- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] wifi: brcmfmac: fix crash while sending Action Frames in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 3776c685ebe5f43e9060af06872661de55e80b9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025110229-sandblast-glacial-765a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3776c685ebe5f43e9060af06872661de55e80b9a Mon Sep 17 00:00:00 2001 From: Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> Date: Mon, 13 Oct 2025 15:58:19 +0530 Subject: [PATCH] wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever there is a need to transmit an Action frame, the brcmfmac driver always uses the P2P vif to send the "actframe" IOVAR to firmware. The P2P interfaces were available when wpa_supplicant is managing the wlan interface. However, the P2P interfaces are not created/initialized when only hostapd is managing the wlan interface. And if hostapd receives an ANQP Query REQ Action frame even from an un-associated STA, the brcmfmac driver tries to use an uninitialized P2P vif pointer for sending the IOVAR to firmware. This NULL pointer dereferencing triggers a driver crash. [ 1417.074538] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [...] [ 1417.075188] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT) [...] [ 1417.075653] Call trace: [ 1417.075662] brcmf_p2p_send_action_frame+0x23c/0xc58 [brcmfmac] [ 1417.075738] brcmf_cfg80211_mgmt_tx+0x304/0x5c0 [brcmfmac] [ 1417.075810] cfg80211_mlme_mgmt_tx+0x1b0/0x428 [cfg80211] [ 1417.076067] nl80211_tx_mgmt+0x238/0x388 [cfg80211] [ 1417.076281] genl_family_rcv_msg_doit+0xe0/0x158 [ 1417.076302] genl_rcv_msg+0x220/0x2a0 [ 1417.076317] netlink_rcv_skb+0x68/0x140 [ 1417.076330] genl_rcv+0x40/0x60 [ 1417.076343] netlink_unicast+0x330/0x3b8 [ 1417.076357] netlink_sendmsg+0x19c/0x3f8 [ 1417.076370] __sock_sendmsg+0x64/0xc0 [ 1417.076391] ____sys_sendmsg+0x268/0x2a0 [ 1417.076408] ___sys_sendmsg+0xb8/0x118 [ 1417.076427] __sys_sendmsg+0x90/0xf8 [ 1417.076445] __arm64_sys_sendmsg+0x2c/0x40 [ 1417.076465] invoke_syscall+0x50/0x120 [ 1417.076486] el0_svc_common.constprop.0+0x48/0xf0 [ 1417.076506] do_el0_svc+0x24/0x38 [ 1417.076525] el0_svc+0x30/0x100 [ 1417.076548] el0t_64_sync_handler+0x100/0x130 [ 1417.076569] el0t_64_sync+0x190/0x198 [ 1417.076589] Code: f9401e80 aa1603e2 f9403be1 5280e483 (f9400000) Fix this, by always using the vif corresponding to the wdev on which the Action frame Transmission request was initiated by the userspace. This way, even if P2P vif is not available, the IOVAR is sent to firmware on AP vif and the ANQP Query RESP Action frame is transmitted without crashing the driver. Move init_completion() for "send_af_done" from brcmf_p2p_create_p2pdev() to brcmf_p2p_attach(). Because the former function would not get executed when only hostapd is managing wlan interface, and it is not safe to do reinit_completion() later in brcmf_p2p_tx_action_frame(), without any prior init_completion(). And in the brcmf_p2p_tx_action_frame() function, the condition check for P2P Presence response frame is not needed, since the wpa_supplicant is properly sending the P2P Presense Response frame on the P2P-GO vif instead of the P2P-Device vif. Cc: stable(a)vger.kernel.org Fixes: 18e2f61db3b7 ("brcmfmac: P2P action frame tx") Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> Acked-by: Arend van Spriel <arend.vanspriel(a)broadcom.com> Link: https://patch.msgid.link/20251013102819.9727-1-gokulkumar.sivakumar@infineo… [Cc stable] Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c index 8afaffe31031..bb96b87b2a6e 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -5627,8 +5627,7 @@ brcmf_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev, *cookie, le16_to_cpu(action_frame->len), le32_to_cpu(af_params->channel)); - ack = brcmf_p2p_send_action_frame(cfg, cfg_to_ndev(cfg), - af_params); + ack = brcmf_p2p_send_action_frame(vif->ifp, af_params); cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, ack, GFP_KERNEL); diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c index 0dc9d28cd77b..e1752a513c73 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c @@ -1529,6 +1529,7 @@ int brcmf_p2p_notify_action_tx_complete(struct brcmf_if *ifp, /** * brcmf_p2p_tx_action_frame() - send action frame over fil. * + * @ifp: interface to transmit on. * @p2p: p2p info struct for vif. * @af_params: action frame data/info. * @@ -1538,12 +1539,11 @@ int brcmf_p2p_notify_action_tx_complete(struct brcmf_if *ifp, * The WLC_E_ACTION_FRAME_COMPLETE event will be received when the action * frame is transmitted. */ -static s32 brcmf_p2p_tx_action_frame(struct brcmf_p2p_info *p2p, +static s32 brcmf_p2p_tx_action_frame(struct brcmf_if *ifp, + struct brcmf_p2p_info *p2p, struct brcmf_fil_af_params_le *af_params) { struct brcmf_pub *drvr = p2p->cfg->pub; - struct brcmf_cfg80211_vif *vif; - struct brcmf_p2p_action_frame *p2p_af; s32 err = 0; brcmf_dbg(TRACE, "Enter\n"); @@ -1552,14 +1552,7 @@ static s32 brcmf_p2p_tx_action_frame(struct brcmf_p2p_info *p2p, clear_bit(BRCMF_P2P_STATUS_ACTION_TX_COMPLETED, &p2p->status); clear_bit(BRCMF_P2P_STATUS_ACTION_TX_NOACK, &p2p->status); - /* check if it is a p2p_presence response */ - p2p_af = (struct brcmf_p2p_action_frame *)af_params->action_frame.data; - if (p2p_af->subtype == P2P_AF_PRESENCE_RSP) - vif = p2p->bss_idx[P2PAPI_BSSCFG_CONNECTION].vif; - else - vif = p2p->bss_idx[P2PAPI_BSSCFG_DEVICE].vif; - - err = brcmf_fil_bsscfg_data_set(vif->ifp, "actframe", af_params, + err = brcmf_fil_bsscfg_data_set(ifp, "actframe", af_params, sizeof(*af_params)); if (err) { bphy_err(drvr, " sending action frame has failed\n"); @@ -1711,16 +1704,14 @@ static bool brcmf_p2p_check_dwell_overflow(u32 requested_dwell, /** * brcmf_p2p_send_action_frame() - send action frame . * - * @cfg: driver private data for cfg80211 interface. - * @ndev: net device to transmit on. + * @ifp: interface to transmit on. * @af_params: configuration data for action frame. */ -bool brcmf_p2p_send_action_frame(struct brcmf_cfg80211_info *cfg, - struct net_device *ndev, +bool brcmf_p2p_send_action_frame(struct brcmf_if *ifp, struct brcmf_fil_af_params_le *af_params) { + struct brcmf_cfg80211_info *cfg = ifp->drvr->config; struct brcmf_p2p_info *p2p = &cfg->p2p; - struct brcmf_if *ifp = netdev_priv(ndev); struct brcmf_fil_action_frame_le *action_frame; struct brcmf_config_af_params config_af_params; struct afx_hdl *afx_hdl = &p2p->afx_hdl; @@ -1857,7 +1848,7 @@ bool brcmf_p2p_send_action_frame(struct brcmf_cfg80211_info *cfg, if (af_params->channel) msleep(P2P_AF_RETRY_DELAY_TIME); - ack = !brcmf_p2p_tx_action_frame(p2p, af_params); + ack = !brcmf_p2p_tx_action_frame(ifp, p2p, af_params); tx_retry++; dwell_overflow = brcmf_p2p_check_dwell_overflow(requested_dwell, dwell_jiffies); @@ -2217,7 +2208,6 @@ static struct wireless_dev *brcmf_p2p_create_p2pdev(struct brcmf_p2p_info *p2p, WARN_ON(p2p_ifp->bsscfgidx != bsscfgidx); - init_completion(&p2p->send_af_done); INIT_WORK(&p2p->afx_hdl.afx_work, brcmf_p2p_afx_handler); init_completion(&p2p->afx_hdl.act_frm_scan); init_completion(&p2p->wait_next_af); @@ -2513,6 +2503,8 @@ s32 brcmf_p2p_attach(struct brcmf_cfg80211_info *cfg, bool p2pdev_forced) pri_ifp = brcmf_get_ifp(cfg->pub, 0); p2p->bss_idx[P2PAPI_BSSCFG_PRIMARY].vif = pri_ifp->vif; + init_completion(&p2p->send_af_done); + if (p2pdev_forced) { err_ptr = brcmf_p2p_create_p2pdev(p2p, NULL, NULL); if (IS_ERR(err_ptr)) { diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h index d2ecee565bf2..d3137ebd7158 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h @@ -168,8 +168,7 @@ int brcmf_p2p_notify_action_frame_rx(struct brcmf_if *ifp, int brcmf_p2p_notify_action_tx_complete(struct brcmf_if *ifp, const struct brcmf_event_msg *e, void *data); -bool brcmf_p2p_send_action_frame(struct brcmf_cfg80211_info *cfg, - struct net_device *ndev, +bool brcmf_p2p_send_action_frame(struct brcmf_if *ifp, struct brcmf_fil_af_params_le *af_params); bool brcmf_p2p_scan_finding_common_channel(struct brcmf_cfg80211_info *cfg, struct brcmf_bss_info_le *bi);

2 weeks, 3 days

2
1
0 0

FAILED: patch "[PATCH] cpuidle: governors: menu: Select polling state in some more" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x db86f55bf81a3a297be05ee8775ae9a8c6e3a599 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025110243-dupe-pentagram-9b47@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From db86f55bf81a3a297be05ee8775ae9a8c6e3a599 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Thu, 23 Oct 2025 19:12:57 +0200 Subject: [PATCH] cpuidle: governors: menu: Select polling state in some more cases A throughput regression of 11% introduced by commit 779b1a1cb13a ("cpuidle: governors: menu: Avoid selecting states with too much latency") has been reported and it is related to the case when the menu governor checks if selecting a proper idle state instead of a polling one makes sense. In particular, it is questionable to do so if the exit latency of the idle state in question exceeds the predicted idle duration, so add a check for that, which is sufficient to make the reported regression go away, and update the related code comment accordingly. Fixes: 779b1a1cb13a ("cpuidle: governors: menu: Avoid selecting states with too much latency") Closes: https://lore.kernel.org/linux-pm/004501dc43c9$ec8aa930$c59ffb90$@telus.net/ Reported-by: Doug Smythies <dsmythies(a)telus.net> Tested-by: Doug Smythies <dsmythies(a)telus.net> Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Christian Loehle <christian.loehle(a)arm.com> Link: https://patch.msgid.link/12786727.O9o76ZdvQC@rafael.j.wysocki diff --git a/drivers/cpuidle/governors/menu.c b/drivers/cpuidle/governors/menu.c index 7d21fb5a72f4..23239b0c04f9 100644 --- a/drivers/cpuidle/governors/menu.c +++ b/drivers/cpuidle/governors/menu.c @@ -318,10 +318,13 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, /* * Use a physical idle state, not busy polling, unless a timer - * is going to trigger soon enough. + * is going to trigger soon enough or the exit latency of the + * idle state in question is greater than the predicted idle + * duration. */ if ((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) && - s->target_residency_ns <= data->next_timer_ns) { + s->target_residency_ns <= data->next_timer_ns && + s->exit_latency_ns <= predicted_ns) { predicted_ns = s->target_residency_ns; idx = i; break;

2 weeks, 3 days

2
2
0 0

FAILED: patch "[PATCH] net: phy: dp83867: Disable EEE support as not implemented" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 84a905290cb4c3d9a71a9e3b2f2e02e031e7512f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025110212-wavy-support-eaec@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 84a905290cb4c3d9a71a9e3b2f2e02e031e7512f Mon Sep 17 00:00:00 2001 From: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Date: Thu, 23 Oct 2025 16:48:53 +0200 Subject: [PATCH] net: phy: dp83867: Disable EEE support as not implemented While the DP83867 PHYs report EEE capability through their feature registers, the actual hardware does not support EEE (see Links). When the connected MAC enables EEE, it causes link instability and communication failures. The issue is reproducible with a iMX8MP and relevant stmmac ethernet port. Since the introduction of phylink-managed EEE support in the stmmac driver, EEE is now enabled by default, leading to issues on systems using the DP83867 PHY. Call phy_disable_eee during phy initialization to prevent EEE from being enabled on DP83867 PHYs. Link: https://e2e.ti.com/support/interface-group/interface/f/interface-forum/1445… Link: https://e2e.ti.com/support/interface-group/interface/f/interface-forum/6586… Fixes: 2a10154abcb7 ("net: phy: dp83867: Add TI dp83867 phy") Cc: stable(a)vger.kernel.org Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Link: https://patch.msgid.link/20251023144857.529566-1-ghidoliemanuele@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/phy/dp83867.c b/drivers/net/phy/dp83867.c index deeefb962566..36a0c1b7f59c 100644 --- a/drivers/net/phy/dp83867.c +++ b/drivers/net/phy/dp83867.c @@ -738,6 +738,12 @@ static int dp83867_config_init(struct phy_device *phydev) return ret; } + /* Although the DP83867 reports EEE capability through the + * MDIO_PCS_EEE_ABLE and MDIO_AN_EEE_ADV registers, the feature + * is not actually implemented in hardware. + */ + phy_disable_eee(phydev); + if (phy_interface_is_rgmii(phydev) || phydev->interface == PHY_INTERFACE_MODE_SGMII) { val = phy_read(phydev, MII_DP83867_PHYCTRL);

2 weeks, 3 days

2
2
0 0

FAILED: patch "[PATCH] sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 54e96258a6930909b690fd7e8889749231ba8085 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025110231-exposable-prelude-6f67@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 54e96258a6930909b690fd7e8889749231ba8085 Mon Sep 17 00:00:00 2001 From: Tejun Heo <tj(a)kernel.org> Date: Mon, 6 Oct 2025 15:35:36 -1000 Subject: [PATCH] sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with KF_RCU scx_bpf_dsq_move_set_slice() and scx_bpf_dsq_move_set_vtime() take a DSQ iterator argument which has to be valid. Mark them with KF_RCU. Fixes: 4c30f5ce4f7a ("sched_ext: Implement scx_bpf_dispatch[_vtime]_from_dsq()") Cc: stable(a)vger.kernel.org # v6.12+ Acked-by: Andrea Righi <arighi(a)nvidia.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 2b0e88206d07..fc353b8d69f7 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -5688,8 +5688,8 @@ BTF_KFUNCS_START(scx_kfunc_ids_dispatch) BTF_ID_FLAGS(func, scx_bpf_dispatch_nr_slots) BTF_ID_FLAGS(func, scx_bpf_dispatch_cancel) BTF_ID_FLAGS(func, scx_bpf_dsq_move_to_local) -BTF_ID_FLAGS(func, scx_bpf_dsq_move_set_slice) -BTF_ID_FLAGS(func, scx_bpf_dsq_move_set_vtime) +BTF_ID_FLAGS(func, scx_bpf_dsq_move_set_slice, KF_RCU) +BTF_ID_FLAGS(func, scx_bpf_dsq_move_set_vtime, KF_RCU) BTF_ID_FLAGS(func, scx_bpf_dsq_move, KF_RCU) BTF_ID_FLAGS(func, scx_bpf_dsq_move_vtime, KF_RCU) BTF_KFUNCS_END(scx_kfunc_ids_dispatch) @@ -5820,8 +5820,8 @@ __bpf_kfunc_end_defs(); BTF_KFUNCS_START(scx_kfunc_ids_unlocked) BTF_ID_FLAGS(func, scx_bpf_create_dsq, KF_SLEEPABLE) -BTF_ID_FLAGS(func, scx_bpf_dsq_move_set_slice) -BTF_ID_FLAGS(func, scx_bpf_dsq_move_set_vtime) +BTF_ID_FLAGS(func, scx_bpf_dsq_move_set_slice, KF_RCU) +BTF_ID_FLAGS(func, scx_bpf_dsq_move_set_vtime, KF_RCU) BTF_ID_FLAGS(func, scx_bpf_dsq_move, KF_RCU) BTF_ID_FLAGS(func, scx_bpf_dsq_move_vtime, KF_RCU) BTF_KFUNCS_END(scx_kfunc_ids_unlocked)

2 weeks, 3 days

2
1
0 0

FAILED: patch "[PATCH] PM: sleep: Allow pm_restrict_gfp_mask() stacking" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 35e4a69b2003f20a69e7d19ae96ab1eef1aa8e8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025110200-aflame-kisser-6334@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 35e4a69b2003f20a69e7d19ae96ab1eef1aa8e8d Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Tue, 28 Oct 2025 21:52:31 +0100 Subject: [PATCH] PM: sleep: Allow pm_restrict_gfp_mask() stacking Allow pm_restrict_gfp_mask() to be called many times in a row to avoid issues with calling dpm_suspend_start() when the GFP mask has been already restricted. Only the first invocation of pm_restrict_gfp_mask() will actually restrict the GFP mask and the subsequent calls will warn if there is a mismatch between the expected allowed GFP mask and the actual one. Moreover, if pm_restrict_gfp_mask() is called many times in a row, pm_restore_gfp_mask() needs to be called matching number of times in a row to actually restore the GFP mask. Calling it when the GFP mask has not been restricted will cause it to warn. This is necessary for the GFP mask restriction starting in hibernation_snapshot() to continue throughout the entire hibernation flow until it completes or it is aborted (either by a wakeup event or by an error). Fixes: 449c9c02537a1 ("PM: hibernate: Restrict GFP mask in hibernation_snapshot()") Fixes: 469d80a3712c ("PM: hibernate: Fix hybrid-sleep") Reported-by: Askar Safin <safinaskar(a)gmail.com> Closes: https://lore.kernel.org/linux-pm/20251025050812.421905-1-safinaskar@gmail.c… Link: https://lore.kernel.org/linux-pm/20251028111730.2261404-1-safinaskar@gmail.… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Tested-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Cc: 6.16+ <stable(a)vger.kernel.org> # 6.16+ Link: https://patch.msgid.link/5935682.DvuYhMxLoT@rafael.j.wysocki diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index 14e85ff23551..53166ef86ba4 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -706,7 +706,6 @@ static void power_down(void) #ifdef CONFIG_SUSPEND if (hibernation_mode == HIBERNATION_SUSPEND) { - pm_restore_gfp_mask(); error = suspend_devices_and_enter(mem_sleep_current); if (!error) goto exit; @@ -746,9 +745,6 @@ static void power_down(void) cpu_relax(); exit: - /* Match the pm_restore_gfp_mask() call in hibernate(). */ - pm_restrict_gfp_mask(); - /* Restore swap signature. */ error = swsusp_unmark(); if (error) diff --git a/kernel/power/main.c b/kernel/power/main.c index 3cf2d7e72567..549f51ca3a1e 100644 --- a/kernel/power/main.c +++ b/kernel/power/main.c @@ -31,23 +31,35 @@ * held, unless the suspend/hibernate code is guaranteed not to run in parallel * with that modification). */ +static unsigned int saved_gfp_count; static gfp_t saved_gfp_mask; void pm_restore_gfp_mask(void) { WARN_ON(!mutex_is_locked(&system_transition_mutex)); - if (saved_gfp_mask) { - gfp_allowed_mask = saved_gfp_mask; - saved_gfp_mask = 0; - } + + if (WARN_ON(!saved_gfp_count) || --saved_gfp_count) + return; + + gfp_allowed_mask = saved_gfp_mask; + saved_gfp_mask = 0; + + pm_pr_dbg("GFP mask restored\n"); } void pm_restrict_gfp_mask(void) { WARN_ON(!mutex_is_locked(&system_transition_mutex)); - WARN_ON(saved_gfp_mask); + + if (saved_gfp_count++) { + WARN_ON((saved_gfp_mask & ~(__GFP_IO | __GFP_FS)) != gfp_allowed_mask); + return; + } + saved_gfp_mask = gfp_allowed_mask; gfp_allowed_mask &= ~(__GFP_IO | __GFP_FS); + + pm_pr_dbg("GFP mask restricted\n"); } unsigned int lock_system_sleep(void)

2 weeks, 3 days

2
2
0 0

FAILED: patch "[PATCH] s390/pci: Restore IRQ unconditionally for the zPCI device" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b45873c3f09153d1ad9b3a7bf9e5c0b0387fd2ea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025110241-repeater-unshackle-ae19@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b45873c3f09153d1ad9b3a7bf9e5c0b0387fd2ea Mon Sep 17 00:00:00 2001 From: Farhan Ali <alifm(a)linux.ibm.com> Date: Wed, 22 Oct 2025 09:47:26 -0700 Subject: [PATCH] s390/pci: Restore IRQ unconditionally for the zPCI device Commit c1e18c17bda6 ("s390/pci: add zpci_set_irq()/zpci_clear_irq()"), introduced the zpci_set_irq() and zpci_clear_irq(), to be used while resetting a zPCI device. Commit da995d538d3a ("s390/pci: implement reset_slot for hotplug slot"), mentions zpci_clear_irq() being called in the path for zpci_hot_reset_device(). But that is not the case anymore and these functions are not called outside of this file. Instead zpci_hot_reset_device() relies on zpci_disable_device() also clearing the IRQs, but misses to reset the zdev->irqs_registered flag. However after a CLP disable/enable reset, the device's IRQ are unregistered, but the flag zdev->irq_registered does not get cleared. It creates an inconsistent state and so arch_restore_msi_irqs() doesn't correctly restore the device's IRQ. This becomes a problem when a PCI driver tries to restore the state of the device through pci_restore_state(). Restore IRQ unconditionally for the device and remove the irq_registered flag as its redundant. Fixes: c1e18c17bda6 ("s390/pci: add zpci_set_irq()/zpci_clear_irq()") Cc: stable(a)vger.kernnel.org Reviewed-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Reviewed-by: Matthew Rosato <mjrosato(a)linux.ibm.com> Signed-off-by: Farhan Ali <alifm(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/include/asm/pci.h b/arch/s390/include/asm/pci.h index 6890925d5587..a32f465ecf73 100644 --- a/arch/s390/include/asm/pci.h +++ b/arch/s390/include/asm/pci.h @@ -145,7 +145,6 @@ struct zpci_dev { u8 has_resources : 1; u8 is_physfn : 1; u8 util_str_avail : 1; - u8 irqs_registered : 1; u8 tid_avail : 1; u8 rtr_avail : 1; /* Relaxed translation allowed */ unsigned int devfn; /* DEVFN part of the RID*/ diff --git a/arch/s390/pci/pci_irq.c b/arch/s390/pci/pci_irq.c index 84482a921332..e73be96ce5fe 100644 --- a/arch/s390/pci/pci_irq.c +++ b/arch/s390/pci/pci_irq.c @@ -107,9 +107,6 @@ static int zpci_set_irq(struct zpci_dev *zdev) else rc = zpci_set_airq(zdev); - if (!rc) - zdev->irqs_registered = 1; - return rc; } @@ -123,9 +120,6 @@ static int zpci_clear_irq(struct zpci_dev *zdev) else rc = zpci_clear_airq(zdev); - if (!rc) - zdev->irqs_registered = 0; - return rc; } @@ -427,8 +421,7 @@ bool arch_restore_msi_irqs(struct pci_dev *pdev) { struct zpci_dev *zdev = to_zpci(pdev); - if (!zdev->irqs_registered) - zpci_set_irq(zdev); + zpci_set_irq(zdev); return true; }

2 weeks, 3 days

1
0
0 0

Linux 6.17.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.7 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/attack_vector_controls.rst | 1 Makefile | 2 arch/alpha/kernel/asm-offsets.c | 1 arch/arc/kernel/asm-offsets.c | 1 arch/arm/kernel/asm-offsets.c | 2 arch/arm64/kernel/asm-offsets.c | 1 arch/csky/kernel/asm-offsets.c | 1 arch/hexagon/kernel/asm-offsets.c | 1 arch/loongarch/kernel/asm-offsets.c | 2 arch/m68k/kernel/asm-offsets.c | 1 arch/microblaze/kernel/asm-offsets.c | 1 arch/mips/kernel/asm-offsets.c | 2 arch/nios2/kernel/asm-offsets.c | 1 arch/openrisc/kernel/asm-offsets.c | 1 arch/parisc/kernel/asm-offsets.c | 1 arch/powerpc/kernel/asm-offsets.c | 1 arch/riscv/kernel/asm-offsets.c | 1 arch/s390/kernel/asm-offsets.c | 1 arch/sh/kernel/asm-offsets.c | 1 arch/sparc/kernel/asm-offsets.c | 1 arch/um/kernel/asm-offsets.c | 2 arch/x86/events/intel/core.c | 10 arch/x86/include/asm/perf_event.h | 6 arch/x86/kernel/cpu/bugs.c | 27 arch/x86/kvm/pmu.h | 2 arch/xtensa/kernel/asm-offsets.c | 1 drivers/edac/edac_mc_sysfs.c | 24 drivers/edac/ie31200_edac.c | 4 fs/btrfs/disk-io.c | 2 fs/btrfs/extent-tree.c | 6 fs/btrfs/inode.c | 7 fs/btrfs/scrub.c | 3 fs/btrfs/transaction.c | 2 fs/btrfs/tree-checker.c | 37 fs/btrfs/tree-log.c | 64 fs/btrfs/zoned.c | 8 fs/btrfs/zoned.h | 9 include/linux/audit.h | 2 kernel/cgroup/cpuset.c | 6 kernel/events/callchain.c | 16 kernel/events/core.c | 7 kernel/irq/chip.c | 2 kernel/irq/manage.c | 4 kernel/sched/build_policy.c | 1 kernel/sched/ext.c | 1056 ---------- kernel/sched/ext.h | 23 kernel/sched/ext_internal.h | 1064 +++++++++++ kernel/seccomp.c | 32 kernel/time/timekeeping.c | 2 tools/sched_ext/scx_qmap.bpf.c | 18 50 files changed, 1325 insertions(+), 1146 deletions(-) Avadhut Naik (1): EDAC/mc_sysfs: Increase legacy channel support to 16 Charles Keepax (3): genirq/chip: Add buslock back in to irq_set_handler() genirq/manage: Add buslock back in to __disable_irq_nosync() genirq/manage: Add buslock back in to enable_irq() Chen Ridong (1): cpuset: Use new excpus for nocpu error check when enabling root partition Dan Carpenter (1): btrfs: tree-checker: fix bounds check in check_inode_extref() Dapeng Mi (1): perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK David Kaplan (4): x86/bugs: Report correct retbleed mitigation status x86/bugs: Qualify RETBLEED_INTEL_MSG x86/bugs: Add attack vector controls for VMSCAPE x86/bugs: Fix reporting of LFENCE retpoline Filipe Manana (6): btrfs: abort transaction on specific error places when walking log tree btrfs: abort transaction in the process_one_buffer() log tree walk callback btrfs: always drop log root tree reference in btrfs_replay_log() btrfs: use level argument in log tree walk callback replay_one_buffer() btrfs: abort transaction if we fail to update inode in log replay dir fixup btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Greg Kroah-Hartman (1): Linux 6.17.7 Haofeng Li (1): timekeeping: Fix aux clocks sysfs initialization loop bound Jiri Olsa (1): seccomp: passthrough uprobe systemcall without filtering Johannes Thumshirn (1): btrfs: zoned: return error from btrfs_zone_finish_endio() Josh Poimboeuf (2): perf: Have get_perf_callchain() return NULL if crosstask and user are set perf: Skip user unwind if the task is a kernel thread Kuan-Wei Chiu (1): EDAC: Fix wrong executable file modes for C source files Kyle Manna (1): EDAC/ie31200: Add two more Intel Alder Lake-S SoCs for EDAC support Menglong Dong (1): arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Naohiro Aota (1): btrfs: zoned: refine extent allocator hint selection Qu Wenruo (1): btrfs: tree-checker: add inode extref checks Richard Guy Briggs (1): audit: record fanotify event regardless of presence of rules Steven Rostedt (1): perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Tejun Heo (5): sched_ext: Move internal type and accessor definitions to ext_internal.h sched_ext: Put event_stats_cpu in struct scx_sched_pcpu sched_ext: Sync error_irq_work before freeing scx_sched sched_ext: Keep bypass on between enable failure and scx_disable_workfn() sched_ext: Make qmap dump operation non-destructive Thorsten Blum (1): btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io()

2 weeks, 3 days

1
1
0 0

Linux 6.12.57

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.57 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/sphinx/kernel_abi.py | 4 + Documentation/sphinx/kernel_feat.py | 4 + Documentation/sphinx/kernel_include.py | 6 +- Documentation/sphinx/maintainers_include.py | 4 + Makefile | 2 arch/alpha/kernel/asm-offsets.c | 1 arch/arc/kernel/asm-offsets.c | 1 arch/arm/kernel/asm-offsets.c | 2 arch/arm64/kernel/asm-offsets.c | 1 arch/csky/kernel/asm-offsets.c | 1 arch/hexagon/kernel/asm-offsets.c | 1 arch/loongarch/kernel/asm-offsets.c | 2 arch/m68k/kernel/asm-offsets.c | 1 arch/microblaze/kernel/asm-offsets.c | 1 arch/mips/kernel/asm-offsets.c | 2 arch/nios2/kernel/asm-offsets.c | 1 arch/openrisc/kernel/asm-offsets.c | 1 arch/parisc/kernel/asm-offsets.c | 1 arch/powerpc/kernel/asm-offsets.c | 1 arch/riscv/kernel/asm-offsets.c | 1 arch/s390/kernel/asm-offsets.c | 1 arch/sh/kernel/asm-offsets.c | 1 arch/sparc/kernel/asm-offsets.c | 1 arch/um/kernel/asm-offsets.c | 2 arch/x86/events/intel/core.c | 10 +-- arch/x86/include/asm/perf_event.h | 6 +- arch/x86/kernel/cpu/bugs.c | 9 +-- arch/x86/kvm/pmu.h | 2 arch/xtensa/kernel/asm-offsets.c | 1 drivers/dma-buf/udmabuf.c | 2 drivers/edac/edac_mc_sysfs.c | 24 +++++++++ drivers/gpio/gpio-idio-16.c | 5 + drivers/gpio/gpio-regmap.c | 53 ++++++++++++++++++- drivers/iommu/intel/iommu.c | 7 +- drivers/net/bonding/bond_main.c | 11 ++-- drivers/net/bonding/bond_options.c | 3 + drivers/net/ethernet/sfc/ef100_netdev.c | 6 +- drivers/net/ethernet/sfc/ef100_nic.c | 47 +++++++---------- drivers/net/wireless/ath/ath12k/mac.c | 6 +- fs/btrfs/disk-io.c | 2 fs/btrfs/extent-tree.c | 6 +- fs/btrfs/inode.c | 7 +- fs/btrfs/scrub.c | 3 - fs/btrfs/transaction.c | 2 fs/btrfs/tree-checker.c | 37 +++++++++++++ fs/btrfs/tree-log.c | 64 ++++++++++++++++++------ fs/btrfs/zoned.c | 8 +-- fs/btrfs/zoned.h | 9 ++- fs/f2fs/file.c | 8 +-- fs/f2fs/segment.c | 20 +++---- include/linux/audit.h | 2 include/linux/bitops.h | 1 include/linux/bits.h | 38 +++++++++++++- include/linux/gpio/regmap.h | 16 ++++++ include/net/bonding.h | 1 include/net/pkt_sched.h | 25 +++++++++ kernel/cgroup/cpuset.c | 6 -- kernel/events/callchain.c | 16 +++--- kernel/events/core.c | 7 +- kernel/seccomp.c | 32 +++++++++--- net/mptcp/pm_netlink.c | 6 ++ net/sched/sch_api.c | 10 --- net/sched/sch_hfsc.c | 16 ------ net/sched/sch_qfq.c | 2 net/wireless/reg.c | 4 + tools/sched_ext/scx_qmap.bpf.c | 18 ++++++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 3 - 67 files changed, 441 insertions(+), 163 deletions(-) Aditya Kumar Singh (1): wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() Alexander Wetzel (1): wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Avadhut Naik (1): EDAC/mc_sysfs: Increase legacy channel support to 16 Chao Yu (1): f2fs: fix to avoid panic once fallocation fails for pinfile Chen Ridong (1): cpuset: Use new excpus for nocpu error check when enabling root partition Dan Carpenter (1): btrfs: tree-checker: fix bounds check in check_inode_extref() Dapeng Mi (1): perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK David Kaplan (2): x86/bugs: Report correct retbleed mitigation status x86/bugs: Fix reporting of LFENCE retpoline Edward Cree (1): sfc: fix NULL dereferences in ef100_process_design_param() Filipe Manana (6): btrfs: abort transaction on specific error places when walking log tree btrfs: abort transaction in the process_one_buffer() log tree walk callback btrfs: always drop log root tree reference in btrfs_replay_log() btrfs: use level argument in log tree walk callback replay_one_buffer() btrfs: abort transaction if we fail to update inode in log replay dir fixup btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Geliang Tang (1): selftests: mptcp: disable add_addr retrans in endpoint_tests Greg Kroah-Hartman (1): Linux 6.12.57 Hangbin Liu (1): bonding: return detailed error when loading native XDP fails Ioana Ciornei (1): gpio: regmap: add the .fixed_direction_output configuration parameter Jiri Olsa (1): seccomp: passthrough uprobe systemcall without filtering Johannes Thumshirn (1): btrfs: zoned: return error from btrfs_zone_finish_endio() Jonathan Corbet (1): docs: kdoc: handle the obsolescensce of docutils.ErrorString() Josh Poimboeuf (2): perf: Have get_perf_callchain() return NULL if crosstask and user are set perf: Skip user unwind if the task is a kernel thread Kees Bakker (1): iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE Mathieu Dubois-Briand (1): gpio: regmap: Allow to allocate regmap-irq device Matthieu Baerts (NGI0) (2): selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Menglong Dong (1): arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Naohiro Aota (1): btrfs: zoned: refine extent allocator hint selection Qu Wenruo (1): btrfs: tree-checker: add inode extref checks Richard Guy Briggs (1): audit: record fanotify event regardless of presence of rules Steven Rostedt (1): perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Tejun Heo (1): sched_ext: Make qmap dump operation non-destructive Thorsten Blum (1): btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Vincent Mailhol (2): bits: add comments and newlines to #if, #else and #endif directives bits: introduce fixed-type GENMASK_U*() Wang Liang (1): bonding: check xdp prog when set bond mode William Breathitt Gray (1): gpio: idio-16: Define fixed direction of the GPIO lines Xiang Mei (1): net/sched: sch_qfq: Fix null-deref in agg_dequeue Xiaogang Chen (1): udmabuf: fix a buf size overflow issue during udmabuf creation

2 weeks, 3 days

1
1
0 0

Linux 6.6.116

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.116 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 10 Makefile | 2 arch/alpha/kernel/asm-offsets.c | 1 arch/arc/kernel/asm-offsets.c | 1 arch/arm/kernel/asm-offsets.c | 2 arch/arm64/kernel/asm-offsets.c | 1 arch/csky/kernel/asm-offsets.c | 1 arch/hexagon/kernel/asm-offsets.c | 1 arch/loongarch/kernel/asm-offsets.c | 2 arch/m68k/kernel/asm-offsets.c | 1 arch/microblaze/kernel/asm-offsets.c | 1 arch/mips/kernel/asm-offsets.c | 2 arch/nios2/kernel/asm-offsets.c | 1 arch/openrisc/kernel/asm-offsets.c | 1 arch/parisc/kernel/asm-offsets.c | 1 arch/powerpc/kernel/asm-offsets.c | 1 arch/riscv/kernel/asm-offsets.c | 1 arch/s390/kernel/asm-offsets.c | 1 arch/sh/kernel/asm-offsets.c | 1 arch/sparc/kernel/asm-offsets.c | 1 arch/um/kernel/asm-offsets.c | 2 arch/x86/kernel/cpu/bugs.c | 9 arch/xtensa/kernel/asm-offsets.c | 1 drivers/edac/edac_mc_sysfs.c | 24 + drivers/gpio/gpio-idio-16.c | 5 drivers/gpio/gpio-regmap.c | 53 ++++ drivers/tty/serial/sc16is7xx.c | 185 +++++++-------- drivers/usb/host/xhci-dbgcap.c | 70 +++++ drivers/usb/host/xhci-dbgcap.h | 7 fs/btrfs/disk-io.c | 2 fs/btrfs/extent-tree.c | 6 fs/btrfs/inode.c | 7 fs/btrfs/scrub.c | 3 fs/btrfs/transaction.c | 2 fs/btrfs/tree-log.c | 9 fs/btrfs/zoned.c | 8 fs/btrfs/zoned.h | 9 include/linux/audit.h | 2 include/linux/bitops.h | 1 include/linux/bits.h | 38 ++- include/linux/gpio/regmap.h | 16 + include/net/pkt_sched.h | 25 +- kernel/events/callchain.c | 16 - kernel/events/core.c | 7 net/mptcp/pm_netlink.c | 6 net/sched/sch_api.c | 10 net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 3 49 files changed, 404 insertions(+), 173 deletions(-) Avadhut Naik (1): EDAC/mc_sysfs: Increase legacy channel support to 16 David Kaplan (2): x86/bugs: Report correct retbleed mitigation status x86/bugs: Fix reporting of LFENCE retpoline Filipe Manana (3): btrfs: always drop log root tree reference in btrfs_replay_log() btrfs: use level argument in log tree walk callback replay_one_buffer() btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Geliang Tang (1): selftests: mptcp: disable add_addr retrans in endpoint_tests Greg Kroah-Hartman (1): Linux 6.6.116 Hugo Villeneuve (4): serial: sc16is7xx: remove unused to_sc16is7xx_port macro serial: sc16is7xx: reorder code to remove prototype declarations serial: sc16is7xx: refactor EFR lock serial: sc16is7xx: remove useless enable of enhanced features Ioana Ciornei (1): gpio: regmap: add the .fixed_direction_output configuration parameter Johannes Thumshirn (1): btrfs: zoned: return error from btrfs_zone_finish_endio() Josh Poimboeuf (2): perf: Have get_perf_callchain() return NULL if crosstask and user are set perf: Skip user unwind if the task is a kernel thread Mathias Nyman (4): xhci: dbc: poll at different rate depending on data transfer activity xhci: dbc: Improve performance by removing delay in transfer event polling. xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathieu Dubois-Briand (1): gpio: regmap: Allow to allocate regmap-irq device Matthieu Baerts (NGI0) (2): mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Menglong Dong (1): arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Naohiro Aota (1): btrfs: zoned: refine extent allocator hint selection Richard Guy Briggs (1): audit: record fanotify event regardless of presence of rules Steven Rostedt (1): perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Thorsten Blum (1): btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Uday M Bhat (1): xhci: dbc: Allow users to modify DbC poll interval via sysfs Vincent Mailhol (2): bits: add comments and newlines to #if, #else and #endif directives bits: introduce fixed-type GENMASK_U*() William Breathitt Gray (1): gpio: idio-16: Define fixed direction of the GPIO lines Xiang Mei (1): net/sched: sch_qfq: Fix null-deref in agg_dequeue

2 weeks, 3 days

1
1
0 0

FAILED: patch "[PATCH] mptcp: fix MSG_PEEK stream corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8e04ce45a8db7a080220e86e249198fa676b83dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025110210-importer-prevail-d508@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e04ce45a8db7a080220e86e249198fa676b83dc Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 28 Oct 2025 09:16:53 +0100 Subject: [PATCH] mptcp: fix MSG_PEEK stream corruption If a MSG_PEEK | MSG_WAITALL read operation consumes all the bytes in the receive queue and recvmsg() need to waits for more data - i.e. it's a blocking one - upon arrival of the next packet the MPTCP protocol will start again copying the oldest data present in the receive queue, corrupting the data stream. Address the issue explicitly tracking the peeked sequence number, restarting from the last peeked byte. Fixes: ca4fb892579f ("mptcp: add MSG_PEEK support") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Geliang Tang <geliang(a)kernel.org> Tested-by: Geliang Tang <geliang(a)kernel.org> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20251028-net-mptcp-send-timeout-v1-2-38ffff5a9ec8@… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 655a2a45224f..2535788569ab 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1945,22 +1945,36 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied); -static int __mptcp_recvmsg_mskq(struct sock *sk, - struct msghdr *msg, - size_t len, int flags, +static int __mptcp_recvmsg_mskq(struct sock *sk, struct msghdr *msg, + size_t len, int flags, int copied_total, struct scm_timestamping_internal *tss, int *cmsg_flags) { struct mptcp_sock *msk = mptcp_sk(sk); struct sk_buff *skb, *tmp; + int total_data_len = 0; int copied = 0; skb_queue_walk_safe(&sk->sk_receive_queue, skb, tmp) { - u32 offset = MPTCP_SKB_CB(skb)->offset; + u32 delta, offset = MPTCP_SKB_CB(skb)->offset; u32 data_len = skb->len - offset; - u32 count = min_t(size_t, len - copied, data_len); + u32 count; int err; + if (flags & MSG_PEEK) { + /* skip already peeked skbs */ + if (total_data_len + data_len <= copied_total) { + total_data_len += data_len; + continue; + } + + /* skip the already peeked data in the current skb */ + delta = copied_total - total_data_len; + offset += delta; + data_len -= delta; + } + + count = min_t(size_t, len - copied, data_len); if (!(flags & MSG_TRUNC)) { err = skb_copy_datagram_msg(skb, offset, msg, count); if (unlikely(err < 0)) { @@ -1977,16 +1991,14 @@ static int __mptcp_recvmsg_mskq(struct sock *sk, copied += count; - if (count < data_len) { - if (!(flags & MSG_PEEK)) { + if (!(flags & MSG_PEEK)) { + msk->bytes_consumed += count; + if (count < data_len) { MPTCP_SKB_CB(skb)->offset += count; MPTCP_SKB_CB(skb)->map_seq += count; - msk->bytes_consumed += count; + break; } - break; - } - if (!(flags & MSG_PEEK)) { /* avoid the indirect call, we know the destructor is sock_rfree */ skb->destructor = NULL; skb->sk = NULL; @@ -1994,7 +2006,6 @@ static int __mptcp_recvmsg_mskq(struct sock *sk, sk_mem_uncharge(sk, skb->truesize); __skb_unlink(skb, &sk->sk_receive_queue); skb_attempt_defer_free(skb); - msk->bytes_consumed += count; } if (copied >= len) @@ -2191,7 +2202,8 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, while (copied < len) { int err, bytes_read; - bytes_read = __mptcp_recvmsg_mskq(sk, msg, len - copied, flags, &tss, &cmsg_flags); + bytes_read = __mptcp_recvmsg_mskq(sk, msg, len - copied, flags, + copied, &tss, &cmsg_flags); if (unlikely(bytes_read < 0)) { if (!copied) copied = bytes_read;

2 weeks, 3 days

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror