October 2023 - Linux-stable-mirror

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.59 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/interrupt-controller/renesas,rzg2l-irqc.yaml | 5 Documentation/networking/ip-sysctl.rst | 15 + Makefile | 2 arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 39 +++- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 1 arch/arm64/boot/dts/qcom/sm8150.dtsi | 2 arch/powerpc/include/asm/nohash/32/pte-8xx.h | 7 arch/powerpc/include/asm/nohash/64/pgtable.h | 2 arch/powerpc/include/asm/nohash/pgtable.h | 2 arch/powerpc/kernel/entry_32.S | 8 arch/riscv/net/bpf_jit_comp64.c | 33 +-- arch/x86/events/utils.c | 5 arch/x86/include/asm/msr-index.h | 9 - arch/x86/kernel/alternative.c | 13 + arch/x86/kernel/cpu/amd.c | 8 drivers/acpi/ec.c | 11 + drivers/acpi/resource.c | 7 drivers/ata/libata-core.c | 90 ++++++++++ drivers/ata/libata-eh.c | 54 +++++- drivers/ata/libata-scsi.c | 16 - drivers/ata/libata.h | 2 drivers/counter/counter-chrdev.c | 4 drivers/counter/microchip-tcb-capture.c | 2 drivers/dma-buf/dma-fence-unwrap.c | 13 - drivers/dma-buf/sync_file.c | 9 - drivers/dma/idxd/device.c | 5 drivers/dma/mediatek/mtk-uart-apdma.c | 3 drivers/dma/stm32-dma.c | 11 - drivers/dma/stm32-mdma.c | 33 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 2 drivers/gpu/drm/amd/display/dc/core/dc.c | 3 drivers/gpu/drm/drm_atomic_helper.c | 17 + drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 11 + drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 12 - drivers/gpu/drm/msm/dp/dp_ctrl.c | 13 - drivers/gpu/drm/msm/dp/dp_link.c | 2 drivers/gpu/drm/msm/dsi/dsi_host.c | 19 +- drivers/gpu/drm/scheduler/sched_main.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 drivers/hid/hid-logitech-hidpp.c | 3 drivers/iio/adc/imx8qxp-adc.c | 4 drivers/iio/addac/Kconfig | 2 drivers/iio/dac/ad3552r.c | 4 drivers/iio/frequency/admv1013.c | 4 drivers/iio/imu/bno055/Kconfig | 2 drivers/iio/pressure/bmp280-core.c | 2 drivers/iio/pressure/dps310.c | 8 drivers/iio/pressure/ms5611_core.c | 2 drivers/infiniband/hw/cxgb4/cm.c | 3 drivers/input/joystick/xpad.c | 2 drivers/input/misc/powermate.c | 1 drivers/input/mouse/elantech.c | 1 drivers/input/mouse/synaptics.c | 1 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 19 ++ drivers/irqchip/irq-renesas-rzg2l.c | 2 drivers/mcb/mcb-core.c | 10 - drivers/mcb/mcb-parse.c | 2 drivers/net/can/Kconfig | 2 drivers/net/dsa/qca/qca8k-8xxx.c | 11 + drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c | 4 drivers/net/ethernet/microsoft/mana/mana_en.c | 18 +- drivers/net/ethernet/netronome/nfp/flower/cmsg.c | 10 - drivers/net/ethernet/netronome/nfp/flower/conntrack.c | 19 +- drivers/net/ethernet/netronome/nfp/flower/main.h | 2 drivers/net/ethernet/netronome/nfp/flower/metadata.c | 2 drivers/net/ethernet/netronome/nfp/flower/offload.c | 24 ++ drivers/net/ethernet/netronome/nfp/flower/qos_conf.c | 20 +- drivers/net/ethernet/renesas/ravb_main.c | 6 drivers/net/ieee802154/ca8210.c | 17 - drivers/net/macsec.c | 2 drivers/net/phy/mscc/mscc_macsec.c | 6 drivers/net/usb/dm9601.c | 7 drivers/net/xen-netback/interface.c | 4 drivers/perf/arm-cmn.c | 2 drivers/phy/freescale/phy-fsl-lynx-28g.c | 27 ++- drivers/pinctrl/core.c | 16 + drivers/pinctrl/nuvoton/pinctrl-wpcm450.c | 6 drivers/pinctrl/renesas/Kconfig | 1 drivers/platform/x86/hp/hp-wmi.c | 8 drivers/platform/x86/think-lmi.c | 24 ++ drivers/scsi/scsi_scan.c | 11 - drivers/tee/amdtee/core.c | 10 - drivers/thunderbolt/icm.c | 40 ++-- drivers/thunderbolt/switch.c | 7 drivers/thunderbolt/xdomain.c | 58 ++++-- drivers/ufs/core/ufshcd.c | 2 drivers/usb/cdns3/cdnsp-gadget.c | 3 drivers/usb/cdns3/core.h | 3 drivers/usb/core/hub.c | 25 ++ drivers/usb/core/hub.h | 2 drivers/usb/dwc3/core.c | 39 ++++ drivers/usb/gadget/function/f_ncm.c | 26 ++ drivers/usb/gadget/udc/udc-xilinx.c | 20 +- drivers/usb/host/xhci-ring.c | 4 drivers/usb/musb/musb_debugfs.c | 2 drivers/usb/musb/musb_host.c | 9 - drivers/usb/typec/altmodes/displayport.c | 5 drivers/usb/typec/ucsi/psy.c | 9 + drivers/usb/typec/ucsi/ucsi.c | 1 fs/ceph/file.c | 2 fs/ceph/inode.c | 4 fs/quota/dquot.c | 66 ++++--- fs/smb/server/vfs_cache.c | 4 include/linux/dma-fence.h | 19 ++ include/linux/libata.h | 7 include/linux/mcb.h | 1 include/linux/quota.h | 4 include/linux/quotaops.h | 2 include/net/macsec.h | 1 include/net/netns/ipv4.h | 1 kernel/bpf/verifier.c | 6 kernel/cgroup/cgroup-v1.c | 5 kernel/workqueue.c | 8 net/can/isotp.c | 19 -- net/ceph/messenger.c | 4 net/core/dev.c | 8 net/ipv4/sysctl_net_ipv4.c | 9 + net/ipv4/tcp_ipv4.c | 2 net/ipv4/tcp_output.c | 60 +++++- net/mctp/route.c | 22 +- net/mptcp/protocol.c | 28 +-- net/mptcp/protocol.h | 35 +-- net/mptcp/subflow.c | 10 - net/netfilter/ipvs/ip_vs_sync.c | 4 net/nfc/llcp_core.c | 30 +-- net/nfc/nci/core.c | 5 net/rds/tcp_connect.c | 2 net/rds/tcp_listen.c | 2 net/smc/smc_stats.h | 14 + net/socket.c | 6 security/keys/trusted-keys/trusted_core.c | 13 - sound/pci/hda/patch_realtek.c | 89 ++++++++- sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/sta32x.c | 39 ++-- sound/soc/codecs/sta350.c | 63 +++---- sound/soc/codecs/tas5086.c | 2 sound/soc/fsl/fsl_sai.c | 41 +++- sound/soc/fsl/fsl_sai.h | 2 sound/soc/fsl/fsl_ssi.c | 2 sound/soc/fsl/imx-card.c | 2 sound/soc/generic/simple-card-utils.c | 3 sound/soc/intel/boards/sof_es8336.c | 10 + sound/soc/intel/boards/sof_sdw.c | 10 + sound/soc/intel/common/soc-acpi-intel-mtl-match.c | 25 ++ sound/soc/sh/rcar/ssi.c | 4 sound/soc/sof/amd/pci-rmb.c | 1 sound/usb/mixer.c | 7 sound/usb/quirks.c | 8 152 files changed, 1301 insertions(+), 517 deletions(-) Abhinav Kumar (2): drm/msm/dsi: skip the wait for video mode done if not applicable drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow Alexander Zangerl (1): iio: pressure: ms5611: ms5611_prom_is_valid false negative bug Amelie Delaunay (5): dmaengine: stm32-mdma: abort resume if no ongoing transfer dmaengine: stm32-dma: fix stm32_dma_prep_slave_sg in case of MDMA chaining dmaengine: stm32-dma: fix residue in case of MDMA chaining dmaengine: stm32-mdma: use Link Address Register to compute residue dmaengine: stm32-mdma: set in_flight_bytes in case CRQA flag is set Antoniu Miclaus (2): iio: admv1013: add mixer_vgate corner cases iio: addac: Kconfig: update ad74413r selections Armin Wolf (1): platform/x86: think-lmi: Fix reference leak Artem Chernyshev (1): RDMA/cxgb4: Check skb value for failure to allocate Balamurugan C (2): ASoC: Intel: soc-acpi: Add entry for HDMI_In capture support in MTL match table ASoC: Intel: soc-acpi: Add entry for sof_es8336 in MTL match table. Biju Das (1): irqchip: renesas-rzg2l: Fix logic to clear TINT interrupt source Björn Töpel (1): riscv, bpf: Sign-extend return values Borislav Petkov (AMD) (1): x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs Christian König (2): drm/amdgpu: add missing NULL check dma-buf: add dma_fence_timestamp helper Christophe Leroy (2): powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() Christos Skevis (1): ALSA: usb-audio: Fix microphone sound on Nexigo webcam. Damien Le Moal (2): scsi: Do not rescan devices with a suspended queue ata: libata-scsi: Disable scsi device manage_system_start_stop Dan Carpenter (4): drm/msm/dsi: fix irq_of_parse_and_map() error checking mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type ixgbe: fix crash with empty VF macvlan list ceph: fix type promotion bug on 32bit systems Daniel Miess (1): drm/amd/display: Don't set dpms_off for seamless boot David Vernet (1): bpf: Fix verifier log for async callback return values Dharma Balasubiramani (1): counter: microchip-tcb-capture: Fix the use of internal GCLK logic Dinghao Liu (1): ieee802154: ca8210: Fix a potential UAF in ca8210_probe Dmitry Baryshkov (1): arm64: dts: qcom: sm8150: extend the size of the PDC resource Dmitry Torokhov (1): pinctrl: avoid unsafe code pattern in find_pinctrl() Duoming Zhou (1): dmaengine: mediatek: Fix deadlock caused by synchronize_irq() Eric Dumazet (2): net: refine debug info in skb_checksum_help() net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Fabian Vogt (1): ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx Fabrice Gasnier (1): counter: chrdev: fix getting array extensions Greg Kroah-Hartman (1): Linux 6.1.59 Haiyang Zhang (1): net: mana: Fix TX CQE error handling Hans de Goede (4): HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA ACPI: EC: Add quirk for the HP Pavilion Gaming 15-dk1xxx Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case Ioana Ciornei (1): phy: lynx-28g: cancel the CDR check work item on the remove path JP Kobryn (1): perf/x86/lbr: Filter vsyscall addresses Jan Kara (1): quota: Fix slow quotaoff Javier Carrasco (2): net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read Input: powermate - fix use-after-free in powermate_config_complete Jeffery Miller (1): Input: psmouse - fix fast_reconnect function for PS/2 mode Jeremy Cline (1): nfc: nci: assert requested protocol is valid Jeremy Kerr (1): mctp: perform route lookups under a RCU read-side lock Jing Zhang (1): perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 John Watts (1): can: sun4i_can: Only show Kconfig if ARCH_SUNXI is set Jonathan Cameron (1): iio: imu: bno055: Fix missing Kconfig dependencies Jordan Rife (2): net: prevent address rewrite in kernel_bind() libceph: use kernel_connect() Jorge Sanjuan Garcia (1): mcb: remove is_added flag from mcb_device struct Kailang Yang (4): ALSA: hda/realtek: Change model for Intel RVP board ALSA: hda/realtek - ALC287 I2S speaker platform support ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP ALSA: hda/realtek - Fixed two speaker platform Kirill A. Shutemov (1): x86/alternatives: Disable KASAN in apply_alternatives() Konstantin Meskhidze (1): drm/vmwgfx: fix typo of sizeof argument Krishna Kurapati (1): usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call Kuninori Morimoto (1): ASoC: simple-card-utils: fixup simple_util_startup() error handling Kuogee Hsieh (1): drm/msm/dp: do not reinitialize phy unless retry during link training Lad Prabhakar (1): dt-bindings: interrupt-controller: renesas,rzg2l-irqc: Update description for '#interrupt-cells' property Lakshmi Yadlapati (1): iio: pressure: dps310: Adjust Timeout Settings Lukas Magel (1): can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior Macpaul Lin (2): arm64: dts: mediatek: mt8195-demo: fix the memory size to 8GB arm64: dts: mediatek: mt8195-demo: update and reorder reserved memory regions Marcelo Schmitt (1): iio: dac: ad3552r: Correct device IDs Marek Behún (1): net: dsa: qca8k: fix potential MDIO bus conflict when accessing internal PHYs via management frames Mario Limonciello (1): usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope Matthias Berndt (1): Input: xpad - add PXN V900 support Michael Ellerman (1): powerpc/47x: Fix 47x syscall return crash Michal Koutný (1): cgroup: Remove duplicates in cgroup v1 tasks file Mika Westerberg (3): thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding thunderbolt: Restart XDomain discovery handshake after failure Mikhail Kobuk (1): pinctrl: nuvoton: wpcm450: fix out of bounds write Namjae Jeon (1): ksmbd: not allow to open file if delelete on close bit is set Nils Hoppmann (1): net/smc: Fix pos miscalculation in statistics Nirmoy Das (1): drm/i915: Don't set PIPE_CONTROL_FLUSH_L3 for aux inval Nícolas F. R. A. Prado (1): arm64: dts: mediatek: mt8195: Set DSU PMU status to fail Paolo Abeni (1): mptcp: fix delegated action races Pawel Laszczak (1): usb: cdnsp: Fixes issue with dequeuing not queued requests Peter Wang (1): scsi: ufs: core: Correct clear TM error log Phil Elwell (1): iio: pressure: bmp280: Fix NULL pointer exception Philipp Rossak (1): iio: adc: imx8qxp: Fix address for command buffer registers Pierre-Louis Bossart (1): ASoC: Intel: sof_sdw: add support for SKU 0B14 Piyush Mehta (1): usb: gadget: udc-xilinx: replace memcpy with memcpy_toio Prashanth K (1): usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails Pu Lehui (1): riscv, bpf: Factor out emit_call for kernel and bpf context RD Babiera (1): usb: typec: altmodes/displayport: Signal hpd low when exiting mode Radu Pirea (NXP OSS) (3): net: macsec: indicate next pn update when offloading net: phy: mscc: macsec: reject PN update requests net/mlx5e: macsec: use update_pn flag instead of PN comparation Ralph Siemsen (1): pinctrl: renesas: rzn1: Enable missing PINMUX Rex Zhang (1): dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq Ricardo Cañuelo (1): usb: hub: Guard against accesses to uninitialized BOS descriptors Rijo Thomas (1): tee: amdtee: fix use-after-free vulnerability in amdtee_close_session Rob Herring (1): ASoC: Use of_property_read_bool() for boolean properties Roger Pau Monne (1): xen-netback: use default TX queue size for vifs Shengjiu Wang (2): ASoC: fsl_sai: MCLK bind with TX/RX enable bit ASoC: fsl_sai: Don't disable bitclock for i.MX8MP Simon Ser (1): drm/atomic-helper: relax unregistered connector check Stephen Boyd (1): drm/msm/dp: Add newlines to debug printks Sumit Garg (1): KEYS: trusted: Remove redundant static calls usage SungHwan Jung (1): ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED Sven Frotscher (1): ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table Thinh Nguyen (1): usb: dwc3: Soft reset phy on probe for host Uwe Kleine-König (1): platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning Vijendar Mukunda (1): ASoC: SOF: amd: fix for firmware reload failure after playback Vladimir Oltean (2): phy: lynx-28g: lock PHY while performing CDR lock workaround phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers Waiman Long (1): workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() Wesley Cheng (1): usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer WhaleChang (1): ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset Will Mortensen (1): net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp Xiaolei Wang (1): usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled Xingxing Luo (2): usb: musb: Get the musb_qh poniter after musb_giveback usb: musb: Modify the "HWVers" register address Xiubo Li (1): ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Yanguo Li (1): nfp: flower: avoid rmmod nfp crash issues Yoshihiro Shimoda (2): ravb: Fix up dma_free_coherent() call in ravb_remove() ravb: Fix use-after-free issue in ravb_tx_timeout_work() mfreemon(a)cloudflare.com (1): tcp: enforce receive buffer memory limits by allowing the tcp window to shrink

2 years

1
1
0 0

Linux 5.15.136

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.136 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 10 Documentation/networking/ip-sysctl.rst | 8 Documentation/security/keys/trusted-encrypted.rst | 20 Makefile | 2 arch/arm64/include/asm/cpufeature.h | 3 arch/arm64/include/asm/exception.h | 13 arch/arm64/include/asm/spectre.h | 2 arch/arm64/include/asm/system_misc.h | 2 arch/arm64/include/asm/traps.h | 19 arch/arm64/kernel/armv8_deprecated.c | 572 +++++++-------- arch/arm64/kernel/cpufeature.c | 23 arch/arm64/kernel/entry-common.c | 36 arch/arm64/kernel/proton-pack.c | 26 arch/arm64/kernel/traps.c | 125 +-- arch/powerpc/include/asm/nohash/32/pte-8xx.h | 7 arch/powerpc/include/asm/nohash/64/pgtable.h | 2 arch/powerpc/include/asm/nohash/pgtable.h | 2 arch/riscv/net/bpf_jit_comp64.c | 33 arch/x86/include/asm/msr-index.h | 9 arch/x86/kernel/alternative.c | 13 arch/x86/kernel/cpu/amd.c | 8 drivers/acpi/resource.c | 7 drivers/counter/microchip-tcb-capture.c | 2 drivers/dma/idxd/device.c | 5 drivers/dma/mediatek/mtk-uart-apdma.c | 3 drivers/dma/stm32-mdma.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 2 drivers/gpu/drm/amd/display/dc/core/dc.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 12 drivers/gpu/drm/msm/dp/dp_ctrl.c | 13 drivers/gpu/drm/msm/dsi/dsi_host.c | 19 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 drivers/hid/hid-logitech-hidpp.c | 3 drivers/iio/pressure/bmp280-core.c | 2 drivers/iio/pressure/dps310.c | 8 drivers/iio/pressure/ms5611_core.c | 2 drivers/infiniband/hw/cxgb4/cm.c | 3 drivers/infiniband/ulp/srp/ib_srp.c | 22 drivers/input/joystick/xpad.c | 2 drivers/input/misc/powermate.c | 1 drivers/input/mouse/elantech.c | 1 drivers/input/mouse/synaptics.c | 1 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 19 drivers/iommu/intel/iommu.c | 16 drivers/mcb/mcb-core.c | 10 drivers/mcb/mcb-parse.c | 2 drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 1 drivers/net/ethernet/amazon/ena/ena_netdev.c | 4 drivers/net/ethernet/brocade/bna/bnad.c | 3 drivers/net/ethernet/cortina/gemini.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 5 drivers/net/ethernet/marvell/skge.c | 3 drivers/net/ethernet/marvell/sky2.c | 3 drivers/net/ethernet/mediatek/mtk_star_emac.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c | 4 drivers/net/ethernet/nvidia/forcedeth.c | 6 drivers/net/ethernet/renesas/ravb_main.c | 6 drivers/net/ethernet/ti/davinci_emac.c | 3 drivers/net/ethernet/ti/netcp_core.c | 5 drivers/net/ieee802154/ca8210.c | 17 drivers/net/macsec.c | 2 drivers/net/phy/mscc/mscc_macsec.c | 6 drivers/net/usb/dm9601.c | 7 drivers/net/xen-netback/interface.c | 7 drivers/of/overlay.c | 2 drivers/perf/arm-cmn.c | 2 drivers/pinctrl/core.c | 16 drivers/pinctrl/renesas/Kconfig | 1 drivers/platform/x86/hp/hp-wmi.c | 8 drivers/platform/x86/think-lmi.c | 24 drivers/scsi/scsi_error.c | 17 drivers/scsi/scsi_lib.c | 15 drivers/scsi/scsi_priv.h | 1 drivers/tee/amdtee/core.c | 10 drivers/thunderbolt/icm.c | 40 - drivers/thunderbolt/switch.c | 7 drivers/usb/cdns3/cdnsp-gadget.c | 3 drivers/usb/cdns3/core.h | 3 drivers/usb/core/hub.c | 25 drivers/usb/core/hub.h | 2 drivers/usb/dwc3/core.c | 39 - drivers/usb/gadget/function/f_ncm.c | 26 drivers/usb/gadget/udc/udc-xilinx.c | 20 drivers/usb/host/xhci-ring.c | 4 drivers/usb/host/xhci.c | 35 drivers/usb/musb/musb_debugfs.c | 2 drivers/usb/musb/musb_host.c | 9 fs/ceph/file.c | 2 fs/ceph/inode.c | 4 fs/quota/dquot.c | 66 + include/keys/trusted-type.h | 2 include/linux/intel-iommu.h | 2 include/linux/ipv6.h | 1 include/linux/mcb.h | 1 include/linux/quota.h | 4 include/linux/quotaops.h | 2 include/net/macsec.h | 1 include/scsi/scsi_cmnd.h | 9 include/uapi/linux/ipv6.h | 3 kernel/bpf/verifier.c | 6 kernel/cgroup/cgroup-v1.c | 5 kernel/sched/core.c | 2 kernel/sched/idle.c | 1 kernel/workqueue.c | 8 lib/test_meminit.c | 2 net/ceph/messenger.c | 4 net/ipv6/addrconf.c | 13 net/ipv6/ndisc.c | 13 net/netfilter/ipvs/ip_vs_sync.c | 4 net/nfc/llcp_core.c | 30 net/nfc/nci/core.c | 5 net/rds/tcp_connect.c | 2 net/rds/tcp_listen.c | 2 net/smc/smc_stats.h | 14 net/socket.c | 6 security/keys/trusted-keys/trusted_core.c | 48 + sound/usb/quirks.c | 6 119 files changed, 1024 insertions(+), 754 deletions(-) Abhinav Kumar (2): drm/msm/dsi: skip the wait for video mode done if not applicable drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow Ahmad Fatoum (1): KEYS: trusted: allow use of kernel RNG for key material Alexander Zangerl (1): iio: pressure: ms5611: ms5611_prom_is_valid false negative bug Amelie Delaunay (1): dmaengine: stm32-mdma: abort resume if no ongoing transfer Armin Wolf (1): platform/x86: think-lmi: Fix reference leak Artem Chernyshev (1): RDMA/cxgb4: Check skb value for failure to allocate Bart Van Assche (4): scsi: core: Use a structure member to track the SCSI command submitter scsi: core: Rename scsi_mq_done() into scsi_done() and export it scsi: ib_srp: Call scsi_done() directly RDMA/srp: Do not call scsi_done() from srp_abort() Björn Töpel (1): riscv, bpf: Sign-extend return values Borislav Petkov (AMD) (1): x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs Christian König (1): drm/amdgpu: add missing NULL check Christophe Leroy (2): powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() Dan Carpenter (4): drm/msm/dsi: fix irq_of_parse_and_map() error checking mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type ixgbe: fix crash with empty VF macvlan list ceph: fix type promotion bug on 32bit systems Daniel Miess (1): drm/amd/display: Don't set dpms_off for seamless boot David Vernet (1): bpf: Fix verifier log for async callback return values Dharma Balasubiramani (1): counter: microchip-tcb-capture: Fix the use of internal GCLK logic Dinghao Liu (1): ieee802154: ca8210: Fix a potential UAF in ca8210_probe Dmitry Torokhov (1): pinctrl: avoid unsafe code pattern in find_pinctrl() Duoming Zhou (1): dmaengine: mediatek: Fix deadlock caused by synchronize_irq() Eric Dumazet (1): net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Geert Uytterhoeven (1): of: overlay: Reorder struct fragment fields kerneldoc Greg Kroah-Hartman (3): lib/test_meminit: fix off-by-one error in test_pages() Revert "kernel/sched: Modify initial boot task idle setup" Linux 5.15.136 Hans de Goede (3): HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case Hongyu Xie (1): xhci: Keep interrupt disabled in initialization until host is running. Jakub Kicinski (2): eth: remove copies of the NAPI_POLL_WEIGHT define eth: remove remaining copies of the NAPI_POLL_WEIGHT define Jan Kara (1): quota: Fix slow quotaoff Javier Carrasco (2): net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read Input: powermate - fix use-after-free in powermate_config_complete Jeffery Miller (1): Input: psmouse - fix fast_reconnect function for PS/2 mode Jeremy Cline (1): nfc: nci: assert requested protocol is valid Jing Zhang (1): perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 Jordan Rife (2): net: prevent address rewrite in kernel_bind() libceph: use kernel_connect() Jorge Sanjuan Garcia (1): mcb: remove is_added flag from mcb_device struct Kirill A. Shutemov (1): x86/alternatives: Disable KASAN in apply_alternatives() Konstantin Meskhidze (1): drm/vmwgfx: fix typo of sizeof argument Krishna Kurapati (1): usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call Kuogee Hsieh (1): drm/msm/dp: do not reinitialize phy unless retry during link training Lakshmi Yadlapati (1): iio: pressure: dps310: Adjust Timeout Settings Mark Rutland (14): arm64: report EL1 UNDEFs better arm64: die(): pass 'err' as long arm64: consistently pass ESR_ELx to die() arm64: rework FPAC exception handling arm64: rework BTI exception handling arm64: allow kprobes on EL0 handlers arm64: split EL0/EL1 UNDEF handlers arm64: factor out EL1 SSBS emulation hook arm64: factor insn read out of call_undef_hook() arm64: rework EL0 MRS emulation arm64: armv8_deprecated: fold ops into insn_emulation arm64: armv8_deprecated move emulation functions arm64: armv8_deprecated: move aarch32 helper earlier arm64: armv8_deprecated: rework deprected instruction handling Matthias Berndt (1): Input: xpad - add PXN V900 support Michal Koutný (1): cgroup: Remove duplicates in cgroup v1 tasks file Mika Westerberg (2): thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding Nils Hoppmann (1): net/smc: Fix pos miscalculation in statistics Patrick Rohr (3): net: add sysctl accept_ra_min_rtr_lft net: change accept_ra_min_rtr_lft to affect all RA lifetimes net: release reference to inet6_dev pointer Pawel Laszczak (1): usb: cdnsp: Fixes issue with dequeuing not queued requests Phil Elwell (1): iio: pressure: bmp280: Fix NULL pointer exception Piyush Mehta (1): usb: gadget: udc-xilinx: replace memcpy with memcpy_toio Pu Lehui (1): riscv, bpf: Factor out emit_call for kernel and bpf context Radu Pirea (NXP OSS) (2): net: macsec: indicate next pn update when offloading net: phy: mscc: macsec: reject PN update requests Ralph Siemsen (1): pinctrl: renesas: rzn1: Enable missing PINMUX Ren Zhijie (1): arm64: armv8_deprecated: fix unused-function error Rex Zhang (1): dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq Ricardo Cañuelo (1): usb: hub: Guard against accesses to uninitialized BOS descriptors Rijo Thomas (1): tee: amdtee: fix use-after-free vulnerability in amdtee_close_session Roger Pau Monne (1): xen-netback: use default TX queue size for vifs Sumit Garg (1): KEYS: trusted: Remove redundant static calls usage Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table Thinh Nguyen (1): usb: dwc3: Soft reset phy on probe for host Uwe Kleine-König (1): platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning Waiman Long (1): workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() Wesley Cheng (1): usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer WhaleChang (1): ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset Will Mortensen (1): net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp Xiaolei Wang (1): usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled Xingxing Luo (2): usb: musb: Get the musb_qh poniter after musb_giveback usb: musb: Modify the "HWVers" register address Xiubo Li (1): ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Yoshihiro Shimoda (2): ravb: Fix up dma_free_coherent() call in ravb_remove() ravb: Fix use-after-free issue in ravb_tx_timeout_work() Zhang Rui (1): iommu/vt-d: Avoid memory allocation in iommu_suspend() Zheng Wang (1): media: mtk-jpeg: Fix use after free bug due to uncanceled work

2 years

1
1
0 0

[PATCH] lib/Kconfig.debug: disable FRAME_WARN for kasan and kcsan

by Hamza Mahfooz

With every release of LLVM, both of these sanitizers eat up more and more of the stack. So, set FRAME_WARN to 0 if either of them is enabled for a given build. Cc: stable(a)vger.kernel.org Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> --- lib/Kconfig.debug | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 39d1d93164bd..15ad742729ca 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -429,11 +429,10 @@ endif # DEBUG_INFO config FRAME_WARN int "Warn for stack frames larger than" range 0 8192 - default 0 if KMSAN + default 0 if KASAN || KCSAN || KMSAN default 2048 if GCC_PLUGIN_LATENT_ENTROPY default 2048 if PARISC default 1536 if (!64BIT && XTENSA) - default 1280 if KASAN && !64BIT default 1024 if !64BIT default 2048 if 64BIT help -- 2.42.0

2 years

5
8
0 0

[PATCH 4/5] mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation

by SeongJae Park

When calculating the hotness threshold for lru_prio scheme of DAMON_LRU_SORT, the module divides some values by the maximum nr_accesses. However, due to the type of the related variables, simple division-based calculation of the divisor can return zero. As a result, divide-by-zero is possible. Fix it by using damon_max_nr_accesses(), which handles the case. Fixes: 40e983cca927 ("mm/damon: introduce DAMON-based LRU-lists Sorting") Cc: <stable(a)vger.kernel.org> # 6.0.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- mm/damon/lru_sort.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/mm/damon/lru_sort.c b/mm/damon/lru_sort.c index 3ecdcc029443..f2e5f9431892 100644 --- a/mm/damon/lru_sort.c +++ b/mm/damon/lru_sort.c @@ -195,9 +195,7 @@ static int damon_lru_sort_apply_parameters(void) if (err) return err; - /* aggr_interval / sample_interval is the maximum nr_accesses */ - hot_thres = damon_lru_sort_mon_attrs.aggr_interval / - damon_lru_sort_mon_attrs.sample_interval * + hot_thres = damon_max_nr_accesses(&damon_lru_sort_mon_attrs) * hot_thres_access_freq / 1000; scheme = damon_lru_sort_new_hot_scheme(hot_thres); if (!scheme) -- 2.34.1

2 years

1
0
0 0

[PATCH 3/5] mm/damon/ops-common: avoid divide-by-zero during region hotness calculation

by SeongJae Park

When calculating the hotness of each region for the under-quota regions prioritization, DAMON divides some values by the maximum nr_accesses. However, due to the type of the related variables, simple division-based calculation of the divisor can return zero. As a result, divide-by-zero is possible. Fix it by using damon_max_nr_accesses(), which handles the case. Fixes: 198f0f4c58b9 ("mm/damon/vaddr,paddr: support pageout prioritization") Cc: <stable(a)vger.kernel.org> # 5.16.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- mm/damon/ops-common.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/damon/ops-common.c b/mm/damon/ops-common.c index ac1c3fa80f98..d25d99cb5f2b 100644 --- a/mm/damon/ops-common.c +++ b/mm/damon/ops-common.c @@ -73,7 +73,6 @@ void damon_pmdp_mkold(pmd_t *pmd, struct vm_area_struct *vma, unsigned long addr int damon_hot_score(struct damon_ctx *c, struct damon_region *r, struct damos *s) { - unsigned int max_nr_accesses; int freq_subscore; unsigned int age_in_sec; int age_in_log, age_subscore; @@ -81,8 +80,8 @@ int damon_hot_score(struct damon_ctx *c, struct damon_region *r, unsigned int age_weight = s->quota.weight_age; int hotness; - max_nr_accesses = c->attrs.aggr_interval / c->attrs.sample_interval; - freq_subscore = r->nr_accesses * DAMON_MAX_SUBSCORE / max_nr_accesses; + freq_subscore = r->nr_accesses * DAMON_MAX_SUBSCORE / + damon_max_nr_accesses(&c->attrs); age_in_sec = (unsigned long)r->age * c->attrs.aggr_interval / 1000000; for (age_in_log = 0; age_in_log < DAMON_MAX_AGE_IN_LOG && age_in_sec; -- 2.34.1

2 years

1
0
0 0

[PATCH 2/5] mm/damon/core: avoid divide-by-zero during monitoring results update

by SeongJae Park

When monitoring attributes are changed, DAMON updates access rate of the monitoring results accordingly. For that, it divides some values by the maximum nr_accesses. However, due to the type of the related variables, simple division-based calculation of the divisor can return zero. As a result, divide-by-zero is possible. Fix it by using damon_max_nr_accesses(), which handles the case. Fixes: 2f5bef5a590b ("mm/damon/core: update monitoring results for new monitoring attributes") Cc: <stable(a)vger.kernel.org> # 6.3.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- mm/damon/core.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/mm/damon/core.c b/mm/damon/core.c index 9f4f7c378cf3..e194c8075235 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -500,20 +500,14 @@ static unsigned int damon_age_for_new_attrs(unsigned int age, static unsigned int damon_accesses_bp_to_nr_accesses( unsigned int accesses_bp, struct damon_attrs *attrs) { - unsigned int max_nr_accesses = - attrs->aggr_interval / attrs->sample_interval; - - return accesses_bp * max_nr_accesses / 10000; + return accesses_bp * damon_max_nr_accesses(attrs) / 10000; } /* convert nr_accesses to access ratio in bp (per 10,000) */ static unsigned int damon_nr_accesses_to_accesses_bp( unsigned int nr_accesses, struct damon_attrs *attrs) { - unsigned int max_nr_accesses = - attrs->aggr_interval / attrs->sample_interval; - - return nr_accesses * 10000 / max_nr_accesses; + return nr_accesses * 10000 / damon_max_nr_accesses(attrs); } static unsigned int damon_nr_accesses_for_new_attrs(unsigned int nr_accesses, -- 2.34.1

2 years

1
0
0 0

[PATCH 1/5] mm/damon: implement a function for max nr_accesses safe calculation

by SeongJae Park

The maximum nr_accesses of given DAMON context can be calculated by dividing the aggregation interval by the sampling interval. Some logics in DAMON uses the maximum nr_accesses as a divisor. Hence, the value shouldn't be zero. Such case is avoided since DAMON avoids setting the agregation interval as samller than the sampling interval. However, since nr_accesses is unsigned int while the intervals are unsigned long, the maximum nr_accesses could be zero while casting. Implement a function that handles the corner case. Note that this commit is not fixing the real issue since this is only introducing the safe function that will replaces the problematic divisions. The replacements will be made by followup commits, to make backporting on stable series easier. Fixes: 198f0f4c58b9 ("mm/damon/vaddr,paddr: support pageout prioritization") Cc: <stable(a)vger.kernel.org> # 5.16.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- include/linux/damon.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/linux/damon.h b/include/linux/damon.h index 27b995c22497..ab2f17d9926b 100644 --- a/include/linux/damon.h +++ b/include/linux/damon.h @@ -681,6 +681,13 @@ static inline bool damon_target_has_pid(const struct damon_ctx *ctx) return ctx->ops.id == DAMON_OPS_VADDR || ctx->ops.id == DAMON_OPS_FVADDR; } +static inline unsigned int damon_max_nr_accesses(const struct damon_attrs *attrs) +{ + /* {aggr,sample}_interval are unsigned long, hence could overflow */ + return min(attrs->aggr_interval / attrs->sample_interval, + (unsigned long)UINT_MAX); +} + int damon_start(struct damon_ctx **ctxs, int nr_ctxs, bool exclusive); int damon_stop(struct damon_ctx **ctxs, int nr_ctxs); -- 2.34.1

2 years

1
0
0 0

USB_NET_AX8817X dependency on AX88796B_PHY

by Maciej Żenczykowski

I've received reports that an ethernet usb dongle doesn't work (google internal bug 304028301)... Investigation shows that we have 5.10 (GKI) with USB_NET_AX8817X=y and AX88796B_PHY not set. I *think* this configuration combination makes no sense? [note: I'm unsure how many different phy's this driver supports...] Obviously, we could simply turn it on 'manually'... but: commit dde25846925765a88df8964080098174495c1f10 Author: Oleksij Rempel <o.rempel(a)pengutronix.de> Date: Mon Jun 7 10:27:22 2021 +0200 net: usb/phy: asix: add support for ax88772A/C PHYs Add support for build-in x88772A/C PHYs Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: David S. Miller <davem(a)davemloft.net> includes (as a side effect): drivers/net/usb/Kconfig @@ -164,6 +164,7 @@ config USB_NET_AX8817X depends on USB_USBNET select CRC32 select PHYLIB + select AX88796B_PHY default y which presumably makes this (particular problem) a non issue on 5.15+ I'm guessing the above fix (ie. commit dde25846925765a88df8964080098174495c1f10) could (should?) simply be backported to older stable kernels? I've verified it cherrypicks cleanly and builds (on x86_64 5.10 gki), ie. $ git checkout android/kernel/common/android13-5.10 $ git cherry-pick -x dde25846925765a88df8964080098174495c1f10 $ make ARCH=x86_64 gki_defconfig $ egrep -i ax88796b < .config CONFIG_AX88796B_PHY=y $ make -j50 ./drivers/net/phy/ax88796b.o gets built I've sourced a copy of the problematic hardware, but I'm hitting problems where on at least two (both my chromebook and 1 of the 2 usb-c ports on my lenovo laptop) totally different usb controllers/ports it doesn't even usb enumerate (ie. nothing in dmesg, no show on lsusb), which is making testing difficult (unsure if I just got a bad sample)... - Maciej

2 years

2
7
0 0

vmlinux-gdb unable to parse_and_eval("hrtimer_resolution") on mainline

by aftermath digital

Hi, I've tested the below on both linux-6.5.7 and mainline linux-6.6-rc6, both of which seem to have the same issue. GDB 13.2 isn't able to load vmlinux-gdb.py as it throws the following: Traceback (most recent call last): File "/home/user/debug_kernel/linux-6.6-rc6/vmlinux-gdb.py", line 25, in <module> import linux.constants File "/home/user/debug_kernel/linux-6.6-rc6/scripts/gdb/linux/constants.py", line 11, in <module> LX_hrtimer_resolution = gdb.parse_and_eval("hrtimer_resolution") gdb.error: 'hrtimer_resolution' has unknown type; cast it to its declared type I've built-linux like so: make defconfig scripts/config --disable SYSTEM_TRUSTED_KEYS scripts/config --disable SYSTEM_REVOCATION_KEYS scripts/config --set-str SYSTEM_TRUSTED_KEYS "" scripts/config -e CONFIG_DEBUG_INFO -e CONFIG_GDB_SCRIPTS -e CONFIG_FRAME_POINTER make -j$(nproc) make scripts_gdb $ gcc --version gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0 $ gdb --version GNU gdb (GDB) 13.2 This is my first time submitting a bug to the LK mailing list, please let me know if this format is not correct or if you need more information. Thanks.

2 years

3
2
0 0

[PATCH 2/2] wifi: ath12k: fix htt mlo-offset event locking

by Johan Hovold

The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # v6.2 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/net/wireless/ath/ath12k/dp_rx.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless/ath/ath12k/dp_rx.c index e6e64d437c47..3294625650dc 100644 --- a/drivers/net/wireless/ath/ath12k/dp_rx.c +++ b/drivers/net/wireless/ath/ath12k/dp_rx.c @@ -1641,11 +1641,12 @@ static void ath12k_htt_mlo_offset_event_handler(struct ath12k_base *ab, msg = (struct ath12k_htt_mlo_offset_msg *)skb->data; pdev_id = u32_get_bits(__le32_to_cpu(msg->info), HTT_T2H_MLO_OFFSET_INFO_PDEV_ID); - ar = ath12k_mac_get_ar_by_pdev_id(ab, pdev_id); + rcu_read_lock(); + ar = ath12k_mac_get_ar_by_pdev_id(ab, pdev_id); if (!ar) { ath12k_warn(ab, "invalid pdev id %d on htt mlo offset\n", pdev_id); - return; + goto exit; } spin_lock_bh(&ar->data_lock); @@ -1661,6 +1662,8 @@ static void ath12k_htt_mlo_offset_event_handler(struct ath12k_base *ab, pdev->timestamp.mlo_comp_timer = __le32_to_cpu(msg->mlo_comp_timer); spin_unlock_bh(&ar->data_lock); +exit: + rcu_read_unlock(); } void ath12k_dp_htt_htc_t2h_msg_handler(struct ath12k_base *ab, -- 2.41.0

2 years

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2023