- Linux-stable-mirror - lists.linaro.org

[PATCH] kasan: hw_tags: fix a false positive case of vrealloc in alloced size

by Yeoreum Yun

When a memory region is allocated with vmalloc() and later expanded with vrealloc() — while still within the originally allocated size — KASAN may report a false positive because it does not update the tags for the newly expanded portion of the memory. A typical example of this pattern occurs in the BPF verifier, and the following is a related false positive report: [ 2206.486476] ================================================================== [ 2206.486509] BUG: KASAN: invalid-access in __memcpy+0xc/0x30 [ 2206.486607] Write at addr f5ff800083765270 by task test_progs/205 [ 2206.486664] Pointer tag: [f5], memory tag: [fe] [ 2206.486703] [ 2206.486745] CPU: 4 UID: 0 PID: 205 Comm: test_progs Tainted: G OE 6.18.0-rc7+ #145 PREEMPT(full) [ 2206.486861] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE [ 2206.486897] Hardware name: , BIOS [ 2206.486932] Call trace: [ 2206.486961] show_stack+0x24/0x40 (C) [ 2206.487071] __dump_stack+0x28/0x48 [ 2206.487182] dump_stack_lvl+0x7c/0xb0 [ 2206.487293] print_address_description+0x80/0x270 [ 2206.487403] print_report+0x94/0x100 [ 2206.487505] kasan_report+0xd8/0x150 [ 2206.487606] __do_kernel_fault+0x64/0x268 [ 2206.487717] do_bad_area+0x38/0x110 [ 2206.487820] do_tag_check_fault+0x38/0x60 [ 2206.487936] do_mem_abort+0x48/0xc8 [ 2206.488042] el1_abort+0x40/0x70 [ 2206.488127] el1h_64_sync_handler+0x50/0x118 [ 2206.488217] el1h_64_sync+0xa4/0xa8 [ 2206.488303] __memcpy+0xc/0x30 (P) [ 2206.488412] do_misc_fixups+0x4f8/0x1950 [ 2206.488528] bpf_check+0x31c/0x840 [ 2206.488638] bpf_prog_load+0x58c/0x658 [ 2206.488737] __sys_bpf+0x364/0x488 [ 2206.488833] __arm64_sys_bpf+0x30/0x58 [ 2206.488920] invoke_syscall+0x68/0xe8 [ 2206.489033] el0_svc_common+0xb0/0xf8 [ 2206.489143] do_el0_svc+0x28/0x48 [ 2206.489249] el0_svc+0x40/0xe8 [ 2206.489337] el0t_64_sync_handler+0x84/0x140 [ 2206.489427] el0t_64_sync+0x1bc/0x1c0 Here, 0xf5ff800083765000 is vmalloc()ed address for env->insn_aux_data with the size of 0x268. While this region is expanded size by 0x478 and initialise increased region to apply patched instructions, a false positive is triggered at the address 0xf5ff800083765270 because __kasan_unpoison_vmalloc() with KASAN_VMALLOC_PROT_NORMAL flag only doesn't update the tag on increaed region. To address this, introduces KASAN_VMALLOC_EXPAND flag which is used to expand vmalloc()ed memory in range of real allocated size to update tag for increased region. Fixes: 23689e91fb22 ("kasan, vmalloc: add vmalloc tagging for HW_TAGS”) Cc: <stable(a)vger.kernel.org> Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> --- include/linux/kasan.h | 1 + mm/kasan/hw_tags.c | 11 +++++++++-- mm/vmalloc.c | 1 + 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index d12e1a5f5a9a..0608c5d4e6cf 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -28,6 +28,7 @@ typedef unsigned int __bitwise kasan_vmalloc_flags_t; #define KASAN_VMALLOC_INIT ((__force kasan_vmalloc_flags_t)0x01u) #define KASAN_VMALLOC_VM_ALLOC ((__force kasan_vmalloc_flags_t)0x02u) #define KASAN_VMALLOC_PROT_NORMAL ((__force kasan_vmalloc_flags_t)0x04u) +#define KASAN_VMALLOC_EXPAND ((__force kasan_vmalloc_flags_t)0x08u) #define KASAN_VMALLOC_PAGE_RANGE 0x1 /* Apply exsiting page range */ #define KASAN_VMALLOC_TLB_FLUSH 0x2 /* TLB flush */ diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index 1c373cc4b3fa..d768c7360093 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -347,7 +347,7 @@ void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, * * For non-VM_ALLOC allocations, page_alloc memory is tagged as usual. */ - if (!(flags & KASAN_VMALLOC_VM_ALLOC)) { + if (!(flags & (KASAN_VMALLOC_VM_ALLOC | KASAN_VMALLOC_EXPAND))) { WARN_ON(flags & KASAN_VMALLOC_INIT); return (void *)start; } @@ -361,7 +361,14 @@ void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, return (void *)start; } - tag = kasan_random_tag(); + if (flags & KASAN_VMALLOC_EXPAND) { + size = round_up(size + ((unsigned long)start & KASAN_GRANULE_MASK), + KASAN_GRANULE_SIZE); + start = PTR_ALIGN_DOWN(start, KASAN_GRANULE_SIZE); + tag = get_tag(start); + } else + tag = kasan_random_tag(); + start = set_tag(start, tag); /* Unpoison and initialize memory up to size. */ diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 798b2ed21e46..6bfbf26fea3b 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4176,6 +4176,7 @@ void *vrealloc_node_align_noprof(const void *p, size_t size, unsigned long align */ if (size <= alloced_size) { kasan_unpoison_vmalloc(p + old_size, size - old_size, + KASAN_VMALLOC_EXPAND | KASAN_VMALLOC_PROT_NORMAL); /* * No need to zero memory here, as unused memory will have -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

1 day, 4 hours

2
3
0 0

[PATCH 6.17 000/176] 6.17.10-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.10 release. There are 176 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 29 Nov 2025 15:03:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.10-rc2 Charles Keepax <ckeepax(a)opensource.cirrus.com> Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" Emil Tsalapatis <etsal(a)meta.com> sched_ext: fix flag check for deferred callbacks Andrea Righi <arighi(a)nvidia.com> sched_ext: Fix scx_kick_pseqs corruption on concurrent scheduler loads Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Add device specific quirk to limit eDP rate to HBR2 Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> Revert "drm/i915/dp: Reject HBR3 when sink doesn't support TPS4" Jari Ruusu <jariruusu(a)protonmail.com> tty/vt: fix up incorrect backport to stable releases Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: Insert dccg log for easy debug Gang Yan <yangang(a)kylinos.cn> mptcp: fix address removal logic in mptcp_pm_nl_rm_addr Darrick J. Wong <djwong(a)kernel.org> xfs: fix out of bounds memory read error in symlink repair Marcelo Moreira <marcelomoreira1905(a)gmail.com> xfs: Replace strncpy with memcpy Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Add parse_cs for JPEG5_0_1 Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Move parse_cs to amdgpu_jpeg.c Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Disable Panel Replay Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Check drm_dp_dpcd_read return value on PSR dpcd init Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix incomplete backport in cfids_invalidation_worker() Samuel Zhang <guoqing.zhang(a)amd.com> drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Filipe Manana <fdmanana(a)suse.com> btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Nitin Rawat <nitin.rawat(a)oss.qualcomm.com> scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Prevent BIT() overflow when handling invalid prefetch region Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Extend Zen6 model range Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Carlos Llamas <cmllamas(a)google.com> blk-crypto: use BLK_STS_INVAL for alignment errors Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Change async resync helpers argument Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Paulo Alcantara <pc(a)manguebit.org> smb: client: handle lack of IPC in dfs_cache_refresh() Sidharth Seela <sidharthseela(a)gmail.com> selftests: cachestat: Fix warning on declaration under label Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Limit Entrysign signature checking to known generations dongsheng <dongsheng.x.zhang(a)intel.com> perf/x86/intel/uncore: Add uncore PMU support for Wildcat Lake Eren Demir <eren.demir2479090(a)gmail.com> ALSA: hda/realtek: Fix mute led for HP Victus 15-fa1xxx (MB 8C2D) Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Shuming Fan <shumingf(a)realtek.com> ASoC: rt721: fix prepare clock stop failed Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Fix pgtable prealloc error path Emil Tsalapatis <etsal(a)meta.com> sched_ext: defer queue_balance_callback() until after ops.dispatch Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Tejun Heo <tj(a)kernel.org> sched_ext: Allocate scx_kick_cpus_pnt_seqs lazily using kvzalloc() J-Donald Tournier <jdtournier(a)gmail.com> ALSA: hda/realtek: Add quirk for Lenovo Yoga 7 2-in-1 14AKP10 Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: kernel: Fix random segmentation faults Malaya Kumar Rout <mrout(a)redhat.com> timekeeping: Fix resource leak in tk_aux_sysfs_init() error paths Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf: Fix 0 count issue of cpu-clock Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> cifs: fix memory leak in smb3_fs_context_parse_param error path Thomas Weißschuh <linux(a)weissschuh.net> LoongArch: Use UAPI types in ptrace UAPI header Wen Yang <wen.yang(a)linux.dev> tick/sched: Fix bogus condition in report_idle_softirq() Wei Fang <wei.fang(a)nxp.com> net: phylink: add missing supported link modes for the fixed-link Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: make sure the cdev fd is still active before emitting events Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Pradyumn Rahar <pradyumn.rahar(a)oracle.com> net/mlx5: Clean up only new IRQ glue on request_irq() failure Shay Drory <shayd(a)nvidia.com> devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix PTP cleanup on driver removal in error path Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix possible vport_config NULL pointer deref in remove Venkata Ramana Nayana <venkata.ramana.nayana(a)intel.com> drm/xe/irq: Handle msix vector0 interrupt Matt Roper <matthew.d.roper(a)intel.com> drm/xe/kunit: Fix forcewake assertion in mocs test Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/xe3: Restrict PTL intel_encoder_is_c10phy() to only PHY A Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/display: Add definition for wcl as subplatform Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/pcids: Split PTL pciids group to make wcl subplatform Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Randy Dunlap <rdunlap(a)infradead.org> platform/x86: intel-uncore-freq: fix all header kernel-doc warnings Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Do not loopback traffic to GDM2 if it is available on the device Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Add wlan flowtable TX offload Ido Schimmel <idosch(a)nvidia.com> selftests: net: lib: Do not overwrite error messages Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/xe3lpd: Load DMC for Xe3_LPD version 30.02 Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Alistair Francis <alistair.francis(a)wdc.com> nvmet-auth: update sc_c in target host hash calculation Chen Pei <cp0613(a)linux.alibaba.com> tools: riscv: Fixed misalignment of CSR related definitions Jesper Dangaard Brouer <hawk(a)kernel.org> veth: more robust handing of race to avoid txq getting stuck Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Jiaming Zhang <r772577952(a)gmail.com> net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: dts: econet: fix EN751221 core type Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Fix typo in WMI GUID Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Only load on MSI devices Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Prevent locally generated packets from direct output in tunnel mode Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Jianbo Liu <jianbol(a)nvidia.com> xfrm: Check inner packet family directly from skb_dst Yu-Chun Lin <eleanor.lin(a)realtek.com> pinctrl: realtek: Select REGMAP_MMIO for RTD driver Chen-Yu Tsai <wens(a)kernel.org> clk: sunxi-ng: sun55i-a523-ccu: Lower audio0 pll minimum rate Chen-Yu Tsai <wens(a)kernel.org> clk: sunxi-ng: sun55i-a523-r-ccu: Mark bus-r-dma as critical Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: Mark A523 bus-r-cpucfg clock as critical Sabrina Dubroca <sd(a)queasysnail.net> xfrm: set err and extack on failure to create pcpu SA Sabrina Dubroca <sd(a)queasysnail.net> xfrm: call xfrm_dev_state_delete when xfrm_state_migrate fails to add the state Sabrina Dubroca <sd(a)queasysnail.net> xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Sabrina Dubroca <sd(a)queasysnail.net> xfrm: drop SA reference in xfrm_state_update if dir doesn't match Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> pinctrl: mediatek: mt8189: align register base names to dt-bindings ones Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> pinctrl: mediatek: mt8196: align register base names to dt-bindings ones Kiryl Shutsemau <kas(a)kernel.org> mm/truncate: unmap large folio on split failure Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix pbn to kbps Conversion Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Move sleep into each retry for retrieve_link_cap() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase DPCD read retries Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Skip power ungate during suspend for VPE Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/plane: Fix create_in_format_blob() return value Robert McClinton <rbmccav(a)gmail.com> drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: userspace: longer timeout Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer timeout Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Anthony Wong <anthony.wong(a)ubuntu.com> platform/x86: alienware-wmi-wmax: Add AWCC support to Alienware 16 Aurora Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "G" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "X" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "M" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Fix "Alienware m16 R1 AMD" quirk order Bibo Mao <maobibo(a)loongson.cn> LoongArch: Fix NUMA node parsing with numa_memblks Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Vincent Li <vincent.mc.li(a)gmail.com> LoongArch: BPF: Disable trampoline for kernel module function trace Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Saket Kumar Bhaskar <skb99(a)linux.ibm.com> sched_ext: Fix scx_enable() crash on helper kthread creation failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Fix runtime PM enabling in device_resume_early() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() Nam Cao <namcao(a)linutronix.de> nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Hans de Goede <hansg(a)kernel.org> Input: goodix - add support for ACPI ID GDIX1003 Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Jens Axboe <axboe(a)kernel.dk> io_uring/cmd_net: fix wrong argument types for skb_queue_splice() Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: hw_scan: Don't let the operating channel be last Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: introduce close_cached_dir_locked() Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: move avdcache to per-task security struct Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: rename task_security_struct to cred_security_struct Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Tony Luck <tony.luck(a)intel.com> ACPI: APEI: EINJ: Fix EINJV2 initialization and injection Pasha Tatashin <pasha.tatashin(a)soleen.com> lib/test_kho: check if KHO is enabled Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix __ptep_rdp() inline assembly Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Mike Yuan <me(a)yhndnzj.com> shmem: fix tmpfs reconfiguration (remount) when noswap is set Yongpeng Yang <yangyongpeng(a)xiaomi.com> isofs: check the return value of sb_min_blocksize() in isofs_fill_super Yongpeng Yang <yangyongpeng(a)xiaomi.com> xfs: check the return value of sb_min_blocksize() in xfs_fs_fill_super Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Zhen Ni <zhen.ni(a)easystack.cn> fs: Fix uninitialized 'offp' in statmount_string() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Yongpeng Yang <yangyongpeng(a)xiaomi.com> vfat: fix missing sb_min_blocksize() return value checks Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Fix redundant updates of LBR MSR intercepts Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable HS400 on RK3588 Tiger Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> reset: imx8mp-audiomix: Fix bad mask values Mykola Kvach <xakep.amatop(a)gmail.com> arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Diederik de Haas <diederik(a)cknow-tech.com> arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Alexey Charkov <alchark(a)gmail.com> arm64: dts: rockchip: Remove non-functioning CPU OPPs from RK3576 Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Check the untrusted offset in FF-A memory share ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +++-- Documentation/wmi/driver-development-guide.rst | 1 + Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3576.dtsi | 12 -- arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 +- .../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 9 +- arch/loongarch/include/uapi/asm/ptrace.h | 40 +++---- arch/loongarch/kernel/numa.c | 60 +++------- arch/loongarch/net/bpf_jit.c | 3 + arch/loongarch/pci/pci.c | 8 +- arch/mips/boot/dts/econet/en751221.dtsi | 2 +- arch/mips/kernel/process.c | 2 +- arch/mips/mm/tlb-r4k.c | 102 ++++++++++------- arch/mips/mti-malta/malta-init.c | 20 ++-- arch/s390/include/asm/pgtable.h | 12 +- arch/s390/mm/pgtable.c | 4 +- arch/x86/events/intel/uncore.c | 1 + arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 20 +++- arch/x86/kvm/svm/svm.c | 9 +- arch/x86/kvm/svm/svm.h | 1 + block/blk-crypto.c | 2 +- drivers/acpi/apei/einj-core.c | 64 +++++++---- drivers/ata/libata-scsi.c | 11 +- drivers/base/power/main.c | 25 +++-- drivers/bcma/main.c | 6 + drivers/clk/sunxi-ng/ccu-sun55i-a523-r.c | 4 +- drivers/clk/sunxi-ng/ccu-sun55i-a523.c | 2 +- drivers/gpio/gpiolib-cdev.c | 9 +- drivers/gpio/gpiolib-swnode.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 65 +++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.h | 10 ++ drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 58 +--------- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 6 - drivers/gpu/drm/amd/amdgpu/jpeg_v2_5.c | 4 +- drivers/gpu/drm/amd/amdgpu/jpeg_v3_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_5.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_1.c | 1 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 ++++------ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 4 +- .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 26 ++++- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 ++ .../display/dc/link/protocols/link_dp_capability.c | 11 +- drivers/gpu/drm/drm_plane.c | 4 +- drivers/gpu/drm/i915/display/intel_cx0_phy.c | 14 +-- .../gpu/drm/i915/display/intel_display_device.c | 13 +++ .../gpu/drm/i915/display/intel_display_device.h | 4 +- drivers/gpu/drm/i915/display/intel_dmc.c | 10 +- drivers/gpu/drm/i915/display/intel_dp.c | 30 ++--- drivers/gpu/drm/i915/display/intel_psr.c | 36 ++++-- drivers/gpu/drm/i915/display/intel_quirks.c | 9 ++ drivers/gpu/drm/i915/display/intel_quirks.h | 1 + drivers/gpu/drm/msm/msm_iommu.c | 5 + drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 + drivers/gpu/drm/radeon/radeon_fence.c | 7 -- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/dsi.c | 9 -- drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/gpu/drm/xe/tests/xe_mocs.c | 2 +- drivers/gpu/drm/xe/xe_irq.c | 18 +-- drivers/gpu/drm/xe/xe_pci.c | 1 + drivers/gpu/drm/xe/xe_vm.c | 4 +- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-quirks.c | 13 ++- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 ++ drivers/input/touchscreen/goodix.c | 1 + drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 ++- drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/ethernet/airoha/airoha_eth.h | 11 ++ drivers/net/ethernet/airoha/airoha_ppe.c | 95 +++++++++++----- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 22 +++- drivers/net/ethernet/intel/idpf/idpf_main.c | 2 + .../ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/phylink.c | 3 + drivers/net/veth.c | 38 ++++--- drivers/net/wireless/realtek/rtw89/fw.c | 7 ++ drivers/nvme/host/fc.c | 15 +-- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/auth.c | 4 +- drivers/nvme/target/fabrics-cmd-auth.c | 1 + drivers/nvme/target/nvmet.h | 1 + drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 21 +++- drivers/pinctrl/mediatek/pinctrl-mt8189.c | 4 +- drivers/pinctrl/mediatek/pinctrl-mt8196.c | 6 +- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 +- drivers/pinctrl/realtek/Kconfig | 1 + drivers/platform/x86/Kconfig | 1 + drivers/platform/x86/dell/alienware-wmi-wmax.c | 104 +++++------------- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- .../uncore-frequency/uncore-frequency-common.h | 9 +- drivers/platform/x86/msi-wmi-platform.c | 43 +++++++- drivers/reset/reset-imx8mp-audiomix.c | 4 +- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/sg.c | 10 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/target/loopback/tcm_loop.c | 3 + drivers/tty/vt/vt_ioctl.c | 4 +- drivers/ufs/host/ufs-qcom.c | 15 ++- fs/btrfs/inode.c | 1 - fs/btrfs/tree-log.c | 3 + fs/exfat/super.c | 5 +- fs/fat/inode.c | 6 +- fs/isofs/inode.c | 5 + fs/namespace.c | 4 +- fs/smb/client/cached_dir.c | 43 +++++++- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/cifsproto.h | 2 + fs/smb/client/connect.c | 38 +++---- fs/smb/client/dfs_cache.c | 55 ++++++++-- fs/smb/client/fs_context.c | 4 + fs/xfs/scrub/symlink_repair.c | 4 +- fs/xfs/xfs_super.c | 5 +- include/drm/intel/pciids.h | 5 +- include/linux/ata.h | 1 + include/net/tls.h | 25 +++-- include/net/xfrm.h | 3 +- io_uring/cmd_net.c | 2 +- kernel/events/core.c | 2 +- kernel/sched/ext.c | 121 +++++++++++++++++++-- kernel/sched/sched.h | 1 + kernel/time/tick-sched.c | 11 +- kernel/time/timekeeping.c | 21 ++-- kernel/time/timer.c | 7 +- lib/test_kho.c | 3 + mm/mempool.c | 32 +++++- mm/shmem.c | 15 ++- mm/truncate.c | 35 +++++- net/core/dev_ioctl.c | 3 + net/devlink/rate.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv6/esp6_offload.c | 6 +- net/mptcp/options.c | 54 ++++++++- net/mptcp/pm.c | 20 ++-- net/mptcp/pm_kernel.c | 2 +- net/mptcp/protocol.c | 84 +++++++++----- net/mptcp/protocol.h | 3 +- net/mptcp/subflow.c | 8 ++ net/openvswitch/actions.c | 68 +----------- net/openvswitch/flow_netlink.c | 64 ++--------- net/openvswitch/flow_netlink.h | 2 - net/tls/tls_device.c | 4 +- net/unix/af_unix.c | 3 +- net/vmw_vsock/af_vsock.c | 40 +++++-- net/xfrm/xfrm_device.c | 2 +- net/xfrm/xfrm_output.c | 8 +- net/xfrm/xfrm_state.c | 16 ++- net/xfrm/xfrm_user.c | 5 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + security/selinux/hooks.c | 79 +++++++------- security/selinux/include/objsec.h | 20 +++- sound/hda/codecs/realtek/alc269.c | 2 + sound/soc/codecs/rt721-sdca.c | 4 + sound/soc/codecs/rt721-sdca.h | 1 + sound/usb/mixer.c | 2 +- tools/arch/riscv/include/asm/csr.h | 5 +- tools/testing/selftests/cachestat/test_cachestat.c | 4 +- tools/testing/selftests/net/bareudp.sh | 2 +- .../selftests/net/forwarding/lib_sh_test.sh | 7 ++ tools/testing/selftests/net/lib.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 +-- tools/tracing/latency/latency-collector.c | 2 +- 185 files changed, 1553 insertions(+), 953 deletions(-)

1 day, 7 hours

11
10
0 0

[PATCH] mpi3mr: Prevent duplicate SAS/SATA device entries in channel 1

by Suganath Prabu S

This fix avoids scanning of SAS/SATA devices in channel 1 when SAS transport is enabled as the SAS/SATA devices are exposed through channel 0 when SAS transport is enabled. Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Signed-off-by: Suganath Prabu S <suganath-prabu.subramani(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr.h | 4 ++-- drivers/scsi/mpi3mr/mpi3mr_os.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index 6742684..31d68c1 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -56,8 +56,8 @@ extern struct list_head mrioc_list; extern int prot_mask; extern atomic64_t event_counter; -#define MPI3MR_DRIVER_VERSION "8.15.0.5.50" -#define MPI3MR_DRIVER_RELDATE "12-August-2025" +#define MPI3MR_DRIVER_VERSION "8.15.0.5.51" +#define MPI3MR_DRIVER_RELDATE "18-November-2025" #define MPI3MR_DRIVER_NAME "mpi3mr" #define MPI3MR_DRIVER_LICENSE "GPL" diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index b88633e..bca3671 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -1184,6 +1184,8 @@ static void mpi3mr_update_tgtdev(struct mpi3mr_ioc *mrioc, if (is_added == true) tgtdev->io_throttle_enabled = (flags & MPI3_DEVICE0_FLAGS_IO_THROTTLING_REQUIRED) ? 1 : 0; + if(!mrioc->sas_transport_enabled) + tgtdev->non_stl = 1; switch (flags & MPI3_DEVICE0_FLAGS_MAX_WRITE_SAME_MASK) { case MPI3_DEVICE0_FLAGS_MAX_WRITE_SAME_256_LB: @@ -4844,7 +4846,7 @@ static int mpi3mr_target_alloc(struct scsi_target *starget) spin_lock_irqsave(&mrioc->tgtdev_lock, flags); if (starget->channel == mrioc->scsi_device_channel) { tgt_dev = __mpi3mr_get_tgtdev_by_perst_id(mrioc, starget->id); - if (tgt_dev && !tgt_dev->is_hidden) { + if (tgt_dev && !tgt_dev->is_hidden && tgt_dev->non_stl) { scsi_tgt_priv_data->starget = starget; scsi_tgt_priv_data->dev_handle = tgt_dev->dev_handle; scsi_tgt_priv_data->perst_id = tgt_dev->perst_id; -- 2.47.3

1 day, 7 hours

3
2
0 0

[PATCH 6.12 000/113] 6.12.60-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.60 release. There are 113 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 29 Nov 2025 15:03:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.60-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.60-rc2 Charles Keepax <ckeepax(a)opensource.cirrus.com> Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: Insert dccg log for easy debug Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: disable DPP RCG before DPP CLK enable Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: avoid reset DTBCLK at clock init Darrick J. Wong <djwong(a)kernel.org> xfs: fix out of bounds memory read error in symlink repair Marcelo Moreira <marcelomoreira1905(a)gmail.com> xfs: Replace strncpy with memcpy Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Disable Panel Replay Martin Kaiser <martin(a)kaiser.cx> maple_tree: fix tracepoint string pointers Jari Ruusu <jariruusu(a)protonmail.com> tty/vt: fix up incorrect backport to stable releases Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix incomplete backport in cfids_invalidation_worker() Samuel Zhang <guoqing.zhang(a)amd.com> drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix __ptep_rdp() inline assembly Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Prevent BIT() overflow when handling invalid prefetch region Wentao Guan <guanwentao(a)uniontech.com> Revert "RDMA/irdma: Update Kconfig" Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make all 32bit ID registers fully writable Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Carlos Llamas <cmllamas(a)google.com> blk-crypto: use BLK_STS_INVAL for alignment errors Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Change async resync helpers argument Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Limit Entrysign signature checking to known generations Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> cifs: fix memory leak in smb3_fs_context_parse_param error path Thomas Weißschuh <linux(a)weissschuh.net> LoongArch: Use UAPI types in ptrace UAPI header Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Cache state->msg in unix_stream_read_generic(). Pradyumn Rahar <pradyumn.rahar(a)oracle.com> net/mlx5: Clean up only new IRQ glue on request_irq() failure Shay Drory <shayd(a)nvidia.com> devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix PTP cleanup on driver removal in error path Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix possible vport_config NULL pointer deref in remove Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Ido Schimmel <idosch(a)nvidia.com> selftests: net: lib: Do not overwrite error messages Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Chen Pei <cp0613(a)linux.alibaba.com> tools: riscv: Fixed misalignment of CSR related definitions Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Fix typo in WMI GUID Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Only load on MSI devices Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Prevent locally generated packets from direct output in tunnel mode Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Yu-Chun Lin <eleanor.lin(a)realtek.com> pinctrl: realtek: Select REGMAP_MMIO for RTD driver Sabrina Dubroca <sd(a)queasysnail.net> xfrm: set err and extack on failure to create pcpu SA Sabrina Dubroca <sd(a)queasysnail.net> xfrm: drop SA reference in xfrm_state_update if dir doesn't match Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix pbn to kbps Conversion Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Move sleep into each retry for retrieve_link_cap() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase DPCD read retries Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Skip power ungate during suspend for VPE Robert McClinton <rbmccav(a)gmail.com> drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: userspace: longer timeout Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer timeout Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() Nam Cao <namcao(a)linutronix.de> nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Hans de Goede <hdegoede(a)redhat.com> Input: goodix - add support for ACPI ID GDIX1003 Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: introduce close_cached_dir_locked() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Mike Yuan <me(a)yhndnzj.com> shmem: fix tmpfs reconfiguration (remount) when noswap is set Yongpeng Yang <yangyongpeng(a)xiaomi.com> isofs: check the return value of sb_min_blocksize() in isofs_fill_super Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable HS400 on RK3588 Tiger Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 Mykola Kvach <xakep.amatop(a)gmail.com> arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Diederik de Haas <diederik(a)cknow-tech.com> arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Check the untrusted offset in FF-A memory share ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +++--- Documentation/wmi/driver-development-guide.rst | 1 + Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 +- .../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 9 +- arch/arm64/kvm/sys_regs.c | 63 +++++++------ arch/loongarch/include/uapi/asm/ptrace.h | 40 ++++---- arch/loongarch/pci/pci.c | 8 +- arch/mips/mm/tlb-r4k.c | 102 +++++++++++++-------- arch/mips/mti-malta/malta-init.c | 20 ++-- arch/s390/include/asm/pgtable.h | 12 +-- arch/s390/mm/pgtable.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 20 +++- block/blk-crypto.c | 2 +- drivers/ata/libata-scsi.c | 11 ++- drivers/bcma/main.c | 6 ++ drivers/gpio/gpiolib-swnode.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 +++++------- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 20 ++-- .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 60 ++++++++---- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 ++ .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 +++-- .../display/dc/link/protocols/link_dp_capability.c | 11 ++- drivers/gpu/drm/i915/display/intel_psr.c | 4 + drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 + drivers/gpu/drm/radeon/radeon_fence.c | 7 -- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/dsi.c | 9 -- drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/gpu/drm/xe/xe_vm.c | 4 +- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-quirks.c | 13 ++- drivers/infiniband/hw/irdma/Kconfig | 7 +- drivers/input/keyboard/cros_ec_keyb.c | 6 ++ drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 ++ drivers/input/touchscreen/goodix.c | 1 + drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 ++- drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 22 ++++- drivers/net/ethernet/intel/idpf/idpf_main.c | 2 + .../ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/nvme/host/fc.c | 15 +-- drivers/nvme/host/multipath.c | 2 +- drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 21 ++++- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 +- drivers/pinctrl/realtek/Kconfig | 1 + drivers/platform/x86/Kconfig | 1 + .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/platform/x86/msi-wmi-platform.c | 43 ++++++++- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/sg.c | 10 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/target/loopback/tcm_loop.c | 3 + drivers/tty/vt/vt_ioctl.c | 4 +- fs/exfat/super.c | 5 +- fs/isofs/inode.c | 5 + fs/smb/client/cached_dir.c | 43 ++++++++- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/fs_context.c | 4 + fs/xfs/scrub/symlink_repair.c | 4 +- include/linux/ata.h | 1 + include/net/tls.h | 25 ++--- include/net/xfrm.h | 3 +- kernel/time/timer.c | 7 +- lib/maple_tree.c | 30 +++--- mm/mempool.c | 32 +++++-- mm/shmem.c | 15 ++- net/devlink/rate.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv6/esp6_offload.c | 6 +- net/mptcp/options.c | 54 ++++++++++- net/mptcp/pm_netlink.c | 20 ++-- net/mptcp/protocol.c | 84 +++++++++++------ net/mptcp/protocol.h | 3 +- net/mptcp/subflow.c | 8 ++ net/openvswitch/actions.c | 68 +------------- net/openvswitch/flow_netlink.c | 64 ++----------- net/openvswitch/flow_netlink.h | 2 - net/tls/tls_device.c | 4 +- net/unix/af_unix.c | 36 ++++---- net/vmw_vsock/af_vsock.c | 40 ++++++-- net/xfrm/xfrm_output.c | 6 +- net/xfrm/xfrm_state.c | 8 +- net/xfrm/xfrm_user.c | 5 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/usb/endpoint.c | 3 +- sound/usb/mixer.c | 2 +- tools/arch/riscv/include/asm/csr.h | 5 +- tools/testing/selftests/net/bareudp.sh | 2 +- .../selftests/net/forwarding/lib_sh_test.sh | 7 ++ tools/testing/selftests/net/lib.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 ++-- tools/tracing/latency/latency-collector.c | 2 +- 113 files changed, 915 insertions(+), 561 deletions(-) From gregkh(a)linuxfoundation.org Thu Nov 27 16:03:46 2025 Message-ID: <20251127150346.182929229(a)linuxfoundation.org> User-Agent: quilt/0.69 Date: Thu, 27 Nov 2025 16:03:47 +0100 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> To: stable(a)vger.kernel.org Cc: patches(a)lists.linux.dev, linux-kernel(a)vger.kernel.org, torvalds(a)linux-foundation.org, akpm(a)linux-foundation.org, linux(a)roeck-us.net, shuah(a)kernel.org, patches(a)kernelci.org, lkft-triage(a)lists.linaro.org, pavel(a)denx.de, jonathanh(a)nvidia.com, f.fainelli(a)gmail.com, sudipm.mukherjee(a)gmail.com, rwarsow(a)gmx.de, conor(a)kernel.org, hargar(a)microsoft.com, broonie(a)kernel.org, achill(a)achill.org, sr(a)sladewatkins.com, Sebastian Ene <sebastianene(a)google.com>, Will Deacon <will(a)kernel.org>, Marc Zyngier <maz(a)kernel.org> X-stable: review X-Patchwork-Hint: ignore Subject: [PATCH 6.12 001/113] KVM: arm64: Check the untrusted offset in FF-A memory share MIME-Version: 1.0 6.12-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sebastian Ene <sebastianene(a)google.com> commit 103e17aac09cdd358133f9e00998b75d6c1f1518 upstream. Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX] is set from the host kernel. Signed-off-by: Sebastian Ene <sebastianene(a)google.com> Acked-by: Will Deacon <will(a)kernel.org> Link: https://patch.msgid.link/20251017075710.2605118-1-sebastianene@google.com Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/hyp/nvhe/ffa.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -437,7 +437,7 @@ static void __do_ffa_mem_xfer(const u64 struct ffa_mem_region_attributes *ep_mem_access; struct ffa_composite_mem_region *reg; struct ffa_mem_region *buf; - u32 offset, nr_ranges; + u32 offset, nr_ranges, checked_offset; int ret = 0; if (addr_mbz || npages_mbz || fraglen > len || @@ -474,7 +474,12 @@ static void __do_ffa_mem_xfer(const u64 goto out_unlock; } - if (fraglen < offset + sizeof(struct ffa_composite_mem_region)) { + if (check_add_overflow(offset, sizeof(struct ffa_composite_mem_region), &checked_offset)) { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + if (fraglen < checked_offset) { ret = FFA_RET_INVALID_PARAMETERS; goto out_unlock; }

1 day, 9 hours

8
7
0 0

[BUG] Missing backport for commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x")

by Slavin Liu

Hi, I would like to request backporting commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x") to all LTS kernels. This patch actually fixes a use-after-free issue, but it hasn't been backported to any of the LTS versions, which are still being affected. As the patch describes, a specific trigger scenario could be: If a tunnel packet is received (e.g., in ip_local_deliver()), with the outer layer being IPComp protocol and the inner layer being fragmented packets, during outer packet processing, it will go through xfrm_input() to hold a reference to the IPComp xfrm_state. Then, it is re-injected into the network stack via gro_cells_receive() and placed in the reassembly queue. When exiting the netns and calling cleanup_net(), although ipv4_frags_exit_net() is called before xfrm_net_exit(), due to asynchronous scheduling, fqdir_free_work() may execute after xfrm_state_fini(). In xfrm_state_fini(), xfrm_state_flush() puts and deletes the xfrm_state for IPPROTO_COMP, but does not delete the xfrm_state for IPPROTO_IPIP. Meanwhile, the skb in the reassembly queue holds the last reference to the IPPROTO_COMP xfrm_state, so it isn't destroyed yet. Only when the skb in the reassembly queue is destroyed does the IPPROTO_COMP xfrm_state get fully destroyed, which calls ipcomp_destroy() to delete the IPPROTO_IPIP xfrm_state. However, by this time, the hash tables (net->xfrm.state_byxxx) have already been kfreed in xfrm_state_fini(), leading to a use-after-free during the deletion. The bug has existed since kernel v2.6.29, so the patch should be backported to all LTS kernels. thanks, Slavin Liu

1 day, 9 hours

1
1
0 0

+ idr-fix-idr_alloc-returning-an-id-out-of-range.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: idr: fix idr_alloc() returning an ID out of range has been added to the -mm mm-hotfixes-unstable branch. Its filename is idr-fix-idr_alloc-returning-an-id-out-of-range.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: idr: fix idr_alloc() returning an ID out of range Date: Fri, 28 Nov 2025 16:18:32 +0000 If you use an IDR with a non-zero base, and specify a range that lies entirely below the base, 'max - base' becomes very large and idr_get_free() can return an ID that lies outside of the requested range. Link: https://lkml.kernel.org/r/20251128161853.3200058-1-willy@infradead.org Fixes: 6ce711f27500 ("idr: Make 1-based IDRs more efficient") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: Jan Sokolowski <jan.sokolowski(a)intel.com> Reported-by: Koen Koning <koen.koning(a)intel.com> Reported-by: Peter Senna Tschudin <peter.senna(a)linux.intel.com> Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6449 Reviewed-by: Christian K��nig <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/idr.c | 2 ++ tools/testing/radix-tree/idr-test.c | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) --- a/lib/idr.c~idr-fix-idr_alloc-returning-an-id-out-of-range +++ a/lib/idr.c @@ -40,6 +40,8 @@ int idr_alloc_u32(struct idr *idr, void if (WARN_ON_ONCE(!(idr->idr_rt.xa_flags & ROOT_IS_IDR))) idr->idr_rt.xa_flags |= IDR_RT_MARKER; + if (max < base) + return -ENOSPC; id = (id < base) ? 0 : id - base; radix_tree_iter_init(&iter, id); --- a/tools/testing/radix-tree/idr-test.c~idr-fix-idr_alloc-returning-an-id-out-of-range +++ a/tools/testing/radix-tree/idr-test.c @@ -57,6 +57,26 @@ void idr_alloc_test(void) idr_destroy(&idr); } +void idr_alloc2_test(void) +{ + int id; + struct idr idr = IDR_INIT_BASE(idr, 1); + + id = idr_alloc(&idr, idr_alloc2_test, 0, 1, GFP_KERNEL); + assert(id == -ENOSPC); + + id = idr_alloc(&idr, idr_alloc2_test, 1, 2, GFP_KERNEL); + assert(id == 1); + + id = idr_alloc(&idr, idr_alloc2_test, 0, 1, GFP_KERNEL); + assert(id == -ENOSPC); + + id = idr_alloc(&idr, idr_alloc2_test, 0, 2, GFP_KERNEL); + assert(id == -ENOSPC); + + idr_destroy(&idr); +} + void idr_replace_test(void) { DEFINE_IDR(idr); @@ -409,6 +429,7 @@ void idr_checks(void) idr_replace_test(); idr_alloc_test(); + idr_alloc2_test(); idr_null_test(); idr_nowait_test(); idr_get_next_test(0); _ Patches currently in -mm which might be from willy(a)infradead.org are idr-fix-idr_alloc-returning-an-id-out-of-range.patch mm-fix-vma_start_write_killable-signal-handling.patch

1 day, 10 hours

1
0
0 0

[PATCH 6.6 00/86] 6.6.118-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.118 release. There are 86 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 29 Nov 2025 14:40:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.118-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.118-rc1 Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Fabio M. De Francesco <fabio.maria.de.francesco(a)linux.intel.com> mm/mempool: replace kmap_atomic() with kmap_local_page() Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer transfer Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pmdomain: imx-gpc: Convert to platform remove callback returning void Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Song Liu <song(a)kernel.org> ftrace: Fix BPF fexit with livepatch Sourabh Jain <sourabhjain(a)linux.ibm.com> crash: fix crashkernel resource shrink Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Martin Kaiser <martin(a)kaiser.cx> maple_tree: fix tracepoint string pointers Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Check the untrusted offset in FF-A memory share Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix incomplete backport in cfids_invalidation_worker() Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix __ptep_rdp() inline assembly Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: compress: change the first parameter of page_array_{alloc,free} to sbi Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Limit Entrysign signature checking to known generations Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> cifs: fix memory leak in smb3_fs_context_parse_param error path Thomas Weißschuh <linux(a)weissschuh.net> LoongArch: Use UAPI types in ptrace UAPI header Pradyumn Rahar <pradyumn.rahar(a)oracle.com> net/mlx5: Clean up only new IRQ glue on request_irq() failure Shay Drory <shayd(a)nvidia.com> devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Alejandro Colomar <alx(a)kernel.org> kernel.h: Move ARRAY_SIZE() to a separate header Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Prevent locally generated packets from direct output in tunnel mode Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Move sleep into each retry for retrieve_link_cap() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase DPCD read retries Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() Nam Cao <namcao(a)linutronix.de> nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Hans de Goede <hdegoede(a)redhat.com> Input: goodix - add support for ACPI ID GDIX1003 Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: introduce close_cached_dir_locked() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Mike Yuan <me(a)yhndnzj.com> shmem: fix tmpfs reconfiguration (remount) when noswap is set Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +++--- Makefile | 4 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 9 +- arch/loongarch/include/uapi/asm/ptrace.h | 40 ++++---- arch/loongarch/pci/pci.c | 8 +- arch/mips/mm/tlb-r4k.c | 102 +++++++++++++-------- arch/mips/mti-malta/malta-init.c | 20 ++-- arch/s390/include/asm/pgtable.h | 12 +-- arch/s390/mm/pgtable.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 20 +++- drivers/ata/libata-scsi.c | 11 ++- drivers/bcma/main.c | 6 ++ drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 ++- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- .../display/dc/link/protocols/link_dp_capability.c | 11 ++- drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 + drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/dsi.c | 9 -- drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-quirks.c | 13 ++- drivers/input/keyboard/cros_ec_keyb.c | 6 ++ drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 ++ drivers/input/touchscreen/goodix.c | 1 + drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 ++- drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/nvme/host/fc.c | 15 +-- drivers/nvme/host/multipath.c | 2 +- drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 21 ++++- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 +- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/pmdomain/imx/gpc.c | 22 +++-- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/sg.c | 10 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/target/loopback/tcm_loop.c | 3 + drivers/uio/uio_hv_generic.c | 21 ++++- fs/exfat/super.c | 5 +- fs/f2fs/compress.c | 74 +++++++-------- fs/f2fs/f2fs.h | 2 + fs/smb/client/cached_dir.c | 43 ++++++++- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/fs_context.c | 4 + include/linux/array_size.h | 13 +++ include/linux/ata.h | 1 + include/linux/kernel.h | 7 +- include/linux/string.h | 1 + include/net/tls.h | 6 ++ include/net/xfrm.h | 3 +- kernel/bpf/trampoline.c | 4 - kernel/kexec_core.c | 2 +- kernel/time/timer.c | 7 +- kernel/trace/ftrace.c | 20 ++-- lib/maple_tree.c | 32 ++++--- mm/mempool.c | 32 +++++-- mm/shmem.c | 15 ++- net/devlink/rate.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv6/esp6_offload.c | 6 +- net/mptcp/options.c | 54 ++++++++++- net/mptcp/pm_netlink.c | 20 ++-- net/mptcp/protocol.c | 48 +++++++--- net/mptcp/protocol.h | 3 +- net/mptcp/subflow.c | 8 ++ net/openvswitch/actions.c | 68 +------------- net/openvswitch/flow_netlink.c | 64 ++----------- net/openvswitch/flow_netlink.h | 2 - net/tls/tls_device.c | 4 +- net/vmw_vsock/af_vsock.c | 40 ++++++-- net/wireless/reg.c | 5 + net/xfrm/xfrm_output.c | 6 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/usb/mixer.c | 2 +- tools/testing/selftests/net/bareudp.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 8 +- tools/tracing/latency/latency-collector.c | 2 +- 88 files changed, 714 insertions(+), 444 deletions(-)

1 day, 10 hours

8
93
0 0

please consider to backport "drm/i915/dp: Initialize the source OUI write timestamp always"

by H. Nikolaus Schaller

Adding this patch solves an observed 5 minutes wait delay issue with stable kernels (up to v6.12) on my AcePC T11 (with Atom Z8350 Cherry Trail). Commit is 5861258c4e6a("drm/i915/dp: Initialize the source OUI write timestamp always") resp. https://patchwork.freedesktop.org/patch/621660/ It apparently appeared upstream with v6.13-rc1 but got not backported. BR and thanks, Nikolaus

1 day, 10 hours

1
0
0 0

FAILED: patch "[PATCH] mptcp: avoid unneeded subflow-level drops" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4f102d747cadd8f595f2b25882eed9bec1675fb1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112459-askew-underhand-3094@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f102d747cadd8f595f2b25882eed9bec1675fb1 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 18 Nov 2025 08:20:20 +0100 Subject: [PATCH] mptcp: avoid unneeded subflow-level drops The rcv window is shared among all the subflows. Currently, MPTCP sync the TCP-level rcv window with the MPTCP one at tcp_transmit_skb() time. The above means that incoming data may sporadically observe outdated TCP-level rcv window and being wrongly dropped by TCP. Address the issue checking for the edge condition before queuing the data at TCP level, and eventually syncing the rcv window as needed. Note that the issue is actually present from the very first MPTCP implementation, but backports older than the blamed commit below will range from impossible to useless. Before: $ nstat -n; sleep 1; nstat -z TcpExtBeyondWindow TcpExtBeyondWindow 14 0.0 After: $ nstat -n; sleep 1; nstat -z TcpExtBeyondWindow TcpExtBeyondWindow 0 0.0 Fixes: fa3fe2b15031 ("mptcp: track window announced to peer") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20251118-net-mptcp-misc-fixes-6-18-rc6-v1-2-806d37… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 8a63bd00807d..f24ae7d40e88 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -1044,6 +1044,31 @@ static void __mptcp_snd_una_update(struct mptcp_sock *msk, u64 new_snd_una) WRITE_ONCE(msk->snd_una, new_snd_una); } +static void rwin_update(struct mptcp_sock *msk, struct sock *ssk, + struct sk_buff *skb) +{ + struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); + struct tcp_sock *tp = tcp_sk(ssk); + u64 mptcp_rcv_wnd; + + /* Avoid touching extra cachelines if TCP is going to accept this + * skb without filling the TCP-level window even with a possibly + * outdated mptcp-level rwin. + */ + if (!skb->len || skb->len < tcp_receive_window(tp)) + return; + + mptcp_rcv_wnd = atomic64_read(&msk->rcv_wnd_sent); + if (!after64(mptcp_rcv_wnd, subflow->rcv_wnd_sent)) + return; + + /* Some other subflow grew the mptcp-level rwin since rcv_wup, + * resync. + */ + tp->rcv_wnd += mptcp_rcv_wnd - subflow->rcv_wnd_sent; + subflow->rcv_wnd_sent = mptcp_rcv_wnd; +} + static void ack_update_msk(struct mptcp_sock *msk, struct sock *ssk, struct mptcp_options_received *mp_opt) @@ -1211,6 +1236,7 @@ bool mptcp_incoming_options(struct sock *sk, struct sk_buff *skb) */ if (mp_opt.use_ack) ack_update_msk(msk, sk, &mp_opt); + rwin_update(msk, sk, skb); /* Zero-data-length packets are dropped by the caller and not * propagated to the MPTCP layer, so the skb extension does not @@ -1297,6 +1323,10 @@ static void mptcp_set_rwin(struct tcp_sock *tp, struct tcphdr *th) if (rcv_wnd_new != rcv_wnd_old) { raise_win: + /* The msk-level rcv wnd is after the tcp level one, + * sync the latter. + */ + rcv_wnd_new = rcv_wnd_old; win = rcv_wnd_old - ack_seq; tp->rcv_wnd = min_t(u64, win, U32_MAX); new_win = tp->rcv_wnd; @@ -1320,6 +1350,7 @@ static void mptcp_set_rwin(struct tcp_sock *tp, struct tcphdr *th) update_wspace: WRITE_ONCE(msk->old_wspace, tp->rcv_wnd); + subflow->rcv_wnd_sent = rcv_wnd_new; } static void mptcp_track_rwin(struct tcp_sock *tp) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 379a88e14e8d..5575ef64ea31 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -509,6 +509,7 @@ struct mptcp_subflow_context { u64 remote_key; u64 idsn; u64 map_seq; + u64 rcv_wnd_sent; u32 snd_isn; u32 token; u32 rel_write_seq;

1 day, 11 hours

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: rm: set backup flag" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x aea73bae662a0e184393d6d7d0feb18d2577b9b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112013-amusable-thesis-e973@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aea73bae662a0e184393d6d7d0feb18d2577b9b9 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 10 Nov 2025 19:23:41 +0100 Subject: [PATCH] selftests: mptcp: join: rm: set backup flag Some of these 'remove' tests rarely fail because a subflow has been reset instead of cleanly removed. This can happen when one extra subflow which has never carried data is being closed (FIN) on one side, while the other is sending data for the first time. To avoid such subflows to be used right at the end, the backup flag has been added. With that, data will be only carried on the initial subflow. Fixes: d2c4333a801c ("selftests: mptcp: add testcases for removing addrs") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20251110-net-mptcp-sft-join-unstable-v1-2-a4332c71… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 78a1aa4ecff2..9ed9ec7202d6 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -2532,7 +2532,7 @@ remove_tests() if reset "remove single subflow"; then pm_nl_set_limits $ns1 0 1 pm_nl_set_limits $ns2 0 1 - pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow + pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow,backup addr_nr_ns2=-1 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 1 @@ -2545,8 +2545,8 @@ remove_tests() if reset "remove multiple subflows"; then pm_nl_set_limits $ns1 0 2 pm_nl_set_limits $ns2 0 2 - pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow - pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow + pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow,backup + pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow,backup addr_nr_ns2=-2 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 2 2 2 @@ -2557,7 +2557,7 @@ remove_tests() # single address, remove if reset "remove single address"; then pm_nl_set_limits $ns1 0 1 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal,backup pm_nl_set_limits $ns2 1 1 addr_nr_ns1=-1 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 @@ -2570,9 +2570,9 @@ remove_tests() # subflow and signal, remove if reset "remove subflow and signal"; then pm_nl_set_limits $ns1 0 2 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal,backup pm_nl_set_limits $ns2 1 2 - pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow + pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow,backup addr_nr_ns1=-1 addr_nr_ns2=-1 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 2 2 2 @@ -2584,10 +2584,10 @@ remove_tests() # subflows and signal, remove if reset "remove subflows and signal"; then pm_nl_set_limits $ns1 0 3 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal,backup pm_nl_set_limits $ns2 1 3 - pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow - pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow + pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow,backup + pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow,backup addr_nr_ns1=-1 addr_nr_ns2=-2 speed=10 \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 3 3 3 @@ -2599,9 +2599,9 @@ remove_tests() # addresses remove if reset "remove addresses"; then pm_nl_set_limits $ns1 3 3 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal id 250 - pm_nl_add_endpoint $ns1 10.0.3.1 flags signal - pm_nl_add_endpoint $ns1 10.0.4.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal,backup id 250 + pm_nl_add_endpoint $ns1 10.0.3.1 flags signal,backup + pm_nl_add_endpoint $ns1 10.0.4.1 flags signal,backup pm_nl_set_limits $ns2 3 3 addr_nr_ns1=-3 speed=10 \ run_tests $ns1 $ns2 10.0.1.1 @@ -2614,10 +2614,10 @@ remove_tests() # invalid addresses remove if reset "remove invalid addresses"; then pm_nl_set_limits $ns1 3 3 - pm_nl_add_endpoint $ns1 10.0.12.1 flags signal + pm_nl_add_endpoint $ns1 10.0.12.1 flags signal,backup # broadcast IP: no packet for this address will be received on ns1 - pm_nl_add_endpoint $ns1 224.0.0.1 flags signal - pm_nl_add_endpoint $ns1 10.0.3.1 flags signal + pm_nl_add_endpoint $ns1 224.0.0.1 flags signal,backup + pm_nl_add_endpoint $ns1 10.0.3.1 flags signal,backup pm_nl_set_limits $ns2 2 2 addr_nr_ns1=-3 speed=10 \ run_tests $ns1 $ns2 10.0.1.1 @@ -2631,10 +2631,10 @@ remove_tests() # subflows and signal, flush if reset "flush subflows and signal"; then pm_nl_set_limits $ns1 0 3 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal,backup pm_nl_set_limits $ns2 1 3 - pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow - pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow + pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow,backup + pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow,backup addr_nr_ns1=-8 addr_nr_ns2=-8 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 3 3 3 @@ -2647,9 +2647,9 @@ remove_tests() if reset "flush subflows"; then pm_nl_set_limits $ns1 3 3 pm_nl_set_limits $ns2 3 3 - pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow id 150 - pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow - pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow + pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow,backup id 150 + pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow,backup + pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow,backup addr_nr_ns1=-8 addr_nr_ns2=-8 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 3 3 3 @@ -2666,9 +2666,9 @@ remove_tests() # addresses flush if reset "flush addresses"; then pm_nl_set_limits $ns1 3 3 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal id 250 - pm_nl_add_endpoint $ns1 10.0.3.1 flags signal - pm_nl_add_endpoint $ns1 10.0.4.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal,backup id 250 + pm_nl_add_endpoint $ns1 10.0.3.1 flags signal,backup + pm_nl_add_endpoint $ns1 10.0.4.1 flags signal,backup pm_nl_set_limits $ns2 3 3 addr_nr_ns1=-8 addr_nr_ns2=-8 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 @@ -2681,9 +2681,9 @@ remove_tests() # invalid addresses flush if reset "flush invalid addresses"; then pm_nl_set_limits $ns1 3 3 - pm_nl_add_endpoint $ns1 10.0.12.1 flags signal - pm_nl_add_endpoint $ns1 10.0.3.1 flags signal - pm_nl_add_endpoint $ns1 10.0.14.1 flags signal + pm_nl_add_endpoint $ns1 10.0.12.1 flags signal,backup + pm_nl_add_endpoint $ns1 10.0.3.1 flags signal,backup + pm_nl_add_endpoint $ns1 10.0.14.1 flags signal,backup pm_nl_set_limits $ns2 3 3 addr_nr_ns1=-8 speed=slow \ run_tests $ns1 $ns2 10.0.1.1

1 day, 11 hours

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror