 +7236,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma,
unsigned long sz = huge_page_size(h);
struct mm_struct *mm = vma->vm_mm;
struct mmu_notifier_range range;
+ struct mmu_gather tlb;
unsigned long address;
spinlock_t *ptl;
pte_t *ptep;
@@ -7230,6 +7248,8 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma,
return;
flush_cache_range(vma, start, end);
+ tlb_gather_mmu_vma(&tlb, vma);
+
/*
* No need to call adjust_range_if_pmd_sharing_possible(), because
* we have already done the PUD_SIZE alignment.
@@ -7248,10 +7268,10 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma,
if (!ptep)
continue;
ptl = huge_pte_lock(h, mm, ptep);
- huge_pmd_unshare(mm, vma, address, ptep);
+ huge_pmd_unshare(&tlb, vma, address, ptep);
spin_unlock(ptl);
}
- flush_hugetlb_tlb_range(vma, start, end);
+ huge_pmd_unshare_flush(&tlb, vma);
if (take_locks) {
i_mmap_unlock_write(vma->vm_file->f_mapping);
hugetlb_vma_unlock_write(vma);
@@ -7261,6 +7281,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma,
* Documentation/mm/mmu_notifier.rst.
*/
mmu_notifier_invalidate_range_end(&range);
+ tlb_finish_mmu(&tlb);
}
/*
diff --git a/mm/mmu_gather.c b/mm/mmu_gather.c
index 247e3f9db6c7a..cd32c2dbf501b 100644
--- a/mm/mmu_gather.c
+++ b/mm/mmu_gather.c
@@ -10,6 +10,7 @@
#include <linux/swap.h>
#include <linux/rmap.h>
#include <linux/pgalloc.h>
+#include <linux/hugetlb.h>
#include <asm/tlb.h>
@@ -426,6 +427,7 @@ static void __tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm,
#endif
tlb->vma_pfn = 0;
+ tlb->fully_unshared_tables = 0;
__tlb_reset_range(tlb);
inc_tlb_flush_pending(tlb->mm);
}
@@ -459,6 +461,31 @@ void tlb_gather_mmu_fullmm(struct mmu_gather *tlb, struct mm_struct *mm)
__tlb_gather_mmu(tlb, mm, true);
}
+/**
+ * tlb_gather_mmu - initialize an mmu_gather structure for operating on a single
+ * VMA
+ * @tlb: the mmu_gather structure to initialize
+ * @vma: the vm_area_struct
+ *
+ * Called to initialize an (on-stack) mmu_gather structure for operating on
+ * a single VMA. In contrast to tlb_gather_mmu(), calling this function will
+ * not require another call to tlb_start_vma(). In contrast to tlb_start_vma(),
+ * this function will *not* call flush_cache_range().
+ *
+ * For hugetlb VMAs, this function will also initialize the mmu_gather
+ * page_size accordingly, not requiring a separate call to
+ * tlb_change_page_size().
+ *
+ */
+void tlb_gather_mmu_vma(struct mmu_gather *tlb, struct vm_area_struct *vma)
+{
+ tlb_gather_mmu(tlb, vma->vm_mm);
+ tlb_update_vma_flags(tlb, vma);
+ if (is_vm_hugetlb_page(vma))
+ /* All entries have the same size. */
+ tlb_change_page_size(tlb, huge_page_size(hstate_vma(vma)));
+}
+
/**
* tlb_finish_mmu - finish an mmu_gather structure
* @tlb: the mmu_gather structure to finish
@@ -468,6 +495,12 @@ void tlb_gather_mmu_fullmm(struct mmu_gather *tlb, struct mm_struct *mm)
*/
void tlb_finish_mmu(struct mmu_gather *tlb)
{
+ /*
+ * We expect an earlier huge_pmd_unshare_flush() call to sort this out,
+ * due to complicated locking requirements with page table unsharing.
+ */
+ VM_WARN_ON_ONCE(tlb->fully_unshared_tables);
+
/*
* If there are parallel threads are doing PTE changes on same range
* under non-exclusive lock (e.g., mmap_lock read-side) but defer TLB
diff --git a/mm/rmap.c b/mm/rmap.c
index 748f48727a162..7b9879ef442d9 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -76,7 +76,7 @@
#include <linux/mm_inline.h>
#include <linux/oom.h>
-#include <asm/tlbflush.h>
+#include <asm/tlb.h>
#define CREATE_TRACE_POINTS
#include <trace/events/migrate.h>
@@ -2008,13 +2008,17 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma,
* if unsuccessful.
*/
if (!anon) {
+ struct mmu_gather tlb;
+
VM_BUG_ON(!(flags & TTU_RMAP_LOCKED));
if (!hugetlb_vma_trylock_write(vma))
goto walk_abort;
- if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) {
+
+ tlb_gather_mmu_vma(&tlb, vma);
+ if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) {
hugetlb_vma_unlock_write(vma);
- flush_tlb_range(vma,
- range.start, range.end);
+ huge_pmd_unshare_flush(&tlb, vma);
+ tlb_finish_mmu(&tlb);
/*
* The PMD table was unmapped,
* consequently unmapping the folio.
@@ -2022,6 +2026,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma,
goto walk_done;
}
hugetlb_vma_unlock_write(vma);
+ tlb_finish_mmu(&tlb);
}
pteval = huge_ptep_clear_flush(vma, address, pvmw.pte);
if (pte_dirty(pteval))
@@ -2398,17 +2403,20 @@ static bool try_to_migrate_one(struct folio *folio, struct vm_area_struct *vma,
* fail if unsuccessful.
*/
if (!anon) {
+ struct mmu_gather tlb;
+
VM_BUG_ON(!(flags & TTU_RMAP_LOCKED));
if (!hugetlb_vma_trylock_write(vma)) {
page_vma_mapped_walk_done(&pvmw);
ret = false;
break;
}
- if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) {
- hugetlb_vma_unlock_write(vma);
- flush_tlb_range(vma,
- range.start, range.end);
+ tlb_gather_mmu_vma(&tlb, vma);
+ if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) {
+ hugetlb_vma_unlock_write(vma);
+ huge_pmd_unshare_flush(&tlb, vma);
+ tlb_finish_mmu(&tlb);
/*
* The PMD table was unmapped,
* consequently unmapping the folio.
@@ -2417,6 +2425,7 @@ static bool try_to_migrate_one(struct folio *folio, struct vm_area_struct *vma,
break;
}
hugetlb_vma_unlock_write(vma);
+ tlb_finish_mmu(&tlb);
}
/* Nuke the hugetlb page table entry */
pteval = huge_ptep_clear_flush(vma, address, pvmw.pte);
--
2.52.0
21 hours, 34 minutes
- 2
- 2
[PATCH v6.6] net: stmmac: make sure that ptp_rate is not 0 before configuring EST
by Rahul Sharma
From: Alexis Lothoré <alexis.lothore(a)bootlin.com>
If the ptp_rate recorded earlier in the driver happens to be 0, this
bogus value will propagate up to EST configuration, where it will
trigger a division by 0.
Prevent this division by 0 by adding the corresponding check and error
code.
Suggested-by: Maxime Chevallier <maxime.chevallier(a)bootlin.com>
Signed-off-by: Alexis Lothoré <alexis.lothore(a)bootlin.com>
Fixes: 8572aec3d0dc ("net: stmmac: Add basic EST support for XGMAC")
Link: https://patch.msgid.link/20250529-stmmac_tstamp_div-v4-2-d73340a794d5@bootl…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
[ The context change is due to the commit c3f3b97238f6
("net: stmmac: Refactor EST implementation")
which is irrelevant to the logic of this patch. ]
Signed-off-by: Rahul Sharma <black.hawk(a)163.com>
---
drivers/net/ethernet/stmicro/stmmac/dwmac5.c | 5 +++++
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac5.c b/drivers/net/ethernet/stmicro/stmmac/dwmac5.c
index 8fd167501fa0..0afd4644a985 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac5.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac5.c
@@ -597,6 +597,11 @@ int dwmac5_est_configure(void __iomem *ioaddr, struct stmmac_est *cfg,
int i, ret = 0x0;
u32 ctrl;
+ if (!ptp_rate) {
+ pr_warn("Dwmac5: Invalid PTP rate");
+ return -EINVAL;
+ }
+
ret |= dwmac5_est_write(ioaddr, BTR_LOW, cfg->btr[0], false);
ret |= dwmac5_est_write(ioaddr, BTR_HIGH, cfg->btr[1], false);
ret |= dwmac5_est_write(ioaddr, TER, cfg->ter, false);
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c
index 0bcb378fa0bc..aab02328a613 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c
@@ -1537,6 +1537,11 @@ static int dwxgmac3_est_configure(void __iomem *ioaddr, struct stmmac_est *cfg,
int i, ret = 0x0;
u32 ctrl;
+ if (!ptp_rate) {
+ pr_warn("Dwxgmac2: Invalid PTP rate");
+ return -EINVAL;
+ }
+
ret |= dwxgmac3_est_write(ioaddr, XGMAC_BTR_LOW, cfg->btr[0], false);
ret |= dwxgmac3_est_write(ioaddr, XGMAC_BTR_HIGH, cfg->btr[1], false);
ret |= dwxgmac3_est_write(ioaddr, XGMAC_TER, cfg->ter, false);
--
2.34.1
23 hours, 33 minutes
- 1
- 0
[PATCH] iommu/arm-smmu-v3: Maintain valid access attributes for non-coherent SMMU
by Dawei Li
According to SMMUv3 architecture specification, IO-coherent access for
SMMU is supported for:
- Translation table walks.
- Fetches of L1STD, STE, L1CD and CD.
- Command queue, Event queue and PRI queue access.
- GERROR, CMD_SYNC, Event queue and PRI queue MSIs, if supported
In other words, if a SMMU implementation doesn't support IO coherent
access(SMMUIDR0.COHACC==0), all fields above accessed by SMMU is
expected to be non-coherent and S/W is supposed to maintain proper
access attributes to achieve expected behavior.
Unfortunately, for non-coherent SMMU implementation, current codebase
only takes care of translation table walking. Fix it by providing right
attributes(cacheability, shareablility, cache allocation hints, e.g) to
other fields.
Fixes: 4f41845b3407 ("iommu/io-pgtable: Replace IO_PGTABLE_QUIRK_NO_DMA with specific flag")
Fixes: 9e6ea59f3ff3 ("iommu/io-pgtable: Support non-coherent page tables")
Cc: stable(a)vger.kernel.org
Signed-off-by: Dawei Li <dawei.li(a)linux.dev>
---
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 73 +++++++++++++++------
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 +
2 files changed, 54 insertions(+), 20 deletions(-)
diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
index d16d35c78c06..4f00bf53d26c 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
@@ -265,8 +265,14 @@ static int queue_remove_raw(struct arm_smmu_queue *q, u64 *ent)
return 0;
}
+static __always_inline bool smmu_coherent(struct arm_smmu_device *smmu)
+{
+ return !!(smmu->features & ARM_SMMU_FEAT_COHERENCY);
+}
+
/* High-level queue accessors */
-static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
+static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent,
+ struct arm_smmu_device *smmu)
{
memset(cmd, 0, 1 << CMDQ_ENT_SZ_SHIFT);
cmd[0] |= FIELD_PREP(CMDQ_0_OP, ent->opcode);
@@ -358,8 +364,13 @@ static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
} else {
cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_SEV);
}
- cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
- cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
+ if (smmu_coherent(smmu)) {
+ cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
+ cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
+ } else {
+ cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_OSH);
+ cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OINC);
+ }
break;
default:
return -ENOENT;
@@ -405,7 +416,7 @@ static void arm_smmu_cmdq_build_sync_cmd(u64 *cmd, struct arm_smmu_device *smmu,
q->ent_dwords * 8;
}
- arm_smmu_cmdq_build_cmd(cmd, &ent);
+ arm_smmu_cmdq_build_cmd(cmd, &ent, smmu);
if (arm_smmu_cmdq_needs_busy_polling(smmu, cmdq))
u64p_replace_bits(cmd, CMDQ_SYNC_0_CS_NONE, CMDQ_SYNC_0_CS);
}
@@ -461,7 +472,7 @@ void __arm_smmu_cmdq_skip_err(struct arm_smmu_device *smmu,
dev_err(smmu->dev, "\t0x%016llx\n", (unsigned long long)cmd[i]);
/* Convert the erroneous command into a CMD_SYNC */
- arm_smmu_cmdq_build_cmd(cmd, &cmd_sync);
+ arm_smmu_cmdq_build_cmd(cmd, &cmd_sync, smmu);
if (arm_smmu_cmdq_needs_busy_polling(smmu, cmdq))
u64p_replace_bits(cmd, CMDQ_SYNC_0_CS_NONE, CMDQ_SYNC_0_CS);
@@ -913,7 +924,7 @@ static int __arm_smmu_cmdq_issue_cmd(struct arm_smmu_device *smmu,
{
u64 cmd[CMDQ_ENT_DWORDS];
- if (unlikely(arm_smmu_cmdq_build_cmd(cmd, ent))) {
+ if (unlikely(arm_smmu_cmdq_build_cmd(cmd, ent, smmu))) {
dev_warn(smmu->dev, "ignoring unknown CMDQ opcode 0x%x\n",
ent->opcode);
return -EINVAL;
@@ -965,7 +976,7 @@ static void arm_smmu_cmdq_batch_add(struct arm_smmu_device *smmu,
}
index = cmds->num * CMDQ_ENT_DWORDS;
- if (unlikely(arm_smmu_cmdq_build_cmd(&cmds->cmds[index], cmd))) {
+ if (unlikely(arm_smmu_cmdq_build_cmd(&cmds->cmds[index], cmd, smmu))) {
dev_warn(smmu->dev, "ignoring unknown CMDQ opcode 0x%x\n",
cmd->opcode);
return;
@@ -1603,6 +1614,7 @@ void arm_smmu_make_cdtable_ste(struct arm_smmu_ste *target,
{
struct arm_smmu_ctx_desc_cfg *cd_table = &master->cd_table;
struct arm_smmu_device *smmu = master->smmu;
+ u64 val;
memset(target, 0, sizeof(*target));
target->data[0] = cpu_to_le64(
@@ -1612,11 +1624,18 @@ void arm_smmu_make_cdtable_ste(struct arm_smmu_ste *target,
(cd_table->cdtab_dma & STRTAB_STE_0_S1CTXPTR_MASK) |
FIELD_PREP(STRTAB_STE_0_S1CDMAX, cd_table->s1cdmax));
+ if (smmu_coherent(smmu)) {
+ val = FIELD_PREP(STRTAB_STE_1_S1CIR, STRTAB_STE_1_S1C_CACHE_WBRA) |
+ FIELD_PREP(STRTAB_STE_1_S1COR, STRTAB_STE_1_S1C_CACHE_WBRA) |
+ FIELD_PREP(STRTAB_STE_1_S1CSH, ARM_SMMU_SH_ISH);
+ } else {
+ val = FIELD_PREP(STRTAB_STE_1_S1CIR, STRTAB_STE_1_S1C_CACHE_NC) |
+ FIELD_PREP(STRTAB_STE_1_S1COR, STRTAB_STE_1_S1C_CACHE_NC) |
+ FIELD_PREP(STRTAB_STE_1_S1CSH, ARM_SMMU_SH_OSH);
+ }
+
target->data[1] = cpu_to_le64(
- FIELD_PREP(STRTAB_STE_1_S1DSS, s1dss) |
- FIELD_PREP(STRTAB_STE_1_S1CIR, STRTAB_STE_1_S1C_CACHE_WBRA) |
- FIELD_PREP(STRTAB_STE_1_S1COR, STRTAB_STE_1_S1C_CACHE_WBRA) |
- FIELD_PREP(STRTAB_STE_1_S1CSH, ARM_SMMU_SH_ISH) |
+ FIELD_PREP(STRTAB_STE_1_S1DSS, s1dss) | val |
((smmu->features & ARM_SMMU_FEAT_STALLS &&
!master->stall_enabled) ?
STRTAB_STE_1_S1STALLD :
@@ -3746,7 +3765,7 @@ int arm_smmu_init_one_queue(struct arm_smmu_device *smmu,
q->cons_reg = page + cons_off;
q->ent_dwords = dwords;
- q->q_base = Q_BASE_RWA;
+ q->q_base = smmu_coherent(smmu) ? Q_BASE_RWA : 0;
q->q_base |= q->base_dma & Q_BASE_ADDR_MASK;
q->q_base |= FIELD_PREP(Q_BASE_LOG2SIZE, q->llq.max_n_shift);
@@ -4093,6 +4112,7 @@ static void arm_smmu_write_strtab(struct arm_smmu_device *smmu)
struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
dma_addr_t dma;
u32 reg;
+ u64 val;
if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
reg = FIELD_PREP(STRTAB_BASE_CFG_FMT,
@@ -4107,8 +4127,12 @@ static void arm_smmu_write_strtab(struct arm_smmu_device *smmu)
FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, smmu->sid_bits);
dma = cfg->linear.ste_dma;
}
- writeq_relaxed((dma & STRTAB_BASE_ADDR_MASK) | STRTAB_BASE_RA,
- smmu->base + ARM_SMMU_STRTAB_BASE);
+
+ val = dma & STRTAB_BASE_ADDR_MASK;
+ if (smmu_coherent(smmu))
+ val |= STRTAB_BASE_RA;
+
+ writeq_relaxed(val, smmu->base + ARM_SMMU_STRTAB_BASE);
writel_relaxed(reg, smmu->base + ARM_SMMU_STRTAB_BASE_CFG);
}
@@ -4130,12 +4154,21 @@ static int arm_smmu_device_reset(struct arm_smmu_device *smmu)
return ret;
/* CR1 (table and queue memory attributes) */
- reg = FIELD_PREP(CR1_TABLE_SH, ARM_SMMU_SH_ISH) |
- FIELD_PREP(CR1_TABLE_OC, CR1_CACHE_WB) |
- FIELD_PREP(CR1_TABLE_IC, CR1_CACHE_WB) |
- FIELD_PREP(CR1_QUEUE_SH, ARM_SMMU_SH_ISH) |
- FIELD_PREP(CR1_QUEUE_OC, CR1_CACHE_WB) |
- FIELD_PREP(CR1_QUEUE_IC, CR1_CACHE_WB);
+ if (smmu_coherent(smmu)) {
+ reg = FIELD_PREP(CR1_TABLE_SH, ARM_SMMU_SH_ISH) |
+ FIELD_PREP(CR1_TABLE_OC, CR1_CACHE_WB) |
+ FIELD_PREP(CR1_TABLE_IC, CR1_CACHE_WB) |
+ FIELD_PREP(CR1_QUEUE_SH, ARM_SMMU_SH_ISH) |
+ FIELD_PREP(CR1_QUEUE_OC, CR1_CACHE_WB) |
+ FIELD_PREP(CR1_QUEUE_IC, CR1_CACHE_WB);
+ } else {
+ reg = FIELD_PREP(CR1_TABLE_SH, ARM_SMMU_SH_OSH) |
+ FIELD_PREP(CR1_TABLE_OC, CR1_CACHE_NC) |
+ FIELD_PREP(CR1_TABLE_IC, CR1_CACHE_NC) |
+ FIELD_PREP(CR1_QUEUE_SH, ARM_SMMU_SH_OSH) |
+ FIELD_PREP(CR1_QUEUE_OC, CR1_CACHE_NC) |
+ FIELD_PREP(CR1_QUEUE_IC, CR1_CACHE_NC);
+ }
writel_relaxed(reg, smmu->base + ARM_SMMU_CR1);
/* CR2 (random crap) */
diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
index ae23aacc3840..7a5f76e165dc 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
@@ -183,6 +183,7 @@ struct arm_vsmmu;
#define ARM_SMMU_SH_ISH 3
#define ARM_SMMU_MEMATTR_DEVICE_nGnRE 0x1
#define ARM_SMMU_MEMATTR_OIWB 0xf
+#define ARM_SMMU_MEMATTR_OINC 0x5
#define Q_IDX(llq, p) ((p) & ((1 << (llq)->max_n_shift) - 1))
#define Q_WRP(llq, p) ((p) & (1 << (llq)->max_n_shift))
--
2.25.1
23 hours, 40 minutes
- 1
- 0
+ mm-add-missing-static-initializer-for-init_mm-mm_cidlock.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm: add missing static initializer for init_mm::mm_cid.lock
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-add-missing-static-initializer-for-init_mm-mm_cidlock.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Subject: mm: add missing static initializer for init_mm::mm_cid.lock
Date: Wed, 24 Dec 2025 12:33:56 -0500
Initialize the mm_cid.lock struct member of init_mm.
Link: https://lkml.kernel.org/r/20251224173358.647691-2-mathieu.desnoyers@efficio…
Fixes: 8cea569ca785 ("sched/mmcid: Use proper data structures")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Aboorva Devarajan <aboorvad(a)linux.ibm.com>
Cc: Al Viro <viro(a)zeniv.linux.org.uk>
Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com>
Cc: Christan K��nig <christian.koenig(a)amd.com>
Cc: Christian Brauner <brauner(a)kernel.org>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Dennis Zhou <dennis(a)kernel.org>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: "Liam R . Howlett" <liam.howlett(a)oracle.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Cc: Mark Brown <broonie(a)kernel.org>
Cc: Martin Liu <liumartin(a)google.com>
Cc: Masami Hiramatsu <mhiramat(a)kernel.org>
Cc: Mateusz Guzik <mjguzik(a)gmail.com>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: Miaohe Lin <linmiaohe(a)huawei.com>
Cc: Michal Hocko <mhocko(a)suse.com>
Cc: Mike Rapoport <rppt(a)kernel.org>
Cc: "Paul E. McKenney" <paulmck(a)kernel.org>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: SeongJae Park <sj(a)kernel.org>
Cc: Shakeel Butt <shakeel.butt(a)linux.dev>
Cc: Steven Rostedt <rostedt(a)goodmis.org>
Cc: Suren Baghdasaryan <surenb(a)google.com>
Cc: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me>
Cc: Tejun Heo <tj(a)kernel.org>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: Wei Yang <richard.weiyang(a)gmail.com>
Cc: Yu Zhao <yuzhao(a)google.com>
Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/init-mm.c | 3 +++
1 file changed, 3 insertions(+)
--- a/mm/init-mm.c~mm-add-missing-static-initializer-for-init_mm-mm_cidlock
+++ a/mm/init-mm.c
@@ -44,6 +44,9 @@ struct mm_struct init_mm = {
.mm_lock_seq = SEQCNT_ZERO(init_mm.mm_lock_seq),
#endif
.user_ns = &init_user_ns,
+#ifdef CONFIG_SCHED_MM_CID
+ .mm_cid.lock = __RAW_SPIN_LOCK_UNLOCKED(init_mm.mm_cid.lock),
+#endif
.cpu_bitmap = CPU_BITS_NONE,
INIT_MM_CONTEXT(init_mm)
};
_
Patches currently in -mm which might be from mathieu.desnoyers(a)efficios.com are
mm-add-missing-static-initializer-for-init_mm-mm_cidlock.patch
mm-rename-cpu_bitmap-field-to-flexible_array.patch
mm-take-into-account-mm_cid-size-for-mm_struct-static-definitions.patch
tsacct-skip-all-kernel-threads.patch
lib-introduce-hierarchical-per-cpu-counters.patch
mm-fix-oom-killer-inaccuracy-on-large-many-core-systems.patch
mm-implement-precise-oom-killer-task-selection.patch
1 day
- 1
- 0
+ mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather.patch added to mm-unstable branch
by Andrew Morton
The patch titled
Subject: mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather
has been added to the -mm mm-unstable branch. Its filename is
mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: "David Hildenbrand (Red Hat)" <david(a)kernel.org>
Subject: mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather
Date: Tue, 23 Dec 2025 22:40:37 +0100
As reported, ever since commit 1013af4f585f ("mm/hugetlb: fix
huge_pmd_unshare() vs GUP-fast race") we can end up in some situations
where we perform so many IPI broadcasts when unsharing hugetlb PMD page
tables that it severely regresses some workloads.
In particular, when we fork()+exit(), or when we munmap() a large
area backed by many shared PMD tables, we perform one IPI broadcast per
unshared PMD table.
There are two optimizations to be had:
(1) When we process (unshare) multiple such PMD tables, such as during
exit(), it is sufficient to send a single IPI broadcast (as long as
we respect locking rules) instead of one per PMD table.
Locking prevents that any of these PMD tables could get reused before
we drop the lock.
(2) When we are not the last sharer (> 2 users including us), there is
no need to send the IPI broadcast. The shared PMD tables cannot
become exclusive (fully unshared) before an IPI will be broadcasted
by the last sharer.
Concurrent GUP-fast could walk into a PMD table just before we
unshared it. It could then succeed in grabbing a page from the
shared page table even after munmap() etc succeeded (and supressed
an IPI). But there is not difference compared to GUP-fast just
sleeping for a while after grabbing the page and re-enabling IRQs.
Most importantly, GUP-fast will never walk into page tables that are
no-longer shared, because the last sharer will issue an IPI
broadcast.
(if ever required, checking whether the PUD changed in GUP-fast
after grabbing the page like we do in the PTE case could handle
this)
So let's rework PMD sharing TLB flushing + IPI sync to use the mmu_gather
infrastructure so we can implement these optimizations and demystify the
code at least a bit. Extend the mmu_gather infrastructure to be able to
deal with our special hugetlb PMD table sharing implementation.
To make initialization of the mmu_gather easier when working on a single
VMA (in particular, when dealing with hugetlb), provide
tlb_gather_mmu_vma().
We'll consolidate the handling for (full) unsharing of PMD tables in
tlb_unshare_pmd_ptdesc() and tlb_flush_unshared_tables(), and track
in "struct mmu_gather" whether we had (full) unsharing of PMD tables.
Because locking is very special (concurrent unsharing+reuse must be
prevented), we disallow deferring flushing to tlb_finish_mmu() and instead
require an explicit earlier call to tlb_flush_unshared_tables().
>From hugetlb code, we call huge_pmd_unshare_flush() where we make sure
that the expected lock protecting us from concurrent unsharing+reuse is
still held.
Check with a VM_WARN_ON_ONCE() in tlb_finish_mmu() that
tlb_flush_unshared_tables() was properly called earlier.
Document it all properly.
Notes about tlb_remove_table_sync_one() interaction with unsharing:
There are two fairly tricky things:
(1) tlb_remove_table_sync_one() is a NOP on architectures without
CONFIG_MMU_GATHER_RCU_TABLE_FREE.
Here, the assumption is that the previous TLB flush would send an
IPI to all relevant CPUs. Careful: some architectures like x86 only
send IPIs to all relevant CPUs when tlb->freed_tables is set.
The relevant architectures should be selecting
MMU_GATHER_RCU_TABLE_FREE, but x86 might not do that in stable
kernels and it might have been problematic before this patch.
Also, the arch flushing behavior (independent of IPIs) is different
when tlb->freed_tables is set. Do we have to enlighten them to also
take care of tlb->unshared_tables? So far we didn't care, so
hopefully we are fine. Of course, we could be setting
tlb->freed_tables as well, but that might then unnecessarily flush
too much, because the semantics of tlb->freed_tables are a bit
fuzzy.
This patch changes nothing in this regard.
(2) tlb_remove_table_sync_one() is not a NOP on architectures with
CONFIG_MMU_GATHER_RCU_TABLE_FREE that actually don't need a sync.
Take x86 as an example: in the common case (!pv, !X86_FEATURE_INVLPGB)
we still issue IPIs during TLB flushes and don't actually need the
second tlb_remove_table_sync_one().
This optimized can be implemented on top of this, by checking e.g., in
tlb_remove_table_sync_one() whether we really need IPIs. But as
described in (1), it really must honor tlb->freed_tables then to
send IPIs to all relevant CPUs.
Notes on TLB flushing changes:
(1) Flushing for non-shared PMD tables
We're converting from flush_hugetlb_tlb_range() to
tlb_remove_huge_tlb_entry(). Given that we properly initialize the
MMU gather in tlb_gather_mmu_vma() to be hugetlb aware, similar to
__unmap_hugepage_range(), that should be fine.
(2) Flushing for shared PMD tables
We're converting from various things (flush_hugetlb_tlb_range(),
tlb_flush_pmd_range(), flush_tlb_range()) to tlb_flush_pmd_range().
tlb_flush_pmd_range() achieves the same that
tlb_remove_huge_tlb_entry() would achieve in these scenarios.
Note that tlb_remove_huge_tlb_entry() also calls
__tlb_remove_tlb_entry(), however that is only implemented on
powerpc, which does not support PMD table sharing.
Similar to (1), tlb_gather_mmu_vma() should make sure that TLB
flushing keeps on working as expected.
Further, note that the ptdesc_pmd_pts_dec() in huge_pmd_share() is not a
concern, as we are holding the i_mmap_lock the whole time, preventing
concurrent unsharing. That ptdesc_pmd_pts_dec() usage will be removed
separately as a cleanup later.
There are plenty more cleanups to be had, but they have to wait until
this is fixed.
Link: https://lkml.kernel.org/r/20251223214037.580860-5-david@kernel.org
Fixes: 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race")
Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org>
Reported-by: Uschakow, Stanislav" <suschako(a)amazon.de>
Closes: https://lore.kernel.org/all/4d3878531c76479d9f8ca9789dc6485d@amazon.de/
Tested-by: Laurence Oberman <loberman(a)redhat.com>
Cc: Harry Yoo <harry.yoo(a)oracle.com>
Cc: Lance Yang <lance.yang(a)linux.dev>
Cc: Liu Shixin <liushixin2(a)huawei.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Rik van Riel <riel(a)surriel.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/asm-generic/tlb.h | 77 +++++++++++++++++++++-
include/linux/hugetlb.h | 15 ++--
include/linux/mm_types.h | 1
mm/hugetlb.c | 123 +++++++++++++++++++++---------------
mm/mmu_gather.c | 33 +++++++++
mm/rmap.c | 25 ++++---
6 files changed, 208 insertions(+), 66 deletions(-)
--- a/include/asm-generic/tlb.h~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather
+++ a/include/asm-generic/tlb.h
@@ -46,7 +46,8 @@
*
* The mmu_gather API consists of:
*
- * - tlb_gather_mmu() / tlb_gather_mmu_fullmm() / tlb_finish_mmu()
+ * - tlb_gather_mmu() / tlb_gather_mmu_fullmm() / tlb_gather_mmu_vma() /
+ * tlb_finish_mmu()
*
* start and finish a mmu_gather
*
@@ -364,6 +365,20 @@ struct mmu_gather {
unsigned int vma_huge : 1;
unsigned int vma_pfn : 1;
+ /*
+ * Did we unshare (unmap) any shared page tables? For now only
+ * used for hugetlb PMD table sharing.
+ */
+ unsigned int unshared_tables : 1;
+
+ /*
+ * Did we unshare any page tables such that they are now exclusive
+ * and could get reused+modified by the new owner? When setting this
+ * flag, "unshared_tables" will be set as well. For now only used
+ * for hugetlb PMD table sharing.
+ */
+ unsigned int fully_unshared_tables : 1;
+
unsigned int batch_count;
#ifndef CONFIG_MMU_GATHER_NO_GATHER
@@ -400,6 +415,7 @@ static inline void __tlb_reset_range(str
tlb->cleared_pmds = 0;
tlb->cleared_puds = 0;
tlb->cleared_p4ds = 0;
+ tlb->unshared_tables = 0;
/*
* Do not reset mmu_gather::vma_* fields here, we do not
* call into tlb_start_vma() again to set them if there is an
@@ -484,7 +500,7 @@ static inline void tlb_flush_mmu_tlbonly
* these bits.
*/
if (!(tlb->freed_tables || tlb->cleared_ptes || tlb->cleared_pmds ||
- tlb->cleared_puds || tlb->cleared_p4ds))
+ tlb->cleared_puds || tlb->cleared_p4ds || tlb->unshared_tables))
return;
tlb_flush(tlb);
@@ -773,6 +789,63 @@ static inline bool huge_pmd_needs_flush(
}
#endif
+#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING
+static inline void tlb_unshare_pmd_ptdesc(struct mmu_gather *tlb, struct ptdesc *pt,
+ unsigned long addr)
+{
+ /*
+ * The caller must make sure that concurrent unsharing + exclusive
+ * reuse is impossible until tlb_flush_unshared_tables() was called.
+ */
+ VM_WARN_ON_ONCE(!ptdesc_pmd_is_shared(pt));
+ ptdesc_pmd_pts_dec(pt);
+
+ /* Clearing a PUD pointing at a PMD table with PMD leaves. */
+ tlb_flush_pmd_range(tlb, addr & PUD_MASK, PUD_SIZE);
+
+ /*
+ * If the page table is now exclusively owned, we fully unshared
+ * a page table.
+ */
+ if (!ptdesc_pmd_is_shared(pt))
+ tlb->fully_unshared_tables = true;
+ tlb->unshared_tables = true;
+}
+
+static inline void tlb_flush_unshared_tables(struct mmu_gather *tlb)
+{
+ /*
+ * As soon as the caller drops locks to allow for reuse of
+ * previously-shared tables, these tables could get modified and
+ * even reused outside of hugetlb context, so we have to make sure that
+ * any page table walkers (incl. TLB, GUP-fast) are aware of that
+ * change.
+ *
+ * Even if we are not fully unsharing a PMD table, we must
+ * flush the TLB for the unsharer now.
+ */
+ if (tlb->unshared_tables)
+ tlb_flush_mmu_tlbonly(tlb);
+
+ /*
+ * Similarly, we must make sure that concurrent GUP-fast will not
+ * walk previously-shared page tables that are getting modified+reused
+ * elsewhere. So broadcast an IPI to wait for any concurrent GUP-fast.
+ *
+ * We only perform this when we are the last sharer of a page table,
+ * as the IPI will reach all CPUs: any GUP-fast.
+ *
+ * Note that on configs where tlb_remove_table_sync_one() is a NOP,
+ * the expectation is that the tlb_flush_mmu_tlbonly() would have issued
+ * required IPIs already for us.
+ */
+ if (tlb->fully_unshared_tables) {
+ tlb_remove_table_sync_one();
+ tlb->fully_unshared_tables = false;
+ }
+}
+#endif /* CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */
+
#endif /* CONFIG_MMU */
#endif /* _ASM_GENERIC__TLB_H */
--- a/include/linux/hugetlb.h~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather
+++ a/include/linux/hugetlb.h
@@ -240,8 +240,9 @@ pte_t *huge_pte_alloc(struct mm_struct *
pte_t *huge_pte_offset(struct mm_struct *mm,
unsigned long addr, unsigned long sz);
unsigned long hugetlb_mask_last_page(struct hstate *h);
-int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep);
+int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep);
+void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma);
void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma,
unsigned long *start, unsigned long *end);
@@ -300,13 +301,17 @@ static inline struct address_space *huge
return NULL;
}
-static inline int huge_pmd_unshare(struct mm_struct *mm,
- struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep)
+static inline int huge_pmd_unshare(struct mmu_gather *tlb,
+ struct vm_area_struct *vma, unsigned long addr, pte_t *ptep)
{
return 0;
}
+static inline void huge_pmd_unshare_flush(struct mmu_gather *tlb,
+ struct vm_area_struct *vma)
+{
+}
+
static inline void adjust_range_if_pmd_sharing_possible(
struct vm_area_struct *vma,
unsigned long *start, unsigned long *end)
--- a/include/linux/mm_types.h~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather
+++ a/include/linux/mm_types.h
@@ -1530,6 +1530,7 @@ static inline unsigned int mm_cid_size(v
struct mmu_gather;
extern void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm);
extern void tlb_gather_mmu_fullmm(struct mmu_gather *tlb, struct mm_struct *mm);
+void tlb_gather_mmu_vma(struct mmu_gather *tlb, struct vm_area_struct *vma);
extern void tlb_finish_mmu(struct mmu_gather *tlb);
struct vm_fault;
--- a/mm/hugetlb.c~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather
+++ a/mm/hugetlb.c
@@ -5112,7 +5112,7 @@ int move_hugetlb_page_tables(struct vm_a
unsigned long last_addr_mask;
pte_t *src_pte, *dst_pte;
struct mmu_notifier_range range;
- bool shared_pmd = false;
+ struct mmu_gather tlb;
mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, old_addr,
old_end);
@@ -5122,6 +5122,7 @@ int move_hugetlb_page_tables(struct vm_a
* range.
*/
flush_cache_range(vma, range.start, range.end);
+ tlb_gather_mmu_vma(&tlb, vma);
mmu_notifier_invalidate_range_start(&range);
last_addr_mask = hugetlb_mask_last_page(h);
@@ -5138,8 +5139,7 @@ int move_hugetlb_page_tables(struct vm_a
if (huge_pte_none(huge_ptep_get(mm, old_addr, src_pte)))
continue;
- if (huge_pmd_unshare(mm, vma, old_addr, src_pte)) {
- shared_pmd = true;
+ if (huge_pmd_unshare(&tlb, vma, old_addr, src_pte)) {
old_addr |= last_addr_mask;
new_addr |= last_addr_mask;
continue;
@@ -5150,15 +5150,16 @@ int move_hugetlb_page_tables(struct vm_a
break;
move_huge_pte(vma, old_addr, new_addr, src_pte, dst_pte, sz);
+ tlb_remove_huge_tlb_entry(h, &tlb, src_pte, old_addr);
}
- if (shared_pmd)
- flush_hugetlb_tlb_range(vma, range.start, range.end);
- else
- flush_hugetlb_tlb_range(vma, old_end - len, old_end);
+ tlb_flush_mmu_tlbonly(&tlb);
+ huge_pmd_unshare_flush(&tlb, vma);
+
mmu_notifier_invalidate_range_end(&range);
i_mmap_unlock_write(mapping);
hugetlb_vma_unlock_write(vma);
+ tlb_finish_mmu(&tlb);
return len + old_addr - old_end;
}
@@ -5177,7 +5178,6 @@ void __unmap_hugepage_range(struct mmu_g
unsigned long sz = huge_page_size(h);
bool adjust_reservation;
unsigned long last_addr_mask;
- bool force_flush = false;
WARN_ON(!is_vm_hugetlb_page(vma));
BUG_ON(start & ~huge_page_mask(h));
@@ -5200,10 +5200,8 @@ void __unmap_hugepage_range(struct mmu_g
}
ptl = huge_pte_lock(h, mm, ptep);
- if (huge_pmd_unshare(mm, vma, address, ptep)) {
+ if (huge_pmd_unshare(tlb, vma, address, ptep)) {
spin_unlock(ptl);
- tlb_flush_pmd_range(tlb, address & PUD_MASK, PUD_SIZE);
- force_flush = true;
address |= last_addr_mask;
continue;
}
@@ -5319,14 +5317,7 @@ void __unmap_hugepage_range(struct mmu_g
}
tlb_end_vma(tlb, vma);
- /*
- * There is nothing protecting a previously-shared page table that we
- * unshared through huge_pmd_unshare() from getting freed after we
- * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare()
- * succeeded, flush the range corresponding to the pud.
- */
- if (force_flush)
- tlb_flush_mmu_tlbonly(tlb);
+ huge_pmd_unshare_flush(tlb, vma);
}
void __hugetlb_zap_begin(struct vm_area_struct *vma,
@@ -6425,11 +6416,11 @@ long hugetlb_change_protection(struct vm
pte_t pte;
struct hstate *h = hstate_vma(vma);
long pages = 0, psize = huge_page_size(h);
- bool shared_pmd = false;
struct mmu_notifier_range range;
unsigned long last_addr_mask;
bool uffd_wp = cp_flags & MM_CP_UFFD_WP;
bool uffd_wp_resolve = cp_flags & MM_CP_UFFD_WP_RESOLVE;
+ struct mmu_gather tlb;
/*
* In the case of shared PMDs, the area to flush could be beyond
@@ -6442,6 +6433,7 @@ long hugetlb_change_protection(struct vm
BUG_ON(address >= end);
flush_cache_range(vma, range.start, range.end);
+ tlb_gather_mmu_vma(&tlb, vma);
mmu_notifier_invalidate_range_start(&range);
hugetlb_vma_lock_write(vma);
@@ -6468,7 +6460,7 @@ long hugetlb_change_protection(struct vm
}
}
ptl = huge_pte_lock(h, mm, ptep);
- if (huge_pmd_unshare(mm, vma, address, ptep)) {
+ if (huge_pmd_unshare(&tlb, vma, address, ptep)) {
/*
* When uffd-wp is enabled on the vma, unshare
* shouldn't happen at all. Warn about it if it
@@ -6477,7 +6469,6 @@ long hugetlb_change_protection(struct vm
WARN_ON_ONCE(uffd_wp || uffd_wp_resolve);
pages++;
spin_unlock(ptl);
- shared_pmd = true;
address |= last_addr_mask;
continue;
}
@@ -6538,22 +6529,16 @@ long hugetlb_change_protection(struct vm
pte = huge_pte_clear_uffd_wp(pte);
huge_ptep_modify_prot_commit(vma, address, ptep, old_pte, pte);
pages++;
+ tlb_remove_huge_tlb_entry(h, &tlb, ptep, address);
}
next:
spin_unlock(ptl);
cond_resched();
}
- /*
- * There is nothing protecting a previously-shared page table that we
- * unshared through huge_pmd_unshare() from getting freed after we
- * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare()
- * succeeded, flush the range corresponding to the pud.
- */
- if (shared_pmd)
- flush_hugetlb_tlb_range(vma, range.start, range.end);
- else
- flush_hugetlb_tlb_range(vma, start, end);
+
+ tlb_flush_mmu_tlbonly(&tlb);
+ huge_pmd_unshare_flush(&tlb, vma);
/*
* No need to call mmu_notifier_arch_invalidate_secondary_tlbs() we are
* downgrading page table protection not changing it to point to a new
@@ -6564,6 +6549,7 @@ next:
i_mmap_unlock_write(vma->vm_file->f_mapping);
hugetlb_vma_unlock_write(vma);
mmu_notifier_invalidate_range_end(&range);
+ tlb_finish_mmu(&tlb);
return pages > 0 ? (pages << h->order) : pages;
}
@@ -6920,18 +6906,27 @@ out:
return pte;
}
-/*
- * unmap huge page backed by shared pte.
+/**
+ * huge_pmd_unshare - Unmap a pmd table if it is shared by multiple users
+ * @tlb: the current mmu_gather.
+ * @vma: the vma covering the pmd table.
+ * @addr: the address we are trying to unshare.
+ * @ptep: pointer into the (pmd) page table.
+ *
+ * Called with the page table lock held, the i_mmap_rwsem held in write mode
+ * and the hugetlb vma lock held in write mode.
*
- * Called with page table lock held.
+ * Note: The caller must call huge_pmd_unshare_flush() before dropping the
+ * i_mmap_rwsem.
*
- * returns: 1 successfully unmapped a shared pte page
- * 0 the underlying pte page is not shared, or it is the last user
+ * Returns: 1 if it was a shared PMD table and it got unmapped, or 0 if it
+ * was not a shared PMD table.
*/
-int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep)
+int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep)
{
unsigned long sz = huge_page_size(hstate_vma(vma));
+ struct mm_struct *mm = vma->vm_mm;
pgd_t *pgd = pgd_offset(mm, addr);
p4d_t *p4d = p4d_offset(pgd, addr);
pud_t *pud = pud_offset(p4d, addr);
@@ -6943,18 +6938,36 @@ int huge_pmd_unshare(struct mm_struct *m
i_mmap_assert_write_locked(vma->vm_file->f_mapping);
hugetlb_vma_assert_locked(vma);
pud_clear(pud);
- /*
- * Once our caller drops the rmap lock, some other process might be
- * using this page table as a normal, non-hugetlb page table.
- * Wait for pending gup_fast() in other threads to finish before letting
- * that happen.
- */
- tlb_remove_table_sync_one();
- ptdesc_pmd_pts_dec(virt_to_ptdesc(ptep));
+
+ tlb_unshare_pmd_ptdesc(tlb, virt_to_ptdesc(ptep), addr);
+
mm_dec_nr_pmds(mm);
return 1;
}
+/*
+ * huge_pmd_unshare_flush - Complete a sequence of huge_pmd_unshare() calls
+ * @tlb: the current mmu_gather.
+ * @vma: the vma covering the pmd table.
+ *
+ * Perform necessary TLB flushes or IPI broadcasts to synchronize PMD table
+ * unsharing with concurrent page table walkers.
+ *
+ * This function must be called after a sequence of huge_pmd_unshare()
+ * calls while still holding the i_mmap_rwsem.
+ */
+void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma)
+{
+ /*
+ * We must synchronize page table unsharing such that nobody will
+ * try reusing a previously-shared page table while it might still
+ * be in use by previous sharers (TLB, GUP_fast).
+ */
+ i_mmap_assert_write_locked(vma->vm_file->f_mapping);
+
+ tlb_flush_unshared_tables(tlb);
+}
+
#else /* !CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */
pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma,
@@ -6963,12 +6976,16 @@ pte_t *huge_pmd_share(struct mm_struct *
return NULL;
}
-int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep)
+int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep)
{
return 0;
}
+void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma)
+{
+}
+
void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma,
unsigned long *start, unsigned long *end)
{
@@ -7235,6 +7252,7 @@ static void hugetlb_unshare_pmds(struct
unsigned long sz = huge_page_size(h);
struct mm_struct *mm = vma->vm_mm;
struct mmu_notifier_range range;
+ struct mmu_gather tlb;
unsigned long address;
spinlock_t *ptl;
pte_t *ptep;
@@ -7246,6 +7264,8 @@ static void hugetlb_unshare_pmds(struct
return;
flush_cache_range(vma, start, end);
+ tlb_gather_mmu_vma(&tlb, vma);
+
/*
* No need to call adjust_range_if_pmd_sharing_possible(), because
* we have already done the PUD_SIZE alignment.
@@ -7264,10 +7284,10 @@ static void hugetlb_unshare_pmds(struct
if (!ptep)
continue;
ptl = huge_pte_lock(h, mm, ptep);
- huge_pmd_unshare(mm, vma, address, ptep);
+ huge_pmd_unshare(&tlb, vma, address, ptep);
spin_unlock(ptl);
}
- flush_hugetlb_tlb_range(vma, start, end);
+ huge_pmd_unshare_flush(&tlb, vma);
if (take_locks) {
i_mmap_unlock_write(vma->vm_file->f_mapping);
hugetlb_vma_unlock_write(vma);
@@ -7277,6 +7297,7 @@ static void hugetlb_unshare_pmds(struct
* Documentation/mm/mmu_notifier.rst.
*/
mmu_notifier_invalidate_range_end(&range);
+ tlb_finish_mmu(&tlb);
}
/*
--- a/mm/mmu_gather.c~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather
+++ a/mm/mmu_gather.c
@@ -10,6 +10,7 @@
#include <linux/swap.h>
#include <linux/rmap.h>
#include <linux/pgalloc.h>
+#include <linux/hugetlb.h>
#include <asm/tlb.h>
@@ -426,6 +427,7 @@ static void __tlb_gather_mmu(struct mmu_
#endif
tlb->vma_pfn = 0;
+ tlb->fully_unshared_tables = 0;
__tlb_reset_range(tlb);
inc_tlb_flush_pending(tlb->mm);
}
@@ -460,6 +462,31 @@ void tlb_gather_mmu_fullmm(struct mmu_ga
}
/**
+ * tlb_gather_mmu - initialize an mmu_gather structure for operating on a single
+ * VMA
+ * @tlb: the mmu_gather structure to initialize
+ * @vma: the vm_area_struct
+ *
+ * Called to initialize an (on-stack) mmu_gather structure for operating on
+ * a single VMA. In contrast to tlb_gather_mmu(), calling this function will
+ * not require another call to tlb_start_vma(). In contrast to tlb_start_vma(),
+ * this function will *not* call flush_cache_range().
+ *
+ * For hugetlb VMAs, this function will also initialize the mmu_gather
+ * page_size accordingly, not requiring a separate call to
+ * tlb_change_page_size().
+ *
+ */
+void tlb_gather_mmu_vma(struct mmu_gather *tlb, struct vm_area_struct *vma)
+{
+ tlb_gather_mmu(tlb, vma->vm_mm);
+ tlb_update_vma_flags(tlb, vma);
+ if (is_vm_hugetlb_page(vma))
+ /* All entries have the same size. */
+ tlb_change_page_size(tlb, huge_page_size(hstate_vma(vma)));
+}
+
+/**
* tlb_finish_mmu - finish an mmu_gather structure
* @tlb: the mmu_gather structure to finish
*
@@ -469,6 +496,12 @@ void tlb_gather_mmu_fullmm(struct mmu_ga
void tlb_finish_mmu(struct mmu_gather *tlb)
{
/*
+ * We expect an earlier huge_pmd_unshare_flush() call to sort this out,
+ * due to complicated locking requirements with page table unsharing.
+ */
+ VM_WARN_ON_ONCE(tlb->fully_unshared_tables);
+
+ /*
* If there are parallel threads are doing PTE changes on same range
* under non-exclusive lock (e.g., mmap_lock read-side) but defer TLB
* flush by batching, one thread may end up seeing inconsistent PTEs
--- a/mm/rmap.c~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather
+++ a/mm/rmap.c
@@ -76,7 +76,7 @@
#include <linux/mm_inline.h>
#include <linux/oom.h>
-#include <asm/tlbflush.h>
+#include <asm/tlb.h>
#define CREATE_TRACE_POINTS
#include <trace/events/migrate.h>
@@ -2008,13 +2008,17 @@ static bool try_to_unmap_one(struct foli
* if unsuccessful.
*/
if (!anon) {
+ struct mmu_gather tlb;
+
VM_BUG_ON(!(flags & TTU_RMAP_LOCKED));
if (!hugetlb_vma_trylock_write(vma))
goto walk_abort;
- if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) {
+
+ tlb_gather_mmu_vma(&tlb, vma);
+ if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) {
hugetlb_vma_unlock_write(vma);
- flush_tlb_range(vma,
- range.start, range.end);
+ huge_pmd_unshare_flush(&tlb, vma);
+ tlb_finish_mmu(&tlb);
/*
* The PMD table was unmapped,
* consequently unmapping the folio.
@@ -2022,6 +2026,7 @@ static bool try_to_unmap_one(struct foli
goto walk_done;
}
hugetlb_vma_unlock_write(vma);
+ tlb_finish_mmu(&tlb);
}
pteval = huge_ptep_clear_flush(vma, address, pvmw.pte);
if (pte_dirty(pteval))
@@ -2398,17 +2403,20 @@ static bool try_to_migrate_one(struct fo
* fail if unsuccessful.
*/
if (!anon) {
+ struct mmu_gather tlb;
+
VM_BUG_ON(!(flags & TTU_RMAP_LOCKED));
if (!hugetlb_vma_trylock_write(vma)) {
page_vma_mapped_walk_done(&pvmw);
ret = false;
break;
}
- if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) {
- hugetlb_vma_unlock_write(vma);
- flush_tlb_range(vma,
- range.start, range.end);
+ tlb_gather_mmu_vma(&tlb, vma);
+ if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) {
+ hugetlb_vma_unlock_write(vma);
+ huge_pmd_unshare_flush(&tlb, vma);
+ tlb_finish_mmu(&tlb);
/*
* The PMD table was unmapped,
* consequently unmapping the folio.
@@ -2417,6 +2425,7 @@ static bool try_to_migrate_one(struct fo
break;
}
hugetlb_vma_unlock_write(vma);
+ tlb_finish_mmu(&tlb);
}
/* Nuke the hugetlb page table entry */
pteval = huge_ptep_clear_flush(vma, address, pvmw.pte);
_
Patches currently in -mm which might be from david(a)kernel.org are
mm-hugetlb-fix-hugetlb_pmd_shared.patch
mm-hugetlb-fix-two-comments-related-to-huge_pmd_unshare.patch
mm-rmap-fix-two-comments-related-to-huge_pmd_unshare.patch
mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather.patch
mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather-fix.patch
1 day
- 1
- 0
+ mm-hugetlb-fix-hugetlb_pmd_shared.patch added to mm-unstable branch
by Andrew Morton
The patch titled
Subject: mm/hugetlb: fix hugetlb_pmd_shared()
has been added to the -mm mm-unstable branch. Its filename is
mm-hugetlb-fix-hugetlb_pmd_shared.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: "David Hildenbrand (Red Hat)" <david(a)kernel.org>
Subject: mm/hugetlb: fix hugetlb_pmd_shared()
Date: Tue, 23 Dec 2025 22:40:34 +0100
Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using
mmu_gather)", v3.
One functional fix, one performance regression fix, and two related
comment fixes.
I cleaned up my prototype I recently shared [1] for the performance fix,
deferring most of the cleanups I had in the prototype to a later point.
While doing that I identified the other things.
The goal of this patch set is to be backported to stable trees "fairly"
easily. At least patch #1 and #4.
Patch #1 fixes hugetlb_pmd_shared() not detecting any sharing
Patch #2 + #3 are simple comment fixes that patch #4 interacts with.
Patch #4 is a fix for the reported performance regression due to excessive
IPI broadcasts during fork()+exit().
The last patch is all about TLB flushes, IPIs and mmu_gather.
Read: complicated
There are plenty of cleanups in the future to be had + one reasonable
optimization on x86. But that's all out of scope for this series.
Runtime tested, with a focus on fixing the performance regression using
the original reproducer [2] on x86.
This patch (of 4):
We switched from (wrongly) using the page count to an independent shared
count. Now, shared page tables have a refcount of 1 (excluding
speculative references) and instead use ptdesc->pt_share_count to identify
sharing.
We didn't convert hugetlb_pmd_shared(), so right now, we would never
detect a shared PMD table as such, because sharing/unsharing no longer
touches the refcount of a PMD table.
Page migration, like mbind() or migrate_pages() would allow for migrating
folios mapped into such shared PMD tables, even though the folios are not
exclusive. In smaps we would account them as "private" although they are
"shared", and we would be wrongly setting the PM_MMAP_EXCLUSIVE in the
pagemap interface.
Fix it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_shared().
Link: https://lkml.kernel.org/r/20251223214037.580860-1-david@kernel.org
Link: https://lkml.kernel.org/r/20251223214037.580860-2-david@kernel.org
Link: https://lore.kernel.org/all/8cab934d-4a56-44aa-b641-bfd7e23bd673@kernel.org/ [1]
Link: https://lore.kernel.org/all/8cab934d-4a56-44aa-b641-bfd7e23bd673@kernel.org/ [2]
Fixes: 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count")
Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org>
Reviewed-by: Rik van Riel <riel(a)surriel.com>
Reviewed-by: Lance Yang <lance.yang(a)linux.dev>
Tested-by: Lance Yang <lance.yang(a)linux.dev>
Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com>
Tested-by: Laurence Oberman <loberman(a)redhat.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Acked-by: Oscar Salvador <osalvador(a)suse.de>
Cc: Liu Shixin <liushixin2(a)huawei.com>
Cc: Uschakow, Stanislav" <suschako(a)amazon.de>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/hugetlb.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/hugetlb.h~mm-hugetlb-fix-hugetlb_pmd_shared
+++ a/include/linux/hugetlb.h
@@ -1326,7 +1326,7 @@ static inline __init void hugetlb_cma_re
#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING
static inline bool hugetlb_pmd_shared(pte_t *pte)
{
- return page_count(virt_to_page(pte)) > 1;
+ return ptdesc_pmd_is_shared(virt_to_ptdesc(pte));
}
#else
static inline bool hugetlb_pmd_shared(pte_t *pte)
_
Patches currently in -mm which might be from david(a)kernel.org are
mm-hugetlb-fix-hugetlb_pmd_shared.patch
mm-hugetlb-fix-two-comments-related-to-huge_pmd_unshare.patch
mm-rmap-fix-two-comments-related-to-huge_pmd_unshare.patch
mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather.patch
mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather-fix.patch
1 day
- 1
- 0
+ mm-take-into-account-mm_cid-size-for-mm_struct-static-definitions.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm: take into account mm_cid size for mm_struct static definitions
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-take-into-account-mm_cid-size-for-mm_struct-static-definitions.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Subject: mm: take into account mm_cid size for mm_struct static definitions
Date: Wed, 24 Dec 2025 12:33:58 -0500
Both init_mm and efi_mm static definitions need to make room for the 2
mm_cid cpumasks.
This fixes possible out-of-bounds accesses to init_mm and efi_mm.
Add a space between # and define for the mm_alloc_cid() definition to make
it consistent with the coding style used in the rest of this header file.
Link: https://lkml.kernel.org/r/20251224173358.647691-4-mathieu.desnoyers@efficio…
Fixes: af7f588d8f73 ("sched: Introduce per-memory-map concurrency ID")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Mark Brown <broonie(a)kernel.org>
Cc: Aboorva Devarajan <aboorvad(a)linux.ibm.com>
Cc: Al Viro <viro(a)zeniv.linux.org.uk>
Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com>
Cc: Christan K��nig <christian.koenig(a)amd.com>
Cc: Christian Brauner <brauner(a)kernel.org>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Dennis Zhou <dennis(a)kernel.org>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: "Liam R . Howlett" <liam.howlett(a)oracle.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Cc: Martin Liu <liumartin(a)google.com>
Cc: Masami Hiramatsu <mhiramat(a)kernel.org>
Cc: Mateusz Guzik <mjguzik(a)gmail.com>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: Miaohe Lin <linmiaohe(a)huawei.com>
Cc: Michal Hocko <mhocko(a)suse.com>
Cc: Mike Rapoport <rppt(a)kernel.org>
Cc: "Paul E. McKenney" <paulmck(a)kernel.org>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: SeongJae Park <sj(a)kernel.org>
Cc: Shakeel Butt <shakeel.butt(a)linux.dev>
Cc: Steven Rostedt <rostedt(a)goodmis.org>
Cc: Suren Baghdasaryan <surenb(a)google.com>
Cc: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me>
Cc: Tejun Heo <tj(a)kernel.org>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: Wei Yang <richard.weiyang(a)gmail.com>
Cc: Yu Zhao <yuzhao(a)google.com>
Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/mm_types.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/include/linux/mm_types.h~mm-take-into-account-mm_cid-size-for-mm_struct-static-definitions
+++ a/include/linux/mm_types.h
@@ -1368,7 +1368,7 @@ extern struct mm_struct init_mm;
#define MM_STRUCT_FLEXIBLE_ARRAY_INIT \
{ \
- [0 ... sizeof(cpumask_t)-1] = 0 \
+ [0 ... sizeof(cpumask_t) + MM_CID_STATIC_SIZE - 1] = 0 \
}
/* Pointer magic because the dynamic array size confuses some compilers. */
@@ -1500,7 +1500,7 @@ static inline int mm_alloc_cid_noprof(st
mm_init_cid(mm, p);
return 0;
}
-#define mm_alloc_cid(...) alloc_hooks(mm_alloc_cid_noprof(__VA_ARGS__))
+# define mm_alloc_cid(...) alloc_hooks(mm_alloc_cid_noprof(__VA_ARGS__))
static inline void mm_destroy_cid(struct mm_struct *mm)
{
@@ -1514,6 +1514,8 @@ static inline unsigned int mm_cid_size(v
return cpumask_size() + bitmap_size(num_possible_cpus());
}
+/* Use 2 * NR_CPUS as worse case for static allocation. */
+# define MM_CID_STATIC_SIZE (2 * sizeof(cpumask_t))
#else /* CONFIG_SCHED_MM_CID */
static inline void mm_init_cid(struct mm_struct *mm, struct task_struct *p) { }
static inline int mm_alloc_cid(struct mm_struct *mm, struct task_struct *p) { return 0; }
@@ -1522,6 +1524,7 @@ static inline unsigned int mm_cid_size(v
{
return 0;
}
+# define MM_CID_STATIC_SIZE 0
#endif /* CONFIG_SCHED_MM_CID */
struct mmu_gather;
_
Patches currently in -mm which might be from mathieu.desnoyers(a)efficios.com are
mm-add-missing-static-initializer-for-init_mm-mm_cidlock.patch
mm-rename-cpu_bitmap-field-to-flexible_array.patch
mm-take-into-account-mm_cid-size-for-mm_struct-static-definitions.patch
tsacct-skip-all-kernel-threads.patch
lib-introduce-hierarchical-per-cpu-counters.patch
mm-fix-oom-killer-inaccuracy-on-large-many-core-systems.patch
mm-implement-precise-oom-killer-task-selection.patch
1 day, 1 hour
- 1
- 0