- Linux-stable-mirror - lists.linaro.org

[PATCH] iio: adc: PAC1934: Fix clamped value in pac1934_reg_snapshot

by Thorsten Blum

The local variable 'curr_energy' was never clamped to PAC_193X_MIN_POWER_ACC or PAC_193X_MAX_POWER_ACC because the return value of clamp() was not used. Fix this by assigning the clamped value back to 'curr_energy'. Cc: stable(a)vger.kernel.org Fixes: 0fb528c8255b ("iio: adc: adding support for PAC193x") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- drivers/iio/adc/pac1934.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iio/adc/pac1934.c b/drivers/iio/adc/pac1934.c index 48df16509260..256488d3936b 100644 --- a/drivers/iio/adc/pac1934.c +++ b/drivers/iio/adc/pac1934.c @@ -665,7 +665,8 @@ static int pac1934_reg_snapshot(struct pac1934_chip_info *info, /* add the power_acc field */ curr_energy += inc; - clamp(curr_energy, PAC_193X_MIN_POWER_ACC, PAC_193X_MAX_POWER_ACC); + curr_energy = clamp(curr_energy, PAC_193X_MIN_POWER_ACC, + PAC_193X_MAX_POWER_ACC); reg_data->energy_sec_acc[cnt] = curr_energy; } -- Thorsten Blum <thorsten.blum(a)linux.dev> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4

1 day, 16 hours

3
2
0 0

[PATCH v1 4/4] mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather

by David Hildenbrand (Red Hat)

As reported, ever since commit 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race") we can end up in some situations where we perform so many IPI broadcasts when unsharing hugetlb PMD page tables that it severely regresses some workloads. In particular, when we fork()+exit(), or when we munmap() a large area backed by many shared PMD tables, we perform one IPI broadcast per unshared PMD table. There are two optimizations to be had: (1) When we process (unshare) multiple such PMD tables, such as during exit(), it is sufficient to send a single IPI broadcast (as long as we respect locking rules) instead of one per PMD table. Locking prevents that any of these PMD tables could get reuse before we drop the lock. (2) When we are not the last sharer (> 2 users including us), there is no need to send the IPI broadcast. The shared PMD tables cannot become exclusive (fully unshared) before an IPI will be broadcasted by the last sharer. Concurrent GUP-fast could walk into a PMD table just before we unshared it. It could then succeed in grabbing a page from the shared page table even after munmap() etc succeeded (and supressed an IPI). But there is not difference compared to GUP-fast just sleeping for a while after grabbing the page and re-enabling IRQs. Most importantly, GUP-fast will never walk into page tables that are no-longer shared, because the last sharer will issue an IPI broadcast. (if ever required, checking whether the PUD changed in GUP-fast after grabbing the page like we do in the PTE case could handle this) So let's rework PMD sharing TLB flushing + IPI sync to use the mmu_gather infrastructure so we can implement these optimizations and demystify the code at least a bit. Extend the mmu_gather infrastructure to be able to deal with our special hugetlb PMD table sharing implementation. We'll consolidate the handling for (full) unsharing of PMD tables in tlb_unshare_pmd_ptdesc() and tlb_flush_unshared_tables(), and track in "struct mmu_gather" whether we had (full) unsharing of PMD tables. Because locking is very special (concurrent unsharing+reuse must be prevented), we disallow deferring flushing to tlb_finish_mmu() and instead require an explicit earlier call to tlb_flush_unshared_tables(). From hugetlb code, we call huge_pmd_unshare_flush() where we make sure that the expected lock protecting us from concurrent unsharing+reuse is still held. Check with a VM_WARN_ON_ONCE() in tlb_finish_mmu() that tlb_flush_unshared_tables() was properly called earlier. Document it all properly. Notes about tlb_remove_table_sync_one() interaction with unsharing: There are two fairly tricky things: (1) tlb_remove_table_sync_one() is a NOP on architectures without CONFIG_MMU_GATHER_RCU_TABLE_FREE. Here, the assumption is that the previous TLB flush would send an IPI to all relevant CPUs. Careful: some architectures like x86 only send IPIs to all relevant CPUs when tlb->freed_tables is set. The relevant architectures should be selecting MMU_GATHER_RCU_TABLE_FREE, but x86 might not do that in stable kernels and it might have been problematic before this patch. Also, the arch flushing behavior (independent of IPIs) is different when tlb->freed_tables is set. Do we have to enlighten them to also take care of tlb->unshared_tables? So far we didn't care, so hopefully we are fine. Of course, we could be setting tlb->freed_tables as well, but that might then unnecessarily flush too much, because the semantics of tlb->freed_tables are a bit fuzzy. This patch changes nothing in this regard. (2) tlb_remove_table_sync_one() is not a NOP on architectures with CONFIG_MMU_GATHER_RCU_TABLE_FREE that actually don't need a sync. Take x86 as an example: in the common case (!pv, !X86_FEATURE_INVLPGB) we still issue IPIs during TLB flushes and don't actually need the second tlb_remove_table_sync_one(). This optimized can be implemented on top of this, by checking e.g., in tlb_remove_table_sync_one() whether we really need IPIs. But as described in (1), it really must honor tlb->freed_tables then to send IPIs to all relevant CPUs. Further note that the ptdesc_pmd_pts_dec() in huge_pmd_share() is not a concern, as we are holding the i_mmap_lock the whole time, preventing concurrent unsharing. That ptdesc_pmd_pts_dec() usage will be removed separately as a cleanup later. There are plenty more cleanups to be had, but they have to wait until this is fixed. Fixes: 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race") Reported-by: Uschakow, Stanislav" <suschako(a)amazon.de> Closes: https://lore.kernel.org/all/4d3878531c76479d9f8ca9789dc6485d@amazon.de/ Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org> --- include/asm-generic/tlb.h | 69 +++++++++++++++++++++- include/linux/hugetlb.h | 19 +++--- mm/hugetlb.c | 121 ++++++++++++++++++++++---------------- mm/mmu_gather.c | 6 ++ mm/mprotect.c | 2 +- mm/rmap.c | 25 +++++--- 6 files changed, 173 insertions(+), 69 deletions(-) diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h index 1fff717cae510..324a21f53b644 100644 --- a/include/asm-generic/tlb.h +++ b/include/asm-generic/tlb.h @@ -364,6 +364,17 @@ struct mmu_gather { unsigned int vma_huge : 1; unsigned int vma_pfn : 1; + /* + * Did we unshare (unmap) any shared page tables? + */ + unsigned int unshared_tables : 1; + + /* + * Did we unshare any page tables such that they are now exclusive + * and could get reused+modified by the new owner? + */ + unsigned int fully_unshared_tables : 1; + unsigned int batch_count; #ifndef CONFIG_MMU_GATHER_NO_GATHER @@ -400,6 +411,7 @@ static inline void __tlb_reset_range(struct mmu_gather *tlb) tlb->cleared_pmds = 0; tlb->cleared_puds = 0; tlb->cleared_p4ds = 0; + tlb->unshared_tables = 0; /* * Do not reset mmu_gather::vma_* fields here, we do not * call into tlb_start_vma() again to set them if there is an @@ -484,7 +496,7 @@ static inline void tlb_flush_mmu_tlbonly(struct mmu_gather *tlb) * these bits. */ if (!(tlb->freed_tables || tlb->cleared_ptes || tlb->cleared_pmds || - tlb->cleared_puds || tlb->cleared_p4ds)) + tlb->cleared_puds || tlb->cleared_p4ds || tlb->unshared_tables)) return; tlb_flush(tlb); @@ -773,6 +785,61 @@ static inline bool huge_pmd_needs_flush(pmd_t oldpmd, pmd_t newpmd) } #endif +#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING +static inline void tlb_unshare_pmd_ptdesc(struct mmu_gather *tlb, struct ptdesc *pt, + unsigned long addr) +{ + /* + * The caller must make sure that concurrent unsharing + exclusive + * reuse is impossible until tlb_flush_unshared_tables() was called. + */ + VM_WARN_ON_ONCE(!ptdesc_pmd_is_shared(pt)); + ptdesc_pmd_pts_dec(pt); + + /* Clearing a PUD pointing at a PMD table with PMD leaves. */ + tlb_flush_pmd_range(tlb, addr & PUD_MASK, PUD_SIZE); + + /* + * If the page table is now exclusively owned, we fully unshared + * a page table. + */ + if (!ptdesc_pmd_is_shared(pt)) + tlb->fully_unshared_tables = true; + tlb->unshared_tables = true; +} + +static inline void tlb_flush_unshared_tables(struct mmu_gather *tlb) +{ + /* + * As soon as the caller drops locks to allow for reuse of + * previously-shared tables, these tables could get modified and + * even reused outside of hugetlb context. So flush the TLB now. + * + * Note that we cannot defer the flush to a later point even if we are + * not the last sharer of the page table. + */ + if (tlb->unshared_tables) + tlb_flush_mmu_tlbonly(tlb); + + /* + * Similarly, we must make sure that concurrent GUP-fast will not + * walk previously-shared page tables that are getting modified+reused + * elsewhere. So broadcast an IPI to wait for any concurrent GUP-fast. + * + * We only perform this when we are the last sharer of a page table, + * as the IPI will reach all CPUs: any GUP-fast. + * + * Note that on configs where tlb_remove_table_sync_one() is a NOP, + * the expectation is that the tlb_flush_mmu_tlbonly() would have issued + * required IPIs already for us. + */ + if (tlb->fully_unshared_tables) { + tlb_remove_table_sync_one(); + tlb->fully_unshared_tables = false; + } +} +#endif /* CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */ + #endif /* CONFIG_MMU */ #endif /* _ASM_GENERIC__TLB_H */ diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 03c8725efa289..63b248c6bfd47 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -240,8 +240,9 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); unsigned long hugetlb_mask_last_page(struct hstate *h); -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep); +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep); +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma); void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, unsigned long *start, unsigned long *end); @@ -271,7 +272,7 @@ void hugetlb_vma_unlock_write(struct vm_area_struct *vma); int hugetlb_vma_trylock_write(struct vm_area_struct *vma); void hugetlb_vma_assert_locked(struct vm_area_struct *vma); void hugetlb_vma_lock_release(struct kref *kref); -long hugetlb_change_protection(struct vm_area_struct *vma, +long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags); void hugetlb_unshare_all_pmds(struct vm_area_struct *vma); @@ -300,13 +301,17 @@ static inline struct address_space *hugetlb_folio_mapping_lock_write( return NULL; } -static inline int huge_pmd_unshare(struct mm_struct *mm, - struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +static inline int huge_pmd_unshare(struct mmu_gather *tlb, + struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { return 0; } +static inline void huge_pmd_unshare_flush(struct mmu_gather *tlb, + struct vm_area_struct *vma) +{ +} + static inline void adjust_range_if_pmd_sharing_possible( struct vm_area_struct *vma, unsigned long *start, unsigned long *end) @@ -432,7 +437,7 @@ static inline void move_hugetlb_state(struct folio *old_folio, { } -static inline long hugetlb_change_protection( +static inline long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 3c77cdef12a32..3db94693a06fc 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5096,8 +5096,9 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, unsigned long last_addr_mask; pte_t *src_pte, *dst_pte; struct mmu_notifier_range range; - bool shared_pmd = false; + struct mmu_gather tlb; + tlb_gather_mmu(&tlb, vma->vm_mm); mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, old_addr, old_end); adjust_range_if_pmd_sharing_possible(vma, &range.start, &range.end); @@ -5122,12 +5123,12 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, if (huge_pte_none(huge_ptep_get(mm, old_addr, src_pte))) continue; - if (huge_pmd_unshare(mm, vma, old_addr, src_pte)) { - shared_pmd = true; + if (huge_pmd_unshare(&tlb, vma, old_addr, src_pte)) { old_addr |= last_addr_mask; new_addr |= last_addr_mask; continue; } + tlb_remove_huge_tlb_entry(h, &tlb, src_pte, old_addr); dst_pte = huge_pte_alloc(mm, new_vma, new_addr, sz); if (!dst_pte) @@ -5136,13 +5137,13 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, move_huge_pte(vma, old_addr, new_addr, src_pte, dst_pte, sz); } - if (shared_pmd) - flush_hugetlb_tlb_range(vma, range.start, range.end); - else - flush_hugetlb_tlb_range(vma, old_end - len, old_end); + tlb_flush_mmu_tlbonly(&tlb); + huge_pmd_unshare_flush(&tlb, vma); + mmu_notifier_invalidate_range_end(&range); i_mmap_unlock_write(mapping); hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); return len + old_addr - old_end; } @@ -5161,7 +5162,6 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long sz = huge_page_size(h); bool adjust_reservation; unsigned long last_addr_mask; - bool force_flush = false; WARN_ON(!is_vm_hugetlb_page(vma)); BUG_ON(start & ~huge_page_mask(h)); @@ -5184,10 +5184,8 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, } ptl = huge_pte_lock(h, mm, ptep); - if (huge_pmd_unshare(mm, vma, address, ptep)) { + if (huge_pmd_unshare(tlb, vma, address, ptep)) { spin_unlock(ptl); - tlb_flush_pmd_range(tlb, address & PUD_MASK, PUD_SIZE); - force_flush = true; address |= last_addr_mask; continue; } @@ -5303,14 +5301,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, } tlb_end_vma(tlb, vma); - /* - * There is nothing protecting a previously-shared page table that we - * unshared through huge_pmd_unshare() from getting freed after we - * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare() - * succeeded, flush the range corresponding to the pud. - */ - if (force_flush) - tlb_flush_mmu_tlbonly(tlb); + huge_pmd_unshare_flush(tlb, vma); } void __hugetlb_zap_begin(struct vm_area_struct *vma, @@ -6399,7 +6390,7 @@ int hugetlb_mfill_atomic_pte(pte_t *dst_pte, } #endif /* CONFIG_USERFAULTFD */ -long hugetlb_change_protection(struct vm_area_struct *vma, +long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags) { @@ -6409,7 +6400,6 @@ long hugetlb_change_protection(struct vm_area_struct *vma, pte_t pte; struct hstate *h = hstate_vma(vma); long pages = 0, psize = huge_page_size(h); - bool shared_pmd = false; struct mmu_notifier_range range; unsigned long last_addr_mask; bool uffd_wp = cp_flags & MM_CP_UFFD_WP; @@ -6452,7 +6442,7 @@ long hugetlb_change_protection(struct vm_area_struct *vma, } } ptl = huge_pte_lock(h, mm, ptep); - if (huge_pmd_unshare(mm, vma, address, ptep)) { + if (huge_pmd_unshare(tlb, vma, address, ptep)) { /* * When uffd-wp is enabled on the vma, unshare * shouldn't happen at all. Warn about it if it @@ -6461,7 +6451,6 @@ long hugetlb_change_protection(struct vm_area_struct *vma, WARN_ON_ONCE(uffd_wp || uffd_wp_resolve); pages++; spin_unlock(ptl); - shared_pmd = true; address |= last_addr_mask; continue; } @@ -6522,22 +6511,16 @@ long hugetlb_change_protection(struct vm_area_struct *vma, pte = huge_pte_clear_uffd_wp(pte); huge_ptep_modify_prot_commit(vma, address, ptep, old_pte, pte); pages++; + tlb_remove_huge_tlb_entry(h, tlb, ptep, address); } next: spin_unlock(ptl); cond_resched(); } - /* - * There is nothing protecting a previously-shared page table that we - * unshared through huge_pmd_unshare() from getting freed after we - * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare() - * succeeded, flush the range corresponding to the pud. - */ - if (shared_pmd) - flush_hugetlb_tlb_range(vma, range.start, range.end); - else - flush_hugetlb_tlb_range(vma, start, end); + + tlb_flush_mmu_tlbonly(tlb); + huge_pmd_unshare_flush(tlb, vma); /* * No need to call mmu_notifier_arch_invalidate_secondary_tlbs() we are * downgrading page table protection not changing it to point to a new @@ -6904,18 +6887,27 @@ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, return pte; } -/* - * unmap huge page backed by shared pte. +/** + * huge_pmd_unshare - Unmap a pmd table if it is shared by multiple users + * @tlb: the current mmu_gather. + * @vma: the vma covering the pmd table. + * @addr: the address we are trying to unshare. + * @ptep: pointer into the (pmd) page table. + * + * Called with the page table lock held, the i_mmap_rwsem held in write mode + * and the hugetlb vma lock held in write mode. * - * Called with page table lock held. + * Note: The caller must call huge_pmd_unshare_flush() before dropping the + * i_mmap_rwsem. * - * returns: 1 successfully unmapped a shared pte page - * 0 the underlying pte page is not shared, or it is the last user + * Returns: 1 if it was a shared PMD table and it got unmapped, or 0 if it + * was not a shared PMD table. */ -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep) { unsigned long sz = huge_page_size(hstate_vma(vma)); + struct mm_struct *mm = vma->vm_mm; pgd_t *pgd = pgd_offset(mm, addr); p4d_t *p4d = p4d_offset(pgd, addr); pud_t *pud = pud_offset(p4d, addr); @@ -6927,18 +6919,36 @@ int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, i_mmap_assert_write_locked(vma->vm_file->f_mapping); hugetlb_vma_assert_locked(vma); pud_clear(pud); - /* - * Once our caller drops the rmap lock, some other process might be - * using this page table as a normal, non-hugetlb page table. - * Wait for pending gup_fast() in other threads to finish before letting - * that happen. - */ - tlb_remove_table_sync_one(); - ptdesc_pmd_pts_dec(virt_to_ptdesc(ptep)); + + tlb_unshare_pmd_ptdesc(tlb, virt_to_ptdesc(ptep), addr); + mm_dec_nr_pmds(mm); return 1; } +/* + * huge_pmd_unshare_flush - Complete a sequence of huge_pmd_unshare() calls + * @tlb: the current mmu_gather. + * @vma: the vma covering the pmd table. + * + * Perform necessary TLB flushes or IPI broadcasts to synchronize PMD table + * unsharing with concurrent page table walkers (TLB, GUP-fast, etc.). + * + * This function must be called after a sequence of huge_pmd_unshare() + * calls while still holding the i_mmap_rwsem. + */ +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma) +{ + /* + * We must synchronize page table unsharing such that nobody will + * try reusing a previously-shared page table while it might still + * be in use by previous sharers (TLB, GUP_fast). + */ + i_mmap_assert_write_locked(vma->vm_file->f_mapping); + + tlb_flush_unshared_tables(tlb); +} + #else /* !CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, @@ -6947,12 +6957,16 @@ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, return NULL; } -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep) { return 0; } +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma) +{ +} + void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, unsigned long *start, unsigned long *end) { @@ -7219,6 +7233,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, unsigned long sz = huge_page_size(h); struct mm_struct *mm = vma->vm_mm; struct mmu_notifier_range range; + struct mmu_gather tlb; unsigned long address; spinlock_t *ptl; pte_t *ptep; @@ -7229,6 +7244,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, if (start >= end) return; + tlb_gather_mmu(&tlb, mm); flush_cache_range(vma, start, end); /* * No need to call adjust_range_if_pmd_sharing_possible(), because @@ -7248,10 +7264,10 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, if (!ptep) continue; ptl = huge_pte_lock(h, mm, ptep); - huge_pmd_unshare(mm, vma, address, ptep); + huge_pmd_unshare(&tlb, vma, address, ptep); spin_unlock(ptl); } - flush_hugetlb_tlb_range(vma, start, end); + huge_pmd_unshare_flush(&tlb, vma); if (take_locks) { i_mmap_unlock_write(vma->vm_file->f_mapping); hugetlb_vma_unlock_write(vma); @@ -7261,6 +7277,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, * Documentation/mm/mmu_notifier.rst. */ mmu_notifier_invalidate_range_end(&range); + tlb_finish_mmu(&tlb); } /* diff --git a/mm/mmu_gather.c b/mm/mmu_gather.c index 247e3f9db6c7a..822a790127375 100644 --- a/mm/mmu_gather.c +++ b/mm/mmu_gather.c @@ -468,6 +468,12 @@ void tlb_gather_mmu_fullmm(struct mmu_gather *tlb, struct mm_struct *mm) */ void tlb_finish_mmu(struct mmu_gather *tlb) { + /* + * We expect an earlier huge_pmd_unshare_flush() call to sort this out, + * due to complicated locking requirements with page table unsharing. + */ + VM_WARN_ON_ONCE(tlb->fully_unshared_tables); + /* * If there are parallel threads are doing PTE changes on same range * under non-exclusive lock (e.g., mmap_lock read-side) but defer TLB diff --git a/mm/mprotect.c b/mm/mprotect.c index 283889e4f1cec..5c330e817129e 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -652,7 +652,7 @@ long change_protection(struct mmu_gather *tlb, #endif if (is_vm_hugetlb_page(vma)) - pages = hugetlb_change_protection(vma, start, end, newprot, + pages = hugetlb_change_protection(tlb, vma, start, end, newprot, cp_flags); else pages = change_protection_range(tlb, vma, start, end, newprot, diff --git a/mm/rmap.c b/mm/rmap.c index 748f48727a162..d6799afe11147 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -76,7 +76,7 @@ #include <linux/mm_inline.h> #include <linux/oom.h> -#include <asm/tlbflush.h> +#include <asm/tlb.h> #define CREATE_TRACE_POINTS #include <trace/events/migrate.h> @@ -2008,13 +2008,17 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, * if unsuccessful. */ if (!anon) { + struct mmu_gather tlb; + VM_BUG_ON(!(flags & TTU_RMAP_LOCKED)); if (!hugetlb_vma_trylock_write(vma)) goto walk_abort; - if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) { + + tlb_gather_mmu(&tlb, mm); + if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) { hugetlb_vma_unlock_write(vma); - flush_tlb_range(vma, - range.start, range.end); + huge_pmd_unshare_flush(&tlb, vma); + tlb_finish_mmu(&tlb); /* * The PMD table was unmapped, * consequently unmapping the folio. @@ -2022,6 +2026,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, goto walk_done; } hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); } pteval = huge_ptep_clear_flush(vma, address, pvmw.pte); if (pte_dirty(pteval)) @@ -2398,17 +2403,20 @@ static bool try_to_migrate_one(struct folio *folio, struct vm_area_struct *vma, * fail if unsuccessful. */ if (!anon) { + struct mmu_gather tlb; + VM_BUG_ON(!(flags & TTU_RMAP_LOCKED)); if (!hugetlb_vma_trylock_write(vma)) { page_vma_mapped_walk_done(&pvmw); ret = false; break; } - if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) { - hugetlb_vma_unlock_write(vma); - flush_tlb_range(vma, - range.start, range.end); + tlb_gather_mmu(&tlb, mm); + if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) { + hugetlb_vma_unlock_write(vma); + huge_pmd_unshare_flush(&tlb, vma); + tlb_finish_mmu(&tlb); /* * The PMD table was unmapped, * consequently unmapping the folio. @@ -2417,6 +2425,7 @@ static bool try_to_migrate_one(struct folio *folio, struct vm_area_struct *vma, break; } hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); } /* Nuke the hugetlb page table entry */ pteval = huge_ptep_clear_flush(vma, address, pvmw.pte); -- 2.52.0

1 day, 17 hours

2
3
0 0

[PATCH] nfs/localio: fix regression due to out-of-order __put_cred

by Trond Myklebust

From: Mike Snitzer <snitzer(a)kernel.org> commit 3af870aedbff10bfed220e280b57a405e972229f upstream. Commit f2060bdc21d7 ("nfs/localio: add refcounting for each iocb IO associated with NFS pgio header") inadvertantly reintroduced the same potential for __put_cred() triggering BUG_ON(cred == current->cred) that commit 992203a1fba5 ("nfs/localio: restore creds before releasing pageio data") fixed. Fix this by saving and restoring the cred around each {read,write}_iter call within the respective for loop of nfs_local_call_{read,write}. Reported-by: Zorro Lang <zlang(a)redhat.com> Fixes: f2060bdc21d7 ("nfs/localio: add refcounting for each iocb IO associated with NFS pgio header") Cc: <stable(a)vger.kernel.org> # 6.18.x Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> --- fs/nfs/localio.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 656976b4f42c..ee635172d68a 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -625,8 +625,6 @@ static void nfs_local_call_read(struct work_struct *work) ssize_t status; int n_iters; - save_cred = override_creds(filp->f_cred); - n_iters = atomic_read(&iocb->n_iters); for (int i = 0; i < n_iters ; i++) { if (iocb->iter_is_dio_aligned[i]) { @@ -639,7 +637,10 @@ static void nfs_local_call_read(struct work_struct *work) } else iocb->kiocb.ki_flags &= ~IOCB_DIRECT; + save_cred = override_creds(filp->f_cred); status = filp->f_op->read_iter(&iocb->kiocb, &iocb->iters[i]); + revert_creds(save_cred); + if (status != -EIOCBQUEUED) { if (unlikely(status >= 0 && status < iocb->iters[i].count)) force_done = true; /* Partial read */ @@ -649,8 +650,6 @@ static void nfs_local_call_read(struct work_struct *work) } } } - - revert_creds(save_cred); } static int @@ -832,7 +831,6 @@ static void nfs_local_call_write(struct work_struct *work) int n_iters; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds(filp->f_cred); file_start_write(filp); n_iters = atomic_read(&iocb->n_iters); @@ -847,7 +845,10 @@ static void nfs_local_call_write(struct work_struct *work) } else iocb->kiocb.ki_flags &= ~IOCB_DIRECT; + save_cred = override_creds(filp->f_cred); status = filp->f_op->write_iter(&iocb->kiocb, &iocb->iters[i]); + revert_creds(save_cred); + if (status != -EIOCBQUEUED) { if (unlikely(status >= 0 && status < iocb->iters[i].count)) force_done = true; /* Partial write */ @@ -859,7 +860,6 @@ static void nfs_local_call_write(struct work_struct *work) } file_end_write(filp); - revert_creds(save_cred); current->flags = old_flags; } -- 2.52.0

2 days

2
2
0 0

Please apply 5b1e38c0792cc7a44997328de37d393f81b2501a to 5.15

by Nathan Chancellor

Hi stable folks, Please apply commit 5b1e38c0792c ("dpaa2-mac: bail if the dpmacs fwnode is not found") to 5.15, where it addresses an instance of -Wsometimes-uninitialized with clang-21 and newer, introduced by commit 3264f599c1a8 ("net: dpaa2-mac: Add ACPI support for DPAA2 MAC driver") in 5.14. drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c:54:13: error: variable 'parent' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] 54 | } else if (is_acpi_node(fwnode)) { | ^~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c:58:29: note: uninitialized use occurs here 58 | fwnode_for_each_child_node(parent, child) { | ^~~~~~ drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c:54:9: note: remove the 'if' if its condition is always true 54 | } else if (is_acpi_node(fwnode)) { | ^~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c:43:39: note: initialize the variable 'parent' to silence this warning 43 | struct fwnode_handle *fwnode, *parent, *child = NULL; | ^ | = NULL It applies and builds cleanly for me. If there are any issues, please let me know. Cheers, Nathan

2 days, 5 hours

2
1
0 0

Apply fc7bf4c0d65a342b29fe38c332db3fe900b481b9 to 5.15

by Nathan Chancellor

Hi stable folks, Please apply commit fc7bf4c0d65a ("drm/i915/selftests: Fix inconsistent IS_ERR and PTR_ERR") to 5.15, where it resolves a couple of instances of -Wuninitialized with clang-21 or newer that were introduced by commit cdb35d1ed6d2 ("drm/i915/gem: Migrate to system at dma-buf attach time (v7)") in 5.15. In file included from drivers/gpu/drm/i915/gem/i915_gem_dmabuf.c:329: drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c:105:18: error: variable 'dmabuf' is uninitialized when used here [-Werror,-Wuninitialized] 105 | PTR_ERR(dmabuf)); | ^~~~~~ drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c:94:24: note: initialize the variable 'dmabuf' to silence this warning 94 | struct dma_buf *dmabuf; | ^ | = NULL drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c:161:18: error: variable 'dmabuf' is uninitialized when used here [-Werror,-Wuninitialized] 161 | PTR_ERR(dmabuf)); | ^~~~~~ drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c:149:24: note: initialize the variable 'dmabuf' to silence this warning 149 | struct dma_buf *dmabuf; | ^ | = NULL It applies and builds cleanly for me. If there are any issues, please let me know. Cheers, Nathan

2 days, 5 hours

2
1
0 0

Apply ccc35ff2fd2911986b716a87fe65e03fac2312c9 to 5.15, 6.1, and 6.6

by Nathan Chancellor

Hi stable folks, Please apply commit ccc35ff2fd29 ("leds: spi-byte: Use devm_led_classdev_register_ext()") to 5.15, 6.1, and 6.6. It inadvertently addresses an instance of -Wuninitialized visible with clang-21 and newer: drivers/leds/leds-spi-byte.c:99:26: error: variable 'child' is uninitialized when used here [-Werror,-Wuninitialized] 99 | of_property_read_string(child, "label", &name); | ^~~~~ drivers/leds/leds-spi-byte.c:83:27: note: initialize the variable 'child' to silence this warning 83 | struct device_node *child; | ^ | = NULL It applies cleanly to 6.6. I have attached a backport for 6.1 and 5.15, which can be generated locally with: $ git format-patch -1 --stdout ccc35ff2fd2911986b716a87fe65e03fac2312c9 | sed 's;strscpy;strlcpy;' | patch -p1 This change seems safe to me but if I am missing a massive dependency chain, an alternative would be moving child's initialization up in these stable branches. Cheers, Nathan diff --git a/drivers/leds/leds-spi-byte.c b/drivers/leds/leds-spi-byte.c index 82696e0607a5..7dd876df8b36 100644 --- a/drivers/leds/leds-spi-byte.c +++ b/drivers/leds/leds-spi-byte.c @@ -96,6 +96,7 @@ static int spi_byte_probe(struct spi_device *spi) if (!led) return -ENOMEM; + child = of_get_next_available_child(dev_of_node(dev), NULL); of_property_read_string(child, "label", &name); strlcpy(led->name, name, sizeof(led->name)); led->spi = spi; @@ -106,7 +107,6 @@ static int spi_byte_probe(struct spi_device *spi) led->ldev.max_brightness = led->cdef->max_value - led->cdef->off_value; led->ldev.brightness_set_blocking = spi_byte_brightness_set_blocking; - child = of_get_next_available_child(dev_of_node(dev), NULL); state = of_get_property(child, "default-state", NULL); if (state) { if (!strcmp(state, "on")) {

2 days, 5 hours

2
1
0 0

[PATCH AUTOSEL 6.18-6.1] ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit b39a1833cc4a2755b02603eec3a71a85e9dff926 ] Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Reported-by: Zhitong Liu <liuzhitong1993(a)gmail.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: fs/smb/server/mgmt/tree_connect.c | 18 ++++-------------- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/smb2pdu.c | 3 --- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index ecfc575086712..d3483d9c757c7 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -78,7 +78,6 @@ ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) tree_conn->t_state = TREE_NEW; status.tree_conn = tree_conn; atomic_set(&tree_conn->refcount, 1); - init_waitqueue_head(&tree_conn->refcount_q); ret = xa_err(xa_store(&sess->tree_conns, tree_conn->id, tree_conn, KSMBD_DEFAULT_GFP)); @@ -100,14 +99,8 @@ ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon) { - /* - * Checking waitqueue to releasing tree connect on - * tree disconnect. waitqueue_active is safe because it - * uses atomic operation for condition. - */ - if (!atomic_dec_return(&tcon->refcount) && - waitqueue_active(&tcon->refcount_q)) - wake_up(&tcon->refcount_q); + if (atomic_dec_and_test(&tcon->refcount)) + kfree(tcon); } int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, @@ -119,14 +112,11 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, xa_erase(&sess->tree_conns, tree_conn->id); write_unlock(&sess->tree_conns_lock); - if (!atomic_dec_and_test(&tree_conn->refcount)) - wait_event(tree_conn->refcount_q, - atomic_read(&tree_conn->refcount) == 0); - ret = ksmbd_ipc_tree_disconnect_request(sess->id, tree_conn->id); ksmbd_release_tree_conn_id(sess, tree_conn->id); ksmbd_share_config_put(tree_conn->share_conf); - kfree(tree_conn); + if (atomic_dec_and_test(&tree_conn->refcount)) + kfree(tree_conn); return ret; } diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index a42cdd0510411..f0023d86716f2 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -33,7 +33,6 @@ struct ksmbd_tree_connect { int maximal_access; bool posix_extensions; atomic_t refcount; - wait_queue_head_t refcount_q; unsigned int t_state; }; diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index a2830ec67e782..dba29881debdc 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2200,7 +2200,6 @@ int smb2_tree_disconnect(struct ksmbd_work *work) goto err_out; } - WARN_ON_ONCE(atomic_dec_and_test(&tcon->refcount)); tcon->t_state = TREE_DISCONNECTED; write_unlock(&sess->tree_conns_lock); @@ -2210,8 +2209,6 @@ int smb2_tree_disconnect(struct ksmbd_work *work) goto err_out; } - work->tcon = NULL; - rsp->StructureSize = cpu_to_le16(4); err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_tree_disconnect_rsp)); -- 2.51.0

2 days, 7 hours

2
28
0 0

Linux 6.17.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.11 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 arch/arm64/boot/dts/freescale/imx8dxl-ss-conn.dtsi | 4 arch/arm64/boot/dts/freescale/imx8dxl-ss-hsio.dtsi | 5 arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 4 arch/arm64/kernel/acpi.c | 10 arch/mips/mm/tlb-r4k.c | 116 ++++--- arch/riscv/boot/dts/allwinner/sun20i-d1s.dtsi | 2 arch/x86/events/core.c | 10 drivers/atm/fore200e.c | 2 drivers/bluetooth/btusb.c | 39 ++ drivers/counter/microchip-tcb-capture.c | 2 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 1 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 drivers/gpu/drm/amd/display/dc/virtual/virtual_stream_encoder.c | 7 drivers/gpu/drm/bridge/sii902x.c | 20 - drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/i915/display/intel_display.c | 8 drivers/gpu/drm/i915/display/intel_psr.c | 6 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/gpu/drm/xe/xe_gt_clock.c | 7 drivers/gpu/drm/xe/xe_guc_ct.c | 3 drivers/iio/accel/adxl355_core.c | 44 ++ drivers/iio/accel/bmc150-accel-core.c | 5 drivers/iio/accel/bmc150-accel.h | 1 drivers/iio/adc/ad4030.c | 2 drivers/iio/adc/ad7124.c | 12 drivers/iio/adc/ad7280a.c | 2 drivers/iio/adc/ad7380.c | 8 drivers/iio/adc/rtq6056.c | 2 drivers/iio/adc/stm32-dfsdm-adc.c | 5 drivers/iio/buffer/industrialio-buffer-dma.c | 6 drivers/iio/buffer/industrialio-buffer-dmaengine.c | 2 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/humidity/hdc3020.c | 73 ++-- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 - drivers/iio/industrialio-buffer.c | 21 + drivers/iio/pressure/bmp280-core.c | 15 drivers/iommu/iommufd/driver.c | 2 drivers/mailbox/mailbox-test.c | 2 drivers/mailbox/mtk-cmdq-mailbox.c | 45 +- drivers/mailbox/pcc.c | 8 drivers/md/dm-verity-fec.c | 6 drivers/mmc/host/sdhci-of-dwcmshc.c | 29 + drivers/most/most_usb.c | 14 drivers/net/can/rcar/rcar_canfd.c | 53 +-- drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 100 +++++- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/microchip/ksz_common.c | 31 - drivers/net/dsa/microchip/ksz_ptp.c | 22 - drivers/net/dsa/sja1105/sja1105_main.c | 7 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 - drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/freescale/fec.h | 1 drivers/net/ethernet/freescale/fec_ptp.c | 64 +++- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 2 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 19 - drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/phy/mxl-gpy.c | 20 - drivers/net/team/team_core.c | 23 - drivers/net/tun_vnet.h | 2 drivers/net/veth.c | 7 drivers/net/virtio_net.c | 3 drivers/net/wwan/mhi_wwan_mbim.c | 2 drivers/nvmem/layouts.c | 2 drivers/platform/x86/intel/punit_ipc.c | 2 drivers/pmdomain/tegra/powergate-bpmp.c | 1 drivers/regulator/rtq2208-regulator.c | 6 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/spi/Kconfig | 4 drivers/spi/spi-amlogic-spifc-a1.c | 4 drivers/spi/spi-bcm63xx.c | 14 drivers/spi/spi-cadence-quadspi.c | 18 - drivers/spi/spi-nxp-fspi.c | 28 + drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/tty/serial/8250/8250.h | 4 drivers/tty/serial/8250/8250_platform.c | 2 drivers/tty/serial/8250/8250_rsa.c | 26 + drivers/tty/serial/8250/Makefile | 2 drivers/tty/serial/amba-pl011.c | 2 drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/dwc3-pci.c | 80 ++--- drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/udc/core.c | 18 + drivers/usb/gadget/udc/renesas_usbf.c | 4 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/host/xhci-dbgcap.h | 1 drivers/usb/host/xhci-dbgtty.c | 23 + drivers/usb/host/xhci-ring.c | 15 drivers/usb/host/xhci.c | 1 drivers/usb/renesas_usbhs/common.c | 14 drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 drivers/vhost/net.c | 53 ++- drivers/vhost/vhost.c | 76 +++- drivers/vhost/vhost.h | 10 drivers/video/fbdev/core/fbcon.c | 9 fs/afs/cell.c | 43 -- fs/afs/internal.h | 1 fs/afs/security.c | 49 ++- fs/namespace.c | 7 fs/overlayfs/util.c | 4 fs/smb/client/connect.c | 1 include/linux/iio/buffer-dma.h | 1 include/linux/iio/buffer_impl.h | 2 include/linux/mailbox/mtk-cmdq-mailbox.h | 10 include/linux/usb/gadget.h | 5 include/linux/virtio_net.h | 7 include/net/bluetooth/hci_core.h | 21 - io_uring/net.c | 6 kernel/dma/direct.c | 1 kernel/time/timekeeping.c | 4 kernel/trace/trace.c | 10 mm/huge_memory.c | 22 - mm/memfd.c | 27 + mm/swapfile.c | 4 net/bluetooth/hci_core.c | 89 ++--- net/bluetooth/hci_sock.c | 2 net/bluetooth/iso.c | 30 + net/bluetooth/l2cap_core.c | 23 + net/bluetooth/sco.c | 35 +- net/bluetooth/smp.c | 31 - net/ceph/auth_x.c | 2 net/ceph/ceph_common.c | 53 ++- net/ceph/debugfs.c | 14 net/ceph/messenger_v2.c | 11 net/ceph/osdmap.c | 18 - net/mctp/route.c | 1 net/mptcp/protocol.c | 19 + net/xdp/xsk.c | 160 ++++++---- sound/hda/codecs/cirrus/cs420x.c | 1 sound/usb/quirks.c | 3 159 files changed, 1533 insertions(+), 802 deletions(-) Achim Gratz (1): iio: pressure: bmp280: correct meas_time_us calculation Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (1): USB: storage: Remove subclass and protocol overrides from Novatek quirk Alex Deucher (2): drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Revert "drm/amd/display: Move setup_stream_attribute" Alex Hung (1): drm/amd/display: Check NULL before accessing Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Andrei Vagin (1): fs/namespace: fix reference leak in grab_requested_mnt_ns Andy Shevchenko (1): spi: nxp-fspi: Propagate fwnode in ACPI case as well Anurag Dutta (2): spi: spi-cadence-quadspi: Remove duplicate pm_runtime_put_autosuspend() call spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance Bastien Curutchet (Schneider Electric) (5): net: dsa: microchip: common: Fix checks on irq_find_mapping() net: dsa: microchip: ptp: Fix checks on irq_find_mapping() net: dsa: microchip: Don't free uninitialized ksz_irq net: dsa: microchip: Free previously initialized ports on init failures net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() Biju Das (1): can: rcar_canfd: Fix CAN-FD mode as default ChiYuan Huang (3): iio: adc: rtq6056: Correct the sign bit index regulator: rtq2208: Correct buck group2 phase mapping logic regulator: rtq2208: Correct LDO2 logic judgment bits Chris Lu (1): Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind Dan Carpenter (2): platform/x86: intel: punit_ipc: fix memory corruption timekeeping: Fix error code in tk_aux_sysfs_init() Daniel Golle (2): net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting David Howells (2): afs: Fix delayed allocation of a cell's anonymous key afs: Fix uninit var in afs_alloc_anon_key() David Lechner (3): iio: adc: ad7124: fix temperature channel iio: adc: ad7280a: fix ad7280_store_balance_timer() iio: adc: ad7380: fix SPI offload trigger rate Deepanshu Kartikey (2): tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs mm/memfd: fix information leak in hugetlb folios Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Devarsh Thakkar (1): drm/bridge: sii902x: Fix HDMI detection with DRM_BRIDGE_ATTACH_NO_CONNECTOR Dharma Balasubiramani (1): counter: microchip-tcb-capture: Allow shared IRQ for multi-channel TCBs Dimitri Fedrau (2): iio: humditiy: hdc3020: fix units for temperature and humidity measurement iio: humditiy: hdc3020: fix units for thresholds and hysteresis Douglas Anderson (1): Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref Edward Adam Davis (1): Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Fernando Fernandez Mancera (1): xsk: avoid data corruption on cq descriptor number Francesco Lavra (2): spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Frank Li (2): arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos arm64: dts: imx8dxl: Correct pcie-ep interrupt number Greg Kroah-Hartman (1): Linux 6.17.11 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Gustavo A. R. Silva (1): iommufd/driver: Fix counter initialization for counted_by annotation Haibo Chen (1): spi: spi-nxp-fspi: Add OCT-DTR mode support Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang (3): usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors mailbox: mailbox-test: Fix debugfs_create_dir error checking spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Harish Chegondi (1): drm/xe: Fix conversion from clock ticks to milliseconds Heikki Krogerus (2): usb: dwc3: pci: add support for the Intel Nova Lake -S usb: dwc3: pci: Sort out the Intel device IDs Heiner Kallweit (1): r8169: fix RTL8127 hang on suspend/shutdown Horatiu Vultur (1): net: lan966x: Fix the initialization of taprio Ilpo Järvinen (1): serial: 8250: Fix 8250_rsa symbol loop Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Ivan Zhaldak (1): ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jamie Iles (2): mailbox: pcc: don't zero error register drivers/usb/dwc3: fix PCI parent check Jason Wang (1): vhost: rewind next_avail_head while discarding descriptors Jason-JH Lin (1): mailbox: mtk-cmdq: Refine DMA address handling for the command buffer Jens Axboe (1): io_uring/net: ensure vectored buffer node import is tied to notification Jeremy Kerr (1): net: mctp: unconditionally set skb->dev on dst output Jesper Dangaard Brouer (1): veth: reduce XDP no_direct return section to fix race Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jimmy Hu (1): usb: gadget: udc: fix use-after-free in usb_gadget_state_work Jiri Olsa (1): Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Jisheng Zhang (1): mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe Jon Hunter (1): pmdomain: tegra: Add GENPD_FLAG_NO_STAY_ON flag Jon Kohler (1): virtio-net: avoid unnecessary checksum calculation on guest RX Kai-Heng Feng (1): net: aquantia: Add missing descriptor cache invalidation on ATL2 Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kuen-Han Tsai (2): usb: gadget: f_eem: Fix memory leak in eem_unwrap usb: udc: Add trace event for usb_gadget_set_state Kuniyuki Iwashima (1): mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Linus Walleij (1): iio: accel: bmc150: Fix irq assumption regression Lucas De Marchi (1): drm/xe/guc: Fix stack_depot usage Luiz Augusto von Dentz (2): Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP Bluetooth: SMP: Fix not generating mackey and ltk when repairing Maarten Zanders (1): ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Maciej Fijalkowski (1): xsk: avoid overwriting skb fields for multi-buffer traffic Maciej W. Rozycki (1): MIPS: mm: Prevent a TLB shutdown on initial uniquification Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (4): can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Marcelo Schmitt (1): iio: adc: ad4030: Fix _scale value for common-mode channels Mario Limonciello (AMD) (2): drm/amd/display: Don't change brightness for disabled connectors drm/amd/display: Increase EDID read retries Mario Tesi (1): iio: st_lsm6dsx: Fixed calibrated timestamp calculation Mathias Nyman (2): xhci: fix stale flag preventig URBs after link state error is cleared xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Miaoqian Lin (3): slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Michael Chen (1): drm/amd/amdgpu: reserve vm invalidation engine for uni_mes Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Mohsin Bashir (1): eth: fbnic: Fix counter roll-over issue NeilBrown (1): ovl: fail ovl_lock_rename_workdir() if either target is unhashed Nikola Z. Ivanov (1): team: Move team device type change at the end of team_port_add Nuno Sá (3): iio: buffer-dma: support getting the DMA channel iio: buffer-dmaengine: enable .get_dma_dev() iio: buffer: support getting dma channel from the buffer Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Olivier Moysan (1): iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling Owen Gu (1): usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Paolo Abeni (1): mptcp: clear scheduled subflows on retransmit Pauli Virtanen (1): Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Pranjal Shrivastava (1): dma-direct: Fix missing sg_dma_len assignment in P2PDMA bus mappings Prike Liang (1): drm/amdgpu: attach tlb fence to the PTs update Punit Agrawal (1): Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" René Rebe (1): ALSA: hda/cirrus fix cs420x MacPro 6,1 inverted jack detection Sergey Matyukevich (1): riscv: dts: allwinner: d1: fix vlenb property Seungjin Bae (1): can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Siddharth Vadapalli (1): spi: cadence-quadspi: Fix cqspi_probe() error handling for runtime pm Slark Xiao (1): net: wwan: mhi: Keep modem name match with Foxconn T99W640 Thomas Bogendoerfer (1): MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Thomas Zimmermann (1): drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Valek Andrej (1): iio: accel: fix ADXL355 startup race condition Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Viacheslav Dubeyko (1): ceph: fix crash in process_v2_sparse_read() for encrypted directories Ville Syrjälä (1): drm/i915/psr: Reject async flips when selective fetch is enabled Vladimir Oltean (1): net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Wei Fang (4): net: fec: cancel perout_timer when PEROUT is disabled net: fec: do not update PEROUT if it is enabled net: fec: do not allow enabling PPS and PEROUT simultaneously net: fec: do not register PPS event for PEROUT Wei Yang (1): mm/huge_memory: fix NULL pointer deference when splitting folio Wentao Guan (1): nvmem: layouts: fix nvmem_layout_bus_uevent Xu Yang (1): arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity Youngjun Park (1): mm: swap: remove duplicate nr_swap_pages decrement in get_swap_page_of_type() ziming zhang (2): libceph: prevent potential out-of-bounds writes in handle_auth_session_key() libceph: replace BUG_ON with bounds check for map->max_osd Łukasz Bartosik (1): xhci: dbgtty: fix device unregister

2 days, 8 hours

1
1
0 0

Linux 6.12.61

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.61 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ MAINTAINERS | 5 Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 arch/arm64/boot/dts/freescale/imx8dxl-ss-conn.dtsi | 4 arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 4 arch/arm64/kernel/acpi.c | 10 arch/mips/mm/tlb-r4k.c | 116 arch/x86/events/core.c | 10 arch/x86/kvm/svm/nested.c | 20 arch/x86/kvm/svm/svm.c | 94 arch/x86/kvm/svm/svm.h | 1 drivers/atm/fore200e.c | 2 drivers/bluetooth/btusb.c | 39 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 1 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 drivers/gpu/drm/amd/display/dc/virtual/virtual_stream_encoder.c | 7 drivers/gpu/drm/drm_fb_helper.c | 6 drivers/gpu/drm/i915/display/intel_dp.c | 5 drivers/gpu/drm/i915/display/intel_fbdev.c | 6 drivers/gpu/drm/radeon/radeon_fbdev.c | 5 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/gpu/drm/xe/xe_gt_clock.c | 7 drivers/iio/accel/adxl355_core.c | 44 drivers/iio/accel/bmc150-accel-core.c | 5 drivers/iio/accel/bmc150-accel.h | 1 drivers/iio/adc/ad7280a.c | 2 drivers/iio/adc/rtq6056.c | 2 drivers/iio/adc/stm32-dfsdm-adc.c | 5 drivers/iio/buffer/industrialio-buffer-dma.c | 6 drivers/iio/buffer/industrialio-buffer-dmaengine.c | 2 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/humidity/hdc3020.c | 73 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 drivers/iio/industrialio-buffer.c | 21 drivers/mailbox/mailbox-test.c | 2 drivers/mailbox/mtk-cmdq-mailbox.c | 45 drivers/mailbox/pcc.c | 32 drivers/md/dm-verity-fec.c | 6 drivers/mmc/host/sdhci-of-dwcmshc.c | 29 drivers/most/most_usb.c | 14 drivers/mtd/nand/spi/core.c | 2 drivers/net/can/rcar/rcar_canfd.c | 53 drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 100 drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/microchip/ksz_common.c | 65 drivers/net/dsa/microchip/ksz_common.h | 1 drivers/net/dsa/microchip/ksz_ptp.c | 22 drivers/net/dsa/sja1105/sja1105_main.c | 66 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/freescale/fec.h | 1 drivers/net/ethernet/freescale/fec_ptp.c | 64 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 2 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/phy/mxl-gpy.c | 2 drivers/net/team/team_core.c | 23 drivers/net/veth.c | 64 drivers/net/vrf.c | 4 drivers/net/wireless/ath/ath12k/dp_rx.c | 5 drivers/net/wireless/ath/ath12k/peer.c | 3 drivers/net/wireless/ath/ath12k/peer.h | 2 drivers/net/wwan/mhi_wwan_mbim.c | 2 drivers/nvmem/layouts.c | 2 drivers/platform/x86/intel/punit_ipc.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/spi/Kconfig | 4 drivers/spi/spi-amlogic-spifc-a1.c | 4 drivers/spi/spi-bcm63xx.c | 14 drivers/spi/spi-mem.c | 37 drivers/spi/spi-nxp-fspi.c | 123 drivers/staging/Kconfig | 2 drivers/staging/Makefile | 1 drivers/staging/rtl8712/Kconfig | 21 drivers/staging/rtl8712/Makefile | 35 drivers/staging/rtl8712/TODO | 13 drivers/staging/rtl8712/basic_types.h | 28 drivers/staging/rtl8712/drv_types.h | 175 drivers/staging/rtl8712/ethernet.h | 21 drivers/staging/rtl8712/hal_init.c | 401 - drivers/staging/rtl8712/ieee80211.c | 415 - drivers/staging/rtl8712/ieee80211.h | 165 drivers/staging/rtl8712/mlme_linux.c | 160 drivers/staging/rtl8712/mlme_osdep.h | 31 drivers/staging/rtl8712/mp_custom_oid.h | 287 - drivers/staging/rtl8712/os_intfs.c | 482 -- drivers/staging/rtl8712/osdep_intf.h | 32 drivers/staging/rtl8712/osdep_service.h | 60 drivers/staging/rtl8712/recv_linux.c | 139 drivers/staging/rtl8712/recv_osdep.h | 39 drivers/staging/rtl8712/rtl8712_bitdef.h | 26 drivers/staging/rtl8712/rtl8712_cmd.c | 409 - drivers/staging/rtl8712/rtl8712_cmd.h | 231 - drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 drivers/staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 drivers/staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 drivers/staging/rtl8712/rtl8712_efuse.c | 563 -- drivers/staging/rtl8712/rtl8712_efuse.h | 44 drivers/staging/rtl8712/rtl8712_event.h | 86 drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 drivers/staging/rtl8712/rtl8712_hal.h | 142 drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 drivers/staging/rtl8712/rtl8712_io.c | 99 drivers/staging/rtl8712/rtl8712_led.c | 1830 -------- drivers/staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 drivers/staging/rtl8712/rtl8712_macsetting_regdef.h | 20 drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 drivers/staging/rtl8712/rtl8712_recv.c | 1075 ---- drivers/staging/rtl8712/rtl8712_recv.h | 145 drivers/staging/rtl8712/rtl8712_regdef.h | 32 drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 drivers/staging/rtl8712/rtl8712_spec.h | 121 drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 drivers/staging/rtl8712/rtl8712_xmit.c | 732 --- drivers/staging/rtl8712/rtl8712_xmit.h | 108 drivers/staging/rtl8712/rtl871x_cmd.c | 750 --- drivers/staging/rtl8712/rtl871x_cmd.h | 750 --- drivers/staging/rtl8712/rtl871x_debug.h | 130 drivers/staging/rtl8712/rtl871x_eeprom.c | 220 drivers/staging/rtl8712/rtl871x_eeprom.h | 88 drivers/staging/rtl8712/rtl871x_event.h | 109 drivers/staging/rtl8712/rtl871x_ht.h | 33 drivers/staging/rtl8712/rtl871x_io.c | 147 drivers/staging/rtl8712/rtl871x_io.h | 236 - drivers/staging/rtl8712/rtl871x_ioctl.h | 94 drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2275 ---------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 -- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 - drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 drivers/staging/rtl8712/rtl871x_led.h | 118 drivers/staging/rtl8712/rtl871x_mlme.c | 1710 ------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 drivers/staging/rtl8712/rtl871x_mp.c | 724 --- drivers/staging/rtl8712/rtl871x_mp.h | 275 - drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 - drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 ---- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 - drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 drivers/staging/rtl8712/rtl871x_recv.c | 671 -- drivers/staging/rtl8712/rtl871x_recv.h | 208 drivers/staging/rtl8712/rtl871x_rf.h | 55 drivers/staging/rtl8712/rtl871x_security.c | 1386 ------ drivers/staging/rtl8712/rtl871x_security.h | 218 drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 - drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 drivers/staging/rtl8712/rtl871x_xmit.c | 1056 ---- drivers/staging/rtl8712/rtl871x_xmit.h | 287 - drivers/staging/rtl8712/sta_info.h | 132 drivers/staging/rtl8712/usb_halinit.c | 307 - drivers/staging/rtl8712/usb_intf.c | 638 -- drivers/staging/rtl8712/usb_ops.c | 195 drivers/staging/rtl8712/usb_ops.h | 38 drivers/staging/rtl8712/usb_ops_linux.c | 508 -- drivers/staging/rtl8712/usb_osintf.h | 35 drivers/staging/rtl8712/wifi.h | 196 drivers/staging/rtl8712/wlan_bssdef.h | 223 drivers/staging/rtl8712/xmit_linux.c | 181 drivers/staging/rtl8712/xmit_osdep.h | 52 drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/tty/serial/amba-pl011.c | 2 drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/dwc3-pci.c | 80 drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/udc/core.c | 18 drivers/usb/gadget/udc/renesas_usbf.c | 4 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/host/xhci-dbgcap.h | 1 drivers/usb/host/xhci-dbgtty.c | 23 drivers/usb/host/xhci-ring.c | 15 drivers/usb/host/xhci.c | 1 drivers/usb/renesas_usbhs/common.c | 14 drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 drivers/usb/storage/uas.c | 5 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 drivers/video/fbdev/core/fbcon.c | 9 fs/namespace.c | 7 fs/nfsd/nfs4state.c | 6 fs/smb/client/connect.c | 1 include/linux/iio/buffer-dma.h | 1 include/linux/iio/buffer_impl.h | 2 include/linux/mailbox/mtk-cmdq-mailbox.h | 10 include/linux/spi/spi-mem.h | 22 include/linux/usb/gadget.h | 5 include/net/bluetooth/hci_core.h | 1 include/net/sch_generic.h | 8 kernel/trace/trace.c | 10 mm/huge_memory.c | 17 mm/memfd.c | 27 net/bluetooth/hci_core.c | 16 net/bluetooth/hci_sock.c | 2 net/bluetooth/smp.c | 31 net/ceph/auth_x.c | 2 net/ceph/ceph_common.c | 53 net/ceph/debugfs.c | 14 net/ceph/messenger_v2.c | 11 net/ceph/osdmap.c | 18 net/mptcp/protocol.c | 19 sound/usb/quirks.c | 3 237 files changed, 1336 insertions(+), 28204 deletions(-) Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (1): USB: storage: Remove subclass and protocol overrides from Novatek quirk Alex Deucher (2): drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Revert "drm/amd/display: Move setup_stream_attribute" Alex Hung (1): drm/amd/display: Check NULL before accessing Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Andrei Vagin (1): fs/namespace: fix reference leak in grab_requested_mnt_ns Andy Shevchenko (1): spi: nxp-fspi: Propagate fwnode in ACPI case as well Bastien Curutchet (Schneider Electric) (5): net: dsa: microchip: common: Fix checks on irq_find_mapping() net: dsa: microchip: ptp: Fix checks on irq_find_mapping() net: dsa: microchip: Don't free uninitialized ksz_irq net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() net: dsa: microchip: Free previously initialized ports on init failures Biju Das (1): can: rcar_canfd: Fix CAN-FD mode as default ChiYuan Huang (1): iio: adc: rtq6056: Correct the sign bit index Chris Lu (1): Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind Dan Carpenter (1): platform/x86: intel: punit_ipc: fix memory corruption Daniel Golle (1): net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting David Lechner (1): iio: adc: ad7280a: fix ad7280_store_balance_timer() Deepanshu Kartikey (2): tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs mm/memfd: fix information leak in hugetlb folios Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Dimitri Fedrau (2): iio: humditiy: hdc3020: fix units for temperature and humidity measurement iio: humditiy: hdc3020: fix units for thresholds and hysteresis Douglas Anderson (1): Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref Edward Adam Davis (1): Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Francesco Lavra (2): spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Frank Li (1): arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos Greg Kroah-Hartman (1): Linux 6.12.61 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Haibo Chen (2): spi: spi-nxp-fspi: remove the goto in probe spi: spi-nxp-fspi: Add OCT-DTR mode support Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang (3): usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors mailbox: mailbox-test: Fix debugfs_create_dir error checking spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Harish Chegondi (1): drm/xe: Fix conversion from clock ticks to milliseconds Heikki Krogerus (2): usb: dwc3: pci: add support for the Intel Nova Lake -S usb: dwc3: pci: Sort out the Intel device IDs Horatiu Vultur (1): net: lan966x: Fix the initialization of taprio Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Imre Deak (1): drm/i915/dp: Initialize the source OUI write timestamp always Ivan Zhaldak (1): ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jamie Iles (2): mailbox: pcc: don't zero error register drivers/usb/dwc3: fix PCI parent check Jason-JH Lin (1): mailbox: mtk-cmdq: Refine DMA address handling for the command buffer Jesper Dangaard Brouer (5): net: sched: generalize check for no-queue qdisc on TX queue veth: apply qdisc backpressure on full ptr_ring to reduce TX drops veth: prevent NULL pointer dereference in veth_xdp_rcv veth: more robust handing of race to avoid txq getting stuck veth: reduce XDP no_direct return section to fix race Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jimmy Hu (1): usb: gadget: udc: fix use-after-free in usb_gadget_state_work Jiri Olsa (1): Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Jisheng Zhang (1): mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe Kai-Heng Feng (1): net: aquantia: Add missing descriptor cache invalidation on ATL2 Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kuen-Han Tsai (2): usb: gadget: f_eem: Fix memory leak in eem_unwrap usb: udc: Add trace event for usb_gadget_set_state Kuniyuki Iwashima (1): mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Linus Walleij (1): iio: accel: bmc150: Fix irq assumption regression Luiz Augusto von Dentz (2): Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP Bluetooth: SMP: Fix not generating mackey and ltk when repairing Maarten Zanders (1): ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Maciej W. Rozycki (1): MIPS: mm: Prevent a TLB shutdown on initial uniquification Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (4): can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Mario Limonciello (AMD) (1): drm/amd/display: Don't change brightness for disabled connectors Mario Tesi (1): iio: st_lsm6dsx: Fixed calibrated timestamp calculation Mathias Nyman (2): xhci: fix stale flag preventig URBs after link state error is cleared xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Miaoqian Lin (3): slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Michael Chen (1): drm/amd/amdgpu: reserve vm invalidation engine for uni_mes Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Miquel Raynal (3): spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency spi: spi-mem: Add a new controller capability spi: nxp-fspi: Support per spi-mem operation frequency switches Mohsin Bashir (1): eth: fbnic: Fix counter roll-over issue NeilBrown (1): nfsd: Replace clamp_t in nfsd4_get_drc_mem() Nikola Z. Ivanov (1): team: Move team device type change at the end of team_port_add Nuno Sá (3): iio: buffer-dma: support getting the DMA channel iio: buffer-dmaengine: enable .get_dma_dev() iio: buffer: support getting dma channel from the buffer Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Olivier Moysan (1): iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling Owen Gu (1): usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Paolo Abeni (1): mptcp: clear scheduled subflows on retransmit Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Philipp Hortmann (1): staging: rtl8712: Remove driver using deprecated API wext Punit Agrawal (1): Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" Russell King (Oracle) (1): net: dsa: sja1105: simplify static configuration reload Sarika Sharma (1): wifi: ath12k: correctly handle mcast packets for clients Seungjin Bae (1): can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Slark Xiao (1): net: wwan: mhi: Keep modem name match with Foxconn T99W640 Sudeep Holla (1): mailbox: pcc: Refactor error handling in irq handler into separate function Thomas Bogendoerfer (1): MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Thomas Weißschuh (1): spi: spi-nxp-fspi: Check return value of devm_mutex_init() Thomas Zimmermann (1): drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Tristram Ha (1): net: dsa: microchip: Do not execute PTP driver code for unsupported switches Tudor Ambarus (1): spi: spi-mem: Allow specifying the byte order in Octal DTR mode Valek Andrej (1): iio: accel: fix ADXL355 startup race condition Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Viacheslav Dubeyko (1): ceph: fix crash in process_v2_sparse_read() for encrypted directories Vladimir Oltean (1): net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Wei Fang (4): net: fec: cancel perout_timer when PEROUT is disabled net: fec: do not update PEROUT if it is enabled net: fec: do not allow enabling PPS and PEROUT simultaneously net: fec: do not register PPS event for PEROUT Wei Yang (1): mm/huge_memory: fix NULL pointer deference when splitting folio Wentao Guan (1): nvmem: layouts: fix nvmem_layout_bus_uevent Xu Yang (1): arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity Yosry Ahmed (4): KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() KVM: nSVM: Fix and simplify LBR virtualization handling with nested KVM: SVM: Fix redundant updates of LBR MSR intercepts ziming zhang (2): libceph: prevent potential out-of-bounds writes in handle_auth_session_key() libceph: replace BUG_ON with bounds check for map->max_osd Łukasz Bartosik (1): xhci: dbgtty: fix device unregister

2 days, 8 hours

1
1
0 0

Linux 6.6.119

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.119 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ MAINTAINERS | 6 Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 arch/mips/mm/tlb-r4k.c | 116 arch/x86/events/core.c | 10 drivers/atm/fore200e.c | 2 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/hid/hid-core.c | 7 drivers/iio/accel/adxl355_core.c | 44 drivers/iio/accel/bmc150-accel-core.c | 5 drivers/iio/accel/bmc150-accel.h | 1 drivers/iio/adc/ad7280a.c | 2 drivers/iio/adc/rtq6056.c | 2 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 drivers/mailbox/mailbox-test.c | 2 drivers/mailbox/pcc.c | 32 drivers/md/dm-verity-fec.c | 6 drivers/most/most_usb.c | 14 drivers/mtd/nand/spi/core.c | 2 drivers/net/bonding/bond_main.c | 11 drivers/net/bonding/bond_options.c | 3 drivers/net/can/rcar/rcar_canfd.c | 53 drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 100 drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/microchip/ksz_common.c | 30 drivers/net/dsa/microchip/ksz_ptp.c | 22 drivers/net/dsa/sja1105/sja1105_main.c | 66 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/freescale/fec.h | 1 drivers/net/ethernet/freescale/fec_ptp.c | 64 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/phy/mxl-gpy.c | 2 drivers/platform/x86/intel/punit_ipc.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/spi/Kconfig | 4 drivers/spi/spi-amlogic-spifc-a1.c | 4 drivers/spi/spi-bcm63xx.c | 14 drivers/spi/spi-mem.c | 37 drivers/spi/spi-nxp-fspi.c | 22 drivers/staging/Kconfig | 2 drivers/staging/Makefile | 1 drivers/staging/rtl8712/Kconfig | 21 drivers/staging/rtl8712/Makefile | 35 drivers/staging/rtl8712/TODO | 13 drivers/staging/rtl8712/basic_types.h | 28 drivers/staging/rtl8712/drv_types.h | 175 - drivers/staging/rtl8712/ethernet.h | 21 drivers/staging/rtl8712/hal_init.c | 401 -- drivers/staging/rtl8712/ieee80211.c | 415 -- drivers/staging/rtl8712/ieee80211.h | 165 drivers/staging/rtl8712/mlme_linux.c | 160 drivers/staging/rtl8712/mlme_osdep.h | 31 drivers/staging/rtl8712/mp_custom_oid.h | 287 - drivers/staging/rtl8712/os_intfs.c | 482 -- drivers/staging/rtl8712/osdep_intf.h | 32 drivers/staging/rtl8712/osdep_service.h | 60 drivers/staging/rtl8712/recv_linux.c | 139 drivers/staging/rtl8712/recv_osdep.h | 39 drivers/staging/rtl8712/rtl8712_bitdef.h | 26 drivers/staging/rtl8712/rtl8712_cmd.c | 409 -- drivers/staging/rtl8712/rtl8712_cmd.h | 231 - drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 drivers/staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 drivers/staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 drivers/staging/rtl8712/rtl8712_efuse.c | 564 --- drivers/staging/rtl8712/rtl8712_efuse.h | 44 drivers/staging/rtl8712/rtl8712_event.h | 86 drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 drivers/staging/rtl8712/rtl8712_hal.h | 142 drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 drivers/staging/rtl8712/rtl8712_io.c | 99 drivers/staging/rtl8712/rtl8712_led.c | 1830 ---------- drivers/staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 drivers/staging/rtl8712/rtl8712_macsetting_regdef.h | 20 drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 drivers/staging/rtl8712/rtl8712_recv.c | 1080 ------ drivers/staging/rtl8712/rtl8712_recv.h | 145 drivers/staging/rtl8712/rtl8712_regdef.h | 32 drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 drivers/staging/rtl8712/rtl8712_spec.h | 121 drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 drivers/staging/rtl8712/rtl8712_xmit.c | 744 ---- drivers/staging/rtl8712/rtl8712_xmit.h | 108 drivers/staging/rtl8712/rtl871x_cmd.c | 796 ---- drivers/staging/rtl8712/rtl871x_cmd.h | 761 ---- drivers/staging/rtl8712/rtl871x_debug.h | 130 drivers/staging/rtl8712/rtl871x_eeprom.c | 220 - drivers/staging/rtl8712/rtl871x_eeprom.h | 88 drivers/staging/rtl8712/rtl871x_event.h | 109 drivers/staging/rtl8712/rtl871x_ht.h | 33 drivers/staging/rtl8712/rtl871x_io.c | 147 drivers/staging/rtl8712/rtl871x_io.h | 236 - drivers/staging/rtl8712/rtl871x_ioctl.h | 94 drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 -------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 --- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 -- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 drivers/staging/rtl8712/rtl871x_led.h | 118 drivers/staging/rtl8712/rtl871x_mlme.c | 1710 ---------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 - drivers/staging/rtl8712/rtl871x_mp.c | 724 ---- drivers/staging/rtl8712/rtl871x_mp.h | 275 - drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 ----- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 - drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 ------ drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 - drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 drivers/staging/rtl8712/rtl871x_recv.c | 671 ---- drivers/staging/rtl8712/rtl871x_recv.h | 208 - drivers/staging/rtl8712/rtl871x_rf.h | 55 drivers/staging/rtl8712/rtl871x_security.c | 1386 -------- drivers/staging/rtl8712/rtl871x_security.h | 218 - drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 - drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 drivers/staging/rtl8712/rtl871x_xmit.c | 1059 ------ drivers/staging/rtl8712/rtl871x_xmit.h | 288 - drivers/staging/rtl8712/sta_info.h | 132 drivers/staging/rtl8712/usb_halinit.c | 307 - drivers/staging/rtl8712/usb_intf.c | 638 --- drivers/staging/rtl8712/usb_ops.c | 195 - drivers/staging/rtl8712/usb_ops.h | 38 drivers/staging/rtl8712/usb_ops_linux.c | 515 --- drivers/staging/rtl8712/usb_osintf.h | 35 drivers/staging/rtl8712/wifi.h | 196 - drivers/staging/rtl8712/wlan_bssdef.h | 223 - drivers/staging/rtl8712/xmit_linux.c | 181 - drivers/staging/rtl8712/xmit_osdep.h | 52 drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/tty/serial/amba-pl011.c | 2 drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/dwc3-pci.c | 80 drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/udc/core.c | 18 drivers/usb/gadget/udc/renesas_usbf.c | 4 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/host/xhci-dbgcap.h | 1 drivers/usb/host/xhci-dbgtty.c | 23 drivers/usb/renesas_usbhs/common.c | 14 drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 drivers/usb/storage/uas.c | 5 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 fs/nfsd/nfs4state.c | 6 fs/smb/client/connect.c | 1 fs/smb/server/smb2pdu.c | 4 include/linux/spi/spi-mem.h | 22 include/linux/usb/gadget.h | 5 include/net/bonding.h | 1 net/bluetooth/hci_sock.c | 2 net/bluetooth/smp.c | 31 net/ceph/auth_x.c | 2 net/ceph/ceph_common.c | 53 net/ceph/debugfs.c | 14 net/ceph/messenger_v2.c | 11 net/ceph/osdmap.c | 18 net/mptcp/protocol.c | 48 sound/usb/quirks.c | 3 tools/testing/selftests/net/mptcp/mptcp_join.sh | 14 tools/testing/selftests/net/mptcp/mptcp_lib.sh | 21 196 files changed, 909 insertions(+), 28082 deletions(-) Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (2): USB: storage: Remove subclass and protocol overrides from Novatek quirk HID: core: Harden s32ton() against conversion to 0 bits Alex Deucher (1): drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Alex Hung (1): drm/amd/display: Check NULL before accessing Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Andy Shevchenko (1): spi: nxp-fspi: Propagate fwnode in ACPI case as well Bastien Curutchet (Schneider Electric) (4): net: dsa: microchip: common: Fix checks on irq_find_mapping() net: dsa: microchip: ptp: Fix checks on irq_find_mapping() net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() net: dsa: microchip: Free previously initialized ports on init failures Biju Das (1): can: rcar_canfd: Fix CAN-FD mode as default ChiYuan Huang (1): iio: adc: rtq6056: Correct the sign bit index Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind Dan Carpenter (1): platform/x86: intel: punit_ipc: fix memory corruption Daniel Golle (1): net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting David Lechner (1): iio: adc: ad7280a: fix ad7280_store_balance_timer() Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Edward Adam Davis (1): Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Francesco Lavra (2): spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Greg Kroah-Hartman (1): Linux 6.6.119 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Hangbin Liu (1): bonding: return detailed error when loading native XDP fails Haotian Zhang (3): usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors mailbox: mailbox-test: Fix debugfs_create_dir error checking spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Heikki Krogerus (2): usb: dwc3: pci: add support for the Intel Nova Lake -S usb: dwc3: pci: Sort out the Intel device IDs Horatiu Vultur (1): net: lan966x: Fix the initialization of taprio Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Ivan Zhaldak (1): ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jamie Iles (2): mailbox: pcc: don't zero error register drivers/usb/dwc3: fix PCI parent check Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jimmy Hu (1): usb: gadget: udc: fix use-after-free in usb_gadget_state_work Jiri Olsa (1): Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe Kai-Heng Feng (1): net: aquantia: Add missing descriptor cache invalidation on ATL2 Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kuen-Han Tsai (2): usb: gadget: f_eem: Fix memory leak in eem_unwrap usb: udc: Add trace event for usb_gadget_set_state Linus Walleij (1): iio: accel: bmc150: Fix irq assumption regression Luiz Augusto von Dentz (1): Bluetooth: SMP: Fix not generating mackey and ltk when repairing Maarten Zanders (1): ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Maciej W. Rozycki (1): MIPS: mm: Prevent a TLB shutdown on initial uniquification Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (4): can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Mario Tesi (1): iio: st_lsm6dsx: Fixed calibrated timestamp calculation Mathias Nyman (1): xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Matthieu Baerts (NGI0) (1): selftests: mptcp: join: properly kill background tasks Miaoqian Lin (3): slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Miquel Raynal (3): spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency spi: spi-mem: Add a new controller capability spi: nxp-fspi: Support per spi-mem operation frequency switches NeilBrown (1): nfsd: Replace clamp_t in nfsd4_get_drc_mem() Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Owen Gu (1): usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Paolo Abeni (2): mptcp: clear scheduled subflows on retransmit mptcp: fix duplicate reset on fastclose Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Philipp Hortmann (1): staging: rtl8712: Remove driver using deprecated API wext Russell King (Oracle) (1): net: dsa: sja1105: simplify static configuration reload Sean Heelan (1): ksmbd: fix use-after-free in session logoff Seungjin Bae (1): can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Sudeep Holla (1): mailbox: pcc: Refactor error handling in irq handler into separate function Thomas Bogendoerfer (1): MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Tudor Ambarus (1): spi: spi-mem: Allow specifying the byte order in Octal DTR mode Valek Andrej (1): iio: accel: fix ADXL355 startup race condition Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Viacheslav Dubeyko (1): ceph: fix crash in process_v2_sparse_read() for encrypted directories Vladimir Oltean (1): net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Wang Liang (1): bonding: check xdp prog when set bond mode Wei Fang (4): net: fec: cancel perout_timer when PEROUT is disabled net: fec: do not update PEROUT if it is enabled net: fec: do not allow enabling PPS and PEROUT simultaneously net: fec: do not register PPS event for PEROUT luoguangfei (1): net: macb: fix unregister_netdev call order in macb_remove() ziming zhang (2): libceph: prevent potential out-of-bounds writes in handle_auth_session_key() libceph: replace BUG_ON with bounds check for map->max_osd Łukasz Bartosik (1): xhci: dbgtty: fix device unregister

2 days, 8 hours

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror