- Linux-stable-mirror - lists.linaro.org

[PATCH v3 01/10] crypto: virtio: Add spinlock protection with virtqueue notification

by Bibo Mao

When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well. Fixes: fed93fb62e05 ("crypto: virtio - Handle dataq logic with tasklet") Cc: stable(a)vger.kernel.org Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- drivers/crypto/virtio/virtio_crypto_core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c index 3d241446099c..ccc6b5c1b24b 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -75,15 +75,20 @@ static void virtcrypto_done_task(unsigned long data) struct data_queue *data_vq = (struct data_queue *)data; struct virtqueue *vq = data_vq->vq; struct virtio_crypto_request *vc_req; + unsigned long flags; unsigned int len; + spin_lock_irqsave(&data_vq->lock, flags); do { virtqueue_disable_cb(vq); while ((vc_req = virtqueue_get_buf(vq, &len)) != NULL) { + spin_unlock_irqrestore(&data_vq->lock, flags); if (vc_req->alg_cb) vc_req->alg_cb(vc_req, len); + spin_lock_irqsave(&data_vq->lock, flags); } } while (!virtqueue_enable_cb(vq)); + spin_unlock_irqrestore(&data_vq->lock, flags); } static void virtcrypto_dataq_callback(struct virtqueue *vq) -- 2.39.3

1 week, 1 day

2
1
0 0

[PATCH] mpi3mr: Prevent duplicate SAS/SATA device entries in channel 1

by Suganath Prabu S

This fix avoids scanning of SAS/SATA devices in channel 1 when SAS transport is enabled as the SAS/SATA devices are exposed through channel 0 when SAS transport is enabled. Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Signed-off-by: Suganath Prabu S <suganath-prabu.subramani(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr.h | 4 ++-- drivers/scsi/mpi3mr/mpi3mr_os.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index 6742684..31d68c1 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -56,8 +56,8 @@ extern struct list_head mrioc_list; extern int prot_mask; extern atomic64_t event_counter; -#define MPI3MR_DRIVER_VERSION "8.15.0.5.50" -#define MPI3MR_DRIVER_RELDATE "12-August-2025" +#define MPI3MR_DRIVER_VERSION "8.15.0.5.51" +#define MPI3MR_DRIVER_RELDATE "18-November-2025" #define MPI3MR_DRIVER_NAME "mpi3mr" #define MPI3MR_DRIVER_LICENSE "GPL" diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index b88633e..bca3671 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -1184,6 +1184,8 @@ static void mpi3mr_update_tgtdev(struct mpi3mr_ioc *mrioc, if (is_added == true) tgtdev->io_throttle_enabled = (flags & MPI3_DEVICE0_FLAGS_IO_THROTTLING_REQUIRED) ? 1 : 0; + if(!mrioc->sas_transport_enabled) + tgtdev->non_stl = 1; switch (flags & MPI3_DEVICE0_FLAGS_MAX_WRITE_SAME_MASK) { case MPI3_DEVICE0_FLAGS_MAX_WRITE_SAME_256_LB: @@ -4844,7 +4846,7 @@ static int mpi3mr_target_alloc(struct scsi_target *starget) spin_lock_irqsave(&mrioc->tgtdev_lock, flags); if (starget->channel == mrioc->scsi_device_channel) { tgt_dev = __mpi3mr_get_tgtdev_by_perst_id(mrioc, starget->id); - if (tgt_dev && !tgt_dev->is_hidden) { + if (tgt_dev && !tgt_dev->is_hidden && tgt_dev->non_stl) { scsi_tgt_priv_data->starget = starget; scsi_tgt_priv_data->dev_handle = tgt_dev->dev_handle; scsi_tgt_priv_data->perst_id = tgt_dev->perst_id; -- 2.47.3

1 week, 1 day

3
3
0 0

Investitionsprojekt

by Kontakt

Guten Morgen, mein Name ist Shun Tung, und ich vertrete die Interessen der Familie Wing Mau, die an verschiedenen Investitionsmöglichkeiten in Ihrem Land interessiert ist. Besonders interessieren wir uns für die Sektoren Immobilien, Tourismus, erneuerbare Energien und Fertigung. Aufgrund politischer Herausforderungen in unserem Heimatland suchen wir einen zuverlässigen und vertrauenswürdigen Partner im Ausland, der diese Investitionen in unserem Auftrag verwaltet und absichert. Ihre Rolle würde darin bestehen, die Investitionen zu überwachen und sicherzustellen, dass sie erfolgreich sind. Im Gegenzug würden Sie einen vereinbarten Prozentsatz der Managementgebühren erhalten, während die Gewinne gleichmäßig zwischen beiden Parteien aufgeteilt werden. Falls dieses Angebot Ihr Interesse weckt, würde ich mich über ein weiteres Gespräch freuen. Ich freue mich auf Ihre Antwort. Mit freundlichen Grüßen, Shun Tung

1 week, 1 day

1
0
0 0

Re: [PATCH V6] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by Richard Lyu

What is the current status of this patch? Link: https://lore.kernel.org/lkml/1752290685-22164-1-git-send-email-yangge1116@1… Best Regards, Richard Lyu

1 week, 1 day

1
0
0 0

[PATCH v3 01/10] crypto: virtio: Add spinlock protection with virtqueue notification

by Bibo Mao

When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well. Fixes: fed93fb62e05 ("crypto: virtio - Handle dataq logic with tasklet") Cc: stable(a)vger.kernel.org Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- drivers/crypto/virtio/virtio_crypto_core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c index 3d241446099c..ccc6b5c1b24b 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -75,15 +75,20 @@ static void virtcrypto_done_task(unsigned long data) struct data_queue *data_vq = (struct data_queue *)data; struct virtqueue *vq = data_vq->vq; struct virtio_crypto_request *vc_req; + unsigned long flags; unsigned int len; + spin_lock_irqsave(&data_vq->lock, flags); do { virtqueue_disable_cb(vq); while ((vc_req = virtqueue_get_buf(vq, &len)) != NULL) { + spin_unlock_irqrestore(&data_vq->lock, flags); if (vc_req->alg_cb) vc_req->alg_cb(vc_req, len); + spin_lock_irqsave(&data_vq->lock, flags); } } while (!virtqueue_enable_cb(vq)); + spin_unlock_irqrestore(&data_vq->lock, flags); } static void virtcrypto_dataq_callback(struct virtqueue *vq) -- 2.39.3

1 week, 1 day

1
0
0 0

[PATCH V2] mm/slab: ensure all metadata in slab object are word-aligned

by Harry Yoo

When the SLAB_STORE_USER debug flag is used, any metadata placed after the original kmalloc request size (orig_size) is not properly aligned on 64-bit architectures because its type is unsigned int. When both KASAN and SLAB_STORE_USER are enabled, kasan_alloc_meta is misaligned. Note that 64-bit architectures without HAVE_EFFICIENT_UNALIGNED_ACCESS are assumed to require 64-bit accesses to be 64-bit aligned. See HAVE_64BIT_ALIGNED_ACCESS and commit adab66b71abf ("Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"") for more details. Because not all architectures support unaligned memory accesses, ensure that all metadata (track, orig_size, kasan_{alloc,free}_meta) in a slab object are word-aligned. struct track, kasan_{alloc,free}_meta are aligned by adding __aligned(__alignof__(unsigned long)). For orig_size, use ALIGN(sizeof(unsigned int), sizeof(unsigned long)) to make clear that its size remains unsigned int but it must be aligned to a word boundary. On 64-bit architectures, this reserves 8 bytes for orig_size, which is acceptable since kmalloc's original request size tracking is intended for debugging rather than production use. Cc: stable(a)vger.kernel.org Fixes: 6edf2576a6cc ("mm/slub: enable debugging memory wasting of kmalloc") Acked-by: Andrey Konovalov <andreyknvl(a)gmail.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- v1 -> v2: - Added Andrey's Acked-by. - Added references to HAVE_64BIT_ALIGNED_ACCESS and the commit that resurrected it. - Used __alignof__() instead of sizeof(), as suggested by Pedro (off-list). Note: either __alignof__ or sizeof() produces the exactly same mm/slub.o files, so there's no functional difference. Thanks! mm/kasan/kasan.h | 4 ++-- mm/slub.c | 16 +++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 129178be5e64..b86b6e9f456a 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -265,7 +265,7 @@ struct kasan_alloc_meta { struct kasan_track alloc_track; /* Free track is stored in kasan_free_meta. */ depot_stack_handle_t aux_stack[2]; -}; +} __aligned(__alignof__(unsigned long)); struct qlist_node { struct qlist_node *next; @@ -289,7 +289,7 @@ struct qlist_node { struct kasan_free_meta { struct qlist_node quarantine_link; struct kasan_track free_track; -}; +} __aligned(__alignof__(unsigned long)); #endif /* CONFIG_KASAN_GENERIC */ diff --git a/mm/slub.c b/mm/slub.c index a585d0ac45d4..462a39d57b3a 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -344,7 +344,7 @@ struct track { int cpu; /* Was running on cpu */ int pid; /* Pid context */ unsigned long when; /* When did the operation occur */ -}; +} __aligned(__alignof__(unsigned long)); enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -1196,7 +1196,7 @@ static void print_trailer(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (slub_debug_orig_size(s)) - off += sizeof(unsigned int); + off += ALIGN(sizeof(unsigned int), __alignof__(unsigned long)); off += kasan_metadata_size(s, false); @@ -1392,7 +1392,8 @@ static int check_pad_bytes(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (s->flags & SLAB_KMALLOC) - off += sizeof(unsigned int); + off += ALIGN(sizeof(unsigned int), + __alignof__(unsigned long)); } off += kasan_metadata_size(s, false); @@ -7820,9 +7821,14 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s) */ size += 2 * sizeof(struct track); - /* Save the original kmalloc request size */ + /* + * Save the original kmalloc request size. + * Although the request size is an unsigned int, + * make sure that is aligned to word boundary. + */ if (flags & SLAB_KMALLOC) - size += sizeof(unsigned int); + size += ALIGN(sizeof(unsigned int), + __alignof__(unsigned long)); } #endif -- 2.43.0

1 week, 1 day

2
3
0 0

[BUG] Missing backport for commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x")

by Slavin Liu

Hi, I would like to request backporting commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x") to all LTS kernels. This patch actually fixes a use-after-free issue, but it hasn't been backported to any of the LTS versions, which are still being affected. As the patch describes, a specific trigger scenario could be: If a tunnel packet is received (e.g., in ip_local_deliver()), with the outer layer being IPComp protocol and the inner layer being fragmented packets, during outer packet processing, it will go through xfrm_input() to hold a reference to the IPComp xfrm_state. Then, it is re-injected into the network stack via gro_cells_receive() and placed in the reassembly queue. When exiting the netns and calling cleanup_net(), although ipv4_frags_exit_net() is called before xfrm_net_exit(), due to asynchronous scheduling, fqdir_free_work() may execute after xfrm_state_fini(). In xfrm_state_fini(), xfrm_state_flush() puts and deletes the xfrm_state for IPPROTO_COMP, but does not delete the xfrm_state for IPPROTO_IPIP. Meanwhile, the skb in the reassembly queue holds the last reference to the IPPROTO_COMP xfrm_state, so it isn't destroyed yet. Only when the skb in the reassembly queue is destroyed does the IPPROTO_COMP xfrm_state get fully destroyed, which calls ipcomp_destroy() to delete the IPPROTO_IPIP xfrm_state. However, by this time, the hash tables (net->xfrm.state_byxxx) have already been kfreed in xfrm_state_fini(), leading to a use-after-free during the deletion. The bug has existed since kernel v2.6.29, so the patch should be backported to all LTS kernels. thanks, Slavin Liu

1 week, 1 day

3
4
0 0

More details about DUOONE OLED for your setup

by InnLead Innovative

More details about DUOONE OLED for your setup Hello, Following up on your interest in portable dual-screen setups, I’d love to share the latest details about the DUOONE OLED SPAN & FOLD, now launching on Kickstarter. This monitor is designed to eliminate the hassle of heavy or complicated multi-screen setups—whether you're gaming with friends or getting work done. Here’s what makes it stand out: • True Portability – Ultra-light design that fits in your bag, ready for work or play anywhere. • One-Cable Setup – Connect with a single USB-C cable (HDMI supported as well). • OLED Visuals – Vivid colors, deep blacks, and smooth motion for gaming, design, and content creation. • Flexible Modes – Switch between extended desktop for productivity or head-to-head mode for multiplayer gaming. You can view the full specs and current Kickstarter pricing here: View product details on Kickstarter ( https://eeenew.com/index.php?option=com_acym&ctrl=fronturl&task=click&urlid… ) If you have any questions, feel free to reply — happy to help anytime. Best regards, Shirley Xue DUOONE OLED Team

1 week, 1 day

1
0
0 0

[PATCH AUTOSEL 6.18-6.1] ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit b39a1833cc4a2755b02603eec3a71a85e9dff926 ] Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Reported-by: Zhitong Liu <liuzhitong1993(a)gmail.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ### 3. CLASSIFICATION This is a **security/stability bug fix**: - **Use-after-free (UAF)** is a serious memory safety issue - ksmbd is **network-facing code** (SMB server) - security-sensitive - Can lead to kernel crashes, data corruption, or potential remote exploitation ### 4. SCOPE AND RISK ASSESSMENT **Size**: ~30 lines changed across 3 files **Files affected**: - `fs/smb/server/mgmt/tree_connect.c` - core reference counting logic - `fs/smb/server/mgmt/tree_connect.h` - struct definition - `fs/smb/server/smb2pdu.c` - disconnect path **Technical mechanism of the bug**: The previous fix (commit 33b235a6e6ebe) introduced a waitqueue-based refcount mechanism: 1. `ksmbd_tree_conn_disconnect()` would decrement refcount, wait for it to hit 0, then always call `kfree()` 2. `ksmbd_tree_connect_put()` would decrement refcount and wake up waiters **The race condition**: - Thread A: In disconnect, waits for refcount to hit 0, then runs more code before `kfree()` - Thread B: Drops last reference via `_put()`, refcount hits 0 - Thread A: Wakes up, but Thread B might still be executing code that accesses `tcon` - Thread A: Frees `tcon` - Thread B: UAF when accessing `tcon` after `_put()` returns **The fix**: Changes to standard "kref-style" reference counting: - Whoever drops refcount to 0 immediately calls `kfree()` - No window between refcount hitting 0 and free - Removes the buggy waitqueue mechanism entirely **Risk**: LOW - The new pattern (free on last put) is the standard kernel pattern (kref) - Simpler code is easier to verify correct - Self-contained within tree_connect subsystem ### 5. USER IMPACT - **Affected users**: Anyone running ksmbd (kernel SMB server) - **Trigger**: High concurrency - realistic for file servers - **Severity**: HIGH - kernel crash or potential security exploitation - **Real-world occurrence**: Two Reported-by tags confirm users hit this ### 6. STABILITY INDICATORS - Signed-off by ksmbd maintainer (Namjae Jeon) and CIFS/SMB maintainer (Steve French) - Two independent reporters indicate real bug - The buggy code was introduced in commit 33b235a6e6ebe (v6.6-rc1) ### 7. DEPENDENCY CHECK - The fix is self-contained - Depends only on commit 33b235a6e6ebe being present (which introduced the bug) - Affects: v6.6 and all later versions - Should apply cleanly - only 2 minor unrelated commits to tree_connect.c since the buggy commit ### Summary | Criterion | Assessment | |-----------|------------| | Fixes real bug | ✅ UAF in network-facing code | | Security impact | ✅ High - potential remote exploitation | | Small and contained | ✅ ~30 lines, 3 files, single subsystem | | No new features | ✅ Pure bug fix | | User-reported | ✅ Two Reported-by tags | | Clean backport | ✅ Self-contained fix | This commit fixes a use-after-free vulnerability in ksmbd, the in-kernel SMB server. The bug exists in the reference counting mechanism for tree connections and can be triggered under concurrent access - a realistic scenario for network file servers. UAF bugs in network-facing kernel code are serious security issues. The fix is small, uses a well- established kernel pattern (kref-style refcounting), and is self- contained. It should be backported to all stable kernels containing commit 33b235a6e6ebe (v6.6+). **YES** fs/smb/server/mgmt/tree_connect.c | 18 ++++-------------- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/smb2pdu.c | 3 --- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index ecfc575086712..d3483d9c757c7 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -78,7 +78,6 @@ ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) tree_conn->t_state = TREE_NEW; status.tree_conn = tree_conn; atomic_set(&tree_conn->refcount, 1); - init_waitqueue_head(&tree_conn->refcount_q); ret = xa_err(xa_store(&sess->tree_conns, tree_conn->id, tree_conn, KSMBD_DEFAULT_GFP)); @@ -100,14 +99,8 @@ ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon) { - /* - * Checking waitqueue to releasing tree connect on - * tree disconnect. waitqueue_active is safe because it - * uses atomic operation for condition. - */ - if (!atomic_dec_return(&tcon->refcount) && - waitqueue_active(&tcon->refcount_q)) - wake_up(&tcon->refcount_q); + if (atomic_dec_and_test(&tcon->refcount)) + kfree(tcon); } int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, @@ -119,14 +112,11 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, xa_erase(&sess->tree_conns, tree_conn->id); write_unlock(&sess->tree_conns_lock); - if (!atomic_dec_and_test(&tree_conn->refcount)) - wait_event(tree_conn->refcount_q, - atomic_read(&tree_conn->refcount) == 0); - ret = ksmbd_ipc_tree_disconnect_request(sess->id, tree_conn->id); ksmbd_release_tree_conn_id(sess, tree_conn->id); ksmbd_share_config_put(tree_conn->share_conf); - kfree(tree_conn); + if (atomic_dec_and_test(&tree_conn->refcount)) + kfree(tree_conn); return ret; } diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index a42cdd0510411..f0023d86716f2 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -33,7 +33,6 @@ struct ksmbd_tree_connect { int maximal_access; bool posix_extensions; atomic_t refcount; - wait_queue_head_t refcount_q; unsigned int t_state; }; diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 447e76da44409..aae42d2abf7bc 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2200,7 +2200,6 @@ int smb2_tree_disconnect(struct ksmbd_work *work) goto err_out; } - WARN_ON_ONCE(atomic_dec_and_test(&tcon->refcount)); tcon->t_state = TREE_DISCONNECTED; write_unlock(&sess->tree_conns_lock); @@ -2210,8 +2209,6 @@ int smb2_tree_disconnect(struct ksmbd_work *work) goto err_out; } - work->tcon = NULL; - rsp->StructureSize = cpu_to_le16(4); err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_tree_disconnect_rsp)); -- 2.51.0

1 week, 1 day

1
44
0 0

[PATCH 6.17 000/146] 6.17.11-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.11 release. There are 146 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Dec 2025 15:23:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.11-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.11-rc1 Siddharth Vadapalli <s-vadapalli(a)ti.com> spi: cadence-quadspi: Fix cqspi_probe() error handling for runtime pm Punit Agrawal <punit.agrawal(a)oss.qualcomm.com> Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" Jimmy Hu <hhhuuu(a)google.com> usb: gadget: udc: fix use-after-free in usb_gadget_state_work Kuen-Han Tsai <khtsai(a)google.com> usb: udc: Add trace event for usb_gadget_set_state Youngjun Park <youngjun.park(a)lge.com> mm: swap: remove duplicate nr_swap_pages decrement in get_swap_page_of_type() ziming zhang <ezrakiez(a)gmail.com> libceph: replace BUG_ON with bounds check for map->max_osd ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Free previously initialized ports on init failures Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Don't free uninitialized ksz_irq Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: ptp: Fix checks on irq_find_mapping() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: common: Fix checks on irq_find_mapping() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase EDID read retries Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Don't change brightness for disabled connectors Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Michael Chen <michael.chen(a)amd.com> drm/amd/amdgpu: reserve vm invalidation engine for uni_mes Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: attach tlb fence to the PTs update Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/guc: Fix stack_depot usage Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/psr: Reject async flips when selective fetch is enabled Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix stale flag preventig URBs after link state error is cleared Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Sort out the Intel device IDs Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Nova Lake -S Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Fix 8250_rsa symbol loop Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Paolo Abeni <pabeni(a)redhat.com> mptcp: clear scheduled subflows on retransmit Jisheng Zhang <jszhang(a)kernel.org> mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level Deepanshu Kartikey <kartikey406(a)gmail.com> mm/memfd: fix information leak in hugetlb folios Wei Yang <richard.weiyang(a)gmail.com> mm/huge_memory: fix NULL pointer deference when splitting folio Gustavo A. R. Silva <gustavoars(a)kernel.org> iommufd/driver: Fix counter initialization for counted_by annotation Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Jens Axboe <axboe(a)kernel.dk> io_uring/net: ensure vectored buffer node import is tied to notification ChiYuan Huang <cy_huang(a)richtek.com> regulator: rtq2208: Correct LDO2 logic judgment bits ChiYuan Huang <cy_huang(a)richtek.com> regulator: rtq2208: Correct buck group2 phase mapping logic Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix RTL8127 hang on suspend/shutdown Jon Hunter <jonathanh(a)nvidia.com> pmdomain: tegra: Add GENPD_FLAG_NO_STAY_ON flag Wentao Guan <guanwentao(a)uniontech.com> nvmem: layouts: fix nvmem_layout_bus_uevent Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Thomas Zimmermann <tzimmermann(a)suse.de> drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Dharma Balasubiramani <dharma.b(a)microchip.com> counter: microchip-tcb-capture: Allow shared IRQ for multi-channel TCBs Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: fix crash in process_v2_sparse_read() for encrypted directories Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Biju Das <biju.das.jz(a)bp.renesas.com> can: rcar_canfd: Fix CAN-FD mode as default Douglas Anderson <dianders(a)chromium.org> Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Maarten Zanders <maarten(a)zanders.be> ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Xu Yang <xu.yang_2(a)nxp.com> arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8dxl: Correct pcie-ep interrupt number Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos Ivan Zhaldak <i.v.zhaldak(a)gmail.com> ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 René Rebe <rene(a)exactco.de> ALSA: hda/cirrus fix cs420x MacPro 6,1 inverted jack detection Deepanshu Kartikey <kartikey406(a)gmail.com> tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs Jason Wang <jasowang(a)redhat.com> vhost: rewind next_avail_head while discarding descriptors Jon Kohler <jon(a)nutanix.com> virtio-net: avoid unnecessary checksum calculation on guest RX Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification ChiYuan Huang <cy_huang(a)richtek.com> iio: adc: rtq6056: Correct the sign bit index David Lechner <dlechner(a)baylibre.com> iio: adc: ad7380: fix SPI offload trigger rate David Lechner <dlechner(a)baylibre.com> iio: adc: ad7280a: fix ad7280_store_balance_timer() David Lechner <dlechner(a)baylibre.com> iio: adc: ad7124: fix temperature channel Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad4030: Fix _scale value for common-mode channels Valek Andrej <andrej.v(a)skyrain.eu> iio: accel: fix ADXL355 startup race condition Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Olivier Moysan <olivier.moysan(a)foss.st.com> iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Achim Gratz <Achim.Gratz(a)Stromeko.DE> iio: pressure: bmp280: correct meas_time_us calculation Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> iio: humditiy: hdc3020: fix units for thresholds and hysteresis Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> iio: humditiy: hdc3020: fix units for temperature and humidity measurement Nuno Sá <nuno.sa(a)analog.com> iio: buffer: support getting dma channel from the buffer Nuno Sá <nuno.sa(a)analog.com> iio: buffer-dmaengine: enable .get_dma_dev() Nuno Sá <nuno.sa(a)analog.com> iio: buffer-dma: support getting the DMA channel Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/display: Move setup_stream_attribute" Dan Carpenter <dan.carpenter(a)linaro.org> timekeeping: Fix error code in tk_aux_sysfs_init() David Howells <dhowells(a)redhat.com> afs: Fix uninit var in afs_alloc_anon_key() Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: nxp-fspi: Propagate fwnode in ACPI case as well Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: Add OCT-DTR mode support Haotian Zhang <vulab(a)iscas.ac.cn> spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Francesco Lavra <flavra(a)baylibre.com> spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA Sergey Matyukevich <geomatsi(a)gmail.com> riscv: dts: allwinner: d1: fix vlenb property NeilBrown <neil(a)brown.name> ovl: fail ovl_lock_rename_workdir() if either target is unhashed David Howells <dhowells(a)redhat.com> afs: Fix delayed allocation of a cell's anonymous key Andrei Vagin <avagin(a)google.com> fs/namespace: fix reference leak in grab_requested_mnt_ns Anurag Dutta <a-dutta(a)ti.com> spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance Anurag Dutta <a-dutta(a)ti.com> spi: spi-cadence-quadspi: Remove duplicate pm_runtime_put_autosuspend() call Jamie Iles <jamie.iles(a)oss.qualcomm.com> mailbox: pcc: don't zero error register Jason-JH Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Refine DMA address handling for the command buffer Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Haotian Zhang <vulab(a)iscas.ac.cn> usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors Mario Tesi <martepisa(a)gmail.com> iio: st_lsm6dsx: Fixed calibrated timestamp calculation Wei Fang <wei.fang(a)nxp.com> net: fec: do not register PPS event for PEROUT Wei Fang <wei.fang(a)nxp.com> net: fec: do not allow enabling PPS and PEROUT simultaneously Wei Fang <wei.fang(a)nxp.com> net: fec: do not update PEROUT if it is enabled Wei Fang <wei.fang(a)nxp.com> net: fec: cancel perout_timer when PEROUT is disabled Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: unconditionally set skb->dev on dst output Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Mohsin Bashir <mohsin.bashr(a)gmail.com> eth: fbnic: Fix counter roll-over issue Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Slark Xiao <slark_xiao(a)163.com> net: wwan: mhi: Keep modem name match with Foxconn T99W640 Pranjal Shrivastava <praan(a)google.com> dma-direct: Fix missing sg_dma_len assignment in P2PDMA bus mappings Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Fernando Fernandez Mancera <fmancera(a)suse.de> xsk: avoid data corruption on cq descriptor number Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: avoid overwriting skb fields for multi-buffer traffic Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Nikola Z. Ivanov <zlatistiv(a)gmail.com> team: Move team device type change at the end of team_port_add Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Harish Chegondi <harish.chegondi(a)intel.com> drm/xe: Fix conversion from clock ticks to milliseconds Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix the initialization of taprio Daniel Golle <daniel(a)makrotopia.org> net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Daniel Golle <daniel(a)makrotopia.org> net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY Devarsh Thakkar <devarsht(a)ti.com> drm/bridge: sii902x: Fix HDMI detection with DRM_BRIDGE_ATTACH_NO_CONNECTOR Jesper Dangaard Brouer <hawk(a)kernel.org> veth: reduce XDP no_direct return section to fix race Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Edward Adam Davis <eadavis(a)qq.com> Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8dxl-ss-conn.dtsi | 4 +- arch/arm64/boot/dts/freescale/imx8dxl-ss-hsio.dtsi | 5 + arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 4 +- arch/arm64/kernel/acpi.c | 10 +- arch/mips/mm/tlb-r4k.c | 118 ++++++++++----- arch/riscv/boot/dts/allwinner/sun20i-d1s.dtsi | 2 +- arch/x86/events/core.c | 10 +- drivers/atm/fore200e.c | 2 + drivers/bluetooth/btusb.c | 39 ++++- drivers/counter/microchip-tcb-capture.c | 2 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 ++ .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 1 - .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 2 - .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 2 - drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 + .../display/dc/virtual/virtual_stream_encoder.c | 7 - drivers/gpu/drm/bridge/sii902x.c | 20 ++- drivers/gpu/drm/drm_fb_helper.c | 14 -- drivers/gpu/drm/i915/display/intel_display.c | 8 ++ drivers/gpu/drm/i915/display/intel_psr.c | 6 - drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/xe/xe_gt_clock.c | 7 +- drivers/gpu/drm/xe/xe_guc_ct.c | 3 + drivers/iio/accel/adxl355_core.c | 44 +++++- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/ad4030.c | 2 +- drivers/iio/adc/ad7124.c | 12 +- drivers/iio/adc/ad7280a.c | 2 +- drivers/iio/adc/ad7380.c | 8 ++ drivers/iio/adc/rtq6056.c | 2 +- drivers/iio/adc/stm32-dfsdm-adc.c | 5 +- drivers/iio/buffer/industrialio-buffer-dma.c | 6 + drivers/iio/buffer/industrialio-buffer-dmaengine.c | 2 + drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/humidity/hdc3020.c | 73 ++++++---- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 ++++-- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 ++- drivers/iio/industrialio-buffer.c | 21 ++- drivers/iio/pressure/bmp280-core.c | 15 +- drivers/iommu/iommufd/driver.c | 2 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/mailbox/mtk-cmdq-mailbox.c | 45 ++++-- drivers/mailbox/pcc.c | 8 +- drivers/md/dm-verity-fec.c | 6 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 29 ++-- drivers/most/most_usb.c | 14 +- drivers/net/can/rcar/rcar_canfd.c | 53 ++++--- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 102 +++++++++++-- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/microchip/ksz_common.c | 31 ++-- drivers/net/dsa/microchip/ksz_ptp.c | 22 ++- drivers/net/dsa/sja1105/sja1105_main.c | 7 - .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 +++ .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +-- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/freescale/fec.h | 1 + drivers/net/ethernet/freescale/fec_ptp.c | 64 +++++++-- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 +- drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 2 +- .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 19 ++- drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/phy/mxl-gpy.c | 20 +-- drivers/net/team/team_core.c | 23 +-- drivers/net/tun_vnet.h | 2 +- drivers/net/veth.c | 7 +- drivers/net/virtio_net.c | 3 +- drivers/net/wwan/mhi_wwan_mbim.c | 2 +- drivers/nvmem/layouts.c | 2 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- drivers/pmdomain/tegra/powergate-bpmp.c | 1 + drivers/regulator/rtq2208-regulator.c | 6 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/spi/Kconfig | 4 +- drivers/spi/spi-amlogic-spifc-a1.c | 4 +- drivers/spi/spi-bcm63xx.c | 14 ++ drivers/spi/spi-cadence-quadspi.c | 18 ++- drivers/spi/spi-nxp-fspi.c | 28 +++- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/tty/serial/8250/8250.h | 4 +- drivers/tty/serial/8250/8250_platform.c | 2 +- drivers/tty/serial/8250/8250_rsa.c | 26 ++-- drivers/tty/serial/8250/Makefile | 2 +- drivers/tty/serial/amba-pl011.c | 2 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 82 +++++------ drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/udc/core.c | 18 ++- drivers/usb/gadget/udc/renesas_usbf.c | 4 +- drivers/usb/gadget/udc/trace.h | 5 + drivers/usb/host/xhci-dbgcap.h | 1 + drivers/usb/host/xhci-dbgtty.c | 23 ++- drivers/usb/host/xhci-ring.c | 15 +- drivers/usb/host/xhci.c | 1 + drivers/usb/renesas_usbhs/common.c | 14 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 +++ drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/vhost/net.c | 53 ++++--- drivers/vhost/vhost.c | 76 ++++++++-- drivers/vhost/vhost.h | 10 +- drivers/video/fbdev/core/fbcon.c | 9 ++ fs/afs/cell.c | 43 ++---- fs/afs/internal.h | 1 + fs/afs/security.c | 49 +++++-- fs/namespace.c | 7 +- fs/overlayfs/util.c | 4 +- fs/smb/client/connect.c | 1 + include/linux/iio/buffer-dma.h | 1 + include/linux/iio/buffer_impl.h | 2 + include/linux/mailbox/mtk-cmdq-mailbox.h | 10 ++ include/linux/usb/gadget.h | 5 + include/linux/virtio_net.h | 7 +- include/net/bluetooth/hci_core.h | 21 ++- io_uring/net.c | 6 +- kernel/dma/direct.c | 1 + kernel/time/timekeeping.c | 4 +- kernel/trace/trace.c | 10 ++ mm/huge_memory.c | 22 ++- mm/memfd.c | 27 ++++ mm/swapfile.c | 4 +- net/bluetooth/hci_core.c | 89 +++++------- net/bluetooth/hci_sock.c | 2 + net/bluetooth/iso.c | 30 +++- net/bluetooth/l2cap_core.c | 23 ++- net/bluetooth/sco.c | 35 +++-- net/bluetooth/smp.c | 31 +--- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 ++++--- net/ceph/debugfs.c | 16 ++- net/ceph/messenger_v2.c | 11 +- net/ceph/osdmap.c | 18 ++- net/mctp/route.c | 1 + net/mptcp/protocol.c | 19 ++- net/xdp/xsk.c | 160 +++++++++++++-------- sound/hda/codecs/cirrus/cs420x.c | 1 + sound/usb/quirks.c | 3 + 159 files changed, 1538 insertions(+), 807 deletions(-)

1 week, 1 day

18
172
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror