- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.55 release. There are 135 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 24 Oct 2025 06:01:25 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.55-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.55-rc2 Guenter Roeck <linux(a)roeck-us.net> dmaengine: Add missing cleanup on module unload Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset blackhole on success with non-loopback ifaces Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Call dst_release() in mptcp_active_enable(). Sharath Chandra Vurukala <quic_sharathv(a)quicinc.com> net: Add locking to protect skb->dev access in ip_output Eric Dumazet <edumazet(a)google.com> ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] Eric Dumazet <edumazet(a)google.com> net: dst: add four helpers to annotate data-races around dst->dev Eric Dumazet <edumazet(a)google.com> tcp: cache RTAX_QUICKACK metric in a hot cache line Eric Dumazet <edumazet(a)google.com> tcp: convert to dev_net_rcu() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix mailbox API compatibility by negotiating supported features Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix getting link speed data for E610 devices Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> ixgbevf: Add support for Intel(R) E610 device Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> PCI: Add PCI_VDEVICE_SUB helper macro Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Al Viro <viro(a)zeniv.linux.org.uk> d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Babu Moger <babu.moger(a)amd.com> x86/resctrl: Refactor resctrl_arch_rmid_read() Yu Kuai <yukuai3(a)huawei.com> md: fix mssing blktrace bio split events John Garry <john.g.garry(a)oracle.com> md/raid10: Handle bio_split() errors John Garry <john.g.garry(a)oracle.com> md/raid1: Handle bio_split() errors John Garry <john.g.garry(a)oracle.com> md/raid0: Handle bio_split() errors Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Darrick J. Wong <djwong(a)kernel.org> xfs: use deferred intent items for reaping crosslinked blocks Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: avoid possible TX wait initialization race Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Implement large extent array support in pNFS Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Sergey Bashirov <sergeybashirov(a)gmail.com> nfsd: Drop dprintk in blocklayout xdr functions Sergey Bashirov <sergeybashirov(a)gmail.com> nfsd: Use correct error code when decoding extents Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> phy: cdns-dphy: Store hs_clk_rate and return it Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Wilfred Mallawa <wilfred.mallawa(a)wdc.com> nvme/tcp: handle tls partially sent records in write_space() Xing Guo <higuoxing(a)gmail.com> selftests: arg_parsing: Ensure data is flushed to disk before reading. Li Qiang <liqiang01(a)kylinos.cn> ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> HID: multitouch: fix name of Stylus input devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: hid-input: only ignore 0 battery events for digitizers Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: make arg_parsing.c more robust to crashes Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Synchronize access to DBC request queue head & tail pointer Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Jeffrey Hugo <quic_jhugo(a)quicinc.com> accel/qaic: Fix bootlog initialization ordering Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/rockchip: vop2: use correct destination rectangle height check Francesco Valla <francesco(a)valla.it> drm/draw: fix color truncation in drm_draw_fill24 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish without IP discovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add ip offset support for cyan skillfish Zhanjun Dong <zhanjun.dong(a)intel.com> drm/i915/guc: Skip communication warning on reset in progress Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Generalize helper to clear IRQ status Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Cancel jdet_work before handling jack ejection Christophe Leroy <christophe.leroy(a)csgroup.eu> ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Marek Vasut <marek.vasut(a)mailbox.org> drm/bridge: lt9211: Drop check for last nibble of version register Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation Amit Chaudhary <achaudhary(a)purestorage.com> nvme-multipath: Skip nr_active increments in RETRY disposition Ketil Johnsen <ketil.johnsen(a)arm.com> drm/panthor: Ensure MCU is disabled on suspend I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Breno Leitao <leitao(a)debian.org> netdevsim: set the carrier when the device goes up Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for pending async decryptions if tls_strp_msg_hold fails Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: trim encrypted message to match the plaintext on short splice Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in RPC handle list access Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: fix CAN state in system PM Sean Nyekjaer <sean(a)geanix.com> can: m_can: call deinit/init callback when going into suspend/resume Sean Nyekjaer <sean(a)geanix.com> can: m_can: add deinit callback Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_chip_config(): bring up interface in correct state Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Jens Axboe <axboe(a)kernel.dk> Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_rndis: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ecm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Guoniu Zhou <guoniu.zhou(a)nxp.com> media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix PDC sleep sequence Miaoqian Lin <linmq006(a)gmail.com> cdx: Fix device node reference leak in cdx_msi_domain_init Jiri Slaby (SUSE) <jirislaby(a)kernel.org> irqdomain: cdx: Switch to of_fwnode_handle() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Check whether secure display TA loaded successfully Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP2 event device with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP event path names with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix address filter match with backing files Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gfx12 mes packet status return check Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Eugene Korenevsky <ekorenevsky(a)aliyun.com> cifs: parse_dfs_referrals: prevent oob on malformed input Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: gs_make_candev(): populate net_device->dev_port Filipe Manana <fdmanana(a)suse.com> btrfs: do not assert we found block group item when creating free space tree Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Boris Burkov <boris(a)bur.io> btrfs: fix incorrect readahead expansion length Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> ext4: wait for ongoing I/O to complete before freeing blocks Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Prevent access to vCPU events before init Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init Hao Ge <gehao(a)kylinos.cn> slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Shuhao Fu <sfual(a)cse.ust.hk> smb: client: Fix refcount leak for cifs_sb_tlink Conor Dooley <conor.dooley(a)microchip.com> rust: cfi: only 64-bit arm and x86 support CFI_CLANG Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/guc: Check GuC running state before deregistering exec queue ------------- Diffstat: Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Makefile | 4 +- arch/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kvm/arm.c | 6 + arch/riscv/kernel/probes/kprobes.c | 13 +- arch/x86/kernel/cpu/resctrl/monitor.c | 46 +++-- drivers/accel/qaic/qaic.h | 2 + drivers/accel/qaic/qaic_control.c | 2 +- drivers/accel/qaic/qaic_data.c | 12 +- drivers/accel/qaic/qaic_debugfs.c | 5 +- drivers/accel/qaic/qaic_drv.c | 3 + drivers/base/power/runtime.c | 44 ++++ drivers/cdx/cdx_msi.c | 5 +- drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/dma/idxd/init.c | 2 + drivers/gpu/drm/amd/amdgpu/Makefile | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- .../gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 +++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/nv.h | 1 + .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/bridge/lontium-lt9211.c | 3 +- drivers/gpu/drm/drm_draw.c | 2 +- drivers/gpu/drm/drm_draw_internal.h | 2 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++++----- drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 28 ++- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 + drivers/gpu/drm/panthor/panthor_fw.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 13 +- drivers/gpu/drm/xe/xe_guc_submit.c | 13 +- drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 28 +-- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 ++-- drivers/md/md-linear.c | 1 + drivers/md/raid0.c | 16 ++ drivers/md/raid1.c | 37 +++- drivers/md/raid10.c | 55 ++++- drivers/md/raid5.c | 2 + .../media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++++------------ .../media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 +- drivers/net/can/m_can/m_can.c | 86 +++++--- drivers/net/can/m_can/m_can.h | 1 + drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/can/usb/gs_usb.c | 23 +-- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 ++- drivers/net/ethernet/intel/ixgbevf/defines.h | 6 +- drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 ++++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/netdevsim/netdev.c | 7 + drivers/net/usb/lan78xx.c | 38 +++- drivers/net/usb/r8152.c | 7 +- drivers/net/wireless/realtek/rtw89/core.c | 39 ++-- drivers/net/wireless/realtek/rtw89/core.h | 6 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw89/pci.c | 2 - drivers/nvme/host/multipath.c | 6 +- drivers/nvme/host/tcp.c | 3 + drivers/phy/cadence/cdns-dphy.c | 133 +++++++++--- drivers/usb/gadget/function/f_acm.c | 42 ++-- drivers/usb/gadget/function/f_ecm.c | 48 ++--- drivers/usb/gadget/function/f_ncm.c | 78 +++---- drivers/usb/gadget/function/f_rndis.c | 85 ++++---- drivers/usb/gadget/udc/core.c | 3 + fs/btrfs/extent_io.c | 2 +- fs/btrfs/free-space-tree.c | 15 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/relocation.c | 13 +- fs/btrfs/zoned.c | 2 +- fs/dax.c | 2 +- fs/dcache.c | 12 +- fs/ext4/ext4_jbd2.c | 11 +- fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 +- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 33 +-- fs/nfsd/blocklayoutxdr.c | 171 ++++++++++------ fs/nfsd/blocklayoutxdr.h | 8 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++-- fs/nfsd/nfs4xdr.c | 25 +-- fs/nfsd/nfsd.h | 1 + fs/nfsd/pnfs.h | 1 + fs/nfsd/xdr4.h | 39 +++- fs/smb/client/inode.c | 6 +- fs/smb/client/misc.c | 17 ++ fs/smb/client/smb2ops.c | 8 +- fs/smb/server/mgmt/user_session.c | 7 +- fs/smb/server/smb2pdu.c | 9 +- fs/smb/server/transport_ipc.c | 12 ++ fs/xfs/libxfs/xfs_log_format.h | 30 ++- fs/xfs/libxfs/xfs_ondisk.h | 2 + fs/xfs/scrub/reap.c | 9 +- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 +++- include/linux/mm.h | 2 +- include/linux/pci.h | 14 ++ include/linux/pm_runtime.h | 4 + include/linux/usb/gadget.h | 25 +++ include/net/dst.h | 32 +++ include/net/inet6_hashtables.h | 2 +- include/net/inet_connection_sock.h | 3 +- include/net/inet_hashtables.h | 2 +- include/net/ip.h | 11 +- include/net/ip_tunnels.h | 15 ++ include/net/route.h | 2 +- io_uring/rw.c | 2 +- kernel/events/core.c | 8 +- kernel/padata.c | 6 +- kernel/sched/fair.c | 26 +-- mm/slub.c | 9 +- net/core/dst.c | 4 +- net/core/sock.c | 14 +- net/ipv4/icmp.c | 24 ++- net/ipv4/igmp.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_output.c | 19 +- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/ip_vti.c | 4 +- net/ipv4/netfilter.c | 4 +- net/ipv4/route.c | 8 +- net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 3 +- net/ipv4/tcp_ipv4.c | 12 +- net/ipv4/tcp_metrics.c | 8 +- net/ipv4/tcp_output.c | 19 +- net/ipv4/xfrm4_output.c | 2 +- net/ipv6/ip6_tunnel.c | 3 +- net/ipv6/tcp_ipv6.c | 22 +- net/mptcp/ctrl.c | 9 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 31 ++- rust/bindings/bindings_helper.h | 1 + sound/firewire/amdtp-stream.h | 2 +- sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 +- sound/soc/codecs/idt821034.c | 12 +- sound/soc/codecs/nau8821.c | 53 +++-- sound/usb/card.c | 10 +- .../testing/selftests/bpf/prog_tests/arg_parsing.c | 12 +- 162 files changed, 1911 insertions(+), 959 deletions(-)

1 week, 1 day

11
10
0 0

[PATCH 6.17 000/160] 6.17.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.5 release. There are 160 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 24 Oct 2025 05:33:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.5-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.5-rc2 Dan Carpenter <dan.carpenter(a)linaro.org> drm/xe: Fix an IS_ERR() vs NULL bug in xe_tile_alloc_vram() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't allow evicting of BOs in same VM in array of VM binds Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Move rebar to be done earlier Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Unify the initialization of VRAM regions Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Move struct xe_vram_region to a dedicated header Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Use dynamic allocation for tile and device VRAM region structures Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Use devm_ioremap_wc for VRAM mapping and drop manual unmap Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dave Jiang <dave.jiang(a)intel.com> cxl: Fix match_region_by_range() to use region_res_match_cxl_range() Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Babu Moger <babu.moger(a)amd.com> x86/resctrl: Refactor resctrl_arch_rmid_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> phy: cdns-dphy: Store hs_clk_rate and return it Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Implement large extent array support in pNFS Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Ada Couprie Diaz <ada.coupriediaz(a)arm.com> arm64: debug: always unmask interrupts in el0_softstp() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Miguel Ojeda <ojeda(a)kernel.org> rust: cpufreq: fix formatting Wilfred Mallawa <wilfred.mallawa(a)wdc.com> nvme/tcp: handle tls partially sent records in write_space() Xing Guo <higuoxing(a)gmail.com> selftests: arg_parsing: Ensure data is flushed to disk before reading. Matthew Auld <matthew.auld(a)intel.com> drm/xe/evict: drop bogus assert Li Qiang <liqiang01(a)kylinos.cn> ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> HID: multitouch: fix name of Stylus input devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: hid-input: only ignore 0 battery events for digitizers Ming Lei <ming.lei(a)redhat.com> block: Remove elevator_lock usage from blkg_conf frozen operations Yu Kuai <yukuai3(a)huawei.com> blk-mq: fix stale tag depth for shared sched tags in blk_mq_update_nr_requests() Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: make arg_parsing.c more robust to crashes Alison Schofield <alison.schofield(a)intel.com> cxl/trace: Subtract to find an hpa_alias0 in cxl_poison events Martin George <martinus.gpy(a)gmail.com> nvme-auth: update sc_c in host response Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Synchronize access to DBC request queue head & tail pointer Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Jeff Hugo <jeff.hugo(a)oss.qualcomm.com> accel/qaic: Fix bootlog initialization ordering Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Peter Zijlstra (Intel) <peterz(a)infradead.org> sched/deadline: Stop dl_server before CPU goes offline Even Xu <even.xu(a)intel.com> HID: intel-thc-hid: Intel-quickspi: switch first interrupt from level to edge detection Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/rockchip: vop2: use correct destination rectangle height check Francesco Valla <francesco(a)valla.it> drm/draw: fix color truncation in drm_draw_fill24 Ingo Molnar <mingo(a)kernel.org> x86/mm: Fix SMP ordering in switch_mm_irqs_off() Dave Jiang <dave.jiang(a)intel.com> cxl/features: Add check for no entries in cxl_feature_info Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe: Enable media sampler power gating Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: drop unused structures in amdgpu_drm.h Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: set an error on all fences from a bad context Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: handle wrap around in reemit handling Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish without IP discovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add ip offset support for cyan skillfish Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/fb: Fix the set_tiling vs. addfb race, again Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/frontbuffer: Move bo refcounting intel_frontbuffer_{get,release}() Zhanjun Dong <zhanjun.dong(a)intel.com> drm/i915/guc: Skip communication warning on reset in progress Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Consistently clear interrupts before unmasking Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Generalize helper to clear IRQ status Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Cancel jdet_work before handling jack ejection Christophe Leroy <christophe.leroy(a)csgroup.eu> ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/fadump: skip parameter area allocation when fadump is disabled Marek Vasut <marek.vasut(a)mailbox.org> drm/bridge: lt9211: Drop check for last nibble of version register Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation Amit Chaudhary <achaudhary(a)purestorage.com> nvme-multipath: Skip nr_active increments in RETRY disposition Ketil Johnsen <ketil.johnsen(a)arm.com> drm/panthor: Ensure MCU is disabled on suspend I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Breno Leitao <leitao(a)debian.org> netdevsim: set the carrier when the device goes up Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for pending async decryptions if tls_strp_msg_hold fails Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: trim encrypted message to match the plaintext on short splice Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in RPC handle list access Florian Westphal <fw(a)strlen.de> net: core: fix lockdep splat on device unregister Wang Liang <wangliang74(a)huawei.com> selftests: net: check jq command is supported Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Take into account out-of-order tx completions in airoha_dev_xmit() Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Zqiang <qiang.zhang(a)linux.dev> usbnet: Fix using smp_processor_id() in preemptible code warnings Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Octeontx2-af: Fix missing error code in cgx_probe() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Marek Vasut <marek.vasut(a)mailbox.org> net: phy: realtek: Avoid PHYCR2 access if PHYCR2 not present Koichiro Den <den(a)valinux.co.jp> ixgbe: fix too early devlink_free() in ixgbe_remove() Milena Olech <milena.olech(a)intel.com> idpf: cleanup remaining SKBs in PTP flows Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: Fix GMII/MII/MII-Lite selection Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Ivan Vecera <ivecera(a)redhat.com> dpll: zl3073x: Handle missing or corrupted flash configuration Ivan Vecera <ivecera(a)redhat.com> dpll: zl3073x: Refactor DPLL initialization Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> can: j1939: add missing calls in NETDEV_UNREGISTER notification handler Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Rex Lu <rex.lu(a)mediatek.com> net: mtk: wed: add dma mask limitation and GFP_DMA32 for device with more than 4GB DRAM Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: fix CAN state in system PM Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_chip_config(): bring up interface in correct state Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Christian Brauner <brauner(a)kernel.org> coredump: fix core_pattern input validation Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ecm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_rndis: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Guoniu Zhou <guoniu.zhou(a)nxp.com> media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd: Fix hybrid sleep Mario Limonciello (AMD) <superm1(a)kernel.org> PM: hibernate: Add pm_hibernation_mode_is_suspend() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Check whether secure display TA loaded successfully Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP2 event device with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix MMAP event path names with backing files Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix address filter match with backing files Kenneth Graunke <kenneth(a)whitecape.org> drm/xe: Increase global invalidation timeout to 1000us Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gfx12 mes packet status return check Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Denis Arefev <arefev(a)swemel.ru> ALSA: hda: Fix missing pointer check in hda_component_manager_init function Denis Arefev <arefev(a)swemel.ru> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk entry for HP ZBook 17 G6 Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> ALSA: hda/intel: Add MSI X870E Tomahawk to denylist Dave Jiang <dave.jiang(a)intel.com> cxl/acpi: Fix setup of memory resource in cxl_acpi_set_cache_size() Eugene Korenevsky <ekorenevsky(a)aliyun.com> cifs: parse_dfs_referrals: prevent oob on malformed input Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: gs_make_candev(): populate net_device->dev_port Filipe Manana <fdmanana(a)suse.com> btrfs: do not assert we found block group item when creating free space tree Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Boris Burkov <boris(a)bur.io> btrfs: fix incorrect readahead expansion length Qu Wenruo <wqu(a)suse.com> btrfs: only set the device specific options after devices are opened Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> ext4: wait for ongoing I/O to complete before freeing blocks Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Tim Hostetler <thostet(a)google.com> gve: Check valid ts bit on RX descriptor before hw timestamping Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Prevent access to vCPU events before init Bhanu Seshu Kumar Valluri <bhanuseshukumar(a)gmail.com> net: usb: lan78xx: Fix lost EEPROM write timeout error(-ETIMEDOUT) in lan78xx_write_raw_eeprom Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init Matthew Schwartz <matthew.schwartz(a)linux.dev> Revert "drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume" Pavel Begunkov <asml.silence(a)gmail.com> io_uring: protect mem region deregistration Jens Axboe <axboe(a)kernel.dk> Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Hao Ge <gehao(a)kylinos.cn> slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Rong Zhang <i(a)rong.moe> x86/CPU/AMD: Prevent reset reasons from being retained across reboot Shuhao Fu <sfual(a)cse.ust.hk> smb: client: Fix refcount leak for cifs_sb_tlink Conor Dooley <conor.dooley(a)microchip.com> rust: cfi: only 64-bit arm and x86 support CFI_CLANG Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix mailbox API compatibility by negotiating supported features Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix getting link speed data for E610 devices Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/guc: Check GuC running state before deregistering exec queue Lorenzo Pieralisi <lpieralisi(a)kernel.org> arm64/sysreg: Fix GIC CDEOI instruction encoding Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: relax checks in ata_read_log_directory() Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Inochi Amaoto <inochiama(a)gmail.com> PCI: vmd: Override irq_startup()/irq_shutdown() in vmd_init_dev_msi_info() Andrey Albershteyn <aalbersh(a)redhat.com> Revert "fs: make vfs_fileattr_[get|set] return -EOPNOTSUPP" Jonathan Corbet <corbet(a)lwn.net> docs: kdoc: handle the obsolescensce of docutils.ErrorString() ------------- Diffstat: Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Documentation/sphinx/kernel_feat.py | 4 +- Documentation/sphinx/kernel_include.py | 6 +- Documentation/sphinx/maintainers_include.py | 4 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/sysreg.h | 11 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kernel/entry-common.c | 8 +- arch/arm64/kvm/arm.c | 6 + arch/powerpc/kernel/fadump.c | 3 + arch/riscv/kernel/probes/kprobes.c | 13 +- arch/x86/kernel/cpu/amd.c | 16 +- arch/x86/kernel/cpu/resctrl/monitor.c | 46 ++-- arch/x86/mm/tlb.c | 24 +- block/blk-cgroup.c | 13 +- block/blk-mq-sched.c | 2 +- block/blk-mq-tag.c | 5 +- block/blk-mq.c | 2 +- block/blk-mq.h | 3 +- drivers/accel/qaic/qaic.h | 2 + drivers/accel/qaic/qaic_control.c | 2 +- drivers/accel/qaic/qaic_data.c | 12 +- drivers/accel/qaic/qaic_debugfs.c | 5 +- drivers/accel/qaic/qaic_drv.c | 3 + drivers/ata/libata-core.c | 11 +- drivers/cxl/acpi.c | 2 +- drivers/cxl/core/features.c | 3 + drivers/cxl/core/region.c | 7 +- drivers/cxl/core/trace.h | 2 +- drivers/dpll/zl3073x/core.c | 280 +++++++++++++-------- drivers/dpll/zl3073x/core.h | 3 + drivers/dpll/zl3073x/devlink.c | 18 +- drivers/dpll/zl3073x/regs.h | 3 + drivers/gpu/drm/amd/amdgpu/Makefile | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 54 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 2 +- .../gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 +++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/nv.h | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 7 - .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/bridge/lontium-lt9211.c | 3 +- drivers/gpu/drm/drm_draw.c | 2 +- drivers/gpu/drm/drm_draw_internal.h | 2 +- drivers/gpu/drm/i915/display/intel_fb.c | 38 +-- drivers/gpu/drm/i915/display/intel_frontbuffer.c | 10 +- .../gpu/drm/i915/gem/i915_gem_object_frontbuffer.h | 2 - drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 +- drivers/gpu/drm/panthor/panthor_fw.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 13 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 +- drivers/gpu/drm/xe/display/xe_plane_initial.c | 3 +- drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 + drivers/gpu/drm/xe/xe_assert.h | 4 +- drivers/gpu/drm/xe/xe_bo.c | 1 + drivers/gpu/drm/xe/xe_bo.h | 4 +- drivers/gpu/drm/xe/xe_bo_evict.c | 8 - drivers/gpu/drm/xe/xe_bo_types.h | 1 + drivers/gpu/drm/xe/xe_device.c | 22 +- drivers/gpu/drm/xe/xe_device_types.h | 62 +---- drivers/gpu/drm/xe/xe_gt_idle.c | 8 + drivers/gpu/drm/xe/xe_gt_pagefault.c | 13 +- drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 3 +- drivers/gpu/drm/xe/xe_guc_submit.c | 13 +- drivers/gpu/drm/xe/xe_migrate.c | 25 +- drivers/gpu/drm/xe/xe_pci.c | 8 + drivers/gpu/drm/xe/xe_query.c | 5 +- drivers/gpu/drm/xe/xe_svm.c | 63 ++--- drivers/gpu/drm/xe/xe_tile.c | 58 +++-- drivers/gpu/drm/xe/xe_tile.h | 14 +- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 10 +- drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 22 +- drivers/gpu/drm/xe/xe_ttm_vram_mgr.h | 3 +- drivers/gpu/drm/xe/xe_vm.c | 32 ++- drivers/gpu/drm/xe/xe_vm_types.h | 2 + drivers/gpu/drm/xe/xe_vram.c | 245 +++++++++++++----- drivers/gpu/drm/xe/xe_vram.h | 14 +- drivers/gpu/drm/xe/xe_vram_types.h | 85 +++++++ drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 28 ++- .../intel-quickspi/quickspi-protocol.c | 3 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 226 +++++++---------- drivers/net/can/m_can/m_can.c | 64 +++-- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/can/usb/gs_usb.c | 23 +- drivers/net/ethernet/airoha/airoha_eth.c | 16 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 +- drivers/net/ethernet/google/gve/gve.h | 2 + drivers/net/ethernet/google/gve/gve_desc_dqo.h | 3 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 16 +- drivers/net/ethernet/intel/idpf/idpf_ptp.c | 3 + .../net/ethernet/intel/idpf/idpf_virtchnl_ptp.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +- drivers/net/ethernet/intel/ixgbevf/defines.h | 1 + drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 ++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 182 +++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 1 + drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 1 + drivers/net/ethernet/mediatek/mtk_wed.c | 8 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/netdevsim/netdev.c | 7 + drivers/net/phy/broadcom.c | 20 +- drivers/net/phy/realtek/realtek_main.c | 23 +- drivers/net/usb/lan78xx.c | 19 +- drivers/net/usb/r8152.c | 7 +- drivers/net/usb/usbnet.c | 2 + drivers/nvme/host/auth.c | 6 +- drivers/nvme/host/multipath.c | 6 +- drivers/nvme/host/tcp.c | 3 + drivers/pci/controller/vmd.c | 13 + drivers/phy/cadence/cdns-dphy.c | 133 +++++++--- drivers/usb/gadget/function/f_acm.c | 42 ++-- drivers/usb/gadget/function/f_ecm.c | 48 ++-- drivers/usb/gadget/function/f_ncm.c | 78 +++--- drivers/usb/gadget/function/f_rndis.c | 85 +++---- drivers/usb/gadget/udc/core.c | 3 + fs/btrfs/extent_io.c | 2 +- fs/btrfs/free-space-tree.c | 15 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/relocation.c | 13 +- fs/btrfs/super.c | 3 +- fs/btrfs/zoned.c | 2 +- fs/coredump.c | 2 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/exec.c | 2 +- fs/ext4/ext4_jbd2.c | 11 +- fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 +- fs/file_attr.c | 12 +- fs/fuse/ioctl.c | 4 - fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 25 +- fs/nfsd/blocklayoutxdr.c | 86 ++++--- fs/nfsd/blocklayoutxdr.h | 4 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++- fs/nfsd/nfs4xdr.c | 25 +- fs/nfsd/pnfs.h | 1 + fs/nfsd/xdr4.h | 39 ++- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/inode.c | 5 +- fs/smb/client/inode.c | 6 +- fs/smb/client/misc.c | 17 ++ fs/smb/client/smb2ops.c | 8 +- fs/smb/server/mgmt/user_session.c | 7 +- fs/smb/server/smb2pdu.c | 9 +- fs/smb/server/transport_ipc.c | 12 + fs/xfs/libxfs/xfs_log_format.h | 30 ++- fs/xfs/libxfs/xfs_ondisk.h | 2 + fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 ++- include/linux/brcmphy.h | 1 + include/linux/libata.h | 6 + include/linux/suspend.h | 6 + include/linux/usb/gadget.h | 25 ++ include/net/ip_tunnels.h | 15 ++ include/uapi/drm/amdgpu_drm.h | 21 -- io_uring/register.c | 1 + io_uring/rw.c | 2 +- kernel/events/core.c | 8 +- kernel/power/hibernate.c | 11 + kernel/sched/core.c | 2 + kernel/sched/deadline.c | 3 + kernel/sched/fair.c | 26 +- mm/slub.c | 9 +- net/can/j1939/main.c | 2 + net/core/dev.c | 40 ++- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp_output.c | 19 +- net/ipv6/ip6_tunnel.c | 3 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 31 ++- rust/kernel/cpufreq.rs | 3 +- sound/firewire/amdtp-stream.h | 2 +- sound/hda/codecs/realtek/alc269.c | 1 + sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 + sound/hda/codecs/side-codecs/hda_component.c | 4 + sound/hda/controllers/intel.c | 1 + sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 +- sound/soc/codecs/idt821034.c | 12 +- sound/soc/codecs/nau8821.c | 115 +++++---- sound/usb/card.c | 10 +- .../testing/selftests/bpf/prog_tests/arg_parsing.c | 12 +- tools/testing/selftests/net/rtnetlink.sh | 2 + tools/testing/selftests/net/vlan_bridge_binding.sh | 2 + 209 files changed, 2401 insertions(+), 1254 deletions(-)

1 week, 1 day

14
13
0 0

[PATCH] mtd: rawnand: cadence: fix DMA device NULL pointer dereference

by niravkumarlaxmidas.rabara＠altera.com

From: Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> The DMA device pointer `dma_dev` was being dereferenced before ensuring that `cdns_ctrl->dmac` is properly initialized. Move the assignment of `dma_dev` after successfully acquiring the DMA channel to ensure the pointer is valid before use. Fixes: d76d22b5096c ("mtd: rawnand: cadence: use dma_map_resource for sdma address") Cc: stable(a)vger.kernel.org Signed-off-by: Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> --- This patch fixes below kernel Oops: ... [ 1.469661] cadence-nand-controller 10b80000.nand-controller: IRQ: nr 21 [ 1.476591] Unable to handle kernel paging request at virtual address fffffffffffffff8 [ 1.484493] Mem abort info: [ 1.487280] ESR = 0x0000000096000004 [ 1.491019] EC = 0x25: DABT (current EL), IL = 32 bits [ 1.496318] SET = 0, FnV = 0 [ 1.499366] EA = 0, S1PTW = 0 [ 1.502499] FSC = 0x04: level 0 translation fault [ 1.507363] Data abort info: [ 1.510237] ISV = 0, ISS = 0x00000004 [ 1.514062] CM = 0, WnR = 0 [ 1.517024] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000087a0a000 [ 1.523706] [fffffffffffffff8] pgd=0000000000000000, p4d=0000000000000000 [ 1.530490] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP ... drivers/mtd/nand/raw/cadence-nand-controller.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/cadence-nand-controller.c b/drivers/mtd/nand/raw/cadence-nand-controller.c index 6667eea95597..32ed38b89394 100644 --- a/drivers/mtd/nand/raw/cadence-nand-controller.c +++ b/drivers/mtd/nand/raw/cadence-nand-controller.c @@ -2871,7 +2871,7 @@ cadence_nand_irq_cleanup(int irqnum, struct cdns_nand_ctrl *cdns_ctrl) static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl) { dma_cap_mask_t mask; - struct dma_device *dma_dev = cdns_ctrl->dmac->device; + struct dma_device *dma_dev; int ret; cdns_ctrl->cdma_desc = dma_alloc_coherent(cdns_ctrl->dev, @@ -2915,6 +2915,7 @@ static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl) } } + dma_dev = cdns_ctrl->dmac->device; cdns_ctrl->io.iova_dma = dma_map_resource(dma_dev->dev, cdns_ctrl->io.dma, cdns_ctrl->io.size, DMA_BIDIRECTIONAL, 0); -- 2.25.1

1 week, 1 day

2
1
0 0

[REGRESSION FIX resend 1/1] gpiolib: acpi: Make set debounce errors non fatal

by Hans de Goede

Commit 16c07342b542 ("gpiolib: acpi: Program debounce when finding GPIO") adds a gpio_set_debounce_timeout() call to acpi_find_gpio() and makes acpi_find_gpio() fail if this fails. But gpio_set_debounce_timeout() failing is a somewhat normal occurrence, since not all debounce values are supported on all GPIO/pinctrl chips. Making this an error for example break getting the card-detect GPIO for the micro-sd slot found on many Bay Trail tablets, breaking support for the micro-sd slot on these tablets. acpi_request_own_gpiod() already treats gpio_set_debounce_timeout() failures as non-fatal, just warning about them. Add a acpi_gpio_set_debounce_timeout() helper which wraps gpio_set_debounce_timeout() and warns on failures and replace both existing gpio_set_debounce_timeout() calls with the helper. Since the helper only warns on failures this fixes the card-detect issue. Fixes: 16c07342b542 ("gpiolib: acpi: Program debounce when finding GPIO") Cc: stable(a)vger.kernel.org Cc: Mario Limonciello <superm1(a)kernel.org> Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- drivers/gpio/gpiolib-acpi-core.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/drivers/gpio/gpiolib-acpi-core.c b/drivers/gpio/gpiolib-acpi-core.c index 284e762d92c4..67c4c38afb86 100644 --- a/drivers/gpio/gpiolib-acpi-core.c +++ b/drivers/gpio/gpiolib-acpi-core.c @@ -291,6 +291,19 @@ acpi_gpio_to_gpiod_flags(const struct acpi_resource_gpio *agpio, int polarity) return GPIOD_ASIS; } +static void acpi_gpio_set_debounce_timeout(struct gpio_desc *desc, + unsigned int acpi_debounce) +{ + int ret; + + /* ACPI uses hundredths of milliseconds units */ + acpi_debounce *= 10; + ret = gpio_set_debounce_timeout(desc, acpi_debounce); + if (ret) + gpiod_warn(desc, "Failed to set debounce-timeout %u: %d\n", + acpi_debounce, ret); +} + static struct gpio_desc *acpi_request_own_gpiod(struct gpio_chip *chip, struct acpi_resource_gpio *agpio, unsigned int index, @@ -300,18 +313,12 @@ static struct gpio_desc *acpi_request_own_gpiod(struct gpio_chip *chip, enum gpiod_flags flags = acpi_gpio_to_gpiod_flags(agpio, polarity); unsigned int pin = agpio->pin_table[index]; struct gpio_desc *desc; - int ret; desc = gpiochip_request_own_desc(chip, pin, label, polarity, flags); if (IS_ERR(desc)) return desc; - /* ACPI uses hundredths of milliseconds units */ - ret = gpio_set_debounce_timeout(desc, agpio->debounce_timeout * 10); - if (ret) - dev_warn(chip->parent, - "Failed to set debounce-timeout for pin 0x%04X, err %d\n", - pin, ret); + acpi_gpio_set_debounce_timeout(desc, agpio->debounce_timeout); return desc; } @@ -944,7 +951,6 @@ struct gpio_desc *acpi_find_gpio(struct fwnode_handle *fwnode, bool can_fallback = acpi_can_fallback_to_crs(adev, con_id); struct acpi_gpio_info info = {}; struct gpio_desc *desc; - int ret; desc = __acpi_find_gpio(fwnode, con_id, idx, can_fallback, &info); if (IS_ERR(desc)) @@ -959,10 +965,7 @@ struct gpio_desc *acpi_find_gpio(struct fwnode_handle *fwnode, acpi_gpio_update_gpiod_flags(dflags, &info); acpi_gpio_update_gpiod_lookup_flags(lookupflags, &info); - /* ACPI uses hundredths of milliseconds units */ - ret = gpio_set_debounce_timeout(desc, info.debounce * 10); - if (ret) - return ERR_PTR(ret); + acpi_gpio_set_debounce_timeout(desc, info.debounce); return desc; } -- 2.51.0

1 week, 1 day

3
2
0 0

[PATCH v2] mm/shmem: fix THP allocation and fallback loop

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The order check and fallback loop is updating the index value on every loop, this will cause the index to be aligned by a larger value while the loop shrinks the order. This may result in inserting and returning a folio of the wrong index and cause data corruption with some userspace workloads [1]. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/linux-mm/CAMgjq7DqgAmj25nDUwwu1U2cSGSn8n4-Hqpgotted… [1] Fixes: e7a2ab7b3bb5d ("mm: shmem: add mTHP support for anonymous shmem") Signed-off-by: Kairui Song <kasong(a)tencent.com> --- Changes from V1: - Link to V1: https://lore.kernel.org/linux-mm/20251021190436.81682-1-ryncsn@gmail.com/ - Remove unnecessary cleanup and simplify the commit message. mm/shmem.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index b50ce7dbc84a..7559773ebb30 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1895,10 +1895,11 @@ static struct folio *shmem_alloc_and_add_folio(struct vm_fault *vmf, order = highest_order(suitable_orders); while (suitable_orders) { pages = 1UL << order; - index = round_down(index, pages); - folio = shmem_alloc_folio(gfp, order, info, index); - if (folio) + folio = shmem_alloc_folio(gfp, order, info, round_down(index, pages)); + if (folio) { + index = round_down(index, pages); goto allocated; + } if (pages == HPAGE_PMD_NR) count_vm_event(THP_FILE_FALLBACK); -- 2.51.0

1 week, 1 day

2
3
0 0

[PATCH v3] usb: gadget: udc: fix use-after-free in usb_gadget_state_work

by Jimmy Hu

A race condition during gadget teardown can lead to a use-after-free in usb_gadget_state_work(), as reported by KASAN: BUG: KASAN: invalid-access in sysfs_notify+0x2c/0xd0 Workqueue: events usb_gadget_state_work The fundamental race occurs because a concurrent event (e.g., an interrupt) can call usb_gadget_set_state() and schedule gadget->work at any time during the cleanup process in usb_del_gadget(). Commit 399a45e5237c ("usb: gadget: core: flush gadget workqueue after device removal") attempted to fix this by moving flush_work() to after device_del(). However, this does not fully solve the race, as a new work item can still be scheduled *after* flush_work() completes but before the gadget's memory is freed, leading to the same use-after-free. This patch fixes the race condition robustly by introducing a 'teardown' flag and a 'state_lock' spinlock to the usb_gadget struct. The flag is set during cleanup in usb_del_gadget() *before* calling flush_work() to prevent any new work from being scheduled once cleanup has commenced. The scheduling site, usb_gadget_set_state(), now checks this flag under the lock before queueing the work, thus safely closing the race window. Fixes: 5702f75375aa9 ("usb: gadget: udc-core: move sysfs_notify() to a workqueue") Cc: stable(a)vger.kernel.org Signed-off-by: Jimmy Hu <hhhuuu(a)google.com> --- Changes in v3: - Updated patch title to more accurately describe the bug. - Moved changelog below the '---' line as requested by Greg KH. - Rebased on usb-linus branch as requested by Greg KH. Changes in v2: - Removed redundant inline comments as suggested by Alan Stern. drivers/usb/gadget/udc/core.c | 17 ++++++++++++++++- include/linux/usb/gadget.h | 5 +++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 694653761c44..8dbe79bdc0f9 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1126,8 +1126,13 @@ static void usb_gadget_state_work(struct work_struct *work) void usb_gadget_set_state(struct usb_gadget *gadget, enum usb_device_state state) { + unsigned long flags; + + spin_lock_irqsave(&gadget->state_lock, flags); gadget->state = state; - schedule_work(&gadget->work); + if (!gadget->teardown) + schedule_work(&gadget->work); + spin_unlock_irqrestore(&gadget->state_lock, flags); trace_usb_gadget_set_state(gadget, 0); } EXPORT_SYMBOL_GPL(usb_gadget_set_state); @@ -1361,6 +1366,8 @@ static void usb_udc_nop_release(struct device *dev) void usb_initialize_gadget(struct device *parent, struct usb_gadget *gadget, void (*release)(struct device *dev)) { + spin_lock_init(&gadget->state_lock); + gadget->teardown = false; INIT_WORK(&gadget->work, usb_gadget_state_work); gadget->dev.parent = parent; @@ -1535,6 +1542,7 @@ EXPORT_SYMBOL_GPL(usb_add_gadget_udc); void usb_del_gadget(struct usb_gadget *gadget) { struct usb_udc *udc = gadget->udc; + unsigned long flags; if (!udc) return; @@ -1548,6 +1556,13 @@ void usb_del_gadget(struct usb_gadget *gadget) kobject_uevent(&udc->dev.kobj, KOBJ_REMOVE); sysfs_remove_link(&udc->dev.kobj, "gadget"); device_del(&gadget->dev); + /* + * Set the teardown flag before flushing the work to prevent new work + * from being scheduled while we are cleaning up. + */ + spin_lock_irqsave(&gadget->state_lock, flags); + gadget->teardown = true; + spin_unlock_irqrestore(&gadget->state_lock, flags); flush_work(&gadget->work); ida_free(&gadget_id_numbers, gadget->id_number); cancel_work_sync(&udc->vbus_work); diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h index 3aaf19e77558..8285b19a25e0 100644 --- a/include/linux/usb/gadget.h +++ b/include/linux/usb/gadget.h @@ -376,6 +376,9 @@ struct usb_gadget_ops { * can handle. The UDC must support this and all slower speeds and lower * number of lanes. * @state: the state we are now (attached, suspended, configured, etc) + * @state_lock: Spinlock protecting the `state` and `teardown` members. + * @teardown: True if the device is undergoing teardown, used to prevent + * new work from being scheduled during cleanup. * @name: Identifies the controller hardware type. Used in diagnostics * and sometimes configuration. * @dev: Driver model state for this abstract device. @@ -451,6 +454,8 @@ struct usb_gadget { enum usb_ssp_rate max_ssp_rate; enum usb_device_state state; + spinlock_t state_lock; + bool teardown; const char *name; struct device dev; unsigned isoch_delay; -- 2.51.1.814.gb8fa24458f-goog

1 week, 1 day

1
0
0 0

[PATCH RESEND] drm/tegra: dc: fix reference leak in tegra_dc_couple()

by Ma Ke

driver_find_device() calls get_device() to increment the reference count once a matching device is found, but there is no put_device() to balance the reference count. To avoid reference count leakage, add put_device() to decrease the reference count. Found by code review. Cc: stable(a)vger.kernel.org Fixes: a31500fe7055 ("drm/tegra: dc: Restore coupling of display controllers") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/tegra/dc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c index 59d5c1ba145a..6c84bd69b11f 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c @@ -3148,6 +3148,7 @@ static int tegra_dc_couple(struct tegra_dc *dc) dc->client.parent = &parent->client; dev_dbg(dc->dev, "coupled to %s\n", dev_name(companion)); + put_device(companion); } return 0; -- 2.17.1

1 week, 1 day

2
1
0 0

[PATCH] Revert "sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks"

by Matt Fleming

From: Matt Fleming <mfleming(a)cloudflare.com> This reverts commit b7ca5743a2604156d6083b88cefacef983f3a3a6. If we dequeue a task (task B) that was sched delayed then that task is definitely no longer on the rq and not tracked in the rbtree. Unfortunately, task_on_rq_queued(B) will still return true because dequeue_task() doesn't update p->on_rq. This inconsistency can lead to tasks (task A) spinning indefinitely in wait_task_inactive(), e.g. when delivering a fatal signal to a thread group, because it thinks the task B is still queued (it's not) and waits forever for it to unschedule. Task A Task B arch_do_signal_or_restart() get_signal() do_coredump() coredump_wait() zap_threads() arch_do_signal_or_restart() wait_task_inactive() <-- SPIN get_signal() do_group_exit() do_exit() coredump_task_exit() schedule() <--- never comes back Not only will task A spin forever in wait_task_inactive(), but task B will also trigger RCU stalls: INFO: rcu_tasks detected stalls on tasks: 00000000a973a4d8: .. nvcsw: 2/2 holdout: 1 idle_cpu: -1/79 task:ffmpeg state:I stack:0 pid:665601 tgid:665155 ppid:668691 task_flags:0x400448 flags:0x00004006 Call Trace: <TASK> __schedule+0x4fb/0xbf0 ? srso_return_thunk+0x5/0x5f schedule+0x27/0xf0 do_exit+0xdd/0xaa0 ? __pfx_futex_wake_mark+0x10/0x10 do_group_exit+0x30/0x80 get_signal+0x81e/0x860 ? srso_return_thunk+0x5/0x5f ? futex_wake+0x177/0x1a0 arch_do_signal_or_restart+0x2e/0x1f0 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? __x64_sys_futex+0x10c/0x1d0 syscall_exit_to_user_mode+0xa5/0x130 do_syscall_64+0x57/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f22d05b0f16 RSP: 002b:00007f2265761cf0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 00007f22d05b0f16 RDX: 0000000000000000 RSI: 0000000000000189 RDI: 00005629e320d97c RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffffffff R10: 0000000000000000 R11: 0000000000000246 R12: 00005629e320d928 R13: 0000000000000000 R14: 0000000000000001 R15: 00005629e320d97c </TASK> Fixes: b7ca5743a260 ("sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks") Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: John Stultz <jstultz(a)google.com> Cc: Chris Arges <carges(a)cloudflare.com> Cc: stable(a)vger.kernel.org # v6.12 Signed-off-by: Matt Fleming <mfleming(a)cloudflare.com> --- kernel/sched/core.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index ccba6fc3c3fe..2dfc3977920d 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -2293,12 +2293,6 @@ unsigned long wait_task_inactive(struct task_struct *p, unsigned int match_state * just go back and repeat. */ rq = task_rq_lock(p, &rf); - /* - * If task is sched_delayed, force dequeue it, to avoid always - * hitting the tick timeout in the queued case - */ - if (p->se.sched_delayed) - dequeue_task(rq, p, DEQUEUE_SLEEP | DEQUEUE_DELAYED); trace_sched_wait_task(p); running = task_on_cpu(rq, p); queued = task_on_rq_queued(p); -- 2.34.1

1 week, 1 day

5
13
0 0

[PATCH 6.1.y v2] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Leon Hwang

This reverts commit a584c7734a4dd050451fcdd65c66317e15660e81 to avoid the build error: map_hugetlb.c: In function 'main': map_hugetlb.c:79:25: warning: implicit declaration of function 'default_huge_page_size' [-Wimplicit-function-declaration] 79 | hugepage_size = default_huge_page_size(); Signed-off-by: Leon Hwang <leon.hwang(a)linux.dev> --- v1 -> v2: - Revert the commit instead of fixing the build error. - https://lore.kernel.org/linux-mm/20251022055138.375042-1-leon.hwang@linux.d… tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.51.0

1 week, 1 day

1
0
0 0

[PATCH net 1/1] octeontx2-af: CGX: fix bitmap leaks

by Bo Sun

The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap and tx_fc_pfvf_bmap) are allocated by cgx_lmac_init() but never freed in cgx_lmac_exit(). Unbinding and rebinding the driver therefore triggers kmemleak: unreferenced object (size 16): backtrace: rvu_alloc_bitmap cgx_probe Free both bitmaps during teardown. Fixes: e740003874ed ("octeontx2-af: Flow control resource management") Cc: stable(a)vger.kernel.org Signed-off-by: Bo Sun <bo(a)mboxify.com> --- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c index ec0e11c77cbf..f56e6782c4de 100644 --- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c +++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c @@ -1823,6 +1823,8 @@ static int cgx_lmac_exit(struct cgx *cgx) cgx->mac_ops->mac_pause_frm_config(cgx, lmac->lmac_id, false); cgx_configure_interrupt(cgx, lmac, lmac->lmac_id, true); kfree(lmac->mac_to_index_bmap.bmap); + kfree(lmac->rx_fc_pfvf_bmap.bmap); + kfree(lmac->tx_fc_pfvf_bmap.bmap); kfree(lmac->name); kfree(lmac); }

1 week, 1 day

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror