October 2024 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.57 release. There are 213 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 16 Oct 2024 14:09:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.57-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.57-rc1 Johan Hovold <johan+linaro(a)kernel.org> scsi: Revert "scsi: sd: Do not repeat the starting disk message" Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: fix force smbus during suspend flow Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Restore TSO support Patrick Roy <roypat(a)amazon.co.uk> secretmem: disable memfd_secret() if arch cannot set direct map Alexander Gordeev <agordeev(a)linux.ibm.com> fs/proc/kcore.c: allow translation of physical memory addresses Frederic Weisbecker <frederic(a)kernel.org> kthread: unpark only parked kthread Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: split remaining space to discard in chunks Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix mm_cid test failure Donet Tom <donettom(a)linux.ibm.com> selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix bogus register reading Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error Kun(llfl) <llfl(a)linux.alibaba.com> device-dax: correct pgoff align in dax_set_mapping() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove closing subflows Paolo Abeni <pabeni(a)redhat.com> mptcp: handle consistently DSS corruption Christian Marangi <ansuelsmth(a)gmail.com> net: phy: Remove LED entry from LEDs list on unregister Anatolij Gustschin <agust(a)denx.de> net: dsa: lan9303: ensure chip reset and wait for READY status Anastasia Kovaleva <a.kovaleva(a)yadro.com> net: Fix an unsafe loop on the list Ignat Korchagin <ignat(a)cloudflare.com> net: explicitly clear the sk pointer, when pf->create fails Niklas Cassel <cassel(a)kernel.org> ata: libata: avoid superfluous disk spin down + spin up during hibernation Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fallback when MPTCP opts are dropped after 1st data Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb() Daniel Palmer <daniel(a)0x0f.com> scsi: wd33c93: Don't use stale scsi_pointer value Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync Jani Nikula <jani.nikula(a)intel.com> drm/i915/hdcp: fix connector refcounting Maíra Canal <mcanal(a)igalia.com> drm/vc4: Stop the active perfmon before being destroyed Maíra Canal <mcanal(a)igalia.com> drm/v3d: Stop the active perfmon before being destroyed SurajSonawane2415 <surajsonawane0215(a)gmail.com> hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: core: force synchronous registration Icenowy Zheng <uwu(a)icenowy.me> usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip Jose Alberto Reguero <jose.alberto.reguero(a)gmail.com> usb: xhci: Fix problem with xhci resume from suspend Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Stop processing of pending events if controller is halted Oliver Neukum <oneukum(a)suse.com> Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" Wade Wang <wade.wang(a)hp.com> HID: plantronics: Workaround for an unexcepted opposite volume key He Lugang <helugang(a)uniontech.com> HID: multitouch: Add support for lenovo Y9000P Touchpad Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adt7470) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adm9240) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C Guenter Roeck <linux(a)roeck-us.net> hwmon: (tmp513) Add missing dependency on REGMAP_I2C Peter Colberg <peter.colberg(a)intel.com> hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature Kenton Groombridge <concord(a)gentoo.org> wifi: mac80211: Avoid address calculations via out of bounds array indexing Luke D. Jones <luke(a)ljones.dev> hid-asus: add ROG Ally X prod ID to quirk list Luke D. Jones <luke(a)ljones.dev> HID: asus: add ROG Z13 lightbar Luke D. Jones <luke(a)ljones.dev> HID: asus: add ROG Ally N-Key ID and keycodes Kai-Heng Feng <kai.heng.feng(a)canonical.com> HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: Renumber I2C_HID_QUIRK_ defines Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk Johannes Roith <johannes(a)gnu-linux.rocks> HID: mcp2200: added driver for GPIOs of MCP2200 Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Fix rcuog wake-up from offline softirq Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Make IRQs disablement symmetric Eric Dumazet <edumazet(a)google.com> slip: make slhc_remember() more robust against malicious packets Eric Dumazet <edumazet(a)google.com> ppp: fix ppp_async_encode() illegal access Kuniyuki Iwashima <kuniyu(a)amazon.com> phonet: Handle error of rtnl_register_module(). Eric Dumazet <edumazet(a)google.com> phonet: no longer hold RTNL in route_dumpit() Kuniyuki Iwashima <kuniyu(a)amazon.com> mpls: Handle error of rtnl_register_module(). Eric Dumazet <edumazet(a)google.com> mpls: no longer hold RTNL in mpls_netconf_dump_devconf() Eric Dumazet <edumazet(a)google.com> rtnetlink: add RTNL_FLAG_DUMP_UNLOCKED flag Eric Dumazet <edumazet(a)google.com> rtnetlink: change nlk->cb_mutex role Kuniyuki Iwashima <kuniyu(a)amazon.com> mctp: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> bridge: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> vxlan: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> rtnetlink: Add bulk registration helpers for rtnetlink message handlers. Eric Dumazet <edumazet(a)google.com> net: do not delay dst_entries_add() in dst_release() Florian Westphal <fw(a)strlen.de> netfilter: fib: check correct rtable in vrf setups Florian Westphal <fw(a)strlen.de> netfilter: xtables: avoid NFPROTO_UNSPEC where needed Xin Long <lucien.xin(a)gmail.com> sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Filipe Manana <fdmanana(a)suse.com> btrfs: zoned: fix missing RCU locking in error message when loading zone info Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: fix wrong goto Eric Dumazet <edumazet(a)google.com> net/sched: accept TCA_STAB only for root qdisc Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change I219 (19) devices to ADP Mohamed Khalfella <mkhalfella(a)purestorage.com> igb: Do not bring the device up after non-fatal error Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: Fix macvlan leak by synchronizing access to mac_filter_hash Wojciech Drewek <wojciech.drewek(a)intel.com> ice: Flush FDB entries before reset Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: rename switchdev to eswitch Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix netif_is_ice() in Safe Mode Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Ignore minor version change Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/tpmi: Add defines to get version information Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Use devm_clk api to manage clock source Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Add the flush write to ensure the write complete. Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix privileged error in copy engine channel Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau: pass cli to nouveau_channel_new() instead of drm+device Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frames on 10/100 ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow lower MTUs on BCM5325/5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for BCM5325/BCM5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for 1g switches Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frame mtu check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: adi: adin1110: Fix some error handling path in adin1110_read_fifo() Jakub Kicinski <kuba(a)kernel.org> Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled" Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Fix warning during module unload Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int340x: processor_thermal: Set feature mask before proc_thermal_add Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: phy: bcm84881: Fix some error handling paths Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change Kacper Ludwinski <kac.ludwinski(a)icloud.com> selftests: net: no_forwarding: fix VID for $swp2 in one_bridge_two_pvids() test Andy Roulin <aroulin(a)nvidia.com> netfilter: br_netfilter: fix panic with metadata_dst skb David Howells <dhowells(a)redhat.com> rxrpc: Fix uninitialised variable in rxrpc_send_data() Neal Cardwell <ncardwell(a)google.com> tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out Aananth V <aananthv(a)google.com> tcp: new TCP_INFO stats for RTO events Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe Neal Cardwell <ncardwell(a)google.com> tcp: fix to allow timestamp undo if no retransmits were sent Ingo van Lil <inguin(a)gmx.de> net: phy: dp83869: fix memory corruption when enabling fiber Yanjun Zhang <zhangyanjun(a)cestc.cn> NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() Dan Carpenter <dan.carpenter(a)linaro.org> SUNRPC: Fix integer overflow in decode_rc_list() Dave Ertman <david.m.ertman(a)intel.com> ice: fix VLAN replay after reset Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: set correct dst VSI in only LAN filters Chuck Lever <chuck.lever(a)oracle.com> NFSD: Mark filecache "down" if init fails Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> x86/amd_nb: Add new PCI IDs for AMD family 0x1a Andrey Shumilin <shum.sdl(a)nppct.ru> fbdev: sisfb: Fix strbuf array overflow Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix UAF in async decryption Qianqiang Liu <qianqiang.liu(a)163.com> fbcon: Fix a NULL pointer dereference issue in fbcon_putcs Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointer before dereferencing se Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Riyan Dhiman <riyandhiman14(a)gmail.com> staging: vme_user: added bound check to geoid Zhu Jun <zhujun2(a)cmss.chinamobile.com> tools/iio: Add memory allocation failure check for trigger_name Philip Chen <philipchen(a)chromium.org> virtio_pmem: Check device status before requesting flush Simon Horman <horms(a)kernel.org> netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash Wentao Guan <guanwentao(a)uniontech.com> LoongArch: Fix memleak in pci_acpi_scan_root() Ruffalo Lavoisier <ruffalolavoisier(a)gmail.com> comedi: ni_routing: tools: Check when the file could not be opened Shawn Shao <shawn.shao(a)jaguarmicro.com> usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: enable suspend interrupt after usb reset Wadim Egorov <w.egorov(a)phytec.de> usb: typec: tipd: Free IRQ only if it was requested before Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: protect uart_port_dtr_rts() in uart_shutdown() too Peng Fan <peng.fan(a)nxp.com> clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table Yunke Cao <yunkec(a)chromium.org> media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Ying Sun <sunying(a)isrc.iscas.ac.cn> riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16 unknown Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: cadence: re-check Peripheral status with delayed_work Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults Jisheng Zhang <jszhang(a)kernel.org> riscv: avoid Imbalance in RAS Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict Kaixin Wang <kxwang23(a)m.fudan.edu.cn> ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition Jens Axboe <axboe(a)kernel.dk> io_uring: check if we need to reschedule during overflow flush Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Alex Williamson <alex.williamson(a)redhat.com> PCI: Mark Creative Labs EMU20k2 INTx masking as broken Hans de Goede <hdegoede(a)redhat.com> i2c: i801: Use a different adapter-name for IDF adapters Subramanian Ananthanarayanan <quic_skananth(a)quicinc.com> PCI: Add ACS quirk for Qualcomm SA8775P Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: bcm: bcm53573: fix OF node leak in init Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-srv: Avoid null pointer deref during path establishment WangYuli <wangyuli(a)uniontech.com> PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: intel_bus_common: enable interrupts before exiting reset Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/mad: Improve handling of timed out WRs of mad agent Daniel Jordan <daniel.m.jordan(a)oracle.com> ktest.pl: Avoid false positives with grub2 skip regex Xu Kuohai <xukuohai(a)huawei.com> bpf: Prevent tail call between progs attached to different hooks Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Handle early warnings gracefully Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Remove WARN_ON_ONCE statements Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: nested locking for xattr inode Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Yonghong Song <yonghong.song(a)linux.dev> bpf, x64: Fix a jit convergence issue Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Add cond_resched() to cmm_alloc/free_pages() Heiko Carstens <hca(a)linux.ibm.com> s390/facility: Disable compile time optimization for decompressor code Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Compile all files with the same march flag Tao Chen <chen.dylane(a)gmail.com> bpf: Check percpu map value size first Daniel Borkmann <daniel(a)iogearbox.net> selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test Mathias Krause <minipli(a)grsecurity.net> Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal Andrey Skvortsov <andrej.skvortzov(a)gmail.com> zram: don't free statically defined names Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: free secondary algorithms names Diogo Jahchan Koike <djahchankoike(a)gmail.com> ntfs3: Change to non-blocking allocation in ntfs_d_hash Michael S. Tsirkin <mst(a)redhat.com> virtio_console: fix misc probe bugs Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Refactor enum_rstbl to suppress static checker Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix sparse warning in ni_fiemap Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do not call file_modified if collapse range failed Alex Hung <alex.hung(a)amd.com> drm/amd/display: Revert "Check HDCP returned status" Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Remove a redundant check in authenticated_dp Paul Menzel <pmenzel(a)molgen.mpg.de> lib/build_OID_registry: avoid non-destructive substitution for Perl < 5.13.2 compat Randy Dunlap <rdunlap(a)infradead.org> jbd2: fix kernel-doc for j_transaction_overhead_buffers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix usage of __hci_cmd_sync_status Benjamin Poirier <bpoirier(a)nvidia.com> selftests: Introduce Makefile variable to list shared bash scripts Benjamin Poirier <bpoirier(a)nvidia.com> selftests: net: Remove executable bits from library scripts Aditya Gupta <adityag(a)linux.ibm.com> libsubcmd: Don't free the usage string Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move curr_pid and cpu_last_switched initialization to perf_sched__{lat|map|replay}() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move curr_thread initialization to perf_sched__map() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Fix memory leak in perf_sched__map() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move start_work_mutex and work_done_wait_mutex initialization to perf_sched__replay() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> bootconfig: Fix the kerneldoc of _xbc_exit() Hui Wang <hui.wang(a)canonical.com> e1000e: move force SMBUS near the end of enable_ulp function Tony Nguyen <anthony.l.nguyen(a)intel.com> i40e: Include types.h to some headers Ivan Vecera <ivecera(a)redhat.com> i40e: Fix ST code value for Clause 45 Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Do not repeat the starting disk message Damien Le Moal <dlemoal(a)kernel.org> scsi: Remove scsi device no_start_on_resume flag Gergo Koteles <soyer(a)irl.hu> ASoC: tas2781: mark dvc_tlv with __maybe_unused Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Add mask_port_map module parameter Carlos Song <carlos.song(a)nxp.com> spi: spi-fsl-lpspi: remove redundant spi_controller_put call Charlie Jenkins <charlie(a)rivosinc.com> riscv: cpufeature: Fix thead vector hwcap removal Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have saved_cmdlines arrays all in one allocation Xiubo Li <xiubli(a)redhat.com> libceph: init the cursor when preparing sparse read in msgr2 Shannon Nelson <shannon.nelson(a)amd.com> pds_core: no health-thread in VF path Geoff Levand <geoff(a)infradead.org> Revert "powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2" Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Add support for async DMA read operation Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Add support for async DMA write operation Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Introduce async read/write callbacks Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Rename read_from_host() and write_to_host() APIs Rob Clark <robdclark(a)chromium.org> drm/crtc: fix uninitialized variable use even harder Jean-Loïc Charroud <lagiraudiere+linux(a)free.fr> ALSA: hda/realtek: cs35l41: Fix device ID / model name Jean-Loïc Charroud <lagiraudiere+linux(a)free.fr> ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Remove precision vsnprintf() check from print event Cong Yang <yangcong5(a)huaqin.corp-partner.google.com> drm/panel: boe-tv101wum-nl6: Fine tune Himax83102-j02 panel HFP and HBP (again) Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Drop TSO support Song Shuai <songshuaishuai(a)tinylab.org> riscv: Remove SHADOW_OVERFLOW_STACK_SIZE macro Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "ignore negated quota changes" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: qd_check_sync cleanups Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "introduce qd_bh_get_or_undo" Abel Vesa <abel.vesa(a)linaro.org> phy: qualcomm: eusb2-repeater: Rework init to drop redundant zero-out loop Konrad Dybcio <konrad.dybcio(a)linaro.org> phy: qualcomm: phy-qcom-eusb2-repeater: Add tuning overrides Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Load tunings for the correct speaker models Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI/MSI: Provide stubs for IMS functions" Wei Fang <wei.fang(a)nxp.com> net: fec: don't save PTP state if PTP is unsupported Gabriel Krisman Bertazi <krisman(a)suse.de> unicode: Don't special case ignorable code points ------------- Diffstat: Documentation/dev-tools/kselftest.rst | 12 + Makefile | 4 +- arch/loongarch/pci/acpi.c | 1 + arch/powerpc/configs/ps3_defconfig | 1 - arch/riscv/include/asm/sbi.h | 2 + arch/riscv/include/asm/sparsemem.h | 2 +- arch/riscv/include/asm/thread_info.h | 1 - arch/riscv/kernel/cpu.c | 40 +- arch/riscv/kernel/cpufeature.c | 8 +- arch/riscv/kernel/elf_kexec.c | 6 + arch/riscv/kernel/entry.S | 4 +- arch/s390/boot/Makefile | 19 +- arch/s390/include/asm/facility.h | 6 +- arch/s390/include/asm/io.h | 2 + arch/s390/kernel/early.c | 17 +- arch/s390/kernel/perf_cpum_sf.c | 12 +- arch/s390/mm/cmm.c | 18 +- arch/x86/kernel/amd_nb.c | 4 + arch/x86/net/bpf_jit_comp.c | 54 +- drivers/ata/ahci.c | 85 + drivers/ata/libata-eh.c | 18 +- drivers/base/bus.c | 8 +- drivers/block/zram/zram_drv.c | 7 + drivers/bus/mhi/ep/internal.h | 1 + drivers/bus/mhi/ep/main.c | 248 +- drivers/bus/mhi/ep/ring.c | 8 +- drivers/char/virtio_console.c | 18 +- drivers/clk/bcm/clk-bcm53573-ilp.c | 2 +- drivers/clk/imx/clk-imx7d.c | 4 +- .../drivers/ni_routing/tools/convert_c_to_py.c | 5 + drivers/dax/device.c | 2 +- drivers/gpio/gpio-aspeed.c | 4 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 27 +- drivers/gpu/drm/drm_crtc.c | 1 + drivers/gpu/drm/i915/display/intel_hdcp.c | 10 +- drivers/gpu/drm/nouveau/dispnv04/crtc.c | 2 +- drivers/gpu/drm/nouveau/nouveau_abi16.c | 2 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/nouveau/nouveau_chan.c | 21 +- drivers/gpu/drm/nouveau/nouveau_chan.h | 3 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 4 +- drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 9 +- drivers/gpu/drm/vc4/vc4_perfmon.c | 7 +- drivers/hid/Kconfig | 9 + drivers/hid/Makefile | 1 + drivers/hid/amd-sfh-hid/amd_sfh_client.c | 14 +- drivers/hid/hid-asus.c | 14 +- drivers/hid/hid-ids.h | 10 + drivers/hid/hid-mcp2200.c | 392 ++ drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-plantronics.c | 23 + drivers/hid/i2c-hid/i2c-hid-core.c | 22 +- drivers/hid/intel-ish-hid/ishtp-fw-loader.c | 2 +- drivers/hwmon/Kconfig | 4 + drivers/hwmon/intel-m10-bmc-hwmon.c | 2 +- drivers/hwmon/k10temp.c | 1 + drivers/i2c/busses/i2c-i801.c | 9 +- drivers/i3c/master/i3c-master-cdns.c | 1 + drivers/infiniband/core/mad.c | 14 +- drivers/infiniband/hw/mlx5/odp.c | 25 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 13 +- drivers/input/rmi4/rmi_driver.c | 6 +- drivers/media/common/videobuf2/videobuf2-core.c | 8 +- drivers/mfd/intel_soc_pmic_chtwc.c | 1 - drivers/net/dsa/b53/b53_common.c | 17 +- drivers/net/dsa/lan9303-core.c | 29 + drivers/net/ethernet/adi/adin1110.c | 4 +- drivers/net/ethernet/amd/pds_core/main.c | 6 + drivers/net/ethernet/cortina/gemini.c | 32 +- drivers/net/ethernet/freescale/fec_main.c | 6 +- drivers/net/ethernet/ibm/emac/mal.c | 2 +- drivers/net/ethernet/intel/e1000e/hw.h | 4 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 55 + drivers/net/ethernet/intel/e1000e/netdev.c | 22 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 1 + drivers/net/ethernet/intel/i40e/i40e_diag.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + drivers/net/ethernet/intel/i40e/i40e_register.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_type.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 + drivers/net/ethernet/intel/ice/ice.h | 6 +- drivers/net/ethernet/intel/ice/ice_eswitch.c | 63 +- drivers/net/ethernet/intel/ice/ice_eswitch_br.c | 17 +- drivers/net/ethernet/intel/ice/ice_eswitch_br.h | 1 + drivers/net/ethernet/intel/ice/ice_main.c | 27 +- drivers/net/ethernet/intel/ice/ice_switch.c | 2 - drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/phy/bcm84881.c | 4 +- drivers/net/phy/dp83869.c | 1 - drivers/net/phy/phy_device.c | 5 +- drivers/net/ppp/ppp_async.c | 2 +- drivers/net/slip/slhc.c | 57 +- drivers/net/vxlan/vxlan_core.c | 6 +- drivers/net/vxlan/vxlan_private.h | 2 +- drivers/net/vxlan/vxlan_vnifilter.c | 19 +- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 1 + drivers/nvdimm/nd_virtio.c | 9 + drivers/pci/endpoint/functions/pci-epf-mhi.c | 8 +- drivers/pci/quirks.c | 8 + drivers/phy/qualcomm/phy-qcom-eusb2-repeater.c | 145 +- drivers/powercap/intel_rapl_tpmi.c | 19 +- drivers/remoteproc/imx_rproc.c | 13 +- drivers/scsi/lpfc/lpfc_ct.c | 12 + drivers/scsi/lpfc/lpfc_disc.h | 7 + drivers/scsi/lpfc/lpfc_els.c | 7 +- drivers/scsi/lpfc/lpfc_vport.c | 43 +- drivers/scsi/sd.c | 9 +- drivers/scsi/wd33c93.c | 2 +- drivers/soundwire/cadence_master.c | 39 +- drivers/soundwire/cadence_master.h | 5 + drivers/soundwire/intel.h | 2 + drivers/soundwire/intel_auxdevice.c | 1 + drivers/soundwire/intel_bus_common.c | 35 +- drivers/spi/spi-fsl-lpspi.c | 14 +- drivers/staging/vme_user/vme_fake.c | 6 + drivers/staging/vme_user/vme_tsi148.c | 6 + .../int340x_thermal/processor_thermal_device_pci.c | 23 +- drivers/tty/serial/serial_core.c | 16 +- drivers/ufs/core/ufshcd.c | 5 +- drivers/usb/chipidea/udc.c | 8 +- drivers/usb/dwc2/platform.c | 26 +- drivers/usb/dwc3/core.c | 22 +- drivers/usb/dwc3/core.h | 4 - drivers/usb/dwc3/gadget.c | 11 - drivers/usb/gadget/udc/core.c | 1 + drivers/usb/host/xhci-pci.c | 5 + drivers/usb/misc/yurex.c | 19 +- drivers/usb/storage/unusual_devs.h | 11 + drivers/usb/typec/tipd/core.c | 2 + drivers/video/fbdev/core/fbcon.c | 2 + drivers/video/fbdev/sis/sis_main.c | 2 +- fs/btrfs/extent-tree.c | 19 +- fs/btrfs/volumes.h | 6 + fs/btrfs/zoned.c | 2 +- fs/ext4/super.c | 9 +- fs/ext4/xattr.c | 4 +- fs/gfs2/quota.c | 59 +- fs/nfs/callback_xdr.c | 2 + fs/nfs/client.c | 1 + fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs4state.c | 2 +- fs/nfsd/filecache.c | 4 +- fs/ntfs3/file.c | 4 +- fs/ntfs3/frecord.c | 21 +- fs/ntfs3/fslog.c | 19 +- fs/ntfs3/namei.c | 4 +- fs/proc/kcore.c | 36 +- fs/smb/client/smb2ops.c | 47 +- fs/smb/client/smb2pdu.c | 6 + fs/unicode/mkutf8data.c | 70 - fs/unicode/utf8data.c_shipped | 6703 ++++++++++---------- include/linux/bpf.h | 1 + include/linux/intel_tpmi.h | 6 + include/linux/jbd2.h | 2 +- include/linux/mhi_ep.h | 21 +- include/linux/netlink.h | 2 + include/linux/nfs_fs_sb.h | 1 + include/linux/pci.h | 34 +- include/linux/pci_ids.h | 4 + include/linux/tcp.h | 8 + include/net/mctp.h | 2 +- include/net/rtnetlink.h | 18 + include/net/sch_generic.h | 1 - include/net/sock.h | 2 + include/scsi/scsi_device.h | 1 - include/sound/cs35l56.h | 1 + include/sound/tas2781-tlv.h | 2 +- include/uapi/linux/tcp.h | 12 + io_uring/io_uring.c | 15 + kernel/bpf/arraymap.c | 3 + kernel/bpf/core.c | 21 +- kernel/bpf/hashtab.c | 3 + kernel/kthread.c | 2 + kernel/rcu/tree.c | 9 +- kernel/rcu/tree_nocb.h | 28 +- kernel/trace/trace.c | 18 +- kernel/trace/trace_output.c | 6 +- lib/bootconfig.c | 3 +- lib/build_OID_registry | 4 +- mm/secretmem.c | 4 +- net/bluetooth/hci_conn.c | 3 + net/bluetooth/hci_core.c | 27 +- net/bluetooth/rfcomm/sock.c | 2 - net/bridge/br_netfilter_hooks.c | 5 + net/bridge/br_netlink.c | 6 +- net/bridge/br_private.h | 5 +- net/bridge/br_vlan.c | 19 +- net/ceph/messenger_v2.c | 3 + net/core/dst.c | 17 +- net/core/rtnetlink.c | 31 + net/ipv4/netfilter/nf_reject_ipv4.c | 10 +- net/ipv4/netfilter/nft_fib_ipv4.c | 4 +- net/ipv4/tcp.c | 9 + net/ipv4/tcp_input.c | 57 +- net/ipv4/tcp_minisocks.c | 4 + net/ipv4/tcp_timer.c | 17 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/netfilter/nft_fib_ipv6.c | 5 +- net/mac80211/scan.c | 17 +- net/mctp/af_mctp.c | 6 +- net/mctp/device.c | 32 +- net/mctp/neigh.c | 29 +- net/mctp/route.c | 33 +- net/mpls/af_mpls.c | 87 +- net/mptcp/mib.c | 2 + net/mptcp/mib.h | 2 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 24 +- net/mptcp/subflow.c | 6 +- net/netfilter/nf_nat_core.c | 120 +- net/netfilter/xt_CHECKSUM.c | 33 +- net/netfilter/xt_CLASSIFY.c | 16 +- net/netfilter/xt_CONNSECMARK.c | 36 +- net/netfilter/xt_CT.c | 148 +- net/netfilter/xt_IDLETIMER.c | 59 +- net/netfilter/xt_LED.c | 39 +- net/netfilter/xt_NFLOG.c | 36 +- net/netfilter/xt_RATEEST.c | 39 +- net/netfilter/xt_SECMARK.c | 27 +- net/netfilter/xt_TRACE.c | 35 +- net/netfilter/xt_addrtype.c | 15 +- net/netfilter/xt_cluster.c | 33 +- net/netfilter/xt_connbytes.c | 4 +- net/netfilter/xt_connlimit.c | 39 +- net/netfilter/xt_connmark.c | 28 +- net/netfilter/xt_mark.c | 42 +- net/netlink/af_netlink.c | 38 +- net/netlink/af_netlink.h | 5 +- net/phonet/pn_netlink.c | 43 +- net/rxrpc/sendmsg.c | 10 +- net/sched/sch_api.c | 7 +- net/sctp/socket.c | 18 +- net/socket.c | 7 +- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/codecs/cs35l56-shared.c | 36 + sound/soc/codecs/cs35l56.c | 32 +- sound/soc/codecs/cs35l56.h | 1 + tools/iio/iio_generic_buffer.c | 4 + tools/lib/subcmd/parse-options.c | 8 +- tools/perf/builtin-kmem.c | 2 + tools/perf/builtin-kvm.c | 3 + tools/perf/builtin-kwork.c | 3 + tools/perf/builtin-lock.c | 3 + tools/perf/builtin-mem.c | 3 + tools/perf/builtin-sched.c | 164 +- tools/testing/ktest/ktest.pl | 2 +- tools/testing/selftests/Makefile | 7 +- .../testing/selftests/bpf/progs/verifier_int_ptr.c | 5 +- tools/testing/selftests/lib.mk | 19 + tools/testing/selftests/mm/hmm-tests.c | 2 +- .../selftests/net/forwarding/no_forwarding.sh | 2 +- tools/testing/selftests/net/setup_loopback.sh | 0 tools/testing/selftests/rseq/rseq.c | 110 +- tools/testing/selftests/rseq/rseq.h | 10 +- 260 files changed, 6581 insertions(+), 4716 deletions(-)

6 days, 10 hours

7
219
0 0

[PATCH 6.11 000/214] 6.11.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.4 release. There are 214 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 16 Oct 2024 14:09:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.4-rc1 Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix cflags posting for single issue multishot read Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: Pass domain number to pci_bus_release_domain_nr() explicitly Patrick Roy <roypat(a)amazon.co.uk> secretmem: disable memfd_secret() if arch cannot set direct map Alexander Gordeev <agordeev(a)linux.ibm.com> fs/proc/kcore.c: allow translation of physical memory addresses Frederic Weisbecker <frederic(a)kernel.org> kthread: unpark only parked kthread Joshua Hay <joshua.a.hay(a)intel.com> idpf: use actual mbx receive payload length Ulf Hansson <ulf.hansson(a)linaro.org> PM: domains: Fix alloc/free in dev_pm_domain_attach|detach_list() Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: add cancellation points to trim loops Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: split remaining space to discard in chunks Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix mm_cid test failure Donet Tom <donettom(a)linux.ibm.com> selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix bogus register reading Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error Gui-Dong Han <hanguidong02(a)outlook.com> ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() Gui-Dong Han <hanguidong02(a)outlook.com> ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() Kun(llfl) <llfl(a)linux.alibaba.com> device-dax: correct pgoff align in dax_set_mapping() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove closing subflows Paolo Abeni <pabeni(a)redhat.com> mptcp: handle consistently DSS corruption Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: realtek: Fix MMD access on RTL8126A-integrated PHY Christian Marangi <ansuelsmth(a)gmail.com> net: phy: Remove LED entry from LEDs list on unregister Anatolij Gustschin <agust(a)denx.de> net: dsa: lan9303: ensure chip reset and wait for READY status Anastasia Kovaleva <a.kovaleva(a)yadro.com> net: Fix an unsafe loop on the list Ignat Korchagin <ignat(a)cloudflare.com> net: explicitly clear the sk pointer, when pf->create fails Dan Carpenter <dan.carpenter(a)linaro.org> OPP: fix error code in dev_pm_opp_set_config() Niklas Cassel <cassel(a)kernel.org> ata: libata: avoid superfluous disk spin down + spin up during hibernation Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fallback when MPTCP opts are dropped after 1st data Michal Wilczynski <m.wilczynski(a)samsung.com> mmc: sdhci-of-dwcmshc: Prevent stale command interrupt handling Linus Walleij <linus.walleij(a)linaro.org> Revert "mmc: mvsdio: Use sg_miter for PIO" Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb() Martin Wilck <martin.wilck(a)suse.com> scsi: fnic: Move flush_work initialization out of if block Daniel Palmer <daniel(a)0x0f.com> scsi: wd33c93: Don't use stale scsi_pointer value Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Free tzp copy along with the thermal zone Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Reference count the zone in thermal_zone_get_by_id() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync Matthew Auld <matthew.auld(a)intel.com> drm/xe/ct: fix xa_store() error checking Matthew Auld <matthew.auld(a)intel.com> drm/xe/ct: prevent UAF in send_recv() Jani Nikula <jani.nikula(a)intel.com> drm/i915/hdcp: fix connector refcounting Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: fix xa_store() error checking Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amd/display: fix hibernate entry for DCN35+ Lang Yu <lang.yu(a)amd.com> drm/amdkfd: Fix an eviction fence leak Maíra Canal <mcanal(a)igalia.com> drm/vc4: Stop the active perfmon before being destroyed Maíra Canal <mcanal(a)igalia.com> drm/v3d: Stop the active perfmon before being destroyed Josip Pavic <Josip.Pavic(a)amd.com> drm/amd/display: Clear update flags after update has been applied Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: partially revert powerplay `__counted_by` changes Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Make Asus ExpertBook B2502 matches cover more models Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Make Asus ExpertBook B2402 matches cover more models SurajSonawane2415 <surajsonawane0215(a)gmail.com> hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: core: force synchronous registration Roy Luo <royluo(a)google.com> usb: dwc3: re-enable runtime PM after failed resume Icenowy Zheng <uwu(a)icenowy.me> usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip Jose Alberto Reguero <jose.alberto.reguero(a)gmail.com> usb: xhci: Fix problem with xhci resume from suspend Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Stop processing of pending events if controller is halted Oliver Neukum <oneukum(a)suse.com> Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Hardcode (non-inverted) AES pens as BTN_TOOL_PEN Wade Wang <wade.wang(a)hp.com> HID: plantronics: Workaround for an unexcepted opposite volume key Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (ltc2991) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adt7470) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adm9240) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C Guenter Roeck <linux(a)roeck-us.net> hwmon: (tmp513) Add missing dependency on REGMAP_I2C Peter Colberg <peter.colberg(a)intel.com> hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature He Lugang <helugang(a)uniontech.com> HID: multitouch: Add support for lenovo Y9000P Touchpad Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Fix rcuog wake-up from offline softirq Eric Dumazet <edumazet(a)google.com> slip: make slhc_remember() more robust against malicious packets D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric Dumazet <edumazet(a)google.com> ppp: fix ppp_async_encode() illegal access Kuniyuki Iwashima <kuniyu(a)amazon.com> phonet: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> mpls: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> mctp: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> bridge: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> vxlan: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> rtnetlink: Add bulk registration helpers for rtnetlink message handlers. Eric Dumazet <edumazet(a)google.com> net: do not delay dst_entries_add() in dst_release() Janne Grunau <j(a)jannau.net> drm/fbdev-dma: Only cleanup deferred I/O if necessary Breno Leitao <leitao(a)debian.org> net: netconsole: fix wrong warning Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: refuse cross-chip mirroring operations Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: add dcr_unmap to _remove Florian Westphal <fw(a)strlen.de> netfilter: fib: check correct rtable in vrf setups Florian Westphal <fw(a)strlen.de> netfilter: xtables: avoid NFPROTO_UNSPEC where needed Xin Long <lucien.xin(a)gmail.com> sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Filipe Manana <fdmanana(a)suse.com> btrfs: zoned: fix missing RCU locking in error message when loading zone info MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix race condition for VLAN table access Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: fix wrong goto Matt Roper <matthew.d.roper(a)intel.com> drm/xe: Make wedged_mode debugfs writable Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe: Restore GT freq on GSC load error Eric Dumazet <edumazet(a)google.com> net/sched: accept TCA_STAB only for root qdisc Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change I219 (19) devices to ADP Mohamed Khalfella <mkhalfella(a)purestorage.com> igb: Do not bring the device up after non-fatal error Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: Fix macvlan leak by synchronizing access to mac_filter_hash Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix increasing MSI-X on VF Wojciech Drewek <wojciech.drewek(a)intel.com> ice: Flush FDB entries before reset Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix netif_is_ice() in Safe Mode Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix entering Safe Mode Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Ignore minor version change Juergen Gross <jgross(a)suse.com> x86/xen: mark boot CPU of PV guest in MSR_IA32_APICBASE Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Use devm_clk api to manage clock source Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Add the flush write to ensure the write complete. Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix privileged error in copy engine channel Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau: pass cli to nouveau_channel_new() instead of drm+device Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frames on 10/100 ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow lower MTUs on BCM5325/5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for BCM5325/BCM5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for 1g switches Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frame mtu check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: adi: adin1110: Fix some error handling path in adin1110_read_fifo() Jakub Kicinski <kuba(a)kernel.org> Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled" Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Fix warning during module unload Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix possible badness in FREE_STATEID Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: phy: bcm84881: Fix some error handling paths Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Don't fail external suspend requests Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix enabled status mismatch Kacper Ludwinski <kac.ludwinski(a)icloud.com> selftests: net: no_forwarding: fix VID for $swp2 in one_bridge_two_pvids() test Andy Roulin <aroulin(a)nvidia.com> netfilter: br_netfilter: fix panic with metadata_dst skb Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix reception from VLAN-unaware bridges David Howells <dhowells(a)redhat.com> rxrpc: Fix uninitialised variable in rxrpc_send_data() Neal Cardwell <ncardwell(a)google.com> tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe Neal Cardwell <ncardwell(a)google.com> tcp: fix to allow timestamp undo if no retransmits were sent Abhishek Chauhan <quic_abchauha(a)quicinc.com> net: phy: aquantia: remove usage of phy_set_max_speed Abhishek Chauhan <quic_abchauha(a)quicinc.com> net: phy: aquantia: AQR115c fix up PMA capabilities Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> sfc: Don't invoke xdp_do_flush() from netpoll. Ingo van Lil <inguin(a)gmx.de> net: phy: dp83869: fix memory corruption when enabling fiber Yanjun Zhang <zhangyanjun(a)cestc.cn> NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() Dan Carpenter <dan.carpenter(a)linaro.org> SUNRPC: Fix integer overflow in decode_rc_list() Dave Ertman <david.m.ertman(a)intel.com> ice: fix VLAN replay after reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: fix memleak in ice_init_tx_topology() Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: clear port vlan config during reset Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: set correct dst VSI in only LAN filters NeilBrown <neilb(a)suse.de> nfsd: nfsd_destroy_serv() must call svc_destroy() even if nfsd_startup_net() failed Chuck Lever <chuck.lever(a)oracle.com> NFSD: Mark filecache "down" if init fails Andrey Shumilin <shum.sdl(a)nppct.ru> fbdev: sisfb: Fix strbuf array overflow Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix UAF in async decryption Qianqiang Liu <qianqiang.liu(a)163.com> fbcon: Fix a NULL pointer dereference issue in fbcon_putcs Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointer before dereferencing se Christian König <christian.koenig(a)amd.com> drm/amdgpu: nuke the VM PD/PT shadow handling José Roberto de Souza <jose.souza(a)intel.com> drm/xe/oa: Fix overflow in oa batch buffer Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Ken Raeburn <raeburn(a)redhat.com> dm vdo: don't refer to dedupe_context after releasing it Abhishek Tamboli <abhishektamboli9(a)gmail.com> usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c Riyan Dhiman <riyandhiman14(a)gmail.com> staging: vme_user: added bound check to geoid Zhu Jun <zhujun2(a)cmss.chinamobile.com> tools/iio: Add memory allocation failure check for trigger_name Philip Chen <philipchen(a)chromium.org> virtio_pmem: Check device status before requesting flush Simon Horman <horms(a)kernel.org> netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash Wentao Guan <guanwentao(a)uniontech.com> LoongArch: Fix memleak in pci_acpi_scan_root() Ruffalo Lavoisier <ruffalolavoisier(a)gmail.com> comedi: ni_routing: tools: Check when the file could not be opened Frank Li <Frank.Li(a)nxp.com> usb: host: xhci-plat: Parse xhci-missing_cas_quirk and apply quirk Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Fix STALL transfer event handling Shawn Shao <shawn.shao(a)jaguarmicro.com> usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: enable suspend interrupt after usb reset Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Don't truncate the reads Wadim Egorov <w.egorov(a)phytec.de> usb: typec: tipd: Free IRQ only if it was requested before Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: protect uart_port_dtr_rts() in uart_shutdown() too Peng Fan <peng.fan(a)nxp.com> clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table Yunke Cao <yunkec(a)chromium.org> media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Ying Sun <sunying(a)isrc.iscas.ac.cn> riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16 unknown Pierre-Louis Bossart <pierre-louis.bossart(a)linux.dev> soundwire: cadence: re-check Peripheral status with delayed_work Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: endpoint: Assign PCI domain number for endpoint controllers Prudhvi Yarlagadda <quic_pyarlaga(a)quicinc.com> PCI: qcom: Disable mirroring of DBI and iATU register space in BAR region Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults Jisheng Zhang <jszhang(a)kernel.org> riscv: avoid Imbalance in RAS Samuel Holland <samuel.holland(a)sifive.com> riscv: Omit optimized string routines when using KASAN Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mfd: intel-lpss: Add Intel Panther Lake LPSS PCI IDs Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mfd: intel-lpss: Add Intel Arrow Lake-H LPSS PCI IDs Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict Kaixin Wang <kxwang23(a)m.fudan.edu.cn> ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition Jens Axboe <axboe(a)kernel.dk> io_uring: check if we need to reschedule during overflow flush Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Alex Williamson <alex.williamson(a)redhat.com> PCI: Mark Creative Labs EMU20k2 INTx masking as broken Hans de Goede <hdegoede(a)redhat.com> i2c: i801: Use a different adapter-name for IDF adapters Subramanian Ananthanarayanan <quic_skananth(a)quicinc.com> PCI: Add ACS quirk for Qualcomm SA8775P Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: bcm: bcm53573: fix OF node leak in init Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-srv: Avoid null pointer deref during path establishment WangYuli <wangyuli(a)uniontech.com> PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Pierre-Louis Bossart <pierre-louis.bossart(a)linux.dev> soundwire: intel_bus_common: enable interrupts before exiting reset Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/mad: Improve handling of timed out WRs of mad agent Daniel Jordan <daniel.m.jordan(a)oracle.com> ktest.pl: Avoid false positives with grub2 skip regex Xu Kuohai <xukuohai(a)huawei.com> bpf: Prevent tail call between progs attached to different hooks Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Handle early warnings gracefully Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Remove WARN_ON_ONCE statements Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: nested locking for xattr inode Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Yonghong Song <yonghong.song(a)linux.dev> bpf, x64: Fix a jit convergence issue Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Add cond_resched() to cmm_alloc/free_pages() Heiko Carstens <hca(a)linux.ibm.com> s390/facility: Disable compile time optimization for decompressor code Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Compile all files with the same march flag Tao Chen <chen.dylane(a)gmail.com> bpf: Check percpu map value size first Daniel Borkmann <daniel(a)iogearbox.net> selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test Hou Tao <houtao1(a)huawei.com> bpf: Call the missed btf_record_free() when map creation fails Andrey Skvortsov <andrej.skvortzov(a)gmail.com> zram: don't free statically defined names Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: free secondary algorithms names Yang Jihong <yangjihong(a)bytedance.com> perf build: Fix build feature-dwarf_getlocations fail for old libdw Yang Jihong <yangjihong(a)bytedance.com> perf build: Fix static compilation error when libdw is not installed Diogo Jahchan Koike <djahchankoike(a)gmail.com> ntfs3: Change to non-blocking allocation in ntfs_d_hash Ian Rogers <irogers(a)google.com> perf vdso: Missed put on 32-bit dsos Michael S. Tsirkin <mst(a)redhat.com> virtio_console: fix misc probe bugs Srujana Challa <schalla(a)marvell.com> vdpa/octeon_ep: Fix format specifier for pointers in debug messages Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Refactor enum_rstbl to suppress static checker Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix sparse warning in ni_fiemap Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix sparse warning for bigendian Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Optimize large writes into sparse file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do not call file_modified if collapse range failed Wei Fang <wei.fang(a)nxp.com> net: fec: don't save PTP state if PTP is unsupported Gabriel Krisman Bertazi <krisman(a)suse.de> unicode: Don't special case ignorable code points ------------- Diffstat: Makefile | 4 +- arch/loongarch/pci/acpi.c | 1 + arch/riscv/include/asm/sparsemem.h | 2 +- arch/riscv/include/asm/string.h | 2 + arch/riscv/kernel/elf_kexec.c | 6 + arch/riscv/kernel/entry.S | 4 +- arch/riscv/kernel/riscv_ksyms.c | 3 - arch/riscv/lib/Makefile | 2 + arch/riscv/lib/strcmp.S | 1 + arch/riscv/lib/strlen.S | 1 + arch/riscv/lib/strncmp.S | 1 + arch/riscv/purgatory/Makefile | 2 + arch/s390/boot/Makefile | 19 +- arch/s390/include/asm/facility.h | 6 +- arch/s390/include/asm/io.h | 2 + arch/s390/kernel/early.c | 17 +- arch/s390/kernel/perf_cpum_sf.c | 12 +- arch/s390/mm/cmm.c | 18 +- arch/x86/kernel/amd_nb.c | 3 + arch/x86/net/bpf_jit_comp.c | 54 +- arch/x86/xen/enlighten_pv.c | 4 + drivers/acpi/resource.c | 29 +- drivers/ata/libata-eh.c | 18 +- drivers/base/bus.c | 8 +- drivers/base/power/common.c | 25 +- drivers/block/zram/zram_drv.c | 7 + drivers/bluetooth/btusb.c | 20 +- drivers/char/virtio_console.c | 18 +- drivers/clk/bcm/clk-bcm53573-ilp.c | 2 +- drivers/clk/imx/clk-imx7d.c | 4 +- .../drivers/ni_routing/tools/convert_c_to_py.c | 5 + drivers/dax/device.c | 2 +- drivers/gpio/gpio-aspeed.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 87 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 67 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 21 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 17 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 56 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 19 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 47 +- drivers/gpu/drm/amd/pm/powerplay/inc/hwmgr.h | 26 +- drivers/gpu/drm/drm_fbdev_dma.c | 3 +- drivers/gpu/drm/i915/display/intel_hdcp.c | 10 +- drivers/gpu/drm/nouveau/dispnv04/crtc.c | 2 +- drivers/gpu/drm/nouveau/nouveau_abi16.c | 2 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/nouveau/nouveau_chan.c | 21 +- drivers/gpu/drm/nouveau/nouveau_chan.h | 3 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 4 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 9 +- drivers/gpu/drm/vc4/vc4_perfmon.c | 7 +- drivers/gpu/drm/xe/xe_bb.c | 3 +- drivers/gpu/drm/xe/xe_debugfs.c | 2 +- drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_guc_ct.c | 44 +- drivers/gpu/drm/xe/xe_guc_submit.c | 9 +- drivers/hid/amd-sfh-hid/amd_sfh_client.c | 14 +- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-plantronics.c | 23 + drivers/hid/intel-ish-hid/ishtp-fw-loader.c | 2 +- drivers/hid/wacom_wac.c | 2 + drivers/hwmon/Kconfig | 5 + drivers/hwmon/intel-m10-bmc-hwmon.c | 2 +- drivers/hwmon/k10temp.c | 1 + drivers/i2c/busses/i2c-i801.c | 9 +- drivers/i3c/master/i3c-master-cdns.c | 1 + drivers/infiniband/core/mad.c | 14 +- drivers/infiniband/hw/mlx5/odp.c | 25 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 13 +- drivers/md/dm-vdo/dedupe.c | 3 + drivers/media/common/videobuf2/videobuf2-core.c | 8 +- drivers/mfd/intel-lpss-pci.c | 39 + drivers/mfd/intel_soc_pmic_chtwc.c | 1 - drivers/mmc/host/mvsdio.c | 71 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 8 + drivers/net/dsa/b53/b53_common.c | 17 +- drivers/net/dsa/lan9303-core.c | 29 + drivers/net/dsa/sja1105/sja1105_main.c | 1 - drivers/net/ethernet/adi/adin1110.c | 4 +- drivers/net/ethernet/freescale/fec_main.c | 6 +- drivers/net/ethernet/ibm/emac/mal.c | 4 +- drivers/net/ethernet/intel/e1000e/hw.h | 4 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 + drivers/net/ethernet/intel/ice/ice_ddp.c | 58 +- drivers/net/ethernet/intel/ice/ice_ddp.h | 4 +- drivers/net/ethernet/intel/ice/ice_dpll.c | 6 +- drivers/net/ethernet/intel/ice/ice_eswitch_br.c | 5 +- drivers/net/ethernet/intel/ice/ice_eswitch_br.h | 1 + drivers/net/ethernet/intel/ice/ice_main.c | 39 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 19 +- drivers/net/ethernet/intel/ice/ice_switch.c | 2 - drivers/net/ethernet/intel/ice/ice_tc_lib.c | 11 + drivers/net/ethernet/intel/ice/ice_vf_lib.c | 9 +- .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 - drivers/net/ethernet/intel/ice/ice_vsi_vlan_lib.c | 57 + drivers/net/ethernet/intel/ice/ice_vsi_vlan_lib.h | 1 + drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 9 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/sfc/efx_channels.c | 3 +- drivers/net/ethernet/sfc/siena/efx_channels.c | 3 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/ti/icssg/icssg_config.c | 2 + drivers/net/ethernet/ti/icssg/icssg_prueth.c | 1 + drivers/net/ethernet/ti/icssg/icssg_prueth.h | 2 + drivers/net/netconsole.c | 8 +- drivers/net/phy/aquantia/aquantia_main.c | 51 +- drivers/net/phy/bcm84881.c | 4 +- drivers/net/phy/dp83869.c | 1 - drivers/net/phy/phy_device.c | 5 +- drivers/net/phy/realtek.c | 24 +- drivers/net/ppp/ppp_async.c | 2 +- drivers/net/pse-pd/pse_core.c | 11 + drivers/net/slip/slhc.c | 57 +- drivers/net/vxlan/vxlan_core.c | 6 +- drivers/net/vxlan/vxlan_private.h | 2 +- drivers/net/vxlan/vxlan_vnifilter.c | 19 +- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 1 + drivers/nvdimm/nd_virtio.c | 9 + drivers/opp/core.c | 4 +- drivers/pci/controller/dwc/pcie-designware.c | 2 + drivers/pci/controller/dwc/pcie-designware.h | 2 + drivers/pci/controller/dwc/pcie-qcom.c | 72 +- drivers/pci/endpoint/pci-epc-core.c | 14 + drivers/pci/pci.c | 14 +- drivers/pci/probe.c | 2 +- drivers/pci/quirks.c | 8 + drivers/pci/remove.c | 2 +- drivers/powercap/intel_rapl_tpmi.c | 19 +- drivers/remoteproc/imx_rproc.c | 13 +- drivers/scsi/fnic/fnic_main.c | 2 +- drivers/scsi/lpfc/lpfc_ct.c | 22 +- drivers/scsi/lpfc/lpfc_disc.h | 7 + drivers/scsi/lpfc/lpfc_els.c | 132 +- drivers/scsi/lpfc/lpfc_vport.c | 43 +- drivers/scsi/wd33c93.c | 2 +- drivers/soundwire/cadence_master.c | 39 +- drivers/soundwire/cadence_master.h | 5 + drivers/soundwire/intel.h | 2 + drivers/soundwire/intel_auxdevice.c | 1 + drivers/soundwire/intel_bus_common.c | 35 +- drivers/staging/vme_user/vme_fake.c | 6 + drivers/staging/vme_user/vme_tsi148.c | 6 + .../int340x_thermal/processor_thermal_device_pci.c | 2 - drivers/thermal/thermal_core.c | 5 +- drivers/thermal/thermal_core.h | 3 + drivers/thermal/thermal_netlink.c | 9 +- drivers/tty/serial/serial_core.c | 16 +- drivers/ufs/core/ufshcd.c | 5 +- drivers/usb/chipidea/udc.c | 8 +- drivers/usb/dwc2/platform.c | 26 +- drivers/usb/dwc3/core.c | 30 +- drivers/usb/dwc3/core.h | 4 - drivers/usb/dwc3/gadget.c | 11 - drivers/usb/gadget/function/uvc_v4l2.c | 12 +- drivers/usb/gadget/udc/core.c | 1 + drivers/usb/host/xhci-dbgcap.c | 133 +- drivers/usb/host/xhci-dbgcap.h | 2 +- drivers/usb/host/xhci-pci.c | 5 + drivers/usb/host/xhci-plat.c | 6 + drivers/usb/misc/yurex.c | 19 +- drivers/usb/storage/unusual_devs.h | 11 + drivers/usb/typec/tipd/core.c | 3 +- drivers/usb/typec/ucsi/ucsi.c | 8 +- drivers/usb/typec/ucsi/ucsi.h | 2 + drivers/vdpa/octeon_ep/octep_vdpa_hw.c | 12 +- drivers/video/fbdev/core/fbcon.c | 2 + drivers/video/fbdev/sis/sis_main.c | 2 +- fs/btrfs/extent-tree.c | 26 +- fs/btrfs/free-space-cache.c | 4 +- fs/btrfs/free-space-cache.h | 6 + fs/btrfs/volumes.h | 6 + fs/btrfs/zoned.c | 2 +- fs/ext4/super.c | 9 +- fs/ext4/xattr.c | 4 +- fs/nfs/callback_xdr.c | 2 + fs/nfs/client.c | 1 + fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs4state.c | 2 +- fs/nfsd/filecache.c | 4 +- fs/nfsd/nfs4state.c | 1 + fs/nfsd/nfssvc.c | 6 +- fs/ntfs3/file.c | 40 +- fs/ntfs3/frecord.c | 21 +- fs/ntfs3/fslog.c | 19 +- fs/ntfs3/namei.c | 4 +- fs/ntfs3/super.c | 3 +- fs/proc/kcore.c | 36 +- fs/smb/client/smb2ops.c | 47 +- fs/smb/client/smb2pdu.c | 6 + fs/unicode/mkutf8data.c | 70 - fs/unicode/utf8data.c_shipped | 6703 ++++++++++---------- include/linux/bpf.h | 1 + include/linux/nfs_fs_sb.h | 1 + include/linux/pci-epc.h | 2 + include/linux/pci.h | 2 +- include/linux/pci_ids.h | 3 + include/net/mctp.h | 2 +- include/net/rtnetlink.h | 17 + include/net/sch_generic.h | 1 - include/net/sock.h | 2 + io_uring/io_uring.c | 15 + io_uring/rw.c | 19 +- kernel/bpf/arraymap.c | 3 + kernel/bpf/core.c | 21 +- kernel/bpf/hashtab.c | 3 + kernel/bpf/syscall.c | 19 +- kernel/kthread.c | 2 + kernel/rcu/tree_nocb.h | 8 +- mm/secretmem.c | 4 +- net/bluetooth/hci_conn.c | 3 + net/bluetooth/rfcomm/sock.c | 2 - net/bridge/br_netfilter_hooks.c | 5 + net/bridge/br_netlink.c | 6 +- net/bridge/br_private.h | 5 +- net/bridge/br_vlan.c | 19 +- net/core/dst.c | 17 +- net/core/rtnetlink.c | 29 + net/dsa/user.c | 11 +- net/ipv4/netfilter/nf_reject_ipv4.c | 10 +- net/ipv4/netfilter/nft_fib_ipv4.c | 4 +- net/ipv4/tcp_input.c | 42 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/netfilter/nft_fib_ipv6.c | 5 +- net/mctp/af_mctp.c | 6 +- net/mctp/device.c | 32 +- net/mctp/neigh.c | 29 +- net/mctp/route.c | 33 +- net/mpls/af_mpls.c | 32 +- net/mptcp/mib.c | 2 + net/mptcp/mib.h | 2 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 24 +- net/mptcp/subflow.c | 6 +- net/netfilter/nf_nat_core.c | 120 +- net/netfilter/xt_CHECKSUM.c | 33 +- net/netfilter/xt_CLASSIFY.c | 16 +- net/netfilter/xt_CONNSECMARK.c | 36 +- net/netfilter/xt_CT.c | 148 +- net/netfilter/xt_IDLETIMER.c | 59 +- net/netfilter/xt_LED.c | 39 +- net/netfilter/xt_NFLOG.c | 36 +- net/netfilter/xt_RATEEST.c | 39 +- net/netfilter/xt_SECMARK.c | 27 +- net/netfilter/xt_TRACE.c | 35 +- net/netfilter/xt_addrtype.c | 15 +- net/netfilter/xt_cluster.c | 33 +- net/netfilter/xt_connbytes.c | 4 +- net/netfilter/xt_connlimit.c | 39 +- net/netfilter/xt_connmark.c | 28 +- net/netfilter/xt_mark.c | 42 +- net/netlink/af_netlink.c | 3 +- net/phonet/pn_netlink.c | 28 +- net/rxrpc/sendmsg.c | 10 +- net/sched/sch_api.c | 7 +- net/sctp/socket.c | 18 +- net/smc/smc_inet.c | 11 + net/socket.c | 7 +- sound/pci/hda/hda_intel.c | 2 +- tools/build/feature/Makefile | 5 +- tools/iio/iio_generic_buffer.c | 4 + tools/perf/Makefile.config | 7 +- tools/perf/util/vdso.c | 4 +- tools/testing/ktest/ktest.pl | 2 +- .../testing/selftests/bpf/progs/verifier_int_ptr.c | 5 +- tools/testing/selftests/mm/hmm-tests.c | 2 +- .../selftests/net/forwarding/no_forwarding.sh | 2 +- tools/testing/selftests/rseq/rseq.c | 110 +- tools/testing/selftests/rseq/rseq.h | 10 +- 276 files changed, 5984 insertions(+), 4832 deletions(-)

6 days, 10 hours

10
228
0 0

Re: [PATCH 6.11 000/212] 6.11.4-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

6 days, 11 hours

1
0
0 0

Yamaha Piano 10/15

by Josey Swihart

Hello, I am offering my late husband?s Yamaha piano to anyone who would truly appreciate it. If you or someone you know would be interested in receiving this instrument for free, please do not hesitate to contact me. Warm regards, Josey

6 days, 12 hours

1
0
0 0

[PATCH 5.10] nvme: fix metadata handling in nvme-passthrough

by Puranjay Mohan

[ Upstream commit 7c2fd76048e95dd267055b5f5e0a48e6e7c81fd9 ] On an NVMe namespace that does not support metadata, it is possible to send an IO command with metadata through io-passthru. This allows issues like [1] to trigger in the completion code path. nvme_map_user_request() doesn't check if the namespace supports metadata before sending it forward. It also allows admin commands with metadata to be processed as it ignores metadata when bdev == NULL and may report success. Reject an IO command with metadata when the NVMe namespace doesn't support it and reject an admin command if it has metadata. [1] https://lore.kernel.org/all/mb61pcylvnym8.fsf@amazon.com/ Suggested-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Sagi Grimberg <sagi(a)grimberg.me> Reviewed-by: Anuj Gupta <anuj20.g(a)samsung.com> Signed-off-by: Keith Busch <kbusch(a)kernel.org> [ Move the changes from nvme_map_user_request() to nvme_submit_user_cmd() to make it work on 5.10 ] Signed-off-by: Puranjay Mohan <pjy(a)amazon.com> --- drivers/nvme/host/core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 30a642c8f5374..bee55902fe6ce 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1121,11 +1121,16 @@ static int nvme_submit_user_cmd(struct request_queue *q, bool write = nvme_is_write(cmd); struct nvme_ns *ns = q->queuedata; struct gendisk *disk = ns ? ns->disk : NULL; + bool supports_metadata = disk && blk_get_integrity(disk); + bool has_metadata = meta_buffer && meta_len; struct request *req; struct bio *bio = NULL; void *meta = NULL; int ret; + if (has_metadata && !supports_metadata) + return -EINVAL; + req = nvme_alloc_request(q, cmd, 0); if (IS_ERR(req)) return PTR_ERR(req); @@ -1141,7 +1146,7 @@ static int nvme_submit_user_cmd(struct request_queue *q, goto out; bio = req->bio; bio->bi_disk = disk; - if (disk && meta_buffer && meta_len) { + if (has_metadata) { meta = nvme_add_user_metadata(bio, meta_buffer, meta_len, meta_seed, write); if (IS_ERR(meta)) { -- 2.40.1

6 days, 12 hours

1
0
0 0

[PATCH 01/10] drm/amd/display: temp w/a for dGPU to enter idle optimizations

by Wayne Lin

From: Aurabindo Pillai <aurabindo.pillai(a)amd.com> [Why&How] vblank immediate disable currently does not work for all asics. On DCN401, the vblank interrupts never stop coming, and hence we never get a chance to trigger idle optimizations. Add a workaround to enable immediate disable only on APUs for now. This adds a 2-frame delay for triggering idle optimization, which is a negligible overhead. Fixes: db11e20a1144 ("drm/amd/display: use a more lax vblank enable policy for older ASICs") Fixes: 6dfb3a42a914 ("drm/amd/display: use a more lax vblank enable policy for DCN35+") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index a4882b16ace2..6ea54eb5d68d 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -8379,7 +8379,8 @@ static void manage_dm_interrupts(struct amdgpu_device *adev, if (amdgpu_ip_version(adev, DCE_HWIP, 0) < IP_VERSION(3, 5, 0) || acrtc_state->stream->link->psr_settings.psr_version < - DC_PSR_VERSION_UNSUPPORTED) { + DC_PSR_VERSION_UNSUPPORTED || + !(adev->flags & AMD_IS_APU)) { timing = &acrtc_state->stream->timing; /* at least 2 frames */ -- 2.37.3

6 days, 12 hours

2
1
0 0

[PATCH v2] mm/page_alloc: Let GFP_ATOMIC order-0 allocs access highatomic reserves

by Matt Fleming

From: Matt Fleming <mfleming(a)cloudflare.com> Under memory pressure it's possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it's only run from reclaim. Given that such allocations will pass the watermarks in __zone_watermark_unusable_free(), it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can. This fixes order-0 page allocation failures observed on Cloudflare's fleet when handling network packets: kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC), nodemask=(null),cpuset=/,mems_allowed=0-7 CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1 Hardware name: MACHINE Call Trace: <IRQ> dump_stack_lvl+0x3c/0x50 warn_alloc+0x13a/0x1c0 __alloc_pages_slowpath.constprop.0+0xc9d/0xd10 __alloc_pages+0x327/0x340 __napi_alloc_skb+0x16d/0x1f0 bnxt_rx_page_skb+0x96/0x1b0 [bnxt_en] bnxt_rx_pkt+0x201/0x15e0 [bnxt_en] __bnxt_poll_work+0x156/0x2b0 [bnxt_en] bnxt_poll+0xd9/0x1c0 [bnxt_en] __napi_poll+0x2b/0x1b0 bpf_trampoline_6442524138+0x7d/0x1000 __napi_poll+0x5/0x1b0 net_rx_action+0x342/0x740 handle_softirqs+0xcf/0x2b0 irq_exit_rcu+0x6c/0x90 sysvec_apic_timer_interrupt+0x72/0x90 </IRQ> Fixes: 1d91df85f399 ("mm/page_alloc: handle a missing case for memalloc_nocma_{save/restore} APIs") Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: linux-mm(a)kvack.org Cc: stable(a)vger.kernel.org # v5.9+ Link: https://lore.kernel.org/all/CAGis_TWzSu=P7QJmjD58WWiu3zjMTVKSzdOwWE8ORaGytz… Signed-off-by: Matt Fleming <mfleming(a)cloudflare.com> --- mm/page_alloc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) v2: Update comment and add Fixes, Reviewed-by, and Cc: stable tags. diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 8afab64814dc..94a2ffe28008 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2893,12 +2893,12 @@ struct page *rmqueue_buddy(struct zone *preferred_zone, struct zone *zone, page = __rmqueue(zone, order, migratetype, alloc_flags); /* - * If the allocation fails, allow OOM handling access - * to HIGHATOMIC reserves as failing now is worse than - * failing a high-order atomic allocation in the - * future. + * If the allocation fails, allow OOM handling and + * order-0 (atomic) allocs access to HIGHATOMIC + * reserves as failing now is worse than failing a + * high-order atomic allocation in the future. */ - if (!page && (alloc_flags & ALLOC_OOM)) + if (!page && (alloc_flags & (ALLOC_OOM|ALLOC_NON_BLOCK))) page = __rmqueue_smallest(zone, order, MIGRATE_HIGHATOMIC); if (!page) { -- 2.34.1

6 days, 12 hours

1
0
0 0

backport mseal and mseal_test to 6.10

by Jeff Xu

Hi Greg, How are you? What is the process to backport Pedro's recent mseal fixes to 6.10 ? Specifically those 5 commits: 67203f3f2a63d429272f0c80451e5fcc469fdb46 selftests/mm: add mseal test for no-discard madvise 4d1b3416659be70a2251b494e85e25978de06519 mm: move can_modify_vma to mm/vma.h 4a2dd02b09160ee43f96c759fafa7b56dfc33816 mm/mprotect: replace can_modify_mm with can_modify_vma 23c57d1fa2b9530e38f7964b4e457fed5a7a0ae8 mseal: replace can_modify_mm_madv with a vma variant f28bdd1b17ec187eaa34845814afaaff99832762 selftests/mm: add more mseal traversal tests There will be merge conflicts, I can backport them to 5.10 and test to help the backporting process. Those 5 fixes are needed for two reasons: maintain the consistency of mseal's semantics across releases, and for ease of backporting future fixes. PS: There are also three other commits for munmap and remap (see below), they have dependency on Michael Ellerman's arch_unmap() patch [1] and maybe uprobe change [2]. If Michael and Oleg are OK with backporting their patches, then great ! Otherwise, since those commits below don't change mseal's semantics, I think it is OK to just backport above 5 patches. df2a7df9a9aa32c3df227de346693e6e802c8591 mm/munmap: replace can_modify_mm with can_modify_vma 38075679b5f157eeacd46c900e9cfc684bdbc167 mm/mremap: replace can_modify_mm with can_modify_vma 5b3db2b812a1f86dfab587324d198a5d10c7a5cf mm: remove can_modify_mm() [1] https://lore.kernel.org/all/20240812082605.743814-1-mpe@ellerman.id.au/ [2] https://lore.kernel.org/all/20240911131320.GA3448@redhat.com/ Thanks! -Jeff

6 days, 14 hours

3
8
0 0

[PATCH 05/10] drm/amd/display: temp w/a for DP Link Layer compliance

by Wayne Lin

From: Aurabindo Pillai <aurabindo.pillai(a)amd.com> [Why&How] Disabling P-State support on full updates for DCN401 results in introducing additional communication with SMU. A UCLK hard min message to SMU takes 4 seconds to go through, which was due to DCN not allowing pstate switch, which was caused by incorrect value for TTU watermark before blanking the HUBP prior to DPG on for servicing the test request. Fix the issue temporarily by disallowing pstate changes for compliance test while test request handler is reworked for a proper fix. Fixes: 67ea53a4bd9d ("drm/amd/display: Disable DCN401 UCLK P-State support on full updates") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> --- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index 8eaf292bc4eb..b0fea0856866 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -46,6 +46,7 @@ #include "dm_helpers.h" #include "ddc_service_types.h" +#include "clk_mgr.h" static u32 edid_extract_panel_id(struct edid *edid) { @@ -1181,6 +1182,8 @@ bool dm_helpers_dp_handle_test_pattern_request( struct pipe_ctx *pipe_ctx = NULL; struct amdgpu_dm_connector *aconnector = link->priv; struct drm_device *dev = aconnector->base.dev; + struct dc_state *dc_state = ctx->dc->current_state; + struct clk_mgr *clk_mgr = ctx->dc->clk_mgr; int i; for (i = 0; i < MAX_PIPES; i++) { @@ -1281,6 +1284,16 @@ bool dm_helpers_dp_handle_test_pattern_request( pipe_ctx->stream->test_pattern.type = test_pattern; pipe_ctx->stream->test_pattern.color_space = test_pattern_color_space; + /* Temp W/A for compliance test failure */ + dc_state->bw_ctx.bw.dcn.clk.p_state_change_support = false; + dc_state->bw_ctx.bw.dcn.clk.dramclk_khz = clk_mgr->dc_mode_softmax_enabled ? + clk_mgr->bw_params->dc_mode_softmax_memclk : clk_mgr->bw_params->max_memclk_mhz; + dc_state->bw_ctx.bw.dcn.clk.idle_dramclk_khz = dc_state->bw_ctx.bw.dcn.clk.dramclk_khz; + ctx->dc->clk_mgr->funcs->update_clocks( + ctx->dc->clk_mgr, + dc_state, + false); + dc_link_dp_set_test_pattern( (struct dc_link *) link, test_pattern, -- 2.37.3

6 days, 17 hours

1
0
0 0

[PATCH ipsec v3] xfrm: fix one more kernel-infoleak in algo dumping

by Petr Vaganov

During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram_iter+0x168/0x1060 skb_copy_datagram_iter+0x5b/0x220 netlink_recvmsg+0x362/0x1700 sock_recvmsg+0x2dc/0x390 __sys_recvfrom+0x381/0x6d0 __x64_sys_recvfrom+0x130/0x200 x64_sys_call+0x32c8/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit was stored to memory at: copy_to_user_state_extra+0xcc1/0x1e00 dump_one_state+0x28c/0x5f0 xfrm_state_walk+0x548/0x11e0 xfrm_dump_sa+0x1e0/0x840 netlink_dump+0x943/0x1c40 __netlink_dump_start+0x746/0xdb0 xfrm_user_rcv_msg+0x429/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit was created at: __kmalloc+0x571/0xd30 attach_auth+0x106/0x3e0 xfrm_add_sa+0x2aa0/0x4230 xfrm_user_rcv_msg+0x832/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Bytes 328-379 of 732 are uninitialized Memory access of size 732 starts at ffff88800e18e000 Data copied to user address 00007ff30f48aff0 CPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Fixes copying of xfrm algorithms where some random data of the structure fields can end up in userspace. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. A similar issue was resolved in the commit 8222d5910dae ("xfrm: Zero padding when dumping algos and encap") Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: c7a5899eb26e ("xfrm: redact SA secret with lockdown confidentiality") Cc: stable(a)vger.kernel.org Co-developed-by: Boris Tonofa <b.tonofa(a)ideco.ru> Signed-off-by: Boris Tonofa <b.tonofa(a)ideco.ru> Signed-off-by: Petr Vaganov <p.vaganov(a)ideco.ru> --- v3: Corrected commit description "This patch fixes copying..." to "Fixes copying..." according to accepted rules of Linux kernel commits, as suggested by Markus Elfring <elfring(a)users.sourceforge.net>. v2: Fixed typo in sizeof(sizeof(ap->alg_name) expression. The third argument for the strscpy_pad macro was chosen by analogy with those in other functions of this file - as did commit 8222d5910dae ("xfrm: Zero padding when dumping algos and encap"). I still think it would be better to leave the strscpy_pad() macro with three arguments in this patch, mainly so that it would be consistent with the existing similar code in this module. Regarding strncpy() above, we don't think it is a real issue since the uncopied parts should be already padded with zeroes by nla_reserve(). net/xfrm/xfrm_user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 55f039ec3d59..0083faabe8be 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1098,7 +1098,9 @@ static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) if (!nla) return -EMSGSIZE; ap = nla_data(nla); - memcpy(ap, auth, sizeof(struct xfrm_algo_auth)); + strscpy_pad(ap->alg_name, auth->alg_name, sizeof(ap->alg_name)); + ap->alg_key_len = auth->alg_key_len; + ap->alg_trunc_len = auth->alg_trunc_len; if (redact_secret && auth->alg_key_len) memset(ap->alg_key, 0, (auth->alg_key_len + 7) / 8); else -- 2.46.2

6 days, 19 hours

3
2
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2024