Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

66 participants
123762 discussions

[PATCHSET v2 sched_ext/for-6.19-fixes] sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq()

by Tejun Heo

Hello, move_local_task_to_local_dsq() was missing post-enqueue handling which matters now that scx_bpf_dsq_move() can be called while the CPU is busy. v2: Updated commit messages and added Cc stable. v1: http://lkml.kernel.org/r/20251211224809.3383633-1-tj@kernel.org 0001-sched_ext-Factor-out-local_dsq_post_enq-from-dispatc.patch 0002-sched_ext-Fix-missing-post-enqueue-handling-in-move_.patch Based on sched_ext/for-6.19-fixes (9f769637a93f). diffstat: kernel/sched/ext.c | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) -- tejun

3 weeks

Follow-Up: LDI 2025 Attendee List + 20% Discount

by Juanita Garcia

Hi, Just checking in to see if you had a moment to review my earlier message. As you have been an exhibitor at Live Design International 2025 We have the final updated attendee list of verified contacts 16,537 of people including last-minute registers and walk-ins to the show, and all are confirmed Opt-in and Verified contacts Special :20% reduction on our compliant contact data. If you’d like more details, just let me know or reply “Send me pricing.” Best regards, Juanita Garcia Sr. Marketing Manager If you prefer not to receive updates, reply “Not Interested.”

3 weeks, 1 day

[PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock()

by Jinhui Guo

Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in pci_slot_trylock(), but it forgets to remove the corresponding pci_dev_unlock() when pci_bus_trylock() fails. Before the commit, the code did: if (!pci_dev_trylock(dev)) /* <- lock bridge device */ goto unlock; if (dev->subordinate) { if (!pci_bus_trylock(dev->subordinate)) { pci_dev_unlock(dev); /* <- unlock bridge device */ goto unlock; } } After the commit the bridge-device lock is no longer taken, but the pci_dev_unlock(dev) on the failure path was left in place, leading to the bug. This yields one of two errors: 1. A warning that the lock is being unlocked when no one holds it. 2. An incorrect unlock of a lock that belongs to another thread. Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure path. Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") Cc: stable(a)vger.kernel.org Signed-off-by: Jinhui Guo <guojinhui.liam(a)bytedance.com> Acked-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- Hi, all v1: https://lore.kernel.org/all/20251211123635.2215-1-guojinhui.liam@bytedance.… Changelog in v1 -> v2 - The v1 commit message was too brief, so I’ve sent v2 with more detail. - Remove the braces from the if (!pci_bus_trylock(dev->subordinate)) statement. Sorry for the noise. Best Regards, Jinhui drivers/pci/pci.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 13dbb405dc31..59319e08fca6 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5346,10 +5346,8 @@ static int pci_slot_trylock(struct pci_slot *slot) if (!dev->slot || dev->slot != slot) continue; if (dev->subordinate) { - if (!pci_bus_trylock(dev->subordinate)) { - pci_dev_unlock(dev); + if (!pci_bus_trylock(dev->subordinate)) goto unlock; - } } else if (!pci_dev_trylock(dev)) goto unlock; } -- 2.20.1

3 weeks, 1 day

[PATCH] PCI: Remove redundant pci_dev_unlock() in pci_slot_trylock()

by Jinhui Guo

Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in pci_slot_trylock(), but it leaves a redundant pci_dev_unlock() when pci_bus_trylock() fails. Remove the redundant bridge-device pci_dev_unlock() in pci_slot_trylock(), since that lock is no longer taken there. Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") Cc: stable(a)vger.kernel.org Signed-off-by: Jinhui Guo <guojinhui.liam(a)bytedance.com> --- drivers/pci/pci.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 13dbb405dc31..75a98819db6f 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5347,7 +5347,6 @@ static int pci_slot_trylock(struct pci_slot *slot) continue; if (dev->subordinate) { if (!pci_bus_trylock(dev->subordinate)) { - pci_dev_unlock(dev); goto unlock; } } else if (!pci_dev_trylock(dev)) -- 2.20.1

3 weeks, 1 day

[PATCH v3] drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE

by Karol Wachowski

Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers. Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Cc: <stable(a)vger.kernel.org> # v6.18+ Signed-off-by: Karol Wachowski <karol.wachowski(a)linux.intel.com> --- Changes between v3 and v2: - correctly add CC: tag this time Changes between v1 and v2: - move setting ret value under if branch as suggested in review - add Cc: stable 6.18+ --- drivers/gpu/drm/drm_gem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..bcc08a6aebf8 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1010,8 +1010,10 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, if (!obj) return -ENOENT; - if (args->handle == args->new_handle) - return 0; + if (args->handle == args->new_handle) { + ret = 0; + goto out; + } mutex_lock(&file_priv->prime.lock); @@ -1043,6 +1045,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, out_unlock: mutex_unlock(&file_priv->prime.lock); +out: + drm_gem_object_put(obj); return ret; } -- 2.43.0

3 weeks, 1 day

[PATCH v2] drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE

by Karol Wachowski

Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers. Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Signed-off-by: Karol Wachowski <karol.wachowski(a)linux.intel.com> --- Changes between v1 and v2: - move setting ret value under if branch as suggested in review - add Cc: stable 6.18+ --- drivers/gpu/drm/drm_gem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..bcc08a6aebf8 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1010,8 +1010,10 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, if (!obj) return -ENOENT; - if (args->handle == args->new_handle) - return 0; + if (args->handle == args->new_handle) { + ret = 0; + goto out; + } mutex_lock(&file_priv->prime.lock); @@ -1043,6 +1045,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, out_unlock: mutex_unlock(&file_priv->prime.lock); +out: + drm_gem_object_put(obj); return ret; } -- 2.43.0

3 weeks, 1 day

[PATCH] drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE

by Karol Wachowski

Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers. Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Signed-off-by: Karol Wachowski <karol.wachowski(a)linux.intel.com> --- drivers/gpu/drm/drm_gem.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..e150bc1ce65a 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1001,7 +1001,7 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, { struct drm_gem_change_handle *args = data; struct drm_gem_object *obj; - int ret; + int ret = 0; if (!drm_core_check_feature(dev, DRIVER_GEM)) return -EOPNOTSUPP; @@ -1011,7 +1011,7 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, return -ENOENT; if (args->handle == args->new_handle) - return 0; + goto out; mutex_lock(&file_priv->prime.lock); @@ -1043,6 +1043,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, out_unlock: mutex_unlock(&file_priv->prime.lock); +out: + drm_gem_object_put(obj); return ret; } -- 2.43.0

3 weeks, 1 day

[PATCH net 0/2] mptcp: fix warn on bad status

by Matthieu Baerts (NGI0)

Two somewhat related fixes addressing different issues found by syzkaller, and producing the exact same splat: a WARNING in subflow_data_ready(). - Patch 1: fallback earlier on simultaneous connections to avoid a warning. A fix for v5.19. - Patch 2: ensure context reset on disconnect, also to avoid a similar warning. A fix for v6.2. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Paolo Abeni (2): mptcp: fallback earlier on simult connection mptcp: ensure context reset on disconnect() net/mptcp/options.c | 10 ++++++++++ net/mptcp/protocol.c | 8 +++++--- net/mptcp/protocol.h | 9 ++++----- net/mptcp/subflow.c | 6 ------ 4 files changed, 19 insertions(+), 14 deletions(-) --- base-commit: 885bebac9909994050bbbeed0829c727e42bd1b7 change-id: 20251212-net-mptcp-subflow_data_ready-warn-fd8126208c90 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

3 weeks, 1 day

[PATCH v4 02/22] drm/pagemap, drm/xe: Ensure that the devmem allocation is idle before use

by Thomas Hellström

In situations where no system memory is migrated to devmem, and in upcoming patches where another GPU is performing the migration to the newly allocated devmem buffer, there is nothing to ensure any ongoing clear to the devmem allocation or async eviction from the devmem allocation is complete. Address that by passing a struct dma_fence down to the copy functions, and ensure it is waited for before migration is marked complete. v3: - New patch. v4: - Update the logic used for determining when to wait for the pre_migrate_fence. - Update the logic used for determining when to warn for the pre_migrate_fence since the scheduler fences apparently can signal out-of-order. Fixes: c5b3eb5a906c ("drm/xe: Add GPUSVM device memory copy vfunc functions") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/drm_pagemap.c | 13 ++++--- drivers/gpu/drm/xe/xe_svm.c | 67 ++++++++++++++++++++++++++++++----- include/drm/drm_pagemap.h | 17 +++++++-- 3 files changed, 81 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/drm_pagemap.c b/drivers/gpu/drm/drm_pagemap.c index 22c44807e3fe..864a73d019ed 100644 --- a/drivers/gpu/drm/drm_pagemap.c +++ b/drivers/gpu/drm/drm_pagemap.c @@ -408,7 +408,8 @@ int drm_pagemap_migrate_to_devmem(struct drm_pagemap_devmem *devmem_allocation, drm_pagemap_get_devmem_page(page, zdd); } - err = ops->copy_to_devmem(pages, pagemap_addr, npages); + err = ops->copy_to_devmem(pages, pagemap_addr, npages, + devmem_allocation->pre_migrate_fence); if (err) goto err_finalize; @@ -596,7 +597,7 @@ int drm_pagemap_evict_to_ram(struct drm_pagemap_devmem *devmem_allocation) for (i = 0; i < npages; ++i) pages[i] = migrate_pfn_to_page(src[i]); - err = ops->copy_to_ram(pages, pagemap_addr, npages); + err = ops->copy_to_ram(pages, pagemap_addr, npages, NULL); if (err) goto err_finalize; @@ -732,7 +733,7 @@ static int __drm_pagemap_migrate_to_ram(struct vm_area_struct *vas, for (i = 0; i < npages; ++i) pages[i] = migrate_pfn_to_page(migrate.src[i]); - err = ops->copy_to_ram(pages, pagemap_addr, npages); + err = ops->copy_to_ram(pages, pagemap_addr, npages, NULL); if (err) goto err_finalize; @@ -813,11 +814,14 @@ EXPORT_SYMBOL_GPL(drm_pagemap_pagemap_ops_get); * @ops: Pointer to the operations structure for GPU SVM device memory * @dpagemap: The struct drm_pagemap we're allocating from. * @size: Size of device memory allocation + * @pre_migrate_fence: Fence to wait for or pipeline behind before migration starts. + * (May be NULL). */ void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, struct device *dev, struct mm_struct *mm, const struct drm_pagemap_devmem_ops *ops, - struct drm_pagemap *dpagemap, size_t size) + struct drm_pagemap *dpagemap, size_t size, + struct dma_fence *pre_migrate_fence) { init_completion(&devmem_allocation->detached); devmem_allocation->dev = dev; @@ -825,6 +829,7 @@ void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, devmem_allocation->ops = ops; devmem_allocation->dpagemap = dpagemap; devmem_allocation->size = size; + devmem_allocation->pre_migrate_fence = pre_migrate_fence; } EXPORT_SYMBOL_GPL(drm_pagemap_devmem_init); diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index 36634c84d148..2152d20049e4 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -483,11 +483,12 @@ static void xe_svm_copy_us_stats_incr(struct xe_gt *gt, static int xe_svm_copy(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages, const enum xe_svm_copy_dir dir) + unsigned long npages, const enum xe_svm_copy_dir dir, + struct dma_fence *pre_migrate_fence) { struct xe_vram_region *vr = NULL; struct xe_gt *gt = NULL; - struct xe_device *xe; + struct xe_device *xe = NULL; struct dma_fence *fence = NULL; unsigned long i; #define XE_VRAM_ADDR_INVALID ~0x0ull @@ -496,6 +497,18 @@ static int xe_svm_copy(struct page **pages, bool sram = dir == XE_SVM_COPY_TO_SRAM; ktime_t start = xe_svm_stats_ktime_get(); + if (pre_migrate_fence && (sram || dma_fence_is_container(pre_migrate_fence))) { + /* + * This would typically be a p2p migration from source, or + * a composite fence operation on the destination memory. + * Ensure that any other GPU operation on the destination + * is complete. + */ + err = dma_fence_wait(pre_migrate_fence, true); + if (err) + return err; + } + /* * This flow is complex: it locates physically contiguous device pages, * derives the starting physical address, and performs a single GPU copy @@ -632,10 +645,28 @@ static int xe_svm_copy(struct page **pages, err_out: /* Wait for all copies to complete */ - if (fence) { + if (fence) dma_fence_wait(fence, false); - dma_fence_put(fence); + + /* + * If migrating to devmem, we should have pipelined the migration behind + * the pre_migrate_fence. Verify that this is indeed likely. If we + * didn't perform any copying, just wait for the pre_migrate_fence. + */ + if (!sram && pre_migrate_fence && !dma_fence_is_signaled(pre_migrate_fence)) { + if (xe && fence && + (pre_migrate_fence->context != fence->context || + dma_fence_is_later(pre_migrate_fence, fence))) { + drm_WARN(&xe->drm, true, "Unsignaled pre-migrate fence"); + drm_warn(&xe->drm, "fence contexts: %llu %llu. container %d\n", + (unsigned long long)fence->context, + (unsigned long long)pre_migrate_fence->context, + dma_fence_is_container(pre_migrate_fence)); + } + + dma_fence_wait(pre_migrate_fence, false); } + dma_fence_put(fence); /* * XXX: We can't derive the GT here (or anywhere in this functions, but @@ -652,16 +683,20 @@ static int xe_svm_copy(struct page **pages, static int xe_svm_copy_to_devmem(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages) + unsigned long npages, + struct dma_fence *pre_migrate_fence) { - return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_VRAM); + return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_VRAM, + pre_migrate_fence); } static int xe_svm_copy_to_ram(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages) + unsigned long npages, + struct dma_fence *pre_migrate_fence) { - return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_SRAM); + return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_SRAM, + pre_migrate_fence); } static struct xe_bo *to_xe_bo(struct drm_pagemap_devmem *devmem_allocation) @@ -676,6 +711,7 @@ static void xe_svm_devmem_release(struct drm_pagemap_devmem *devmem_allocation) xe_bo_put_async(bo); xe_pm_runtime_put(xe); + dma_fence_put(devmem_allocation->pre_migrate_fence); } static u64 block_offset_to_pfn(struct xe_vram_region *vr, u64 offset) @@ -868,6 +904,7 @@ static int xe_drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, unsigned long timeslice_ms) { struct xe_vram_region *vr = container_of(dpagemap, typeof(*vr), dpagemap); + struct dma_fence *pre_migrate_fence = NULL; struct xe_device *xe = vr->xe; struct device *dev = xe->drm.dev; struct drm_buddy_block *block; @@ -894,8 +931,20 @@ static int xe_drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, break; } + /* Ensure that any clearing or async eviction will complete before migration. */ + if (!dma_resv_test_signaled(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL)) { + err = dma_resv_get_singleton(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL, + &pre_migrate_fence); + if (err) + dma_resv_wait_timeout(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL, + false, MAX_SCHEDULE_TIMEOUT); + else if (pre_migrate_fence) + dma_fence_enable_sw_signaling(pre_migrate_fence); + } + drm_pagemap_devmem_init(&bo->devmem_allocation, dev, mm, - &dpagemap_devmem_ops, dpagemap, end - start); + &dpagemap_devmem_ops, dpagemap, end - start, + pre_migrate_fence); blocks = &to_xe_ttm_vram_mgr_resource(bo->ttm.resource)->blocks; list_for_each_entry(block, blocks, link) diff --git a/include/drm/drm_pagemap.h b/include/drm/drm_pagemap.h index f6e7e234c089..70a7991f784f 100644 --- a/include/drm/drm_pagemap.h +++ b/include/drm/drm_pagemap.h @@ -8,6 +8,7 @@ #define NR_PAGES(order) (1U << (order)) +struct dma_fence; struct drm_pagemap; struct drm_pagemap_zdd; struct device; @@ -174,6 +175,8 @@ struct drm_pagemap_devmem_ops { * @pages: Pointer to array of device memory pages (destination) * @pagemap_addr: Pointer to array of DMA information (source) * @npages: Number of pages to copy + * @pre_migrate_fence: dma-fence to wait for before migration start. + * May be NULL. * * Copy pages to device memory. If the order of a @pagemap_addr entry * is greater than 0, the entry is populated but subsequent entries @@ -183,13 +186,16 @@ struct drm_pagemap_devmem_ops { */ int (*copy_to_devmem)(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages); + unsigned long npages, + struct dma_fence *pre_migrate_fence); /** * @copy_to_ram: Copy to system RAM (required for migration) * @pages: Pointer to array of device memory pages (source) * @pagemap_addr: Pointer to array of DMA information (destination) * @npages: Number of pages to copy + * @pre_migrate_fence: dma-fence to wait for before migration start. + * May be NULL. * * Copy pages to system RAM. If the order of a @pagemap_addr entry * is greater than 0, the entry is populated but subsequent entries @@ -199,7 +205,8 @@ struct drm_pagemap_devmem_ops { */ int (*copy_to_ram)(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages); + unsigned long npages, + struct dma_fence *pre_migrate_fence); }; /** @@ -212,6 +219,8 @@ struct drm_pagemap_devmem_ops { * @dpagemap: The struct drm_pagemap of the pages this allocation belongs to. * @size: Size of device memory allocation * @timeslice_expiration: Timeslice expiration in jiffies + * @pre_migrate_fence: Fence to wait for or pipeline behind before migration starts. + * (May be NULL). */ struct drm_pagemap_devmem { struct device *dev; @@ -221,6 +230,7 @@ struct drm_pagemap_devmem { struct drm_pagemap *dpagemap; size_t size; u64 timeslice_expiration; + struct dma_fence *pre_migrate_fence; }; int drm_pagemap_migrate_to_devmem(struct drm_pagemap_devmem *devmem_allocation, @@ -238,7 +248,8 @@ struct drm_pagemap *drm_pagemap_page_to_dpagemap(struct page *page); void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, struct device *dev, struct mm_struct *mm, const struct drm_pagemap_devmem_ops *ops, - struct drm_pagemap *dpagemap, size_t size); + struct drm_pagemap *dpagemap, size_t size, + struct dma_fence *pre_migrate_fence); int drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, unsigned long start, unsigned long end, -- 2.51.1

3 weeks, 1 day

[PATCH 6.18 00/29] 6.18.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.1 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Dec 2025 07:29:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.1-rc1 Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: adc: ad4080: fix chip identification Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 Gopi Krishna Menon <krishnagopi487(a)gmail.com> Documentation/rtla: rename common_xxx.rst files to common_xxx.txt Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Biju Das <biju.das.jz(a)bp.renesas.com> serial: sh-sci: Fix deadlock during RSCI FIFO overrun error Biju Das <biju.das.jz(a)bp.renesas.com> dt-bindings: serial: rsci: Drop "uart-has-rtscts: false" Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alice Ryhl <aliceryhl(a)google.com> rust_binder: fix race condition on death_list Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: zstd - fix double-free in per-CPU stream cleanup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer ------------- Diffstat: .../devicetree/bindings/serial/renesas,rsci.yaml | 2 - Documentation/process/2.Process.rst | 6 +- .../{common_appendix.rst => common_appendix.txt} | 0 ...on_hist_options.rst => common_hist_options.txt} | 0 .../{common_options.rst => common_options.txt} | 0 ...cription.rst => common_osnoise_description.txt} | 0 ...oise_options.rst => common_osnoise_options.txt} | 0 ...mmon_timerlat_aa.rst => common_timerlat_aa.txt} | 0 ...ription.rst => common_timerlat_description.txt} | 0 ...lat_options.rst => common_timerlat_options.txt} | 0 ...mmon_top_options.rst => common_top_options.txt} | 0 Documentation/tools/rtla/rtla-hwnoise.rst | 8 +-- Documentation/tools/rtla/rtla-osnoise-hist.rst | 10 +-- Documentation/tools/rtla/rtla-osnoise-top.rst | 10 +-- Documentation/tools/rtla/rtla-osnoise.rst | 4 +- Documentation/tools/rtla/rtla-timerlat-hist.rst | 12 ++-- Documentation/tools/rtla/rtla-timerlat-top.rst | 12 ++-- Documentation/tools/rtla/rtla-timerlat.rst | 4 +- Documentation/tools/rtla/rtla.rst | 2 +- Makefile | 4 +- arch/x86/include/asm/kvm_host.h | 9 +++ arch/x86/kvm/svm/svm.c | 24 ++++---- arch/x86/kvm/x86.c | 21 +++++++ crypto/zstd.c | 7 +-- drivers/android/binder/node.rs | 6 +- drivers/comedi/comedi_fops.c | 42 +++++++++++-- drivers/comedi/drivers/c6xdigio.c | 46 ++++++++++---- drivers/comedi/drivers/multiq3.c | 9 +++ drivers/comedi/drivers/pcl818.c | 5 +- drivers/iio/adc/ad4080.c | 9 ++- drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 + drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +++-- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 ++-- drivers/tty/serial/8250/8250_pci.c | 37 +++++++++++ drivers/tty/serial/sh-sci.c | 12 +++- drivers/usb/serial/belkin_sa.c | 28 +++++---- drivers/usb/serial/ftdi_sio.c | 72 ++++++++-------------- drivers/usb/serial/kobil_sct.c | 18 +++--- drivers/usb/serial/option.c | 22 ++++++- fs/ext4/inline.c | 14 ++++- fs/jbd2/transaction.c | 19 ++++-- fs/smb/server/transport_ipc.c | 7 ++- kernel/locking/spinlock_debug.c | 4 +- 44 files changed, 343 insertions(+), 174 deletions(-)

3 weeks, 1 day

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror