November 2024 - Linux-stable-mirror

[PATCH 6.6.y 0/5] fix error handling in mmap_region() and refactor (hotfixes)

by Lorenzo Stoakes

Critical fixes for mmap_region(), backported to 6.6.y. Some notes on differences from upstream: * In this kernel is_shared_maywrite() does not exist and the code uses VM_SHARED to determine whether mapping_map_writable() / mapping_unmap_writable() should be invoked. This backport therefore follows suit. * Each version of these series is confronted by a slightly different mmap_region(), so we must adapt the change for each stable version. The approach remains the same throughout, however, and we correctly avoid closing the VMA part way through any __mmap_region() operation. Lorenzo Stoakes (5): mm: avoid unsafe VMA hook invocation when error arises on mmap hook mm: unconditionally close VMAs on error mm: refactor map_deny_write_exec() mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling mm: resolve faulty mmap_region() error path behaviour arch/arm64/include/asm/mman.h | 10 ++- arch/parisc/include/asm/mman.h | 5 +- include/linux/mman.h | 28 ++++++-- mm/internal.h | 45 ++++++++++++ mm/mmap.c | 128 ++++++++++++++++++--------------- mm/mprotect.c | 2 +- mm/nommu.c | 9 ++- mm/shmem.c | 3 - 8 files changed, 153 insertions(+), 77 deletions(-) -- 2.47.0

1 month, 3 weeks

5
10
0 0

[PATCH v5 3/3] drm: adv7511: Drop dsi single lane support

by Biju Das

As per [1] and [2], ADV7535/7533 supports only 2-, 3-, or 4-lane. Drop unsupported 1-lane. [1] https://www.analog.com/media/en/technical-documentation/data-sheets/ADV7535… [2] https://www.analog.com/media/en/technical-documentation/data-sheets/ADV7533… Fixes: 1e4d58cd7f88 ("drm/bridge: adv7533: Create a MIPI DSI device") Reported-by: Hien Huynh <hien.huynh.px(a)renesas.com> Cc: stable(a)vger.kernel.org Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> --- Changes in v5: - No change. Changes in v4: - Added link to ADV7533 data sheet. - Collected tags Changes in v3: - Updated commit header and description - Updated fixes tag - Dropped single lane support Changes in v2: - Added the tag "Cc: stable(a)vger.kernel.org" in the sign-off area. - Dropped Archit Taneja invalid Mail address --- drivers/gpu/drm/bridge/adv7511/adv7533.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/adv7511/adv7533.c b/drivers/gpu/drm/bridge/adv7511/adv7533.c index 5f195e91b3e6..122ad91e8a32 100644 --- a/drivers/gpu/drm/bridge/adv7511/adv7533.c +++ b/drivers/gpu/drm/bridge/adv7511/adv7533.c @@ -172,7 +172,7 @@ int adv7533_parse_dt(struct device_node *np, struct adv7511 *adv) of_property_read_u32(np, "adi,dsi-lanes", &num_lanes); - if (num_lanes < 1 || num_lanes > 4) + if (num_lanes < 2 || num_lanes > 4) return -EINVAL; adv->num_dsi_lanes = num_lanes; -- 2.43.0

1 month, 3 weeks

2
1
0 0

[PATCH 6.1 v2] parisc: fix a possible DMA corruption

by Bin Lan

From: Mikulas Patocka <mpatocka(a)redhat.com> [ Upstream commit 7ae04ba36b381bffe2471eff3a93edced843240f ] ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Helge Deller <deller(a)gmx.de> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- arch/parisc/Kconfig | 1 + arch/parisc/include/asm/cache.h | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index 3341d4a42199..3a32b49d7ad0 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -18,6 +18,7 @@ config PARISC select ARCH_SUPPORTS_HUGETLBFS if PA20 select ARCH_SUPPORTS_MEMORY_FAILURE select ARCH_STACKWALK + select ARCH_HAS_CACHE_LINE_SIZE select ARCH_HAS_DEBUG_VM_PGTABLE select HAVE_RELIABLE_STACKTRACE select DMA_OPS diff --git a/arch/parisc/include/asm/cache.h b/arch/parisc/include/asm/cache.h index e23d06b51a20..91e753f08eaa 100644 --- a/arch/parisc/include/asm/cache.h +++ b/arch/parisc/include/asm/cache.h @@ -20,7 +20,16 @@ #define SMP_CACHE_BYTES L1_CACHE_BYTES -#define ARCH_DMA_MINALIGN L1_CACHE_BYTES +#ifdef CONFIG_PA20 +#define ARCH_DMA_MINALIGN 128 +#else +#define ARCH_DMA_MINALIGN 32 +#endif +#define ARCH_KMALLOC_MINALIGN 16 /* ldcw requires 16-byte alignment */ + +#define arch_slab_minalign() ((unsigned)dcache_stride) +#define cache_line_size() dcache_stride +#define dma_get_cache_alignment cache_line_size #define __read_mostly __section(".data..read_mostly") -- 2.43.0

1 month, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm: revert "mm: shmem: fix data-race in shmem_getattr()"" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d1aa0c04294e29883d65eac6c2f72fe95cc7c049 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024111703-uncork-sincerity-4d6e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1aa0c04294e29883d65eac6c2f72fe95cc7c049 Mon Sep 17 00:00:00 2001 From: Andrew Morton <akpm(a)linux-foundation.org> Date: Fri, 15 Nov 2024 16:57:24 -0800 Subject: [PATCH] mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, "added just to silence a syzbot sanitizer splat: added where there has never been any practical problem". Link: https://lkml.kernel.org/r/ZzdxKF39VEmXSSyN@tissot.1015granger.net [1] Fixes: d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") Acked-by: Hugh Dickins <hughd(a)google.com> Cc: Chuck Lever <chuck.lever(a)oracle.com> Cc: Jeongjun Park <aha310510(a)gmail.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/shmem.c b/mm/shmem.c index e87f5d6799a7..568bb290bdce 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1166,9 +1166,7 @@ static int shmem_getattr(struct mnt_idmap *idmap, stat->attributes_mask |= (STATX_ATTR_APPEND | STATX_ATTR_IMMUTABLE | STATX_ATTR_NODUMP); - inode_lock_shared(inode); generic_fillattr(idmap, request_mask, inode, stat); - inode_unlock_shared(inode); if (shmem_huge_global_enabled(inode, 0, 0, false, NULL, 0)) stat->blksize = HPAGE_PMD_SIZE;

1 month, 3 weeks

3
2
0 0

[PATCH 6.1] parisc: fix a possible DMA corruption

by Bin Lan

From: Mikulas Patocka <mpatocka(a)redhat.com> ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Helge Deller <deller(a)gmx.de> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- arch/parisc/Kconfig | 1 + arch/parisc/include/asm/cache.h | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index 3341d4a42199..3a32b49d7ad0 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -18,6 +18,7 @@ config PARISC select ARCH_SUPPORTS_HUGETLBFS if PA20 select ARCH_SUPPORTS_MEMORY_FAILURE select ARCH_STACKWALK + select ARCH_HAS_CACHE_LINE_SIZE select ARCH_HAS_DEBUG_VM_PGTABLE select HAVE_RELIABLE_STACKTRACE select DMA_OPS diff --git a/arch/parisc/include/asm/cache.h b/arch/parisc/include/asm/cache.h index e23d06b51a20..91e753f08eaa 100644 --- a/arch/parisc/include/asm/cache.h +++ b/arch/parisc/include/asm/cache.h @@ -20,7 +20,16 @@ #define SMP_CACHE_BYTES L1_CACHE_BYTES -#define ARCH_DMA_MINALIGN L1_CACHE_BYTES +#ifdef CONFIG_PA20 +#define ARCH_DMA_MINALIGN 128 +#else +#define ARCH_DMA_MINALIGN 32 +#endif +#define ARCH_KMALLOC_MINALIGN 16 /* ldcw requires 16-byte alignment */ + +#define arch_slab_minalign() ((unsigned)dcache_stride) +#define cache_line_size() dcache_stride +#define dma_get_cache_alignment cache_line_size #define __read_mostly __section(".data..read_mostly") -- 2.43.0

1 month, 3 weeks

2
2
0 0

[PATCH 6.1.y 0/2] Backport fix of CVE-2024-36915 to 6.1

by Xiangyu Chen

From: Xiangyu Chen <xiangyu.chen(a)windriver.com> Following series is a backport of CVE-2024-36915 The fix is "nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies" This required 1 extra commit to make sure the picks are clean: net: add copy_safe_from_sockptr() helper Eric Dumazet (2): net: add copy_safe_from_sockptr() helper nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies include/linux/sockptr.h | 25 +++++++++++++++++++++++++ net/nfc/llcp_sock.c | 12 ++++++------ 2 files changed, 31 insertions(+), 6 deletions(-) -- 2.43.0

1 month, 3 weeks

2
3
0 0

[PATCH v5 2/3] dt-bindings: display: adi,adv7533: Drop single lane support

by Biju Das

As per [1] and [2], ADV7535/7533 supports only 2-, 3-, or 4-lane. Drop unsupported 1-lane from bindings. [1] https://www.analog.com/media/en/technical-documentation/data-sheets/ADV7535… [2] https://www.analog.com/media/en/technical-documentation/data-sheets/ADV7533… Fixes: 1e4d58cd7f88 ("drm/bridge: adv7533: Create a MIPI DSI device") Cc: stable(a)vger.kernel.org Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> --- v4->v5: * No change. v3->v4: * Added link to ADV7533 data sheet. * Collected tags. v3: * New patch. --- .../devicetree/bindings/display/bridge/adi,adv7533.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/devicetree/bindings/display/bridge/adi,adv7533.yaml b/Documentation/devicetree/bindings/display/bridge/adi,adv7533.yaml index df20a3c9c744..ec89115c74e4 100644 --- a/Documentation/devicetree/bindings/display/bridge/adi,adv7533.yaml +++ b/Documentation/devicetree/bindings/display/bridge/adi,adv7533.yaml @@ -90,7 +90,7 @@ properties: adi,dsi-lanes: description: Number of DSI data lanes connected to the DSI host. $ref: /schemas/types.yaml#/definitions/uint32 - enum: [ 1, 2, 3, 4 ] + enum: [ 2, 3, 4 ] "#sound-dai-cells": const: 0 -- 2.43.0

1 month, 3 weeks

1
0
0 0

[PATCH 6.1.y 0/7] mptcp: fix recent failed backports

by Matthieu Baerts (NGI0)

Greg recently reported 3 patches that could not be applied without conflict in v6.1: - e0266319413d ("mptcp: update local address flags when setting it") - f642c5c4d528 ("mptcp: hold pm lock when deleting entry") - db3eab8110bc ("mptcp: pm: use _rcu variant under rcu_read_lock") Conflicts, if any, have been resolved, and documented in each patch. Note that there are 3 extra patches added to avoid some conflicts: - 14cb0e0bf39b ("mptcp: define more local variables sk") - 06afe09091ee ("mptcp: add userspace_pm_lookup_addr_by_id helper") - af250c27ea1c ("mptcp: drop lookup_by_id in lookup_addr") The Stable-dep-of tags have been added to these patches. 1 extra patch has been included, it is supposed to be backported, but it was missing the Cc stable tag and it had conflicts: - ce7356ae3594 ("mptcp: cope racing subflow creation in mptcp_rcv_space_adjust") Geliang Tang (5): mptcp: define more local variables sk mptcp: add userspace_pm_lookup_addr_by_id helper mptcp: update local address flags when setting it mptcp: hold pm lock when deleting entry mptcp: drop lookup_by_id in lookup_addr Matthieu Baerts (NGI0) (1): mptcp: pm: use _rcu variant under rcu_read_lock Paolo Abeni (1): mptcp: cope racing subflow creation in mptcp_rcv_space_adjust net/mptcp/pm_netlink.c | 15 ++++---- net/mptcp/pm_userspace.c | 77 ++++++++++++++++++++++++++-------------- net/mptcp/protocol.c | 3 +- 3 files changed, 60 insertions(+), 35 deletions(-) -- 2.45.2

1 month, 3 weeks

2
8
0 0

[PATCH 6.11 000/184] 6.11.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.8 release. There are 184 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 14 Nov 2024 10:18:19 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.8-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.8-rc1 Hyunwoo Kim <v4bel(a)theori.io> vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans Hyunwoo Kim <v4bel(a)theori.io> hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer Paul E. McKenney <paulmck(a)kernel.org> xtensa: Emulate one-byte cmpxchg Mingcong Bai <jeffbai(a)aosc.io> ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/guc/tlb: Flush g2h worker in case of tlb timeout Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/ufence: Flush xe ordered_wq in case of ufence timeout Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Move LNL scheduling WA to xe_device.h Badal Nilawar <badal.nilawar(a)intel.com> drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout Christoph Hellwig <hch(a)lst.de> block: fix queue limits checks in blk_rq_map_user_bvec for real Christoph Hellwig <hch(a)lst.de> block: rework bio splitting Johan Hovold <johan+linaro(a)kernel.org> firmware: qcom: scm: suppress download mode error Mukesh Ojha <quic_mojha(a)quicinc.com> firmware: qcom: scm: Refactor code to support multiple dload mode Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: hugetlb_dio: check for initial conditions to skip in the start Andrei Vagin <avagin(a)google.com> ucounts: fix counter leak in inc_rlimit_get_ucounts() Andrew Kanner <andrew.kanner(a)gmail.com> ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Force propagation of the active state with a read-back Umang Jain <umang.jain(a)ideasonboard.com> staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation Umang Jain <umang.jain(a)ideasonboard.com> staging: vchiq_arm: Use devm_kzalloc() for drv_mgmt allocation Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Fix connection issue with Pluggable UD-4VPD dock Qiang Yu <quic_qianyu(a)quicinc.com> clk: qcom: gcc-x1e80100: Fix halt_check for pipediv2 clocks Johan Hovold <johan+linaro(a)kernel.org> clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs Benoît Monin <benoit.monin(a)gmx.fr> USB: serial: option: add Quectel RG650V Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Fibocom FG132 0x0112 composition Jack Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add support for Sierra Wireless EM86xx Dan Carpenter <dan.carpenter(a)linaro.org> USB: serial: io_edgeport: fix use after free in debug printk Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() Rex Nie <rex.nie(a)jaguarmicro.com> usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier Roger Quadros <rogerq(a)kernel.org> usb: dwc3: fix fault at system suspend if device was already runtime suspended Zijun Hu <quic_zijuhu(a)quicinc.com> usb: musb: sunxi: Fix accessing an released usb phy Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add only on-board retimers when !CONFIG_USB4_DEBUGFS_MARGINING Hugh Dickins <hughd(a)google.com> mm/thp: fix deferred split unqueue naming and locking Wei Yang <richard.weiyang(a)gmail.com> mm/mlock: set the correct prev on failure SeongJae Park <sj(a)kernel.org> mm/damon/core: handle zero schemes apply interval SeongJae Park <sj(a)kernel.org> mm/damon/core: handle zero {aggregation,ops_update} intervals SeongJae Park <sj(a)kernel.org> mm/damon/core: avoid overflow in damon_feed_loop_next_input() Roman Gushchin <roman.gushchin(a)linux.dev> signal: restore the override_rlimit logic Masami Hiramatsu (Google) <mhiramat(a)kernel.org> objpool: fix to make percpu slot allocation more robust Qi Xi <xiqi2(a)huawei.com> fs/proc: fix compile warning about variable 'vmcore_mmap_ops' Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: clk-alpha-pll: Fix pll post div mask when width is not set Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Fix USB MP SS1 PHY GDSC pwrsts flags Liu Peibao <loven.liu(a)jaguarmicro.com> i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set Trond Myklebust <trond.myklebust(a)hammerspace.com> filemap: Fix bounds checking in filemap_read() Benoit Sevens <bsevens(a)google.com> media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Add SMU metrics table support for 1Ah family 60h model Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Update SMU metrics table for 1AH family series Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Relocate CPU ID macros to the PMF header Filipe Manana <fdmanana(a)suse.com> btrfs: reinitialize delayed ref list after deleting it from the list Qu Wenruo <wqu(a)suse.com> btrfs: fix per-subvolume RO/RW flags with new mount API Haisu Wang <haisuwang(a)tencent.com> btrfs: fix the length of reserved qgroup to free Pavan Kumar Linga <pavan.kumar.linga(a)intel.com> idpf: fix idpf_vc_core_init error path Pavan Kumar Linga <pavan.kumar.linga(a)intel.com> idpf: avoid vport access in idpf_get_link_ksettings Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Mask off LPCR_MER for a vCPU before running it to avoid spurious interrupts Koichiro Den <koichiro.den(a)gmail.com> mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create Mark Rutland <mark.rutland(a)arm.com> arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint Mark Rutland <mark.rutland(a)arm.com> arm64: Kconfig: Make SME depend on BROKEN for now Mark Brown <broonie(a)kernel.org> arm64/sve: Discard stale CPU state when handling SVE traps Geliang Tang <geliang(a)kernel.org> mptcp: use sock_kfree_s instead of kfree Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible double free of TX skb Jinjie Ruan <ruanjinjie(a)huawei.com> net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() Kalesh Singh <kaleshsingh(a)google.com> tracing: Fix tracefs mount options Roberto Sassu <roberto.sassu(a)huawei.com> nfs: Fix KMSAN warning in decode_getfattr_attrs() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Start the RTC update work later Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add quirk for HP 320 FHD Webcam Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: no admin perm to list endpoints Mikulas Patocka <mpatocka(a)redhat.com> dm: fix a crash if blk_alloc_disk fails Zichen Xie <zichenxie0106(a)gmail.com> dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix potential out-of-bounds access on the first resume Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: optimize dirty bit checking with find_next_bit when resizing Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix out-of-bounds access to the dirty bitset when resizing Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix flushing uninitialized delayed_work on cache_ctr error Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: correct the number of origin blocks to match the target length David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> thermal/drivers/qcom/lmh: Remove false lockdep backtrace Antonio Quartulli <antonio(a)mandelbit.com> drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Adjust debugfs register access permissions Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Adjust debugfs eviction and IB access permissions Jann Horn <jannh(a)google.com> drm/panthor: Be stricter about IO mapping flags Liviu Dudau <liviu.dudau(a)arm.com> drm/panthor: Lock XArray when getting entries for the VM Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: parse umc_info or vram_info based on ASIC Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: correct the workload setting Brendan King <brendan.king(a)imgtec.com> drm/imagination: Break an object reference loop Brendan King <brendan.king(a)imgtec.com> drm/imagination: Add a per-file PVR context list Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix brightness level not retained over reboot Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: always pick the pptable from IFWI Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> rpmsg: glink: Handle rejected intent request better Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Lock TPM chip in tpm_pm_suspend() first Erik Schumacher <erik.schumacher(a)iris-sensing.com> pwm: imx-tpm: Use correct MODULO value for EPWM mode Balasubramani Vivekanandan <balasubramani.vivekanandan(a)intel.com> drm/xe: Set mask bits for CCS_MODE register Matthew Brost <matthew.brost(a)intel.com> drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL Matthew Brost <matthew.brost(a)intel.com> drm/xe: Fix possible exec queue leak in exec IOCTL Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp Jinjie Ruan <ruanjinjie(a)huawei.com> ksmbd: Fix the missing xa_store error check Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: check outstanding simultaneous SMB operations Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: {cc770,sja1000}_isa: allow building on x86_64 Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_close(): don't call free_irq() for IRQ-less devices Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: v4l2-tpg: prevent the risk of a division by zero Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix buffer overwrite when using > 32 buffers Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: pulse8-cec: fix data timestamp at pulse8_setup() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: av7110: fix a spectre vulnerability Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: cx24116: prevent overflows on SNR calculus Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: s5p-jpeg: prevent buffer overflows Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: ar0521: don't overflow when checking PLL values Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: mgb4: protect driver against spectre Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: dvb-core: add missing buffer index check Jyri Sarha <jyri.sarha(a)linux.intel.com> ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits Amelie Delaunay <amelie.delaunay(a)foss.st.com> ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove Icenowy Zheng <uwu(a)icenowy.me> thermal/of: support thermal zones w/o trips subnode Emil Dahl Juhl <emdj(a)bang-olufsen.dk> tools/lib/thermal: Fix sampling handler context ptr Murad Masimov <m.masimov(a)maxima.ru> ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: adv7604: prevent underflow condition when reporting colorspace Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvb_frontend: don't play tricks with underflow values Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvbdev: prevent the risk of out of memory access Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: stb0899_algo: initialize cfr before using it Jarosław Janik <jaroslaw.janik(a)gmail.com> Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" Wentao Liang <Wentao_liang_g(a)163.com> drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path Eric Dumazet <edumazet(a)google.com> net/smc: do not leave a dangling sk pointer in __smc_create() David Howells <dhowells(a)redhat.com> rxrpc: Fix missing locking causing hanging calls Johan Jonker <jbx6244(a)gmail.com> net: arc: rockchip: fix emac mdio node support Johan Jonker <jbx6244(a)gmail.com> net: arc: fix the device for dma_map_single/dma_unmap_single Philo Lu <lulie(a)linux.alibaba.com> virtio_net: Update rss when set queue Philo Lu <lulie(a)linux.alibaba.com> virtio_net: Sync rss config to device when virtnet_probe Philo Lu <lulie(a)linux.alibaba.com> virtio_net: Add hash_key_length check Philo Lu <lulie(a)linux.alibaba.com> virtio_net: Support dynamic rss indirection table size Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: wait for rcu grace period on net_device removal Nícolas F. R. A. Prado <nfraprado(a)collabora.com> net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case Diogo Silva <diogompaissilva(a)gmail.com> net: phy: ti: add PHY_RST_AFTER_CLK_EN flag Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: fix kernel crash when uninstalling driver Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Remove Meteor Lake SMBUS workarounds Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix race condition by adding filter's intermediate sync state Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: change q_index variable type to s16 to store -1 value Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: c_can: fix {rx,tx}_errors statistics Suraj Gupta <suraj.gupta2(a)amd.com> net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts Wei Fang <wei.fang(a)nxp.com> net: enetc: allocate vf_state during PF probes Xin Long <lucien.xin(a)gmail.com> sctp: properly validate chunk size in sctp_sf_ootb() Suraj Gupta <suraj.gupta2(a)amd.com> dt-bindings: net: xlnx,axi-ethernet: Correct phy-mode property value Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa_eth: print FD status in CPU endianness in dpaa_eth_fd tracepoint Wei Fang <wei.fang(a)nxp.com> net: enetc: set MAC address to the VF net_device ChiYuan Huang <cy_huang(a)richtek.com> regulator: rtq2208: Fix uninitialized use of regulator_config Chen Ridong <chenridong(a)huawei.com> security/keys: fix slab-out-of-bounds in key_task_permission Mike Snitzer <snitzer(a)kernel.org> nfs: avoid i_lock contention in nfs_clear_invalid_mapping Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Further fixes to attribute delegation a/mtime changes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix attribute delegation behaviour on exclusive create NeilBrown <neilb(a)suse.de> NFSv3: only use NFS timeout for MOUNT when protocols are compatible NeilBrown <neilb(a)suse.de> sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() Corey Hickey <bugfood-c(a)fatooh.org> platform/x86/amd/pmc: Detect when STB is not available Jiri Kosina <jikos(a)kernel.org> HID: core: zero-initialize the report buffer Diederik de Haas <didi.debian(a)cknow.org> arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes Heiko Stuebner <heiko(a)sntech.de> ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin Heiko Stuebner <heiko(a)sntech.de> ARM: dts: rockchip: Fix the spi controller on rk3036 Heiko Stuebner <heiko(a)sntech.de> ARM: dts: rockchip: drop grf reference from rk3036 hdmi Heiko Stuebner <heiko(a)sntech.de> ARM: dts: rockchip: fix rk3036 acodec node Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone pro Qingqing Zhou <quic_qqzhou(a)quicinc.com> firmware: qcom: scm: Return -EOPNOTSUPP for unsupported SHM bridge enabling Xinqi Zhang <quic_xinqzhan(a)quicinc.com> firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() Marek Vasut <marex(a)denx.de> arm64: dts: imx8mp-phyboard-pollux: Set Video PLL1 frequency to 506.8 MHz Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp: correct sdhc ipg clk Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450 fix PIPE clock specification for pcie1 Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: remove num-slots property from rk3328-nanopi-r2s-plus Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Remove undocumented supports-emmc property Sergey Bostandzhyan <jin(a)mediatomb.cc> arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Drop regulator-init-microvolt from two boards Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: fix i2c2 pinctrl-names property on anbernic-rg353p/v Diederik de Haas <didi.debian(a)cknow.org> arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes Diederik de Haas <didi.debian(a)cknow.org> arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node Diederik de Haas <didi.debian(a)cknow.org> arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 Rajendra Nayak <quic_rjendra(a)quicinc.com> EDAC/qcom: Make irq configuration optional Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: fix a NULL-pointer dereference Sam Edwards <cfsworks(a)gmail.com> arm64: dts: rockchip: Designate Turing RK1's system power controller Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Start cooling maps numbering from zero on ROCK 5B Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Move L3 cache outside CPUs in RK3588(S) SoC dtsi Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 ------------- Diffstat: .../devicetree/bindings/net/xlnx,axi-ethernet.yaml | 2 +- Documentation/netlink/specs/mptcp_pm.yaml | 1 - Makefile | 4 +- arch/arm/boot/dts/rockchip/rk3036-kylin.dts | 4 +- arch/arm/boot/dts/rockchip/rk3036.dtsi | 14 +- arch/arm64/Kconfig | 1 + arch/arm64/boot/dts/freescale/imx8-ss-vpu.dtsi | 4 +- .../dts/freescale/imx8mp-phyboard-pollux-rdk.dts | 12 ++ arch/arm64/boot/dts/freescale/imx8mp.dtsi | 6 +- arch/arm64/boot/dts/freescale/imx8qxp-ss-vpu.dtsi | 8 ++ arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- arch/arm64/boot/dts/rockchip/Makefile | 1 + arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 1 - arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 4 +- .../boot/dts/rockchip/rk3328-nanopi-r2s-plus.dts | 30 +++++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 +- arch/arm64/boot/dts/rockchip/rk3368-lion.dtsi | 1 - arch/arm64/boot/dts/rockchip/rk3399-eaidk-610.dts | 2 +- .../boot/dts/rockchip/rk3399-pinephone-pro.dts | 2 - arch/arm64/boot/dts/rockchip/rk3399-rock960.dtsi | 2 +- .../dts/rockchip/rk3399-sapphire-excavator.dts | 2 +- .../boot/dts/rockchip/rk3566-anbernic-rg353p.dts | 2 +- .../boot/dts/rockchip/rk3566-anbernic-rg353v.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3566-box-demo.dts | 6 +- arch/arm64/boot/dts/rockchip/rk3566-lubancat-1.dts | 1 - arch/arm64/boot/dts/rockchip/rk3566-pinenote.dtsi | 6 +- arch/arm64/boot/dts/rockchip/rk3566-radxa-cm3.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3568-lubancat-2.dts | 1 - arch/arm64/boot/dts/rockchip/rk3568-roc-pc.dts | 3 - arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 20 +-- arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 4 +- .../arm64/boot/dts/rockchip/rk3588-toybrick-x0.dts | 1 - .../arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 1 + arch/arm64/kernel/fpsimd.c | 1 + arch/arm64/kernel/smccc-call.S | 35 +---- arch/powerpc/kvm/book3s_hv.c | 12 ++ arch/xtensa/Kconfig | 1 + arch/xtensa/include/asm/cmpxchg.h | 2 + block/blk-map.c | 56 +++----- block/blk-merge.c | 146 ++++++++------------- block/blk-mq.c | 11 +- block/blk.h | 69 ++++++---- drivers/char/tpm/tpm-chip.c | 4 - drivers/char/tpm/tpm-interface.c | 32 +++-- drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clk/qcom/gcc-x1e80100.c | 12 +- drivers/clk/qcom/videocc-sm8350.c | 4 +- drivers/edac/qcom_edac.c | 8 +- drivers/firmware/arm_scmi/bus.c | 7 +- drivers/firmware/qcom/Kconfig | 11 -- drivers/firmware/qcom/qcom_scm.c | 77 +++++++++-- drivers/firmware/smccc/smccc.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 10 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +++ drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 49 +++++-- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 5 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 5 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 5 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 4 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 20 ++- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 5 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 74 +---------- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 8 ++ drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 2 + drivers/gpu/drm/imagination/pvr_context.c | 33 +++++ drivers/gpu/drm/imagination/pvr_context.h | 21 +++ drivers/gpu/drm/imagination/pvr_device.h | 10 ++ drivers/gpu/drm/imagination/pvr_drv.c | 3 + drivers/gpu/drm/imagination/pvr_vm.c | 22 +++- drivers/gpu/drm/imagination/pvr_vm.h | 1 + drivers/gpu/drm/panthor/panthor_device.c | 4 + drivers/gpu/drm/panthor/panthor_mmu.c | 2 + drivers/gpu/drm/xe/regs/xe_gt_regs.h | 2 +- drivers/gpu/drm/xe/xe_device.h | 14 ++ drivers/gpu/drm/xe/xe_exec.c | 13 +- drivers/gpu/drm/xe/xe_gt_ccs_mode.c | 6 + drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 2 + drivers/gpu/drm/xe/xe_guc_ct.c | 9 ++ drivers/gpu/drm/xe/xe_wait_user_fence.c | 7 + drivers/hid/hid-core.c | 2 +- drivers/i2c/busses/i2c-designware-common.c | 6 +- drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/irqchip/irq-gic-v3.c | 7 + drivers/md/dm-cache-target.c | 59 +++++---- drivers/md/dm-unstripe.c | 4 +- drivers/md/dm.c | 4 +- drivers/media/cec/usb/pulse8/pulse8-cec.c | 2 +- drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 3 + drivers/media/dvb-core/dvb_frontend.c | 4 +- drivers/media/dvb-core/dvb_vb2.c | 8 +- drivers/media/dvb-core/dvbdev.c | 17 ++- drivers/media/dvb-frontends/cx24116.c | 7 +- drivers/media/dvb-frontends/stb0899_algo.c | 2 +- drivers/media/i2c/adv7604.c | 26 ++-- drivers/media/i2c/ar0521.c | 4 +- drivers/media/pci/mgb4/mgb4_cmt.c | 2 + .../media/platform/samsung/s5p-jpeg/jpeg-core.c | 17 ++- drivers/media/test-drivers/vivid/vivid-core.c | 2 +- drivers/media/test-drivers/vivid/vivid-core.h | 4 +- drivers/media/test-drivers/vivid/vivid-ctrls.c | 2 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 2 +- drivers/media/v4l2-core/v4l2-ctrls-api.c | 17 ++- drivers/net/can/c_can/c_can_main.c | 7 +- drivers/net/can/cc770/Kconfig | 2 +- drivers/net/can/m_can/m_can.c | 3 +- drivers/net/can/sja1000/Kconfig | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 8 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 10 +- drivers/net/ethernet/arc/emac_main.c | 27 ++-- drivers/net/ethernet/arc/emac_mdio.c | 9 +- .../net/ethernet/freescale/dpaa/dpaa_eth_trace.h | 2 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 18 +-- drivers/net/ethernet/freescale/enetc/enetc_vf.c | 9 +- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 5 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 17 +-- drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 12 +- drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 3 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 4 +- drivers/net/ethernet/intel/idpf/idpf.h | 4 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 11 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 3 +- .../net/ethernet/pensando/ionic/ionic_bus_pci.c | 1 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 + drivers/net/ethernet/vertexcom/mse102x.c | 5 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 +- drivers/net/phy/dp83848.c | 2 + drivers/net/virtio_net.c | 119 ++++++++++++++--- drivers/net/wwan/t7xx/t7xx_hif_dpmaif_rx.c | 2 +- drivers/platform/x86/amd/pmc/pmc.c | 5 + drivers/platform/x86/amd/pmf/core.c | 21 ++- drivers/platform/x86/amd/pmf/pmf.h | 55 ++++++++ drivers/platform/x86/amd/pmf/spc.c | 52 +++++--- drivers/pwm/pwm-imx-tpm.c | 4 +- drivers/regulator/rtq2208-regulator.c | 2 +- drivers/rpmsg/qcom_glink_native.c | 10 +- drivers/scsi/sd_zbc.c | 3 +- drivers/soc/qcom/llcc-qcom.c | 3 + drivers/staging/media/av7110/av7110.h | 4 +- drivers/staging/media/av7110/av7110_ca.c | 25 ++-- .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 +- drivers/thermal/qcom/lmh.c | 7 + drivers/thermal/thermal_of.c | 21 ++- drivers/thunderbolt/retimer.c | 2 + drivers/thunderbolt/usb4.c | 2 +- drivers/ufs/core/ufshcd.c | 10 +- drivers/usb/dwc3/core.c | 25 ++-- drivers/usb/musb/sunxi.c | 2 - drivers/usb/serial/io_edgeport.c | 8 +- drivers/usb/serial/option.c | 6 + drivers/usb/serial/qcserial.c | 2 + .../usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c | 8 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 2 + fs/btrfs/bio.c | 30 +++-- fs/btrfs/delayed-ref.c | 2 +- fs/btrfs/inode.c | 2 +- fs/btrfs/super.c | 25 +--- fs/nfs/inode.c | 70 ++++++---- fs/nfs/nfs4proc.c | 4 + fs/nfs/super.c | 10 +- fs/ocfs2/xattr.c | 3 +- fs/proc/vmcore.c | 9 +- fs/smb/server/connection.c | 1 + fs/smb/server/connection.h | 1 + fs/smb/server/mgmt/user_session.c | 15 ++- fs/smb/server/server.c | 20 +-- fs/smb/server/smb_common.c | 10 +- fs/smb/server/smb_common.h | 2 +- fs/tracefs/inode.c | 12 +- include/linux/arm-smccc.h | 32 +---- include/linux/bio.h | 4 +- include/linux/soc/qcom/llcc-qcom.h | 2 + include/linux/user_namespace.h | 3 +- include/net/netfilter/nf_tables.h | 4 + include/trace/events/rxrpc.h | 1 + kernel/signal.c | 3 +- kernel/ucount.c | 9 +- lib/objpool.c | 18 ++- mm/damon/core.c | 42 ++++-- mm/filemap.c | 2 +- mm/huge_memory.c | 35 +++-- mm/internal.h | 10 +- mm/memcontrol-v1.c | 25 ++++ mm/memcontrol.c | 8 +- mm/migrate.c | 4 +- mm/mlock.c | 9 +- mm/page_alloc.c | 1 - mm/slab_common.c | 31 +++-- mm/swap.c | 4 +- mm/vmscan.c | 4 +- net/mptcp/mptcp_pm_gen.c | 1 - net/mptcp/pm_userspace.c | 3 +- net/netfilter/nf_tables_api.c | 41 +++++- net/rxrpc/conn_client.c | 4 + net/sctp/sm_statefuns.c | 2 +- net/smc/af_smc.c | 4 +- net/sunrpc/xprtsock.c | 1 + net/vmw_vsock/hyperv_transport.c | 1 + net/vmw_vsock/virtio_transport_common.c | 1 + security/keys/keyring.c | 7 +- security/keys/trusted-keys/trusted_dcp.c | 9 +- sound/firewire/tascam/amdtp-tascam.c | 2 +- sound/pci/hda/patch_conexant.c | 2 - sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/sof/sof-client-probes-ipc4.c | 1 + sound/soc/stm/stm32_spdifrx.c | 2 +- sound/usb/mixer.c | 1 + sound/usb/quirks.c | 2 + tools/lib/thermal/sampling.c | 2 + tools/testing/selftests/mm/hugetlb_dio.c | 19 ++- 218 files changed, 1518 insertions(+), 865 deletions(-)

1 month, 3 weeks

13
197
0 0

[PATCH 5.15.y] mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

by Matthieu Baerts (NGI0)

From: Paolo Abeni <pabeni(a)redhat.com> commit ce7356ae35943cc6494cc692e62d51a734062b7d upstream. Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf(). Fixes: c76c6956566f ("mptcp: call tcp_cleanup_rbuf on subflows") Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/02374660836e1b52afc91966b7535c8c5f7bafb0.173106087… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ Conflicts in protocol.c, because commit f410cbea9f3d ("tcp: annotate data-races around tp->window_clamp") has not been backported to this version. The conflict is easy to resolve, because only the context is different, but not the line to modify. ] Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- net/mptcp/protocol.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 34c98596350e..bcbb1f92ce24 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1986,7 +1986,8 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied) slow = lock_sock_fast(ssk); WRITE_ONCE(ssk->sk_rcvbuf, rcvbuf); tcp_sk(ssk)->window_clamp = window_clamp; - tcp_cleanup_rbuf(ssk, 1); + if (tcp_can_send_ack(ssk)) + tcp_cleanup_rbuf(ssk, 1); unlock_sock_fast(ssk, slow); } } -- 2.45.2

1 month, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2024