December 2023 - Linux-stable-mirror

[PATCH v2] Bluetooth: Fix atomicity violation in {conn,adv}_{min,max}_interval_set

by Gui-Dong Han

In {conn,adv}_min_interval_set(): if (val < ... || val > ... || val > hdev->le_{conn,adv}_max_interval) return -EINVAL; hci_dev_lock(hdev); hdev->le_{conn,adv}_min_interval = val; hci_dev_unlock(hdev); In {conn,adv}_max_interval_set(): if (val < ... || val > ... || val < hdev->le_{conn,adv}_min_interval) return -EINVAL; hci_dev_lock(hdev); hdev->le_{conn,adv}_max_interval hci_dev_unlock(hdev); The atomicity violation occurs due to concurrent execution of set_min and set_max funcs. Consider a scenario where setmin writes a new, valid 'min' value, and concurrently, setmax writes a value that is greater than the old 'min' but smaller than the new 'min'. In this case, setmax might check against the old 'min' value (before acquiring the lock) but write its value after the 'min' has been updated by setmin. This leads to a situation where the 'max' value ends up being smaller than the 'min' value, which is an inconsistency. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To resolve this issue, it is suggested to encompass the validity checks within the locked sections in both set_min and set_max funcs. The modification ensures that the validation of 'val' against the current min/max values is atomic, thus maintaining the integrity of the settings. With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 3a5c82b78fd2 ("Bluetooth: Move LE debugfs file creation into ...") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- v2: * Adjust the format to pass the CI. --- net/bluetooth/hci_debugfs.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c index 6b7741f6e95b..6fdda807f2cf 100644 --- a/net/bluetooth/hci_debugfs.c +++ b/net/bluetooth/hci_debugfs.c @@ -849,11 +849,13 @@ DEFINE_SHOW_ATTRIBUTE(long_term_keys); static int conn_min_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval) + + hci_dev_lock(hdev); + if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_conn_min_interval = val; hci_dev_unlock(hdev); @@ -877,11 +879,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get, static int conn_max_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval) + + hci_dev_lock(hdev); + if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_conn_max_interval = val; hci_dev_unlock(hdev); @@ -989,11 +993,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get, static int adv_min_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval) + + hci_dev_lock(hdev); + if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_adv_min_interval = val; hci_dev_unlock(hdev); @@ -1018,10 +1024,12 @@ static int adv_max_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval) + hci_dev_lock(hdev); + if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_adv_max_interval = val; hci_dev_unlock(hdev); -- 2.34.1

1 year, 5 months

1
0
0 0

[PATCH 6.6 000/530] 6.6.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.3 release. There are 530 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 26 Nov 2023 17:19:17 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.3-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.3-rc1 Lewis Huang <lewis.huang(a)amd.com> drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox Paul Hsieh <paul.hsieh(a)amd.com> drm/amd/display: Clear dpcd_sink_ext_caps if not set Tianci Yin <tianci.yin(a)amd.com> drm/amd/display: Enable fast plane updates on DCN3.2 and above Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Fix DSC not Enabled on Direct MST Sink Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Guard against invalid RPTR/WPTR being set Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Fix possible null pointer dereference Christian König <christian.koenig(a)amd.com> drm/amdgpu: lower CS errors to debug severity Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_bo_list_get() Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_vm_init Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't use ATRM for external devices Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add a retry for IP discovery init Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix GRBM read timeout when do mes_self_test Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't use pci_is_thunderbolt_attached() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/smu13: drop compute workload workaround Ma Jun <Jun.Ma2(a)amd.com> drm/amd/pm: Fix error of MACO flag setting code Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Flush WC GGTT only on required platforms Kunwu Chan <chentao(a)kylinos.cn> drm/i915: Fix potential spectre vulnerability Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Bump GLK CDCLK frequency when driving multiple pipes Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/mtl: Support HBR3 rate with C10 phy and eDP in MTL Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Add Null check for DPP resource Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block Jani Nikula <jani.nikula(a)intel.com> drm: bridge: it66121: ->get_edid callback must not return err pointers Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amd/pm: Handle non-terminated overdrive commands. Brian Foster <bfoster(a)redhat.com> ext4: fix racy may inline data check in dio write Jan Kara <jack(a)suse.cz> ext4: properly sync file size update after O_SYNC direct IO Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: add missed brelse in update_backups Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the start block of counting reserved clusters Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: correct return value of ext4_convert_meta_bg Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: mark buffer new if it is unwritten to avoid stale data exposure Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: correct offset of gdb backup in non meta_bg group to update_backups Max Kellermann <max.kellermann(a)ionos.com> ext4: apply umask if ACL support is disabled Zhang Yi <yi.zhang(a)huawei.com> ext4: make sure allocate pending entry not fail Wang Jianjian <wangjianjian0(a)foxmail.com> ext4: no need to generate from free list in mballoc Baokun Li <libaokun1(a)huawei.com> ext4: fix race between writepages and remount Heiner Kallweit <hkallweit1(a)gmail.com> Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" Jiri Kosina <jkosina(a)suse.cz> Revert "HID: logitech-dj: Add support for a new lightspeed receiver iteration" Andrey Konovalov <andrey.konovalov(a)linaro.org> media: qcom: camss: Fix csid-gen2 for test pattern generator Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix invalid clock enable bit disjunction Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix missing vfe_lite clocks check Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix VFE-480 vfe_disable_output() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix VFE-17x vfe_disable_output() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix vfe_get() error jump Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix pm_domain_on sequence in probe Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER ChunHao Lin <hau(a)realtek.com> r8169: add handling DASH when DASH is disabled ChunHao Lin <hau(a)realtek.com> r8169: fix network lost after resume on DASH systems Paolo Abeni <pabeni(a)redhat.com> selftests: mptcp: fix fastclose with csum failure Paolo Abeni <pabeni(a)redhat.com> mptcp: fix setsockopt(IP_TOS) subflow locking Geliang Tang <geliang.tang(a)suse.com> mptcp: add validity check for sending RM_ADDR Paolo Abeni <pabeni(a)redhat.com> mptcp: deal with large GSO size Roman Gushchin <roman.gushchin(a)linux.dev> mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors Stefan Roesch <shr(a)devkernel.io> mm: fix for negative counter: nr_file_hugepages Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 Nam Cao <namcaov(a)gmail.com> riscv: kprobes: allow writing to x0 Song Shuai <suagrfillet(a)gmail.com> riscv: correct pt_level name via pgtable_l5/4_enabled Song Shuai <suagrfillet(a)gmail.com> riscv: mm: Update the comment of CONFIG_PAGE_OFFSET Nam Cao <namcaov(a)gmail.com> riscv: put interrupt entries into .irqentry.text Minda Chen <minda.chen(a)starfivetech.com> riscv: Using TOOLCHAIN_HAS_ZIHINTPAUSE marco replace zihintpause Petr Tesarik <petr.tesarik1(a)huawei-partners.com> swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Petr Tesarik <petrtesarik(a)huaweicloud.com> swiotlb: do not free decrypted pages if dynamic Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe-event: Fix to check tracepoint event and return Nathan Chancellor <nathan(a)kernel.org> LoongArch: Mark __percpu functions as always inline Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update nfsd_cache_append() to use xdr_stream Mahmoud Adam <mngyadam(a)amazon.com> nfsd: fix file memleak on client_opens_release Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: don't use blocking calls from tasklets Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: fix no-sleep mode Jani Nikula <jani.nikula(a)intel.com> drm/mediatek/dp: fix memory leak on ->get_edid callback error path Jani Nikula <jani.nikula(a)intel.com> drm/mediatek/dp: fix memory leak on ->get_edid callback audio detection Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Correctly initialise try compose rectangle Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add checks to handle capabilities from firmware Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: fix the check to handle session buffer requirement Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: Add check to keep the number of codecs within range Sean Young <sean(a)mess.org> media: sharp: fix sharp encoding Sean Young <sean(a)mess.org> media: lirc: drop trailing space from scancode transmit Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: split initial and dynamic conditions for extent_cache Su Hui <suhui(a)nfschina.com> f2fs: avoid format-overflow warning Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: set the default compress_level on ioctl Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: do not return EFSCORRUPTED, but try to run online repair Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: fix potential race in i801_block_transaction_byte_by_byte Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: don't withdraw if init_threads() got interrupted Klaus Kudielka <klaus.kudielka(a)gmail.com> net: phylink: initialize carrier state at creation Alexander Sverdlin <alexander.sverdlin(a)siemens.com> net: dsa: lan9303: consequently nested-lock physical MDIO Andrew Lunn <andrew(a)lunn.ch> net: ethtool: Fix documentation of ethtool_sprintf() Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: fix AP bus crash on early config change callback invocation Tam Nguyen <tamnguyenchi(a)os.amperecomputing.com> i2c: designware: Disable TX_EMPTY irq while waiting for block length byte Darren Hart <darren(a)os.amperecomputing.com> sbsa_gwdt: Calculate timeout with 64-bit math Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix default return value for inode_getsecctx Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix default return value for vm_enough_memory Robert Marko <robert.marko(a)sartura.hr> Revert "i2c: pxa: move to generic GPIO recovery" Johnathan Mantey <johnathanx.mantey(a)intel.com> Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add quirks for HP Laptops Matus Malych <matus(a)malych.org> ALSA: hda/realtek: Enable Mute LED on HP 255 G10 Chandradeep Dey <codesigning(a)chandradeepdey.com> ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add Dell ALC295 to pin fall back table Eymen Yigit <eymenyg01(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 255 G8 Takashi Iwai <tiwai(a)suse.de> ALSA: info: Fix potential deadlock at disconnection Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: wait for data BG to be finished on direct IO allocation Dave Chinner <dchinner(a)redhat.com> xfs: recovery should not clear di_flushiter unconditionally David Howells <dhowells(a)redhat.com> cifs: Fix encryption of cleared, but unset rq_iter data buffers Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not pass cifs_sb when trying to add channels Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not reset chan_max if multichannel is not supported at mount Shyam Prasad N <sprasad(a)microsoft.com> cifs: force interface update before a fresh session setup Shyam Prasad N <sprasad(a)microsoft.com> cifs: reconnect helper should set reconnect for the right channel Paulo Alcantara <pc(a)manguebit.com> smb: client: fix mount when dns_resolver key is not available Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential deadlock when releasing mids Paulo Alcantara <pc(a)manguebit.com> smb: client: fix use-after-free in smb2_query_info_compound() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Steve French <stfrench(a)microsoft.com> smb3: fix caching of ctime on setxattr Steve French <stfrench(a)microsoft.com> smb3: allow dumping session and tcon id to improve stats analysis and debugging Steve French <stfrench(a)microsoft.com> smb3: fix touch -h of symlink Steve French <stfrench(a)microsoft.com> smb3: fix creating FIFOs when mounting with "sfu" mount option Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Enable RPM on controllers that support low-power states Helge Deller <deller(a)gmx.de> parisc: fix mmap_base calculation when stack grows upwards Helge Deller <deller(a)gmx.de> parisc/power: Fix power soft-off when running on qemu Helge Deller <deller(a)gmx.de> parisc/pgtable: Do not drop upper 5 address bits of physical address Helge Deller <deller(a)gmx.de> parisc: Prevent booting 64-bit kernels on PA1.x machines Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Extend signal handler coverage to unmount on receiving signal Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Make benchmark command const and build it with pointers Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Simplify span lifetime Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Remove bw_report and bm_type from main() Joel Fernandes (Google) <joel(a)joelfernandes.org> rcutorture: Fix stuttering races and other issues Paul E. McKenney <paulmck(a)kernel.org> torture: Make torture_hrtimeout_ns() take an hrtimer mode parameter Muhammad Ahmed <ahmed.ahmed(a)amd.com> drm/amd/display: enable dsc_clk even if dsc_pg disabled Guan Wentao <guanwentao(a)uniontech.com> Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Masum Reza <masumrezarock100(a)gmail.com> Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables John Johansen <john.johansen(a)canonical.com> apparmor: Fix regression in mount mediation John Johansen <john.johansen(a)canonical.com> apparmor: pass cred through to audit info. John Johansen <john.johansen(a)canonical.com> apparmor: rename audit_data->label to audit_data->subj_label John Johansen <john.johansen(a)canonical.com> apparmor: combine common_audit_data and apparmor_audit_data Gaosheng Cui <cuigaosheng1(a)huawei.com> apparmor: Fix kernel-doc warnings in apparmor/policy.c Gaosheng Cui <cuigaosheng1(a)huawei.com> apparmor: Fix kernel-doc warnings in apparmor/resource.c Gaosheng Cui <cuigaosheng1(a)huawei.com> apparmor: Fix kernel-doc warnings in apparmor/lib.c Gaosheng Cui <cuigaosheng1(a)huawei.com> apparmor: Fix kernel-doc warnings in apparmor/audit.c Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix delete_endpoint() vs parent unregistration race Jim Harris <jim.harris(a)samsung.com> cxl/region: Fix x1 root-decoder granularity calculations Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix random hot join failure since timeout error Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix check wrong status register in irq handler Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix ibi may not return mandatory data byte Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix wrong data return when IBI happen during start frame Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix race condition in ibi work thread Joshua Yeong <joshua.yeong(a)starfivetech.com> i3c: master: cdns: Fix reading status register Jim Harris <jim.harris(a)samsung.com> cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails Linus Walleij <linus.walleij(a)linaro.org> mtd: cfi_cmdset_0001: Byte swap OTP info Florent Revest <revest(a)chromium.org> mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long Zi Yan <ziy(a)nvidia.com> mm/memory_hotplug: use pfn math in place of direct struct page manipulation Zi Yan <ziy(a)nvidia.com> mm/hugetlb: use nth_page() in place of direct struct page manipulation Zi Yan <ziy(a)nvidia.com> mm/cma: use nth_page() in place of direct struct page manipulation Heiko Carstens <hca(a)linux.ibm.com> s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir Heiko Carstens <hca(a)linux.ibm.com> s390/cmma: fix detection of DAT pages Heiko Carstens <hca(a)linux.ibm.com> s390/cmma: fix initial kernel address space page table walk Heiko Carstens <hca(a)linux.ibm.com> s390/mm: add missing arch_set_page_dat() call to gmap allocations Heiko Carstens <hca(a)linux.ibm.com> s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() Alain Volmat <alain.volmat(a)foss.st.com> dmaengine: stm32-mdma: correct desc prep when channel running Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device Sanjuán García, Jorge <Jorge.SanjuanGarcia(a)duagon.com> mcb: fix error handling for different scenarios when parsing Saravana Kannan <saravanak(a)google.com> driver core: Release all resources during unbind before updating device links Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have the user copy of synthetic event address use correct context Tiezhu Yang <yangtiezhu(a)loongson.cn> selftests/clone3: Fix broken test under !CONFIG_TIME_NS Benjamin Bara <benjamin.bara(a)skidata.com> i2c: core: Run atomic i2c xfer when !preemptible Zi Yan <ziy(a)nvidia.com> mips: use nth_page() in place of direct struct page manipulation Zi Yan <ziy(a)nvidia.com> fs: use nth_page() in place of direct struct page manipulation Ben Wolsieffer <ben.wolsieffer(a)hefring.com> scripts/gdb/vmalloc: disable on no-MMU Benjamin Bara <benjamin.bara(a)skidata.com> kernel/reboot: emergency_restart: Set correct system_state Eric Biggers <ebiggers(a)google.com> quota: explicitly forbid quota files from being encrypted Zhihao Cheng <chengzhihao1(a)huawei.com> jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix Jamie Lentin <jm(a)lentin.co.uk> hid: lenovo: Resend all settings on reset_resume for compact keyboards Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Fix feature checks Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Refactor feature check to use resource and feature name Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Move _GNU_SOURCE define into Makefile Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Remove duplicate feature check from CMT test Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Fix uninitialized .sa_flags Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa883x: make use of new mute_unmute_on_trigger flag Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: soc-dai: add flag to mute and unmute stream during trigger Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: split async and sync catchall in two functions Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: remove catchall element in GC sync path Mimi Zohar <zohar(a)linux.ibm.com> ima: detect changes to the backing overlay file Amir Goldstein <amir73il(a)gmail.com> ima: annotate iint mutex to avoid lockdep false positive warnings Johan Hovold <johan+linaro(a)kernel.org> mfd: qcom-spmi-pmic: Fix revid implementation Johan Hovold <johan+linaro(a)kernel.org> mfd: qcom-spmi-pmic: Fix reference leaks in revid helper Christian Marangi <ansuelsmth(a)gmail.com> leds: trigger: netdev: Move size check in set_device_name Vignesh Viswanathan <quic_viswanat(a)quicinc.com> arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size Vignesh Viswanathan <quic_viswanat(a)quicinc.com> arm64: dts: qcom: ipq9574: Fix hwlock index for SMEM Vasily Khoruzhick <anarsoul(a)gmail.com> ACPI: FPDT: properly handle invalid FPDT subtables Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com> firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit Vignesh Viswanathan <quic_viswanat(a)quicinc.com> arm64: dts: qcom: ipq8074: Fix hwlock index for SMEM Vignesh Viswanathan <quic_viswanat(a)quicinc.com> arm64: dts: qcom: ipq5332: Fix hwlock index for SMEM David Arcari <darcari(a)redhat.com> thermal: intel: powerclamp: fix mismatch in get function for max_idle Josef Bacik <josef(a)toxicpanda.com> btrfs: don't arbitrarily slow down delalloc if we're committing Catalin Marinas <catalin.marinas(a)arm.com> rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects Brian Geffon <bgeffon(a)google.com> PM: hibernate: Clean up sync_read handling in snapshot_write_next() Brian Geffon <bgeffon(a)google.com> PM: hibernate: Use __get_safe_page() rather than touching the list Biju Das <biju.das.jz(a)bp.renesas.com> dt-bindings: timer: renesas,rz-mtu3: Fix overflow/underflow interrupt names Vignesh Viswanathan <quic_viswanat(a)quicinc.com> arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM Joel Fernandes (Google) <joel(a)joelfernandes.org> rcu/tree: Defer setting of jiffies during stall reset Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Drop connection after an RDMA Read error Ajay Singh <ajay.kathat(a)microchip.com> wifi: wilc1000: use vmm_table as array in wilc struct Lukas Wunner <lukas(a)wunner.de> PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: exynos: Don't discard .remove() callback Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: kirin: Don't discard .remove() callback Heiner Kallweit <hkallweit1(a)gmail.com> PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom-ep: Add dedicated callback for writing to DBI2 registers Bean Huo <beanhuo(a)micron.com> mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A Nitin Yadav <n-yadav(a)ti.com> mmc: sdhci_am654: fix start loop index for TAP value parsing Dan Carpenter <dan.carpenter(a)linaro.org> mmc: vub300: fix an error code Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab out of bounds write in smb_inherit_dacl() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: handle malformed smb1 message Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in vfs helpers Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com> clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com> clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks Michal Suchanek <msuchanek(a)suse.de> integrity: powerpc: Do not select CA_MACHINE_KEYRING Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: visconti: Fix undefined behavior bug in struct visconti_pll_provider Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data Ville Syrjälä <ville.syrjala(a)linux.intel.com> powercap: intel_rapl: Downgrade BIOS locked limits pr_warn() to pr_debug() Christian Marangi <ansuelsmth(a)gmail.com> cpufreq: stats: Fix buffer overflow detection in trans_stats() Helge Deller <deller(a)gmx.de> parisc/power: Add power soft-off when running on qemu Helge Deller <deller(a)gmx.de> parisc/pdc: Add width field to struct pdc_model Helge Deller <deller(a)gmx.de> parisc/agp: Use 64-bit LE values in SBA IOMMU PDIR table Pengfei Li <pengfei.li_1(a)nxp.com> pmdomain: imx: Make imx pgc power domain also set the fwnode Maria Yu <quic_aiquny(a)quicinc.com> arm64: module: Fix PLT counting when CONFIG_RANDOMIZE_BASE=n Nathan Chancellor <nathan(a)kernel.org> arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Tomeu Vizoso <tomeu(a)tomeuvizoso.net> pmdomain: amlogic: Fix mask for the second NNA mem PD domain Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: keystone: Don't discard .probe() callback Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: keystone: Don't discard .remove() callback Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Rollback init_trusted() consistently Sumit Garg <sumit.garg(a)linaro.org> KEYS: trusted: tee: Refactor register SHM usage Maíra Canal <mcanal(a)igalia.com> pmdomain: bcm: bcm2835-power: check if the ASB register is equal to enable Hao Jia <jiahao.os(a)bytedance.com> sched/core: Fix RQCF_ACT_SKIP leak Herve Codina <herve.codina(a)bootlin.com> genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware Rong Chen <rong.chen(a)amlogic.com> mmc: meson-gx: Remove setting of CMD_CFG_ERROR Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dfs-radar and temperature event locking Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix htt mlo-offset event locking Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix gtk offload status event locking Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix htt pktlog locking Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dfs radar event locking Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix temperature event locking Mark Brown <broonie(a)kernel.org> regmap: Ensure range selector registers are updated after cache sync Werner Sembach <wse(a)tuxedocomputers.com> ACPI: resource: Do IRQ override on TongFang GMxXGxx John David Anglin <dave(a)parisc-linux.org> parisc: Add nop instructions after TLB inserts SeongJae Park <sj(a)kernel.org> mm/damon/sysfs: check error from damon_sysfs_update_target() Hyeongtak Ji <hyeongtak.ji(a)sk.com> mm/damon/core.c: avoid unintentional filtering out of schemes SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: handle tried regions sysfs directory allocation failure SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: handle tried region directory allocation failure SeongJae Park <sj(a)kernel.org> mm/damon/core: avoid divide-by-zero during monitoring results update SeongJae Park <sj(a)kernel.org> mm/damon: implement a function for max nr_accesses safe calculation SeongJae Park <sj(a)kernel.org> mm/damon/ops-common: avoid divide-by-zero during region hotness calculation SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation Mikulas Patocka <mpatocka(a)redhat.com> dm crypt: account large pages in cc->n_allocated_pages Helge Deller <deller(a)gmx.de> fbdev: stifb: Make the STI next font pointer a 32-bit signed offset Koichiro Den <den(a)valinux.co.jp> iommufd: Fix missing update of domains_itree after splitting iopt_area Krister Johansen <kjlx(a)templeofstupid.com> watchdog: move softlockup_panic back to early_param SeongJae Park <sj(a)kernel.org> mm/damon/sysfs: update monitoring target regions for online input commit SeongJae Park <sj(a)kernel.org> mm/damon/sysfs: remove requested targets when online-commit inputs Lukas Wunner <lukas(a)wunner.de> PCI/sysfs: Protect driver's D3cold preference from user space David Woodhouse <dwmw(a)amazon.co.uk> hvc/xen: fix event channel handling for secondary consoles David Woodhouse <dwmw(a)amazon.co.uk> hvc/xen: fix error path in xen_hvc_init() to always register frontend driver David Woodhouse <dwmw(a)amazon.co.uk> hvc/xen: fix console unplug Roger Pau Monne <roger.pau(a)citrix.com> acpi/processor: sanitize _OSC/_PDC capabilities for Xen dom0 Pavel Krasavin <pkrasavin(a)imaqliq.com> tty: serial: meson: fix hard LOCKUP on crtscts mode Muhammad Usama Anjum <usama.anjum(a)collabora.com> tty/sysrq: replace smp_processor_id() with get_cpu() Krister Johansen <kjlx(a)templeofstupid.com> proc: sysctl: prevent aliased sysctls from getting passed to init Paul Moore <paul(a)paul-moore.com> audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() Paul Moore <paul(a)paul-moore.com> audit: don't take task_lock() in audit_exe_compare() code path Johannes Weiner <hannes(a)cmpxchg.org> sched: psi: fix unprivileged polling against cgroups Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9755: Mask the replay timer timeout of AER Haitao Shan <hshan(a)google.com> KVM: x86: Fix lapic timer interrupt lost after loading a snapshot. Tao Su <tao1.su(a)linux.intel.com> KVM: x86: Clear bit12 of ICR after APIC-write VM-exit Maciej S. Szmigiero <maciej.szmigiero(a)oracle.com> KVM: x86: Ignore MSR_AMD64_TW_CFG access Nicolas Saenz Julienne <nsaenz(a)amazon.com> KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space Pu Wen <puwen(a)hygon.cn> x86/cpu/hygon: Fix the CPU topology evaluation for real Koichiro Den <den(a)valinux.co.jp> x86/apic/msi: Fix misconfigured non-maskable MSI quirk Mario Limonciello <mario.limonciello(a)amd.com> x86/PCI: Avoid PME from D3hot/D3cold for AMD Rembrandt and Phoenix USB4 Roxana Nicolescu <roxana.nicolescu(a)canonical.com> crypto: x86/sha - load modules based on CPU features Rick Edgecombe <rick.p.edgecombe(a)intel.com> x86/shstk: Delay signal entry SSP write until after user accesses Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix system crash due to bad pointer access Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: qcom: Update PHY settings only when scaling to higher gears Chandrakanth patil <chandrakanth.patil(a)broadcom.com> scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix loop logic Shung-Hsi Yu <shung-hsi.yu(a)suse.com> bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END Hao Sun <sunhao.th(a)gmail.com> bpf: Fix check_stack_write_fixed_off() to correctly spill imm Mark Hasemeyer <markhas(a)chromium.org> spi: Fix null dereference on suspend Kees Cook <keescook(a)chromium.org> randstruct: Fix gcc-plugin performance mode to stay in group Nicholas Piggin <npiggin(a)gmail.com> powerpc/perf: Fix disabling BHRB and instruction sampling Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix async branch flags Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add checks to perform sanity on queue pointers Alexandre Ghiti <alexghiti(a)rivosinc.com> drivers: perf: Check find_first_bit() return value Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf: arm_cspmu: Reject events meant for other PMUs Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> i915/perf: Fix NULL deref bugs with drm_dbg() calls Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix cpuctx refcounting Ekaterina Esina <eesina(a)astralinux.ru> cifs: fix check of rc in function generate_smb3signingkey Anastasia Belova <abelova(a)astralinux.ru> cifs: spnego: add ';' in HOST_KEY_LEN Naomi Chu <naomi.chu(a)mediatek.com> scsi: ufs: core: Expand MCQ queue slot to DeviceQueueDepth + 1 Chen Yu <yu.c.chen(a)intel.com> tools/power/turbostat: Enable the C-state Pre-wake printing Zhang Rui <rui.zhang(a)intel.com> tools/power/turbostat: Fix a knl bug Vlad Buslov <vladbu(a)nvidia.com> macvlan: Don't propagate promisc change to lower dev in passthru Xin Long <lucien.xin(a)gmail.com> net: sched: do not offload flows with a helper in act_ct Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Check return value of snprintf writing to fw_version buffer Saeed Mahameed <saeedm(a)nvidia.com> net/mlx5e: Reduce the size of icosq_str Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5: Increase size of irq name buffer Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Update doorbell for port timestamping CQ before the software counter Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Track xmit submission to PTP WQ after populating metadata map Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Avoid referencing skb after free-ing in drop path of mlx5e_sq_xmit_wqe Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Don't modify the peer sent-to-vport rules for IPSec offload Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Fix pedit endianness Gavin Li <gavinl(a)nvidia.com> net/mlx5e: fix double free of encap_header in update funcs Dust Li <dust.li(a)linux.alibaba.com> net/mlx5e: fix double free of encap_header Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5: Decouple PHC .adjtime and .adjphase implementations Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Free used cpus mask when an IRQ is released Itamar Gozlan <igozlan(a)nvidia.com> Revert "net/mlx5: DR, Supporting inline WQE when possible" Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval Ziwei Xiao <ziweixiao(a)google.com> gve: Fixes for napi_poll when budget is 0 Shannon Nelson <shannon.nelson(a)amd.com> pds_core: fix up some format-truncation complaints Shannon Nelson <shannon.nelson(a)amd.com> pds_core: use correct index to mask irq Baruch Siach <baruch(a)tkos.co.il> net: stmmac: avoid rx queue overrun Baruch Siach <baruch(a)tkos.co.il> net: stmmac: fix rx budget limit check Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: bogus ENOENT when destroying element which does not exist Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Linkui Xiao <xiaolinkui(a)kylinos.cn> netfilter: nf_conntrack_bridge: initialize err to 0 Eric Dumazet <edumazet(a)google.com> af_unix: fix use-after-free in unix_stream_read_actor() Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Fix MTU max setting Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Handle large frames Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Fix max RX frame define Eric Dumazet <edumazet(a)google.com> bonding: stop the device in bond_setup_by_slave() Eric Dumazet <edumazet(a)google.com> ptp: annotate data-race around q->head and q->tail Christoph Hellwig <hch(a)infradead.org> blk-mq: make sure active queue usage is held for bio_integrity_prep() Juergen Gross <jgross(a)suse.com> xen/events: fix delayed eoi list handling Willem de Bruijn <willemb(a)google.com> ppp: limit MRU to 64K Sven Auhagen <sven.auhagen(a)voleatech.de> net: mvneta: fix calls to page_pool_get_stats Shigeru Yoshida <syoshida(a)redhat.com> tipc: Fix kernel-infoleak due to uninitialized TLV value Jijie Shao <shaojijie(a)huawei.com> net: hns3: fix VF wrong speed and duplex issue Jijie Shao <shaojijie(a)huawei.com> net: hns3: fix VF reset fail issue Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs Jian Shen <shenjian15(a)huawei.com> net: hns3: fix incorrect capability bit display for copper port Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: add barrier in vf mailbox reply process Jian Shen <shenjian15(a)huawei.com> net: hns3: fix add VLAN fail issue Juergen Gross <jgross(a)suse.com> xen/events: avoid using info_for_irq() in xen_send_IPI_one() Jan Kiszka <jan.kiszka(a)siemens.com> net: ti: icssg-prueth: Fix error cleanup on failing pruss_request_mem_region Jan Kiszka <jan.kiszka(a)siemens.com> net: ti: icssg-prueth: Add missing icss_iep_put to error path Shigeru Yoshida <syoshida(a)redhat.com> tty: Fix uninit-value access in ppp_sync_receive() Eric Dumazet <edumazet(a)google.com> ipvlan: add ipvlan_route_v6_outbound() helper Stanislav Fomichev <sdf(a)google.com> net: set SOCK_RCU_FREE before inserting socket into hashtable Andrii Nakryiko <andrii(a)kernel.org> bpf: fix control-flow graph checking in privileged mode Andrii Nakryiko <andrii(a)kernel.org> bpf: fix precision backtracking instruction iteration Andrii Nakryiko <andrii(a)kernel.org> bpf: handle ldimm64 properly in check_cfg() Kees Cook <keescook(a)chromium.org> gcc-plugins: randstruct: Only warn about true flexible arrays Dan Carpenter <dan.carpenter(a)linaro.org> vhost-vdpa: fix use after free in vhost_vdpa_probe() Stefano Garzarella <sgarzare(a)redhat.com> vdpa_sim_blk: allocate the buffer zeroed Christoph Hellwig <hch(a)lst.de> riscv: split cache ops out of dma-noncoherent.c Nirmoy Das <nirmoy.das(a)intel.com> drm/i915/tc: Fix -Wformat-truncation in intel_tc_port_init Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Silence "suspicious RCU usage in gfs2_permission" warning Nam Cao <namcaov(a)gmail.com> riscv: provide riscv-specific is_trap_insn() Andrew Jones <ajones(a)ventanamicro.com> RISC-V: hwprobe: Fix vDSO SIGSEGV felix <fuzhen5(a)huawei.com> SUNRPC: Fix RPC client cleaned up the freed pipefs dentries Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO Dan Carpenter <dan.carpenter(a)linaro.org> SUNRPC: Add an IS_ERR() check back to where it was Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking Arnd Bergmann <arnd(a)arndb.de> drm/i915/mtl: avoid stringop-overflow warning Yi Yang <yiyang13(a)huawei.com> mtd: rawnand: meson: check return value of devm_kasprintf() Yi Yang <yiyang13(a)huawei.com> mtd: rawnand: intel: check return value of devm_kasprintf() Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: ECONNRESET might require a rebind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: serial: fix regex pattern for matching serial node children Jinghao Jia <jinghao(a)linux.ibm.com> samples/bpf: syscall_tp_user: Fix array out-of-bound access Jinghao Jia <jinghao(a)linux.ibm.com> samples/bpf: syscall_tp_user: Rename num_progs into nr_tests Finn Thain <fthain(a)linux-m68k.org> sched/core: Optimize in_task() and in_interrupt() a bit Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: Use FW rate for non-data frames Yi Yang <yiyang13(a)huawei.com> mtd: rawnand: tegra: add missing check for platform_get_irq() Dan Carpenter <dan.carpenter(a)linaro.org> pwm: Fix double shift bug Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu: fix software pci_unplug on some chips Alex Spataru <alex_spataru(a)outlook.com> ALSA: hda/realtek: Add quirk for ASUS UX7602ZM Zongmin Zhou <zhouzongmin(a)kylinos.cn> drm/qxl: prevent memory leak Tony Lindgren <tony(a)atomide.com> ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings Philipp Stanner <pstanner(a)redhat.com> i2c: dev: copy userspace array safely Deepak Gupta <debug(a)rivosinc.com> riscv: VMAP_STACK overflow detection thread-safe Douglas Anderson <dianders(a)chromium.org> kgdb: Flush console before entering kgdb on panic Juntong Deng <juntong.deng(a)outlook.com> gfs2: Fix slab-use-after-free in gfs2_qd_dealloc Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Avoid NULL dereference of timing generator Takashi Iwai <tiwai(a)suse.de> media: imon: fix access to invalid resource for the second interface Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix driver quirk struct documentation Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> media: cobalt: Use FIELD_GET() to extract Link Width Al Viro <viro(a)zeniv.linux.org.uk> gfs2: fix an oops in gfs2_permission Bob Peterson <rpeterso(a)redhat.com> gfs2: ignore negated quota changes Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: ipu-bridge: increase sensor_name size Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: avoid integer overflow Rajeshwar R Shinde <coolrrsh(a)gmail.com> media: gspca: cpia1: shift-out-of-bounds in set_flicker Billy Tsai <billy_tsai(a)aspeedtech.com> i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. zhenwei pi <pizhenwei(a)bytedance.com> virtio-blk: fix implicit overflow on virtio_max_dma_size Axel Lin <axel.lin(a)ingics.com> i2c: sun6i-p2wi: Prevent potential division by zero Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: fix memleak in i2c_new_client_device() Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: i801: Add support for Intel Birch Stream SoC Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Dominique Martinet <asmadeus(a)codewreck.org> 9p: v9fs_listxattr: fix %s null argument warning Marco Elver <elver(a)google.com> 9p/trans_fd: Annotate data-racy writes to file::f_flags Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: gadget: f_ncm: Always set current gadget in ncm_bind() Wesley Cheng <quic_wcheng(a)quicinc.com> usb: host: xhci: Avoid XHCI resume delay if SSUSB device is not present Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix error handling of __get_node_page Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix error path of __f2fs_build_free_nids Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: dmi-quirks: update HP Omen match Neil Armstrong <neil.armstrong(a)linaro.org> usb: ucsi: glink: use the connector orientation GPIO to provide switch events Stanley Chang <stanley_chang(a)realtek.com> usb: dwc3: core: configure TX/RX threshold for DWC3_IP Konrad Dybcio <konrad.dybcio(a)linaro.org> phy: qualcomm: phy-qcom-eusb2-repeater: Zero out untouched tuning regs Konrad Dybcio <konrad.dybcio(a)linaro.org> phy: qualcomm: phy-qcom-eusb2-repeater: Use regmap_fields Konrad Dybcio <konrad.dybcio(a)linaro.org> dt-bindings: phy: qcom,snps-eusb2-repeater: Add magic tuning overrides Yi Yang <yiyang13(a)huawei.com> tty: vcc: Add check for kstrdup() in vcc_probe() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Apply USB 3.x bandwidth quirk only in software connection manager Zhang Shurong <zhang_shurong(a)foxmail.com> iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() Jarkko Nikula <jarkko.nikula(a)linux.intel.com> mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: support handle zero-size directory Jiri Kosina <jkosina(a)suse.cz> HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W Longfang Liu <liulongfang(a)huawei.com> crypto: hisilicon/qm - prevent soft lockup in receive loop Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk Bjorn Helgaas <bhelgaas(a)google.com> PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> PCI: dwc: Add missing PCI_EXP_LNKCAP_MLW handling Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> PCI: dwc: Add dw_pcie_link_set_max_link_width() Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Disable ATS for specific Intel IPU E2000 devices Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Extract ATS disabling to a helper function Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Use FIELD_GET() to extract Link Width Wenchao Hao <haowenchao2(a)huawei.com> scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Do error check on own line to split long "if" conditions Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> atm: iphase: Do PCI error checks on own line Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: mvebu: Use FIELD_PREP() with Link Width Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields Linus Walleij <linus.walleij(a)linaro.org> gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Fix possible null-ptr-deref when assigning a stream Vincent Whitchurch <vincent.whitchurch(a)axis.com> ARM: 9320/1: fix stack depot IRQ stack filter Mikhail Khvainitski <me(a)khvoinitsky.org> HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in diAlloc Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbFindLeaf Juntong Deng <juntong.deng(a)outlook.com> fs/jfs: Add validity check for db_maxag and db_agpref Juntong Deng <juntong.deng(a)outlook.com> fs/jfs: Add check for negative db_l2nbperpage Tyrel Datwyler <tyreld(a)linux.ibm.com> scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> RDMA/hfi1: Use FIELD_GET() to extract Link Width Rander Wang <rander.wang(a)intel.com> ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Move USB IDs out from device_info struct Lu Jialin <lujialin4(a)huawei.com> crypto: pcrypt - Fix hungtask for PADATA_RESET Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Use PCI SSID as the firmware UID Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Copy PCI SSID to struct snd_soc_card Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: SOF: Pass PCI SSID to machine driver Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: soc-card: Add storage for PCI SSID Trevor Wu <trevor.wu(a)mediatek.com> ASoC: mediatek: mt8188-mt6359: support dynamic pinctrl zhujun2 <zhujun2(a)cmss.chinamobile.com> selftests/efivarfs: create-read: fix a resource leak Laurentiu Tudor <laurentiu.tudor(a)nxp.com> arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size John Clark <inindev(a)gmail.com> arm64: dts: rockchip: Add NanoPC T6 PCIe e-key support Lu Hongfei <luhongfei(a)vivo.com> soc: qcom: pmic: Fix resource leaks in a device_for_each_child_node() loop Lin.Cao <lincao12(a)amd.com> drm/amd: check num of link levels when update pcie param Samson Tam <samson.tam(a)amd.com> drm/amd/display: fix num_ways overflow error Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not supported Qu Huang <qu.huang(a)linux.dev> drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL Jesse Zhang <jesse.zhang(a)amd.com> drm/amdkfd: Fix shift out-of-bounds issue Ondrej Jirman <megi(a)xff.cz> drm/panel: st7703: Pick different reset sequence Ma Ke <make_ruc2021(a)163.com> drm/amdgpu/vkms: fix a possible null pointer dereference Ma Ke <make_ruc2021(a)163.com> drm/radeon: fix a possible null pointer dereference Ma Ke <make_ruc2021(a)163.com> drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference Ma Ke <make_ruc2021(a)163.com> drm/panel: fix a possible null pointer dereference Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Fix potential null pointer derefernce Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 Jani Nikula <jani.nikula(a)intel.com> drm/msm/dp: skip validity check for DP CTS EDID checksum Philipp Stanner <pstanner(a)redhat.com> drm: vmwgfx_surface.c: copy user-array safely Philipp Stanner <pstanner(a)redhat.com> drm_lease.c: copy user-array safely Philipp Stanner <pstanner(a)redhat.com> kernel: watch_queue: copy user-array safely Philipp Stanner <pstanner(a)redhat.com> kernel: kexec: copy user-array safely Philipp Stanner <pstanner(a)redhat.com> string.h: add array-wrappers for (v)memdup_user() Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: use full update for clip size increase of large plane source Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update retry times for psp vmbx wait Xiaogang Chen <xiaogang.chen(a)amd.com> drm/amdkfd: Fix a race condition of vram buffer unref in svm code David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu: not to save bo in the case of RAS err_event_athub Yu Kuai <yukuai3(a)huawei.com> md: don't rely on 'mddev->pers' to be set in mddev_suspend() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/edid: Fixup h/vsync_end instead of h/vtotal Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: add seamless pipe topology transition check Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Don't lock phantom pipe on disabling Alvin Lee <Alvin.Lee2(a)amd.com> drm/amd/display: Blank phantom OTG before enabling baozhu.liu <lucas.liu(a)siengine.com> drm/komeda: drop all currently held locks if deadlock happens Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: ratelimited SQ interrupt messages Sui Jingfeng <suijingfeng(a)loongson.cn> drm/gma500: Fix call trace when psb_gem_mm_init() fails Olli Asikainen <olli.asikainen(a)gmail.com> platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Herve Codina <herve.codina(a)bootlin.com> of: address: Fix address translation when address-size is greater than 2 Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: kunit: initialize lock for fake ec_dev Hans de Goede <hdegoede(a)redhat.com> gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010 Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Fix tsnep_request_irq() format-overflow warning Jonathan Denose <jdenose(a)chromium.org> ACPI: EC: Add quirk for HP 250 G7 Notebook PC ZhengHan Wang <wzhmmmmm(a)gmail.com> Bluetooth: Fix double free in hci_conn_cleanup youwan Wang <wangyouwan(a)126.com> Bluetooth: btusb: Add date->evt_skb is NULL check Gregory Greenman <gregory.greenman(a)intel.com> wifi: iwlwifi: mvm: fix size check for fw_link_id Andrii Nakryiko <andrii(a)kernel.org> bpf: Ensure proper register state printing for cond jumps Arseniy Krasnov <avkrasnov(a)salutedevices.com> vsock: read from socket's error queue Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: sfp: add quirk for FS's 2.5G copper SFP Douglas Anderson <dianders(a)chromium.org> wifi: ath10k: Don't touch the CE interrupt registers after power up Ma Ke <make_ruc2021(a)163.com> wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register() Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_dst_pending_confirm Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_tx_queue_mapping Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mt76: fix clang-specific fortify warnings Ingo Rohloff <lundril(a)gmx.de> wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023) Christian Marangi <ansuelsmth(a)gmail.com> net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI Shiju Jose <shiju.jose(a)huawei.com> ACPI: APEI: Fix AER info corruption when error status data has multiple sections Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath10k: fix clang-specific fortify warning Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix clang-specific fortify warnings Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Detect IP == ksym.end as part of BPF program Sieng-Piaw Liew <liew.s.piaw(a)gmail.com> atl1c: Work around the DMA RX overflow issue Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: don't return unset power in ieee80211_get_tx_power() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211_hwsim: fix clang-specific fortify warning Harshitha Prem <quic_hprem(a)quicinc.com> wifi: ath12k: Ignore fragments from uninitialized peer in dp Dmitry Antipov <dmantipov(a)yandex.ru> wifi: plfxlc: fix clang-specific fortify warning Mike Rapoport (IBM) <rppt(a)kernel.org> x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size Frederic Weisbecker <frederic(a)kernel.org> workqueue: Provide one lock class key per work_on_cpu() callsite Ran Xiaokai <ran.xiaokai(a)zte.com.cn> cpu/hotplug: Don't offline the last non-isolated CPU Rik van Riel <riel(a)surriel.com> smp,csd: Throw an error if a CSD lock is stuck for too long Frederic Weisbecker <frederic(a)kernel.org> srcu: Only accelerate on enqueue time Ronald Wahl <ronald.wahl(a)raritan.com> clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/timer-imx-gpt: Fix potential memory leak Ricardo Cañuelo <ricardo.canuelo(a)collabora.com> selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config Denis Arefev <arefev(a)swemel.ru> srcu: Fix srcu_struct node grpmask overflow on 64-bit systems Zhen Lei <thunder.leizhen(a)huawei.com> rcu: Dump memory object info if callback function is invalid Shuai Xue <xueshuai(a)linux.alibaba.com> perf/core: Bail out early if the request AUX area is out of bound Josh Poimboeuf <jpoimboe(a)kernel.org> x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN Kent Overstreet <kent.overstreet(a)gmail.com> lib/generic-radix-tree.c: Don't overflow in peek() Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on generation mismatch when marking eb as dirty John Stultz <jstultz(a)google.com> locking/ww_mutex/test: Fix potential workqueue corruption ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 7 + .../bindings/phy/qcom,snps-eusb2-repeater.yaml | 21 +++ .../devicetree/bindings/serial/serial.yaml | 2 +- .../devicetree/bindings/timer/renesas,rz-mtu3.yaml | 38 ++-- Documentation/i2c/busses/i2c-i801.rst | 1 + Makefile | 4 +- arch/arm/include/asm/exception.h | 4 - arch/arm64/Kconfig | 2 + arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi | 46 +++-- arch/arm64/boot/dts/qcom/ipq5332.dtsi | 2 +- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 4 +- arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +- arch/arm64/boot/dts/qcom/ipq9574.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3588-nanopc-t6.dts | 28 +++ arch/arm64/kernel/module-plts.c | 6 - arch/loongarch/include/asm/percpu.h | 10 +- arch/mips/mm/cache.c | 2 +- arch/parisc/Kconfig | 6 +- arch/parisc/include/asm/elf.h | 10 +- arch/parisc/include/asm/processor.h | 2 + arch/parisc/include/uapi/asm/pdc.h | 1 + arch/parisc/kernel/entry.S | 88 +++++---- arch/parisc/kernel/head.S | 5 +- arch/parisc/kernel/sys_parisc.c | 2 +- arch/powerpc/perf/core-book3s.c | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 +- arch/riscv/include/asm/asm-prototypes.h | 1 - arch/riscv/include/asm/asm.h | 22 +++ arch/riscv/include/asm/hwprobe.h | 5 + arch/riscv/include/asm/page.h | 4 +- arch/riscv/include/asm/thread_info.h | 3 - arch/riscv/include/asm/vdso/processor.h | 2 +- arch/riscv/kernel/asm-offsets.c | 1 + arch/riscv/kernel/entry.S | 72 ++------ arch/riscv/kernel/probes/simulate-insn.c | 2 +- arch/riscv/kernel/probes/uprobes.c | 6 + arch/riscv/kernel/traps.c | 36 +--- arch/riscv/kernel/vdso/hwprobe.c | 2 +- arch/riscv/mm/Makefile | 1 + arch/riscv/mm/cache-ops.c | 17 ++ arch/riscv/mm/dma-noncoherent.c | 15 -- arch/riscv/mm/ptdump.c | 3 + arch/s390/mm/gmap.c | 24 ++- arch/s390/mm/page-states.c | 25 ++- arch/s390/mm/pgalloc.c | 1 + arch/s390/mm/vmem.c | 8 +- arch/x86/crypto/sha1_ssse3_glue.c | 12 ++ arch/x86/crypto/sha256_ssse3_glue.c | 12 ++ arch/x86/include/asm/acpi.h | 14 ++ arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/numa.h | 7 - arch/x86/include/asm/xen/hypervisor.h | 9 + arch/x86/kernel/apic/msi.c | 8 +- arch/x86/kernel/cpu/bugs.c | 4 +- arch/x86/kernel/cpu/hygon.c | 8 +- arch/x86/kernel/signal_64.c | 6 +- arch/x86/kvm/hyperv.c | 10 +- arch/x86/kvm/lapic.c | 30 ++-- arch/x86/kvm/vmx/vmx.c | 4 +- arch/x86/kvm/x86.c | 2 + arch/x86/mm/numa.c | 7 - arch/x86/pci/fixup.c | 59 ++++++ block/blk-mq.c | 75 ++++---- crypto/pcrypt.c | 4 + drivers/acpi/acpi_fpdt.c | 45 ++++- drivers/acpi/apei/ghes.c | 23 ++- drivers/acpi/ec.c | 10 ++ drivers/acpi/resource.c | 12 ++ drivers/atm/iphase.c | 20 ++- drivers/base/dd.c | 2 +- drivers/base/regmap/regcache.c | 30 ++++ drivers/block/virtio_blk.c | 4 +- drivers/bluetooth/btusb.c | 7 + drivers/char/agp/parisc-agp.c | 16 +- drivers/clk/qcom/gcc-ipq6018.c | 6 - drivers/clk/qcom/gcc-ipq8074.c | 6 - drivers/clk/socfpga/stratix10-clk.h | 4 +- drivers/clk/visconti/pll.h | 4 +- drivers/clocksource/timer-atmel-tcb.c | 1 + drivers/clocksource/timer-imx-gpt.c | 18 +- drivers/cpufreq/cpufreq_stats.c | 14 +- drivers/crypto/hisilicon/qm.c | 2 + drivers/cxl/core/port.c | 34 ++-- drivers/cxl/core/region.c | 23 ++- drivers/dma/stm32-mdma.c | 4 +- drivers/firmware/qcom_scm.c | 7 + drivers/gpio/gpiolib-acpi.c | 20 +++ drivers/gpio/gpiolib-of.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 23 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 16 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 35 ++-- drivers/gpu/drm/amd/amdgpu/nbio_v2_3.c | 5 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 13 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 24 +-- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 29 ++- drivers/gpu/drm/amd/display/dc/core/dc.c | 78 +++----- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 4 +- drivers/gpu/drm/amd/display/dc/dc.h | 5 + drivers/gpu/drm/amd/display/dc/dc_types.h | 1 + .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 10 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 108 ++++++++++- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.h | 9 + drivers/gpu/drm/amd/display/dc/dcn32/dcn32_init.c | 2 + drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h | 8 + .../gpu/drm/amd/display/dc/link/link_detection.c | 3 + drivers/gpu/drm/amd/display/dmub/dmub_srv.h | 22 ++- drivers/gpu/drm/amd/display/dmub/src/dmub_srv.c | 50 ++++-- drivers/gpu/drm/amd/include/pptable.h | 4 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 8 +- .../gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 16 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 2 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 10 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 9 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 40 +---- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 9 +- .../drm/arm/display/komeda/komeda_pipeline_state.c | 9 +- drivers/gpu/drm/bridge/ite-it66121.c | 4 +- drivers/gpu/drm/drm_edid.c | 18 +- drivers/gpu/drm/drm_lease.c | 4 +- drivers/gpu/drm/gma500/psb_drv.h | 1 + drivers/gpu/drm/gma500/psb_irq.c | 5 + drivers/gpu/drm/i915/display/intel_cdclk.c | 12 ++ drivers/gpu/drm/i915/display/intel_dp.c | 2 +- drivers/gpu/drm/i915/display/intel_tc.c | 11 +- drivers/gpu/drm/i915/gem/i915_gem_context.c | 1 + drivers/gpu/drm/i915/gt/intel_ggtt.c | 35 ++-- drivers/gpu/drm/i915/gt/intel_rc6.c | 16 +- drivers/gpu/drm/i915/i915_perf.c | 15 +- drivers/gpu/drm/mediatek/mtk_dp.c | 6 +- drivers/gpu/drm/msm/dp/dp_panel.c | 21 +-- drivers/gpu/drm/panel/panel-arm-versatile.c | 2 + drivers/gpu/drm/panel/panel-sitronix-st7703.c | 25 +-- drivers/gpu/drm/panel/panel-tpo-tpg110.c | 2 + drivers/gpu/drm/qxl/qxl_display.c | 3 + drivers/gpu/drm/radeon/radeon_connectors.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 4 +- drivers/hid/hid-ids.h | 2 +- drivers/hid/hid-lenovo.c | 118 ++++++++---- drivers/hid/hid-logitech-dj.c | 11 +- drivers/hid/hid-quirks.c | 1 + drivers/i2c/busses/Kconfig | 1 + drivers/i2c/busses/i2c-designware-master.c | 19 +- drivers/i2c/busses/i2c-i801.c | 22 +-- drivers/i2c/busses/i2c-pxa.c | 76 +++++++- drivers/i2c/busses/i2c-sun6i-p2wi.c | 5 + drivers/i2c/i2c-core-base.c | 13 +- drivers/i2c/i2c-core.h | 2 +- drivers/i2c/i2c-dev.c | 4 +- drivers/i3c/master/i3c-master-cdns.c | 6 +- drivers/i3c/master/mipi-i3c-hci/dat_v1.c | 29 +-- drivers/i3c/master/mipi-i3c-hci/dma.c | 2 +- drivers/i3c/master/svc-i3c-master.c | 54 +++++- drivers/iio/adc/stm32-adc-core.c | 9 +- drivers/infiniband/hw/hfi1/pcie.c | 9 +- drivers/iommu/iommufd/io_pagetable.c | 10 ++ drivers/leds/trigger/ledtrig-netdev.c | 6 +- drivers/mcb/mcb-core.c | 1 + drivers/mcb/mcb-parse.c | 2 +- drivers/md/dm-bufio.c | 87 ++++++--- drivers/md/dm-crypt.c | 15 +- drivers/md/dm-verity-fec.c | 4 +- drivers/md/dm-verity-target.c | 23 +-- drivers/md/dm-verity.h | 2 +- drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 2 +- drivers/media/i2c/ccs/ccs-quirk.h | 4 +- drivers/media/pci/cobalt/cobalt-driver.c | 11 +- .../media/platform/qcom/camss/camss-csid-gen2.c | 11 +- .../platform/qcom/camss/camss-csiphy-3ph-1-0.c | 2 +- drivers/media/platform/qcom/camss/camss-vfe-170.c | 22 +-- drivers/media/platform/qcom/camss/camss-vfe-480.c | 22 +-- drivers/media/platform/qcom/camss/camss-vfe.c | 5 +- drivers/media/platform/qcom/camss/camss.c | 12 +- drivers/media/platform/qcom/venus/hfi_msgs.c | 2 +- drivers/media/platform/qcom/venus/hfi_parser.c | 15 ++ drivers/media/platform/qcom/venus/hfi_venus.c | 10 ++ drivers/media/rc/imon.c | 6 + drivers/media/rc/ir-sharp-decoder.c | 8 +- drivers/media/rc/lirc_dev.c | 6 +- drivers/media/test-drivers/vivid/vivid-rds-gen.c | 2 +- drivers/media/usb/gspca/cpia1.c | 3 + drivers/mfd/intel-lpss-pci.c | 13 ++ drivers/mfd/qcom-spmi-pmic.c | 101 ++++++++--- drivers/misc/pci_endpoint_test.c | 4 + drivers/mmc/core/block.c | 4 +- drivers/mmc/core/card.h | 4 + drivers/mmc/core/mmc.c | 8 +- drivers/mmc/core/quirks.h | 7 +- drivers/mmc/host/meson-gx-mmc.c | 1 - drivers/mmc/host/sdhci-pci-gli.c | 30 ++++ drivers/mmc/host/sdhci_am654.c | 2 +- drivers/mmc/host/vub300.c | 1 + drivers/mtd/chips/cfi_cmdset_0001.c | 20 ++- drivers/mtd/nand/raw/intel-nand-controller.c | 10 ++ drivers/mtd/nand/raw/meson_nand.c | 3 + drivers/mtd/nand/raw/tegra_nand.c | 4 + drivers/net/bonding/bond_main.c | 6 + drivers/net/dsa/lan9303_mdio.c | 4 +- drivers/net/ethernet/amd/pds_core/adminq.c | 2 +- drivers/net/ethernet/amd/pds_core/core.h | 2 +- drivers/net/ethernet/amd/pds_core/dev.c | 8 +- drivers/net/ethernet/amd/pds_core/devlink.c | 2 +- drivers/net/ethernet/atheros/atl1c/atl1c.h | 3 - drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 67 ++----- drivers/net/ethernet/cortina/gemini.c | 45 +++-- drivers/net/ethernet/cortina/gemini.h | 4 +- drivers/net/ethernet/engleder/tsnep.h | 2 +- drivers/net/ethernet/engleder/tsnep_main.c | 12 +- drivers/net/ethernet/google/gve/gve_main.c | 8 +- drivers/net/ethernet/google/gve/gve_rx.c | 4 - drivers/net/ethernet/google/gve/gve_tx.c | 4 - drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 9 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 33 +++- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 ++- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 7 + drivers/net/ethernet/marvell/mvneta.c | 28 ++- drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 20 ++- .../ethernet/mellanox/mlx5/core/en/reporter_rx.c | 4 +- .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 30 ++-- .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 13 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 60 ++++--- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/eq.c | 25 ++- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 3 +- .../net/ethernet/mellanox/mlx5/core/irq_affinity.c | 42 ----- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.h | 3 + .../ethernet/mellanox/mlx5/core/steering/dr_send.c | 115 ++---------- drivers/net/ethernet/realtek/r8169_main.c | 46 +++-- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 15 +- drivers/net/ipvlan/ipvlan_core.c | 41 +++-- drivers/net/macvlan.c | 2 +- drivers/net/phy/phylink.c | 1 + drivers/net/phy/sfp.c | 8 + drivers/net/ppp/ppp_synctty.c | 6 +- drivers/net/wireless/ath/ath10k/debug.c | 2 +- drivers/net/wireless/ath/ath10k/snoc.c | 18 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 8 +- drivers/net/wireless/ath/ath11k/wmi.c | 19 +- drivers/net/wireless/ath/ath12k/dp.c | 1 + drivers/net/wireless/ath/ath12k/dp_rx.c | 33 +++- drivers/net/wireless/ath/ath12k/mhi.c | 11 +- drivers/net/wireless/ath/ath12k/peer.h | 3 + drivers/net/wireless/ath/ath12k/wmi.c | 17 +- drivers/net/wireless/ath/ath9k/debug.c | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/link.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 14 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 2 + drivers/net/wireless/mediatek/mt76/mt792x_core.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 2 +- drivers/net/wireless/microchip/wilc1000/wlan.c | 2 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 2 +- drivers/net/wireless/virtual/mac80211_hwsim.c | 2 +- drivers/of/address.c | 30 +++- drivers/parisc/power.c | 16 +- drivers/pci/controller/dwc/pci-exynos.c | 4 +- drivers/pci/controller/dwc/pci-keystone.c | 8 +- drivers/pci/controller/dwc/pcie-designware.c | 93 +++++----- drivers/pci/controller/dwc/pcie-kirin.c | 4 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 17 ++ drivers/pci/controller/dwc/pcie-tegra194.c | 9 +- drivers/pci/controller/pci-mvebu.c | 2 +- drivers/pci/pci-acpi.c | 2 +- drivers/pci/pci-sysfs.c | 10 +- drivers/pci/pci.c | 22 +-- drivers/pci/pcie/aer.c | 10 ++ drivers/pci/pcie/aspm.c | 2 + drivers/pci/probe.c | 6 +- drivers/pci/quirks.c | 53 ++++-- drivers/perf/arm_cspmu/arm_cspmu.c | 3 + drivers/perf/riscv_pmu_sbi.c | 5 + drivers/phy/qualcomm/phy-qcom-eusb2-repeater.c | 131 ++++++++++---- drivers/platform/chrome/cros_ec_proto_test.c | 1 + drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/pmdomain/amlogic/meson-ee-pwrc.c | 2 +- drivers/pmdomain/bcm/bcm2835-power.c | 2 +- drivers/pmdomain/imx/gpc.c | 1 + drivers/powercap/intel_rapl_common.c | 2 +- drivers/ptp/ptp_chardev.c | 3 +- drivers/ptp/ptp_clock.c | 5 +- drivers/ptp/ptp_private.h | 8 +- drivers/ptp/ptp_sysfs.c | 3 +- drivers/s390/crypto/ap_bus.c | 4 + drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 13 +- drivers/scsi/ibmvscsi/ibmvfc.c | 124 ++++++++++++- drivers/scsi/libfc/fc_lport.c | 6 + drivers/scsi/megaraid/megaraid_sas_base.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 4 +- drivers/scsi/qla2xxx/qla_os.c | 12 +- drivers/soc/qcom/pmic_glink_altmode.c | 30 +++- drivers/soundwire/dmi-quirks.c | 2 +- drivers/spi/spi.c | 56 ++++-- drivers/thermal/intel/intel_powerclamp.c | 2 +- drivers/thunderbolt/quirks.c | 3 + drivers/tty/hvc/hvc_xen.c | 39 ++-- drivers/tty/serial/meson_uart.c | 14 +- drivers/tty/sysrq.c | 3 +- drivers/tty/vcc.c | 16 +- drivers/ufs/core/ufs-mcq.c | 5 +- drivers/ufs/core/ufshcd.c | 3 +- drivers/ufs/host/ufs-qcom.c | 9 +- drivers/usb/dwc3/core.c | 160 +++++++++++++---- drivers/usb/dwc3/core.h | 13 ++ drivers/usb/gadget/function/f_ncm.c | 27 ++- drivers/usb/host/xhci-pci.c | 4 +- drivers/usb/host/xhci.c | 12 +- drivers/usb/typec/ucsi/ucsi_glink.c | 54 +++++- drivers/vdpa/vdpa_sim/vdpa_sim_blk.c | 4 +- drivers/vhost/vdpa.c | 1 - drivers/watchdog/sbsa_gwdt.c | 4 +- drivers/xen/events/events_base.c | 16 +- drivers/xen/pcpu.c | 22 +++ fs/9p/xattr.c | 5 +- fs/btrfs/block-group.c | 4 +- fs/btrfs/ctree.c | 109 +++++------ fs/btrfs/ctree.h | 11 +- fs/btrfs/delalloc-space.c | 3 - fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/dev-replace.c | 2 +- fs/btrfs/dir-item.c | 8 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/disk-io.h | 3 +- fs/btrfs/extent-tree.c | 36 ++-- fs/btrfs/file-item.c | 17 +- fs/btrfs/file.c | 34 ++-- fs/btrfs/free-space-cache.c | 6 +- fs/btrfs/free-space-tree.c | 17 +- fs/btrfs/inode-item.c | 16 +- fs/btrfs/inode.c | 17 +- fs/btrfs/ioctl.c | 4 +- fs/btrfs/qgroup.c | 14 +- fs/btrfs/relocation.c | 10 +- fs/btrfs/root-tree.c | 4 +- fs/btrfs/tests/extent-buffer-tests.c | 6 +- fs/btrfs/tests/inode-tests.c | 12 +- fs/btrfs/tree-log.c | 12 +- fs/btrfs/uuid-tree.c | 6 +- fs/btrfs/volumes.c | 10 +- fs/btrfs/xattr.c | 8 +- fs/exfat/namei.c | 29 ++- fs/ext4/acl.h | 5 + fs/ext4/ext4.h | 3 +- fs/ext4/extents_status.c | 127 +++++++++---- fs/ext4/file.c | 169 ++++++++--------- fs/ext4/inode.c | 14 +- fs/ext4/mballoc.c | 39 +--- fs/ext4/resize.c | 23 ++- fs/ext4/super.c | 14 ++ fs/f2fs/compress.c | 2 +- fs/f2fs/extent_cache.c | 53 +++--- fs/f2fs/file.c | 9 + fs/f2fs/node.c | 18 +- fs/f2fs/xattr.c | 20 ++- fs/gfs2/inode.c | 14 +- fs/gfs2/ops_fstype.c | 4 +- fs/gfs2/quota.c | 11 ++ fs/gfs2/super.c | 12 +- fs/hugetlbfs/inode.c | 4 +- fs/jbd2/recovery.c | 8 + fs/jfs/jfs_dmap.c | 23 ++- fs/jfs/jfs_imap.c | 5 +- fs/nfs/nfs4proc.c | 12 +- fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfscache.c | 23 +-- fs/overlayfs/super.c | 2 +- fs/proc/proc_sysctl.c | 8 +- fs/quota/dquot.c | 14 ++ fs/smb/client/cached_dir.c | 84 +++++---- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifs_ioctl.h | 6 + fs/smb/client/cifs_spnego.c | 4 +- fs/smb/client/cifsfs.c | 1 + fs/smb/client/cifsglob.h | 12 +- fs/smb/client/cifspdu.h | 2 +- fs/smb/client/cifsproto.h | 9 +- fs/smb/client/connect.c | 17 +- fs/smb/client/dfs.c | 18 +- fs/smb/client/fs_context.h | 1 + fs/smb/client/inode.c | 4 + fs/smb/client/ioctl.c | 25 +++ fs/smb/client/namespace.c | 17 +- fs/smb/client/sess.c | 13 +- fs/smb/client/smb2misc.c | 2 +- fs/smb/client/smb2ops.c | 8 +- fs/smb/client/smb2transport.c | 5 +- fs/smb/client/transport.c | 11 +- fs/smb/client/xattr.c | 5 +- fs/smb/server/smb_common.c | 11 ++ fs/smb/server/smbacl.c | 29 ++- fs/smb/server/vfs.c | 23 +-- fs/xfs/xfs_inode_item_recover.c | 32 ++-- include/acpi/ghes.h | 4 + include/linux/bpf.h | 8 +- include/linux/damon.h | 7 + include/linux/ethtool.h | 4 +- include/linux/f2fs_fs.h | 1 + include/linux/generic-radix-tree.h | 7 + include/linux/irq.h | 26 +-- include/linux/lsm_hook_defs.h | 4 +- include/linux/mmc/card.h | 2 + include/linux/msi.h | 6 - include/linux/pci_ids.h | 2 + include/linux/perf_event.h | 13 +- include/linux/preempt.h | 15 +- include/linux/pwm.h | 4 +- include/linux/socket.h | 1 + include/linux/spi/spi.h | 1 + include/linux/string.h | 40 +++++ include/linux/sunrpc/clnt.h | 1 + include/linux/sysctl.h | 6 + include/linux/torture.h | 3 +- include/linux/workqueue.h | 46 ++++- include/media/ipu-bridge.h | 2 +- include/net/netfilter/nf_tables.h | 4 +- include/net/sock.h | 26 ++- include/net/tc_act/tc_ct.h | 9 + include/sound/soc-acpi.h | 7 + include/sound/soc-card.h | 37 ++++ include/sound/soc-dai.h | 1 + include/sound/soc.h | 11 ++ include/sound/sof.h | 8 + include/uapi/linux/prctl.h | 2 +- include/uapi/linux/vm_sockets.h | 17 ++ include/video/sticore.h | 2 +- init/Makefile | 1 + init/main.c | 4 + io_uring/fdinfo.c | 9 +- io_uring/sqpoll.c | 12 +- kernel/audit_watch.c | 9 +- kernel/bpf/core.c | 6 +- kernel/bpf/verifier.c | 83 ++++++--- kernel/cgroup/cgroup.c | 12 -- kernel/cpu.c | 11 +- kernel/debug/debug_core.c | 3 + kernel/dma/swiotlb.c | 28 +-- kernel/events/core.c | 17 ++ kernel/events/ring_buffer.c | 6 + kernel/irq/debugfs.c | 1 - kernel/irq/generic-chip.c | 25 ++- kernel/irq/msi.c | 12 +- kernel/kexec.c | 2 +- kernel/locking/test-ww_mutex.c | 20 ++- kernel/padata.c | 2 +- kernel/power/snapshot.c | 16 +- kernel/rcu/rcu.h | 7 + kernel/rcu/srcutiny.c | 1 + kernel/rcu/srcutree.c | 11 +- kernel/rcu/tasks.h | 1 + kernel/rcu/tiny.c | 1 + kernel/rcu/tree.c | 22 +++ kernel/rcu/tree.h | 4 + kernel/rcu/tree_stall.h | 20 ++- kernel/reboot.c | 1 + kernel/sched/core.c | 5 +- kernel/smp.c | 13 +- kernel/torture.c | 58 ++---- kernel/trace/trace_events_synth.c | 2 +- kernel/trace/trace_fprobe.c | 9 +- kernel/watch_queue.c | 2 +- kernel/watchdog.c | 7 + kernel/workqueue.c | 20 ++- lib/generic-radix-tree.c | 17 +- mm/cma.c | 2 +- mm/damon/core.c | 12 +- mm/damon/lru_sort.c | 4 +- mm/damon/ops-common.c | 5 +- mm/damon/sysfs-schemes.c | 5 + mm/damon/sysfs.c | 89 +++++---- mm/huge_memory.c | 16 +- mm/hugetlb.c | 2 +- mm/memcontrol.c | 3 +- mm/memory_hotplug.c | 2 +- mm/util.c | 10 ++ net/9p/client.c | 2 +- net/9p/trans_fd.c | 13 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_sysfs.c | 23 +-- net/bridge/netfilter/nf_conntrack_bridge.c | 2 +- net/core/sock.c | 2 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/tcp_output.c | 2 +- net/mac80211/cfg.c | 4 + net/mptcp/pm_netlink.c | 5 +- net/mptcp/protocol.c | 4 + net/mptcp/sockopt.c | 3 + net/ncsi/ncsi-aen.c | 5 - net/netfilter/nf_tables_api.c | 58 ++++-- net/netfilter/nft_byteorder.c | 5 +- net/netfilter/nft_meta.c | 2 +- net/sched/act_ct.c | 3 + net/sunrpc/clnt.c | 7 +- net/sunrpc/rpcb_clnt.c | 4 + net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 3 +- net/tipc/netlink_compat.c | 1 + net/unix/af_unix.c | 9 +- net/vmw_vsock/af_vsock.c | 6 + samples/bpf/syscall_tp_user.c | 45 +++-- scripts/Makefile.vmlinux | 1 + scripts/gcc-plugins/randomize_layout_plugin.c | 21 +-- scripts/gdb/linux/constants.py.in | 1 + scripts/gdb/linux/vmalloc.py | 8 +- security/apparmor/apparmorfs.c | 11 +- security/apparmor/audit.c | 71 ++++---- security/apparmor/capability.c | 29 +-- security/apparmor/domain.c | 97 ++++++---- security/apparmor/file.c | 199 +++++++++++++-------- security/apparmor/include/audit.h | 37 ++-- security/apparmor/include/capability.h | 3 +- security/apparmor/include/file.h | 17 +- security/apparmor/include/ipc.h | 4 +- security/apparmor/include/mount.h | 26 ++- security/apparmor/include/net.h | 19 +- security/apparmor/include/perms.h | 4 +- security/apparmor/include/policy.h | 9 +- security/apparmor/include/resource.h | 3 +- security/apparmor/include/task.h | 3 +- security/apparmor/ipc.c | 49 ++--- security/apparmor/lib.c | 50 +++--- security/apparmor/lsm.c | 113 ++++++++---- security/apparmor/mount.c | 166 ++++++++++------- security/apparmor/net.c | 61 ++++--- security/apparmor/policy.c | 73 ++++---- security/apparmor/policy_unpack.c | 29 +-- security/apparmor/resource.c | 54 +++--- security/apparmor/task.c | 58 +++--- security/integrity/Kconfig | 2 - security/integrity/iint.c | 48 +++-- security/integrity/ima/ima_api.c | 5 + security/integrity/ima/ima_main.c | 16 +- security/integrity/integrity.h | 2 + security/keys/trusted-keys/trusted_core.c | 20 +-- security/keys/trusted-keys/trusted_tee.c | 64 +++---- sound/core/info.c | 21 ++- sound/hda/hdac_stream.c | 6 +- sound/pci/hda/patch_realtek.c | 26 ++- sound/soc/codecs/cs35l56.c | 11 ++ sound/soc/codecs/lpass-wsa-macro.c | 3 + sound/soc/codecs/wsa883x.c | 7 +- sound/soc/intel/boards/sof_sdw.c | 6 + sound/soc/intel/common/soc-acpi-intel-cht-match.c | 43 +++++ sound/soc/mediatek/mt8188/mt8188-mt6359.c | 21 +++ sound/soc/soc-dai.c | 7 + sound/soc/soc-pcm.c | 12 +- sound/soc/sof/ipc4.c | 3 + sound/soc/sof/sof-audio.c | 7 + sound/soc/sof/sof-pci-dev.c | 8 + sound/soc/ti/omap-mcbsp.c | 6 +- sound/usb/mixer_scarlett_gen2.c | 63 +++---- tools/include/uapi/linux/prctl.h | 2 +- tools/perf/util/intel-pt.c | 2 + tools/power/x86/turbostat/turbostat.c | 3 +- tools/testing/cxl/test/cxl.c | 2 +- .../testing/selftests/bpf/progs/verifier_loops1.c | 9 +- tools/testing/selftests/bpf/verifier/calls.c | 6 +- tools/testing/selftests/bpf/verifier/ld_imm64.c | 8 +- tools/testing/selftests/clone3/clone3.c | 7 +- tools/testing/selftests/efivarfs/create-read.c | 2 + tools/testing/selftests/lkdtm/config | 1 - tools/testing/selftests/lkdtm/tests.txt | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 2 +- tools/testing/selftests/resctrl/Makefile | 2 +- tools/testing/selftests/resctrl/cache.c | 5 +- tools/testing/selftests/resctrl/cat_test.c | 21 +-- tools/testing/selftests/resctrl/cmt_test.c | 37 ++-- tools/testing/selftests/resctrl/mba_test.c | 6 +- tools/testing/selftests/resctrl/mbm_test.c | 9 +- tools/testing/selftests/resctrl/resctrl.h | 23 ++- tools/testing/selftests/resctrl/resctrl_tests.c | 132 ++++++++------ tools/testing/selftests/resctrl/resctrl_val.c | 36 ++-- tools/testing/selftests/resctrl/resctrlfs.c | 69 +++---- 597 files changed, 6080 insertions(+), 3382 deletions(-)

1 year, 5 months

12
549
0 0

[PATCH 5.15 000/159] 5.15.145-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.145 release. There are 159 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 22 Dec 2023 16:08:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.145-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.145-rc1 Arnd Bergmann <arnd(a)arndb.de> kasan: disable kasan_non_canonical_hook() for HW tags Francis Laniel <flaniel(a)linux.microsoft.com> tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols Amit Pundir <amit.pundir(a)linaro.org> Revert "drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers" Amit Pundir <amit.pundir(a)linaro.org> Revert "drm/bridge: lt9611uxc: Register and attach our DSI device at probe" Amit Pundir <amit.pundir(a)linaro.org> Revert "drm/bridge: lt9611uxc: fix the race in the error path" Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: release interim response after sending status pending response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: move oplock handling after unlock parent dir Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: separately allocate ci per dentry Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix possible deadlock in smb2_open Zongmin Zhou <zhouzongmin(a)kylinos.cn> ksmbd: prevent memory leak on error return Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: handle malformed smb1 message Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: no need to wait for binded connection termination at logoff Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add support for surrogate pair conversion Kangjing Huang <huangkangjing(a)gmail.com> ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in vfs helpers Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: reorganize ksmbd_iov_pin_rsp() Cheng-Han Wu <hank20010209(a)gmail.com> ksmbd: Remove unused field in ksmbd_user struct Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential double free on smb2_read_pipe() error path Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong error response status by using set_smb2_rsp_status() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition between tree conn lookup and disconnect Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition from parallel smb2 lock requests Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition from parallel smb2 logoff requests Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition with fp Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition between session lookup and expire Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: check iov vector index in ksmbd_conn_write() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: return invalid parameter error response if smb2 request is invalid Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix passing freed memory 'aux_payload_buf' Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove unneeded mark_inode_dirty in set_info_sec() Steve French <stfrench(a)microsoft.com> ksmbd: remove experimental warning Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add missing calling smb2_set_err_rsp() on error Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() Yang Li <yang.lee(a)linux.alibaba.com> ksmbd: Fix one kernel-doc comment Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: reduce descriptor size if remaining bytes is less than request size Atte Heikkilä <atteh.mailbox(a)gmail.com> ksmbd: fix `force create mode' and `force directory mode' Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong interim response on compound Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add support for read compound Yang Yingliang <yangyingliang(a)huawei.com> ksmbd: switch to use kmemdup_nul() helper Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out of bounds in init_smb2_rsp_hdr() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate session id and tree id in compound request Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: check if a mount point is crossed during path lookup Wang Ming <machel(a)vivo.com> ksmbd: Fix unsigned expression compared with zero Gustavo A. R. Silva <gustavoars(a)kernel.org> ksmbd: Replace one-element array with flexible-array member Gustavo A. R. Silva <gustavoars(a)kernel.org> ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add missing compound request handing in some commands Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out of bounds read in smb2_sess_setup Lu Hongfei <luhongfei(a)vivo.com> ksmbd: Replace the ternary conditional operator with min() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use kvzalloc instead of kvmalloc Lu Hongfei <luhongfei(a)vivo.com> ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use kzalloc() instead of __GFP_ZERO Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove unused ksmbd_tree_conn_share function Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add mnt_want_write to ksmbd vfs functions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate smb request protocol id Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bound read in parse_lease_state() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bound read in deassemble_neg_contexts() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: call putname after using the last component Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix UAF issue from opinfo->conn Kuan-Ting Chen <h3xrabbit(a)gmail.com> ksmbd: fix multiple out-of-bounds read during context decoding Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix uninitialized pointer read in smb2_create_link() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue under cocurrent smb2 tree disconnect Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue from smb2 close and logoff with multichannel Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: block asynchronous requests when making a delay on session setup Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: destroy expired sessions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue from session setup and logoff Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue from using ->d_parent and ->d_name Al Viro <viro(a)zeniv.linux.org.uk> fs: introduce lock_rename_child() helper David Disseldorp <ddiss(a)suse.de> ksmbd: remove unused compression negotiate ctx packing David Disseldorp <ddiss(a)suse.de> ksmbd: avoid duplicate negotiate ctx offset increments David Disseldorp <ddiss(a)suse.de> ksmbd: set NegotiateContextCount once instead of every inc David Disseldorp <ddiss(a)suse.de> ksmbd: avoid out of bounds access in decode_preauth_ctxt() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: delete asynchronous work from list Tom Rix <trix(a)redhat.com> ksmbd: remove unused is_char_allowed function Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong signingkey creation when encryption is AES256 Hangyu Hua <hbh25y(a)gmail.com> ksmbd: fix possible memory leak in smb2_lock() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> ksmbd: Fix parameter name and comment mismatch Colin Ian King <colin.i.king(a)gmail.com> ksmbd: Fix spelling mistake "excceed" -> "exceeded" Steve French <stfrench(a)microsoft.com> ksmbd: update Kconfig to note Kerberos support and fix indentation Dawei Li <set_pte_at(a)outlook.com> ksmbd: Remove duplicated codes Dawei Li <set_pte_at(a)outlook.com> ksmbd: fix typo, syncronous->synchronous Dawei Li <set_pte_at(a)outlook.com> ksmbd: Implements sess->rpc_handle_list as xarray Dawei Li <set_pte_at(a)outlook.com> ksmbd: Implements sess->ksmbd_chann_list as xarray Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: send proper error response in smb2_tree_connect() ye xingchen <ye.xingchen(a)zte.com.cn> ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: Fix resource leak in smb2_lock() Jeff Layton <jlayton(a)kernel.org> ksmbd: use F_SETLK when unlocking a file Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share Gustavo A. R. Silva <gustavoars(a)kernel.org> ksmbd: replace one-element arrays with flexible-array members Atte Heikkilä <atteh.mailbox(a)gmail.com> ksmbd: validate share name from share config response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: call ib_drain_qp when disconnected Atte Heikkilä <atteh.mailbox(a)gmail.com> ksmbd: make utf-8 file name comparison work in __caseless_lookup() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: hide socket error message when ipv6 config is disable Tom Talpey <tom(a)talpey.com> ksmbd: reduce server smbdirect max send/receive segment sizes Tom Talpey <tom(a)talpey.com> ksmbd: decrease the number of SMB3 smbdirect server SGEs Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix encryption failure issue for session logoff response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set file permission mode to match Samba server posix extension behavior Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: change security id to the one samba used for posix extension Atte Heikkilä <atteh.mailbox(a)gmail.com> ksmbd: casefold utf-8 share names and fix ascii lowercase conversion Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove generic_fillattr use in smb2_open() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: constify struct path Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: don't open-code %pD Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: don't open-code file_path() Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: remove unnecessary generic_fillattr in smb2_open Atte Heikkilä <atteh.mailbox(a)gmail.com> ksmbd: request update to stale share config Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use wait_event instead of schedule_timeout() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove unused ksmbd_share_configs_cleanup function Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: remove duplicate flag set in smb2_write Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: relax the count of sges required Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: fix connection dropped issue Yang Li <yang.lee(a)linux.alibaba.com> ksmbd: Fix some kernel-doc comments Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong smbd max read/write size check Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: handle multiple Buffer descriptors Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: change the return value of get_sg_list Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: simplify tracking pending packets Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: introduce read/write credits for RDMA read/write Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: change prototypes of RDMA read/write related functions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate length in smb2_write() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove filename in ksmbd_file Steve French <stfrench(a)microsoft.com> smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common Jakob Koschel <jakobkoschel(a)gmail.com> ksmbd: replace usage of found with dedicated list iterator variable Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ksmbd: Remove a redundant zeroing of memory Steve French <stfrench(a)microsoft.com> ksmbd: shorten experimental warning on loading the module Paulo Alcantara (SUSE) <pc(a)cjr.nz> ksmbd: store fids as opaque u64 integers Tobias Klauser <tklauser(a)distanz.ch> ksmbd: use netif_is_bridge_port Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add support for key exchange Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: validate buffer descriptor structures Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: fix missing client's memory region invalidation Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add smb-direct shutdown Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: change the default maximum read/write, receive size Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: create MR pool Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: call rdma_accept() under CM handler Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set 445 port to smbdirect port by default Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: register ksmbd ib client with ib_register_client() Yang Li <yang.lee(a)linux.alibaba.com> ksmbd: Fix smb2_get_name() kernel-doc comment Yang Li <yang.lee(a)linux.alibaba.com> ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry() Yang Li <yang.lee(a)linux.alibaba.com> ksmbd: Fix smb2_set_info_file() kernel-doc comment Yang Li <yang.lee(a)linux.alibaba.com> ksmbd: Fix buffer_check_err() kernel-doc comment Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: Remove unused fields from ksmbd_file struct definition Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: Remove unused parameter from smb2_get_name() Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: use oid registry functions to decode OIDs Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: change LeaseKey data type to u8 array Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove smb2_buf_length in smb2_transform_hdr Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove smb2_buf_length in smb2_hdr Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove md4 leftovers Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ksmbd: Remove redundant 'flush_workqueue()' calls Ralph Boehme <slow(a)samba.org> ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() Ralph Boehme <slow(a)samba.org> ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() ------------- Diffstat: Makefile | 4 +- drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 75 +- fs/ksmbd/Kconfig | 11 +- fs/ksmbd/asn1.c | 173 +-- fs/ksmbd/auth.c | 72 +- fs/ksmbd/auth.h | 3 +- fs/ksmbd/connection.c | 169 +-- fs/ksmbd/connection.h | 92 +- fs/ksmbd/ksmbd_netlink.h | 7 +- fs/ksmbd/ksmbd_work.c | 101 +- fs/ksmbd/ksmbd_work.h | 40 +- fs/ksmbd/mgmt/share_config.c | 56 +- fs/ksmbd/mgmt/share_config.h | 36 +- fs/ksmbd/mgmt/tree_connect.c | 78 +- fs/ksmbd/mgmt/tree_connect.h | 15 +- fs/ksmbd/mgmt/user_config.h | 1 - fs/ksmbd/mgmt/user_session.c | 180 +-- fs/ksmbd/mgmt/user_session.h | 8 +- fs/ksmbd/misc.c | 94 +- fs/ksmbd/misc.h | 6 +- fs/ksmbd/oplock.c | 256 ++-- fs/ksmbd/oplock.h | 4 - fs/ksmbd/server.c | 54 +- fs/ksmbd/smb2misc.c | 4 +- fs/ksmbd/smb2ops.c | 10 +- fs/ksmbd/smb2pdu.c | 2047 ++++++++++++++-------------- fs/ksmbd/smb2pdu.h | 83 +- fs/ksmbd/smb_common.c | 176 ++- fs/ksmbd/smb_common.h | 20 +- fs/ksmbd/smbacl.c | 26 +- fs/ksmbd/smbacl.h | 8 +- fs/ksmbd/transport_ipc.c | 4 +- fs/ksmbd/transport_rdma.c | 648 ++++++--- fs/ksmbd/transport_rdma.h | 6 +- fs/ksmbd/transport_tcp.c | 9 +- fs/ksmbd/unicode.c | 191 ++- fs/ksmbd/unicode.h | 3 +- fs/ksmbd/vfs.c | 677 ++++----- fs/ksmbd/vfs.h | 56 +- fs/ksmbd/vfs_cache.c | 72 +- fs/ksmbd/vfs_cache.h | 26 +- fs/namei.c | 125 +- include/linux/kasan.h | 6 +- include/linux/namei.h | 7 + kernel/trace/trace_kprobe.c | 74 + kernel/trace/trace_probe.h | 1 + mm/kasan/report.c | 4 +- 47 files changed, 3279 insertions(+), 2539 deletions(-)

1 year, 5 months

10
168
0 0

[PATCH] Bluetooth: Fix atomicity violation in {conn,adv}_{min,max}_interval_set

by Gui-Dong Han

In {conn,adv}_min_interval_set(): if (val < ... || val > ... || val > hdev->le_{conn,adv}_max_interval) return -EINVAL; hci_dev_lock(hdev); hdev->le_{conn,adv}_min_interval = val; hci_dev_unlock(hdev); In {conn,adv}_max_interval_set(): if (val < ... || val > ... || val < hdev->le_{conn,adv}_min_interval) return -EINVAL; hci_dev_lock(hdev); hdev->le_{conn,adv}_max_interval hci_dev_unlock(hdev); The atomicity violation occurs due to concurrent execution of set_min and set_max funcs which may lead to inconsistent reads and writes of the min value and the max value. The checks for value validity are ineffective as the min/max values could change immediately after being checked, raising the risk of the min value being greater than the max value and causing invalid settings. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To resolve this issue, it is suggested to encompass the validity checks within the locked sections in both set_min and set_max funcs. The modification ensures that the validation of 'val' against the current min/max values is atomic, thus maintaining the integrity of the settings. With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 3a5c82b78fd28 ("Bluetooth: Move LE debugfs file creation into ...") Cc: stable(a)vger.kernel.org Reported-by: BassCheck <bass(a)buaa.edu.cn> Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- net/bluetooth/hci_debugfs.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c index 6b7741f6e95b..6fdda807f2cf 100644 --- a/net/bluetooth/hci_debugfs.c +++ b/net/bluetooth/hci_debugfs.c @@ -849,11 +849,13 @@ DEFINE_SHOW_ATTRIBUTE(long_term_keys); static int conn_min_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval) + + hci_dev_lock(hdev); + if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_conn_min_interval = val; hci_dev_unlock(hdev); @@ -877,11 +879,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get, static int conn_max_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval) + + hci_dev_lock(hdev); + if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_conn_max_interval = val; hci_dev_unlock(hdev); @@ -989,11 +993,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get, static int adv_min_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval) + + hci_dev_lock(hdev); + if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_adv_min_interval = val; hci_dev_unlock(hdev); @@ -1018,10 +1024,12 @@ static int adv_max_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval) + hci_dev_lock(hdev); + if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_adv_max_interval = val; hci_dev_unlock(hdev); -- 2.34.1

1 year, 5 months

2
2
0 0

[PATCH 1/4] mtd: rawnand: Prevent crossing LUN boundaries during sequential reads

by Miquel Raynal

The ONFI specification states that devices do not need to support sequential reads across LUN boundaries. In order to prevent such event from happening and possibly failing, let's introduce the concept of "pause" in the sequential read to handle these cases. The first/last pages remain the same but any time we cross a LUN boundary we will end and restart (if relevant) the sequential read operation. Cc: stable(a)vger.kernel.org Fixes: 003fe4b9545b ("mtd: rawnand: Support for sequential cache reads") Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/nand_base.c | 43 +++++++++++++++++++++++++++----- include/linux/mtd/rawnand.h | 2 ++ 2 files changed, 39 insertions(+), 6 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 9e24bedffd89..04e80ace4182 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -1207,6 +1207,23 @@ static int nand_lp_exec_read_page_op(struct nand_chip *chip, unsigned int page, return nand_exec_op(chip, &op); } +static void rawnand_cap_cont_reads(struct nand_chip *chip) +{ + struct nand_memory_organization *memorg; + unsigned int pages_per_lun, first_lun, last_lun; + + memorg = nanddev_get_memorg(&chip->base); + pages_per_lun = memorg->pages_per_eraseblock * memorg->eraseblocks_per_lun; + first_lun = chip->cont_read.first_page / pages_per_lun; + last_lun = chip->cont_read.last_page / pages_per_lun; + + /* Prevent sequential cache reads across LUN boundaries */ + if (first_lun != last_lun) + chip->cont_read.pause_page = first_lun * pages_per_lun + pages_per_lun - 1; + else + chip->cont_read.pause_page = chip->cont_read.last_page; +} + static int nand_lp_exec_cont_read_page_op(struct nand_chip *chip, unsigned int page, unsigned int offset_in_page, void *buf, unsigned int len, bool check_only) @@ -1225,7 +1242,7 @@ static int nand_lp_exec_cont_read_page_op(struct nand_chip *chip, unsigned int p NAND_OP_DATA_IN(len, buf, 0), }; struct nand_op_instr cont_instrs[] = { - NAND_OP_CMD(page == chip->cont_read.last_page ? + NAND_OP_CMD(page == chip->cont_read.pause_page ? NAND_CMD_READCACHEEND : NAND_CMD_READCACHESEQ, NAND_COMMON_TIMING_NS(conf, tWB_max)), NAND_OP_WAIT_RDY(NAND_COMMON_TIMING_MS(conf, tR_max), @@ -1262,16 +1279,29 @@ static int nand_lp_exec_cont_read_page_op(struct nand_chip *chip, unsigned int p } if (page == chip->cont_read.first_page) - return nand_exec_op(chip, &start_op); + ret = nand_exec_op(chip, &start_op); else - return nand_exec_op(chip, &cont_op); + ret = nand_exec_op(chip, &cont_op); + if (ret) + return ret; + + if (!chip->cont_read.ongoing) + return 0; + + if (page == chip->cont_read.pause_page && + page != chip->cont_read.last_page) { + chip->cont_read.first_page = chip->cont_read.pause_page + 1; + rawnand_cap_cont_reads(chip); + } else if (page == chip->cont_read.last_page) { + chip->cont_read.ongoing = false; + } + + return 0; } static bool rawnand_cont_read_ongoing(struct nand_chip *chip, unsigned int page) { - return chip->cont_read.ongoing && - page >= chip->cont_read.first_page && - page <= chip->cont_read.last_page; + return chip->cont_read.ongoing && page >= chip->cont_read.first_page; } /** @@ -3445,6 +3475,7 @@ static void rawnand_enable_cont_reads(struct nand_chip *chip, unsigned int page, if (col) chip->cont_read.first_page++; chip->cont_read.last_page = page + ((readlen >> chip->page_shift) & chip->pagemask); + rawnand_cap_cont_reads(chip); } /** diff --git a/include/linux/mtd/rawnand.h b/include/linux/mtd/rawnand.h index c29ace15a053..9d0fc5109af6 100644 --- a/include/linux/mtd/rawnand.h +++ b/include/linux/mtd/rawnand.h @@ -1265,6 +1265,7 @@ struct nand_secure_region { * @cont_read: Sequential page read internals * @cont_read.ongoing: Whether a continuous read is ongoing or not * @cont_read.first_page: Start of the continuous read operation + * @cont_read.pause_page: End of the current sequential cache read operation * @cont_read.last_page: End of the continuous read operation * @controller: The hardware controller structure which is shared among multiple * independent devices @@ -1321,6 +1322,7 @@ struct nand_chip { struct { bool ongoing; unsigned int first_page; + unsigned int pause_page; unsigned int last_page; } cont_read; -- 2.34.1

1 year, 5 months

1
1
0 0

[PATCH 2/4] mtd: rawnand: Fix core interference with sequential reads

by Miquel Raynal

A couple of reports pointed at some strange failures happening a bit randomly since the introduction of sequential page reads support. After investigation it turned out the most likely reason for these issues was the fact that sometimes a (longer) read might happen, starting at the same page that was read previously. This is optimized by the raw NAND core, by not sending the READ_PAGE command to the NAND device and just reading out the data in a local cache. When this page is also flagged as being the starting point for a sequential read, it means the page right next will be accessed without the right instructions. The NAND chip will be confused and will not output correct data. In order to avoid such situation from happening anymore, we can however handle this case with a bit of additional logic, to postpone the initialization of the read sequence by one page. Reported-by: Alexander Shiyan <eagle.alexander923(a)gmail.com> Closes: https://lore.kernel.org/linux-mtd/CAP1tNvS=NVAm-vfvYWbc3k9Cx9YxMc2uZZkmXk8h… Reported-by: Måns Rullgård <mans(a)mansr.com> Closes: https://lore.kernel.org/linux-mtd/yw1xfs6j4k6q.fsf@mansr.com/ Reported-by: Martin Hundebøll <martin(a)geanix.com> Closes: https://lore.kernel.org/linux-mtd/9d0c42fcde79bfedfe5b05d6a4e9fdef71d3dd52.… Fixes: 003fe4b9545b ("mtd: rawnand: Support for sequential cache reads") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/nand_base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 04e80ace4182..1b0a984d181d 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -3478,6 +3478,18 @@ static void rawnand_enable_cont_reads(struct nand_chip *chip, unsigned int page, rawnand_cap_cont_reads(chip); } +static void rawnand_cont_read_skip_first_page(struct nand_chip *chip, unsigned int page) +{ + if (!chip->cont_read.ongoing || page != chip->cont_read.first_page) + return; + + chip->cont_read.first_page++; + if (chip->cont_read.first_page == chip->cont_read.pause_page) + chip->cont_read.first_page++; + if (chip->cont_read.first_page >= chip->cont_read.last_page) + chip->cont_read.ongoing = false; +} + /** * nand_setup_read_retry - [INTERN] Set the READ RETRY mode * @chip: NAND chip object @@ -3652,6 +3664,8 @@ static int nand_do_read_ops(struct nand_chip *chip, loff_t from, buf += bytes; max_bitflips = max_t(unsigned int, max_bitflips, chip->pagecache.bitflips); + + rawnand_cont_read_skip_first_page(chip, page); } readlen -= bytes; -- 2.34.1

1 year, 5 months

1
1
0 0

[PATCH 3/4] mtd: rawnand: Prevent sequential reads with on-die ECC engines

by Miquel Raynal

Some devices support sequential reads when using the on-die ECC engines, some others do not. It is a bit hard to know which ones will break other than experimentally, so in order to avoid such a difficult and painful task, let's just pretend all devices should avoid using this optimization when configured like this. Cc: stable(a)vger.kernel.org Fixes: 003fe4b9545b ("mtd: rawnand: Support for sequential cache reads") Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/nand_base.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 1b0a984d181d..139fdf3e58c0 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -5170,6 +5170,14 @@ static void rawnand_late_check_supported_ops(struct nand_chip *chip) /* The supported_op fields should not be set by individual drivers */ WARN_ON_ONCE(chip->controller->supported_op.cont_read); + /* + * Too many devices do not support sequential cached reads with on-die + * ECC correction enabled, so in this case refuse to perform the + * automation. + */ + if (chip->ecc.engine_type == NAND_ECC_ENGINE_TYPE_ON_DIE) + return; + if (!nand_has_exec_op(chip)) return; -- 2.34.1

1 year, 5 months

1
1
0 0

[PATCH] Bluetooth: Fix atomicity violation in conn_info_{min,max}_age_set

by Gui-Dong Han

In conn_info_min_age_set(): if (val == 0 || val > hdev->conn_info_max_age) return -EINVAL; hci_dev_lock(hdev); hdev->conn_info_min_age = val; hci_dev_unlock(hdev); In conn_info_max_age_set(): if (val == 0 || val < hdev->conn_info_min_age) return -EINVAL; hci_dev_lock(hdev); hdev->conn_info_max_age = val; hci_dev_unlock(hdev); The atomicity violation occurs due to concurrent execution of set_min and set_max funcs which may lead to inconsistent reads and writes of the min value and the max value. The checks for value validity are ineffective as the min/max values could change immediately after being checked, raising the risk of the min value being greater than the max value and causing invalid settings. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To resolve this issue, it is suggested to encompass the validity checks within the locked sections in both set_min and set_max funcs. The modification ensures that the validation of 'val' against the current min/max values is atomic, thus maintaining the integrity of the settings. With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 40ce72b1951c5 ("Bluetooth: Move common debugfs file creation ...") Cc: stable(a)vger.kernel.org Reported-by: BassCheck <bass(a)buaa.edu.cn> Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- net/bluetooth/hci_debugfs.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c index 6b7741f6e95b..d4ce2769c939 100644 --- a/net/bluetooth/hci_debugfs.c +++ b/net/bluetooth/hci_debugfs.c @@ -217,11 +217,13 @@ DEFINE_SHOW_ATTRIBUTE(remote_oob); static int conn_info_min_age_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val == 0 || val > hdev->conn_info_max_age) + + hci_dev_lock(hdev); + if (val == 0 || val > hdev->conn_info_max_age) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->conn_info_min_age = val; hci_dev_unlock(hdev); @@ -245,11 +247,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get, static int conn_info_max_age_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val == 0 || val < hdev->conn_info_min_age) + + hci_dev_lock(hdev); + if (val == 0 || val < hdev->conn_info_min_age) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->conn_info_max_age = val; hci_dev_unlock(hdev); -- 2.34.1

1 year, 5 months

1
0
0 0

[PATCH] Bluetooth: Fix atomicity violation in sniff_{min,max}_interval_set

by Gui-Dong Han

In sniff_min_interval_set(): if (val == 0 || val % 2 || val > hdev->sniff_max_interval) return -EINVAL; hci_dev_lock(hdev); hdev->sniff_min_interval = val; hci_dev_unlock(hdev); In sniff_max_interval_set(): if (val == 0 || val % 2 || val < hdev->sniff_min_interval) return -EINVAL; hci_dev_lock(hdev); hdev->sniff_max_interval = val; hci_dev_unlock(hdev); The atomicity violation occurs due to concurrent execution of set_min and set_max funcs which may lead to inconsistent reads and writes of the min value and the max value. The checks for value validity are ineffective as the min/max values could change immediately after being checked, raising the risk of the min value being greater than the max value and causing invalid settings. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To resolve this issue, it is suggested to encompass the validity checks within the locked sections in both set_min and set_max funcs. The modification ensures that the validation of 'val' against the current min/max values is atomic, thus maintaining the integrity of the settings. With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 71c3b60ec6d28 ("Bluetooth: Move BR/EDR debugfs file creation ...") Cc: stable(a)vger.kernel.org Reported-by: BassCheck <bass(a)buaa.edu.cn> Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- net/bluetooth/hci_debugfs.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c index 6b7741f6e95b..f032fdf8f481 100644 --- a/net/bluetooth/hci_debugfs.c +++ b/net/bluetooth/hci_debugfs.c @@ -566,11 +566,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(idle_timeout_fops, idle_timeout_get, static int sniff_min_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val == 0 || val % 2 || val > hdev->sniff_max_interval) + + hci_dev_lock(hdev); + if (val == 0 || val % 2 || val > hdev->sniff_max_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->sniff_min_interval = val; hci_dev_unlock(hdev); @@ -594,11 +596,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get, static int sniff_max_interval_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val == 0 || val % 2 || val < hdev->sniff_min_interval) + + hci_dev_lock(hdev); + if (val == 0 || val % 2 || val < hdev->sniff_min_interval) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->sniff_max_interval = val; hci_dev_unlock(hdev); -- 2.34.1

1 year, 5 months

1
0
0 0

[PATCH] Bluetooth: Fix atomicity violation in {min,max}_key_size_set

by Gui-Dong Han

In min_key_size_set(): if (val > hdev->le_max_key_size || val < SMP_MIN_ENC_KEY_SIZE) return -EINVAL; hci_dev_lock(hdev); hdev->le_min_key_size = val; hci_dev_unlock(hdev); In max_key_size_set(): if (val > SMP_MAX_ENC_KEY_SIZE || val < hdev->le_min_key_size) return -EINVAL; hci_dev_lock(hdev); hdev->le_max_key_size = val; hci_dev_unlock(hdev); The atomicity violation occurs due to concurrent execution of set_min and set_max funcs which may lead to inconsistent reads and writes of the min value and the max value. The checks for value validity are ineffective as the min/max values could change immediately after being checked, raising the risk of the min value being greater than the max value and causing invalid settings. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To resolve this issue, it is suggested to encompass the validity checks within the locked sections in both set_min and set_max funcs. The modification ensures that the validation of 'val' against the current min/max values is atomic, thus maintaining the integrity of the settings. With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 18f81241b74fb ("Bluetooth: Move {min,max}_key_size debugfs ...") Cc: stable(a)vger.kernel.org Reported-by: BassCheck <bass(a)buaa.edu.cn> Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- net/bluetooth/hci_debugfs.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c index 6b7741f6e95b..3ffbf3f25363 100644 --- a/net/bluetooth/hci_debugfs.c +++ b/net/bluetooth/hci_debugfs.c @@ -1045,11 +1045,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get, static int min_key_size_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val > hdev->le_max_key_size || val < SMP_MIN_ENC_KEY_SIZE) + + hci_dev_lock(hdev); + if (val > hdev->le_max_key_size || val < SMP_MIN_ENC_KEY_SIZE) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_min_key_size = val; hci_dev_unlock(hdev); @@ -1073,11 +1075,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(min_key_size_fops, min_key_size_get, static int max_key_size_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val > SMP_MAX_ENC_KEY_SIZE || val < hdev->le_min_key_size) + + hci_dev_lock(hdev); + if (val > SMP_MAX_ENC_KEY_SIZE || val < hdev->le_min_key_size) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_max_key_size = val; hci_dev_unlock(hdev); -- 2.34.1

1 year, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2023