November 2024 - Linux-stable-mirror

[PATCH 1/2] dma-fence: Use kernel's sort for merging fences

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> One alternative to the fix Christian proposed in https://lore.kernel.org/dri-devel/20241024124159.4519-3-christian.koenig@am… is to replace the rather complex open coded sorting loops with the kernel standard sort followed by a context squashing pass. Proposed advantage of this would be readability but one concern Christian raised was that there could be many fences, that they are typically mostly sorted, and so the kernel's heap sort would be much worse by the proposed algorithm. I had a look running some games and vkcube to see what are the typical number of input fences. Tested scenarios: 1) Hogwarts Legacy under Gamescope 450 calls per second to __dma_fence_unwrap_merge. Percentages per number of fences buckets, before and after checking for signalled status, sorting and flattening: N Before After 0 0.91% 1 69.40% 2-3 28.72% 9.4% (90.6% resolved to one fence) 4-5 0.93% 6-9 0.03% 10+ 2) Cyberpunk 2077 under Gamescope 1050 calls per second, amounting to 0.01% CPU time according to perf top. N Before After 0 1.13% 1 52.30% 2-3 40.34% 55.57% 4-5 1.46% 0.50% 6-9 2.44% 10+ 2.34% 3) vkcube under Plasma 90 calls per second. N Before After 0 1 2-3 100% 0% (Ie. all resolved to a single fence) 4-5 6-9 10+ In the case of vkcube all invocations in the 2-3 bucket were actually just two input fences. From these numbers it looks like the heap sort should not be a disadvantage, given how the dominant case is <= 2 input fences which heap sort solves with just one compare and swap. (And for the case of one input fence we have a fast path in the previous patch.) A complementary possibility is to implement a different sorting algorithm under the same API as the kernel's sort() and so keep the simplicity, potentially moving the new sort under lib/ if it would be found more widely useful. v2: * Hold on to fence references and reduce commentary. (Christian) * Record and use latest signaled timestamp in the 2nd loop too. * Consolidate zero or one fences fast paths. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 245a4a7b531c ("dma-buf: generalize dma_fence unwrap & merging v3") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3617 Cc: Christian König <christian.koenig(a)amd.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Gustavo Padovan <gustavo(a)padovan.org> Cc: Friedrich Vock <friedrich.vock(a)gmx.de> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Cc: <stable(a)vger.kernel.org> # v6.0+ --- drivers/dma-buf/dma-fence-unwrap.c | 129 ++++++++++++++--------------- 1 file changed, 64 insertions(+), 65 deletions(-) diff --git a/drivers/dma-buf/dma-fence-unwrap.c b/drivers/dma-buf/dma-fence-unwrap.c index 628af51c81af..26cad03340ce 100644 --- a/drivers/dma-buf/dma-fence-unwrap.c +++ b/drivers/dma-buf/dma-fence-unwrap.c @@ -12,6 +12,7 @@ #include <linux/dma-fence-chain.h> #include <linux/dma-fence-unwrap.h> #include <linux/slab.h> +#include <linux/sort.h> /* Internal helper to start new array iteration, don't use directly */ static struct dma_fence * @@ -59,6 +60,25 @@ struct dma_fence *dma_fence_unwrap_next(struct dma_fence_unwrap *cursor) } EXPORT_SYMBOL_GPL(dma_fence_unwrap_next); + +static int fence_cmp(const void *_a, const void *_b) +{ + struct dma_fence *a = *(struct dma_fence **)_a; + struct dma_fence *b = *(struct dma_fence **)_b; + + if (a->context < b->context) + return -1; + else if (a->context > b->context) + return 1; + + if (dma_fence_is_later(b, a)) + return -1; + else if (dma_fence_is_later(a, b)) + return 1; + + return 0; +} + /* Implementation for the dma_fence_merge() marco, don't use directly */ struct dma_fence *__dma_fence_unwrap_merge(unsigned int num_fences, struct dma_fence **fences, @@ -67,8 +87,7 @@ struct dma_fence *__dma_fence_unwrap_merge(unsigned int num_fences, struct dma_fence_array *result; struct dma_fence *tmp, **array; ktime_t timestamp; - unsigned int i; - size_t count; + int i, j, count; count = 0; timestamp = ns_to_ktime(0); @@ -96,78 +115,58 @@ struct dma_fence *__dma_fence_unwrap_merge(unsigned int num_fences, if (!array) return NULL; - /* - * This trashes the input fence array and uses it as position for the - * following merge loop. This works because the dma_fence_merge() - * wrapper macro is creating this temporary array on the stack together - * with the iterators. - */ - for (i = 0; i < num_fences; ++i) - fences[i] = dma_fence_unwrap_first(fences[i], &iter[i]); - count = 0; - do { - unsigned int sel; - -restart: - tmp = NULL; - for (i = 0; i < num_fences; ++i) { - struct dma_fence *next; - - while (fences[i] && dma_fence_is_signaled(fences[i])) - fences[i] = dma_fence_unwrap_next(&iter[i]); - - next = fences[i]; - if (!next) - continue; - - /* - * We can't guarantee that inpute fences are ordered by - * context, but it is still quite likely when this - * function is used multiple times. So attempt to order - * the fences by context as we pass over them and merge - * fences with the same context. - */ - if (!tmp || tmp->context > next->context) { - tmp = next; - sel = i; - - } else if (tmp->context < next->context) { - continue; - - } else if (dma_fence_is_later(tmp, next)) { - fences[i] = dma_fence_unwrap_next(&iter[i]); - goto restart; + for (i = 0; i < num_fences; ++i) { + dma_fence_unwrap_for_each(tmp, &iter[i], fences[i]) { + if (!dma_fence_is_signaled(tmp)) { + array[count++] = dma_fence_get(tmp); } else { - fences[sel] = dma_fence_unwrap_next(&iter[sel]); - goto restart; + ktime_t t = dma_fence_timestamp(tmp); + + if (ktime_after(t, timestamp)) + timestamp = t; } } + } - if (tmp) { - array[count++] = dma_fence_get(tmp); - fences[sel] = dma_fence_unwrap_next(&iter[sel]); + if (count == 0 || count == 1) + goto return_fastpath; + + sort(array, count, sizeof(*array), fence_cmp, NULL); + + /* + * Only keep the most recent fence for each context. + */ + j = 0; + tmp = array[0]; + for (i = 1; i < count; i++) { + if (array[i]->context != tmp->context) + array[j++] = tmp; + else + dma_fence_put(tmp); + tmp = array[i]; + } + if (j == 0 || tmp->context != array[j - 1]->context) { + array[j++] = tmp; + } + count = j; + + if (count > 1) { + result = dma_fence_array_create(count, array, + dma_fence_context_alloc(1), + 1, false); + if (!result) { + tmp = NULL; + goto return_tmp; } - } while (tmp); - - if (count == 0) { - tmp = dma_fence_allocate_private_stub(ktime_get()); - goto return_tmp; + return &result->base; } - if (count == 1) { +return_fastpath: + if (count == 0) + tmp = dma_fence_allocate_private_stub(timestamp); + else tmp = array[0]; - goto return_tmp; - } - - result = dma_fence_array_create(count, array, - dma_fence_context_alloc(1), - 1, false); - if (!result) { - tmp = NULL; - goto return_tmp; - } - return &result->base; return_tmp: kfree(array); -- 2.46.0

5 months, 1 week

3
2
0 0

[PATCH] btrfs: fix incorrect comparison for delayed refs

by Josef Bacik

When I reworked delayed ref comparison in cf4f04325b2b ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node"), I made a mistake and returned -1 for the case where ref1->ref_root was > than ref2->ref_root. This is a subtle bug that can result in improper delayed ref running order, which can result in transaction aborts. cc: stable(a)vger.kernel.org Fixes: cf4f04325b2b ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node") Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> --- fs/btrfs/delayed-ref.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 4d2ad5b66928..0d878dbbabba 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -299,7 +299,7 @@ static int comp_refs(struct btrfs_delayed_ref_node *ref1, if (ref1->ref_root < ref2->ref_root) return -1; if (ref1->ref_root > ref2->ref_root) - return -1; + return 1; if (ref1->type == BTRFS_EXTENT_DATA_REF_KEY) ret = comp_data_refs(ref1, ref2); } -- 2.43.0

5 months, 1 week

4
3
0 0

[PATCH 5/7] xfs: fix off-by-one error in fsmap's end_daddr usage

by Christoph Hellwig

From: "Darrick J. Wong" <djwong(a)kernel.org> In commit ca6448aed4f10a, we created an "end_daddr" variable to fix fsmap reporting when the end of the range requested falls in the middle of an unknown (aka free on the rmapbt) region. Unfortunately, I didn't notice that the the code sets end_daddr to the last sector of the device but then uses that quantity to compute the length of the synthesized mapping. Zizhi Wo later observed that when end_daddr isn't set, we still don't report the last fsblock on a device because in that case (aka when info->last is true), the info->high mapping that we pass to xfs_getfsmap_group_helper has a startblock that points to the last fsblock. This is also wrong because the code uses startblock to compute the length of the synthesized mapping. Fix the second problem by setting end_daddr unconditionally, and fix the first problem by setting start_daddr to one past the end of the range to query. Cc: <stable(a)vger.kernel.org> # v6.11 Fixes: ca6448aed4f10a ("xfs: Fix missing interval for missing_owner in xfs fsmap") Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Reported-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/xfs/xfs_fsmap.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/fs/xfs/xfs_fsmap.c b/fs/xfs/xfs_fsmap.c index 8d5d4d172d15..59b7a8e50414 100644 --- a/fs/xfs/xfs_fsmap.c +++ b/fs/xfs/xfs_fsmap.c @@ -165,7 +165,8 @@ struct xfs_getfsmap_info { xfs_daddr_t next_daddr; /* next daddr we expect */ /* daddr of low fsmap key when we're using the rtbitmap */ xfs_daddr_t low_daddr; - xfs_daddr_t end_daddr; /* daddr of high fsmap key */ + /* daddr of high fsmap key, or the last daddr on the device */ + xfs_daddr_t end_daddr; u64 missing_owner; /* owner of holes */ u32 dev; /* device id */ /* @@ -388,8 +389,8 @@ xfs_getfsmap_group_helper( * we calculated from userspace's high key to synthesize the record. * Note that if the btree query found a mapping, there won't be a gap. */ - if (info->last && info->end_daddr != XFS_BUF_DADDR_NULL) - frec->start_daddr = info->end_daddr; + if (info->last) + frec->start_daddr = info->end_daddr + 1; else frec->start_daddr = xfs_gbno_to_daddr(xg, startblock); @@ -737,8 +738,8 @@ xfs_getfsmap_rtdev_rtbitmap_helper( * we calculated from userspace's high key to synthesize the record. * Note that if the btree query found a mapping, there won't be a gap. */ - if (info->last && info->end_daddr != XFS_BUF_DADDR_NULL) { - frec.start_daddr = info->end_daddr; + if (info->last) { + frec.start_daddr = info->end_daddr + 1; } else { frec.start_daddr = xfs_rtb_to_daddr(mp, start_rtb); } @@ -1108,7 +1109,10 @@ xfs_getfsmap( struct xfs_trans *tp = NULL; struct xfs_fsmap dkeys[2]; /* per-dev keys */ struct xfs_getfsmap_dev handlers[XFS_GETFSMAP_DEVS]; - struct xfs_getfsmap_info info = { NULL }; + struct xfs_getfsmap_info info = { + .fsmap_recs = fsmap_recs, + .head = head, + }; bool use_rmap; int i; int error = 0; @@ -1185,9 +1189,6 @@ xfs_getfsmap( info.next_daddr = head->fmh_keys[0].fmr_physical + head->fmh_keys[0].fmr_length; - info.end_daddr = XFS_BUF_DADDR_NULL; - info.fsmap_recs = fsmap_recs; - info.head = head; /* For each device we support... */ for (i = 0; i < XFS_GETFSMAP_DEVS; i++) { @@ -1200,17 +1201,23 @@ xfs_getfsmap( break; /* - * If this device number matches the high key, we have - * to pass the high key to the handler to limit the - * query results. If the device number exceeds the - * low key, zero out the low key so that we get - * everything from the beginning. + * If this device number matches the high key, we have to pass + * the high key to the handler to limit the query results, and + * set the end_daddr so that we can synthesize records at the + * end of the query range or device. */ if (handlers[i].dev == head->fmh_keys[1].fmr_device) { dkeys[1] = head->fmh_keys[1]; info.end_daddr = min(handlers[i].nr_sectors - 1, dkeys[1].fmr_physical); + } else { + info.end_daddr = handlers[i].nr_sectors - 1; } + + /* + * If the device number exceeds the low key, zero out the low + * key so that we get everything from the beginning. + */ if (handlers[i].dev > head->fmh_keys[0].fmr_device) memset(&dkeys[0], 0, sizeof(struct xfs_fsmap)); -- 2.45.2

5 months, 1 week

2
2
0 0

[PATCH] drm/amdgpu: Fix UVD contiguous CS mapping problem

by Arunpravin Paneer Selvam

When starting the mpv player, Radeon R9 users are observing the below error in dmesg. [drm:amdgpu_uvd_cs_pass2 [amdgpu]] *ERROR* msg/fb buffer ff00f7c000-ff00f7e000 out of 256MB segment! The patch tries to set the TTM_PL_FLAG_CONTIGUOUS for both user flag(AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS) set and not set cases. Closes:https://gitlab.freedesktop.org/drm/amd/-/issues/3599 Closes:https://gitlab.freedesktop.org/drm/amd/-/issues/3501 Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index d891ab779ca7..9f73f821054b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1801,13 +1801,17 @@ int amdgpu_cs_find_mapping(struct amdgpu_cs_parser *parser, if (dma_resv_locking_ctx((*bo)->tbo.base.resv) != &parser->exec.ticket) return -EINVAL; - (*bo)->flags |= AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS; - amdgpu_bo_placement_from_domain(*bo, (*bo)->allowed_domains); - for (i = 0; i < (*bo)->placement.num_placement; i++) - (*bo)->placements[i].flags |= TTM_PL_FLAG_CONTIGUOUS; - r = ttm_bo_validate(&(*bo)->tbo, &(*bo)->placement, &ctx); - if (r) - return r; + if ((*bo)->flags & AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS) { + (*bo)->placements[0].flags |= TTM_PL_FLAG_CONTIGUOUS; + } else { + (*bo)->flags |= AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS; + amdgpu_bo_placement_from_domain(*bo, (*bo)->allowed_domains); + for (i = 0; i < (*bo)->placement.num_placement; i++) + (*bo)->placements[i].flags |= TTM_PL_FLAG_CONTIGUOUS; + r = ttm_bo_validate(&(*bo)->tbo, &(*bo)->placement, &ctx); + if (r) + return r; + } return amdgpu_ttm_alloc_gart(&(*bo)->tbo); } -- 2.25.1

5 months, 1 week

3
4
0 0

Linux 6.6.61

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.61 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/xlnx,axi-ethernet.yaml | 2 Makefile | 2 arch/arm/boot/dts/rockchip/rk3036-kylin.dts | 4 arch/arm/boot/dts/rockchip/rk3036.dtsi | 14 +- arch/arm64/Kconfig | 1 arch/arm64/boot/dts/freescale/imx8-ss-vpu.dtsi | 4 arch/arm64/boot/dts/freescale/imx8mp.dtsi | 6 - arch/arm64/boot/dts/freescale/imx8qxp-ss-vpu.dtsi | 25 ++++ arch/arm64/boot/dts/freescale/imx8qxp.dtsi | 2 arch/arm64/boot/dts/rockchip/Makefile | 1 arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 4 arch/arm64/boot/dts/rockchip/rk3328-nanopi-r2s-plus.dts | 30 +++++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3368-lion.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3399-eaidk-610.dts | 2 arch/arm64/boot/dts/rockchip/rk3399-pinephone-pro.dts | 2 arch/arm64/boot/dts/rockchip/rk3399-rock960.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-sapphire-excavator.dts | 2 arch/arm64/boot/dts/rockchip/rk3566-anbernic-rg353p.dts | 2 arch/arm64/boot/dts/rockchip/rk3566-anbernic-rg353v.dts | 2 arch/arm64/boot/dts/rockchip/rk3566-box-demo.dts | 6 - arch/arm64/boot/dts/rockchip/rk3566-lubancat-1.dts | 1 arch/arm64/boot/dts/rockchip/rk3566-pinenote.dtsi | 6 - arch/arm64/boot/dts/rockchip/rk3566-radxa-cm3.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3568-lubancat-2.dts | 1 arch/arm64/kernel/fpsimd.c | 1 arch/arm64/kernel/smccc-call.S | 35 ------ arch/riscv/purgatory/entry.S | 3 drivers/firmware/arm_scmi/bus.c | 7 - drivers/firmware/smccc/smccc.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 10 - drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 2 drivers/hid/hid-core.c | 2 drivers/i2c/busses/i2c-designware-common.c | 6 - drivers/i2c/busses/i2c-designware-core.h | 1 drivers/irqchip/irq-gic-v3.c | 7 + drivers/md/dm-cache-target.c | 59 +++++------ drivers/md/dm-unstripe.c | 4 drivers/media/cec/usb/pulse8/pulse8-cec.c | 2 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 3 drivers/media/dvb-core/dvb_frontend.c | 4 drivers/media/dvb-core/dvbdev.c | 17 ++- drivers/media/dvb-frontends/cx24116.c | 7 + drivers/media/dvb-frontends/stb0899_algo.c | 2 drivers/media/i2c/adv7604.c | 26 +++- drivers/media/i2c/ar0521.c | 4 drivers/media/platform/samsung/s5p-jpeg/jpeg-core.c | 17 ++- drivers/media/usb/uvc/uvc_driver.c | 2 drivers/media/v4l2-core/v4l2-ctrls-api.c | 17 ++- drivers/net/can/c_can/c_can_main.c | 7 + drivers/net/can/m_can/m_can.c | 3 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 8 - drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 10 + drivers/net/ethernet/arc/emac_main.c | 27 ++--- drivers/net/ethernet/arc/emac_mdio.c | 9 + drivers/net/ethernet/freescale/enetc/enetc_pf.c | 18 +-- drivers/net/ethernet/freescale/enetc/enetc_vf.c | 9 + drivers/net/ethernet/hisilicon/hns3/hnae3.c | 5 drivers/net/ethernet/intel/e1000e/ich8lan.c | 17 --- drivers/net/ethernet/intel/i40e/i40e.h | 1 drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 1 drivers/net/ethernet/intel/i40e/i40e_main.c | 12 +- drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 3 drivers/net/ethernet/intel/ice/ice_fdir.h | 4 drivers/net/ethernet/pensando/ionic/ionic_bus_pci.c | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 drivers/net/ethernet/vertexcom/mse102x.c | 5 drivers/net/phy/dp83848.c | 2 drivers/net/virtio_net.c | 6 + drivers/net/wwan/t7xx/t7xx_hif_dpmaif_rx.c | 2 drivers/platform/x86/amd/pmc/pmc.c | 5 drivers/pwm/pwm-imx-tpm.c | 4 drivers/regulator/rtq2208-regulator.c | 2 drivers/rpmsg/qcom_glink_native.c | 10 + drivers/scsi/sd_zbc.c | 3 drivers/thermal/qcom/lmh.c | 7 + drivers/thermal/thermal_of.c | 21 +-- drivers/usb/dwc3/core.c | 25 ++-- drivers/usb/musb/sunxi.c | 2 drivers/usb/serial/io_edgeport.c | 8 - drivers/usb/serial/option.c | 6 + drivers/usb/serial/qcserial.c | 2 drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c | 8 - drivers/usb/typec/ucsi/ucsi_ccg.c | 2 fs/btrfs/delayed-ref.c | 2 fs/nfs/inode.c | 21 ++- fs/nfs/super.c | 10 + fs/ocfs2/xattr.c | 3 fs/proc/vmcore.c | 9 - fs/smb/server/connection.c | 1 fs/smb/server/connection.h | 1 fs/smb/server/mgmt/user_session.c | 15 +- fs/smb/server/server.c | 20 ++- fs/smb/server/smb_common.c | 10 + fs/smb/server/smb_common.h | 2 include/linux/arm-smccc.h | 32 ----- include/linux/tick.h | 8 + include/linux/user_namespace.h | 3 include/net/netfilter/nf_tables.h | 55 ++++++++-- include/trace/events/rxrpc.h | 1 kernel/fork.c | 2 kernel/signal.c | 3 kernel/ucount.c | 9 - mm/filemap.c | 2 net/mac80211/chan.c | 4 net/mac80211/mlme.c | 2 net/mac80211/scan.c | 2 net/mac80211/util.c | 4 net/mptcp/pm_userspace.c | 3 net/netfilter/nf_tables_api.c | 56 +++++++--- net/netfilter/nft_immediate.c | 2 net/rxrpc/conn_client.c | 4 net/sctp/sm_statefuns.c | 2 net/sunrpc/xprtsock.c | 1 net/vmw_vsock/hyperv_transport.c | 1 net/vmw_vsock/virtio_transport_common.c | 1 security/keys/keyring.c | 7 - sound/firewire/tascam/amdtp-tascam.c | 2 sound/pci/hda/patch_conexant.c | 2 sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/sof/sof-client-probes-ipc4.c | 1 sound/soc/stm/stm32_spdifrx.c | 2 sound/usb/mixer.c | 1 sound/usb/quirks.c | 2 tools/lib/thermal/sampling.c | 2 tools/testing/selftests/bpf/network_helpers.c | 24 ---- tools/testing/selftests/bpf/network_helpers.h | 4 tools/testing/selftests/bpf/prog_tests/flow_dissector.c | 1 tools/testing/selftests/bpf/xdp_hw_metadata.c | 14 ++ 131 files changed, 610 insertions(+), 380 deletions(-) Aleksandr Loktionov (1): i40e: fix race condition by adding filter's intermediate sync state Alex Deucher (3): drm/amdgpu: Adjust debugfs eviction and IB access permissions drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() drm/amdgpu: Adjust debugfs register access permissions Alexander Stein (2): arm64: dts: imx8qxp: Add VPU subsystem file arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs Amelie Delaunay (1): ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove Andrei Vagin (1): ucounts: fix counter leak in inc_rlimit_get_ucounts() Andrew Kanner (1): ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Antonio Quartulli (1): drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported Benjamin Segall (1): posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone Benoit Sevens (1): media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format Benoît Monin (1): USB: serial: option: add Quectel RG650V Bjorn Andersson (1): rpmsg: glink: Handle rejected intent request better Chen Ridong (1): security/keys: fix slab-out-of-bounds in key_task_permission ChiYuan Huang (1): regulator: rtq2208: Fix uninitialized use of regulator_config Corey Hickey (1): platform/x86/amd/pmc: Detect when STB is not available Dan Carpenter (2): usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() USB: serial: io_edgeport: fix use after free in debug printk Daniel Maslowski (1): riscv/purgatory: align riscv_kernel_entry Dario Binacchi (1): can: c_can: fix {rx,tx}_errors statistics David Howells (1): rxrpc: Fix missing locking causing hanging calls Diederik de Haas (4): arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes Diogo Silva (1): net: phy: ti: add PHY_RST_AFTER_CLK_EN flag Dmitry Baryshkov (1): thermal/drivers/qcom/lmh: Remove false lockdep backtrace Emil Dahl Juhl (1): tools/lib/thermal: Fix sampling handler context ptr Erik Schumacher (1): pwm: imx-tpm: Use correct MODULO value for EPWM mode Filipe Manana (1): btrfs: reinitialize delayed ref list after deleting it from the list Florian Westphal (1): netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx Geert Uytterhoeven (2): arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator Geliang Tang (1): mptcp: use sock_kfree_s instead of kfree George Guo (1): netfilter: nf_tables: cleanup documentation Greg Kroah-Hartman (2): Revert "wifi: mac80211: fix RCU list iterations" Linux 6.6.61 Heiko Stuebner (12): arm64: dts: rockchip: fix i2c2 pinctrl-names property on anbernic-rg353p/v arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards arm64: dts: rockchip: Remove undocumented supports-emmc property arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc arm64: dts: rockchip: remove num-slots property from rk3328-nanopi-r2s-plus arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone pro ARM: dts: rockchip: fix rk3036 acodec node ARM: dts: rockchip: drop grf reference from rk3036 hdmi ARM: dts: rockchip: Fix the spi controller on rk3036 ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin Hyunwoo Kim (2): hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans Icenowy Zheng (1): thermal/of: support thermal zones w/o trips subnode Jack Wu (1): USB: serial: qcserial: add support for Sierra Wireless EM86xx Jarosław Janik (1): Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" Jinjie Ruan (2): ksmbd: Fix the missing xa_store error check net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() Jiri Kosina (1): HID: core: zero-initialize the report buffer Johan Jonker (2): net: arc: fix the device for dma_map_single/dma_unmap_single net: arc: rockchip: fix emac mdio node support Johannes Thumshirn (1): scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer Jyri Sarha (1): ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits Lijo Lazar (1): drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 Liu Peibao (1): i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set Marc Kleine-Budde (3): can: m_can: m_can_close(): don't call free_irq() for IRQ-less devices can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes Marc Zyngier (1): irqchip/gic-v3: Force propagation of the active state with a read-back Mark Brown (1): arm64/sve: Discard stale CPU state when handling SVE traps Mark Rutland (2): arm64: Kconfig: Make SME depend on BROKEN for now arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint Mateusz Polchlopek (1): ice: change q_index variable type to s16 to store -1 value Mauro Carvalho Chehab (10): media: stb0899_algo: initialize cfr before using it media: dvbdev: prevent the risk of out of memory access media: dvb_frontend: don't play tricks with underflow values media: adv7604: prevent underflow condition when reporting colorspace media: ar0521: don't overflow when checking PLL values media: s5p-jpeg: prevent buffer overflows media: cx24116: prevent overflows on SNR calculus media: pulse8-cec: fix data timestamp at pulse8_setup() media: v4l2-tpg: prevent the risk of a division by zero media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() Mike Snitzer (1): nfs: avoid i_lock contention in nfs_clear_invalid_mapping Ming-Hung Tsai (5): dm cache: correct the number of origin blocks to match the target length dm cache: fix flushing uninitialized delayed_work on cache_ctr error dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: optimize dirty bit checking with find_next_bit when resizing dm cache: fix potential out-of-bounds access on the first resume Mingcong Bai (1): ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 Murad Masimov (1): ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() Namjae Jeon (3): ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create ksmbd: check outstanding simultaneous SMB operations ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp NeilBrown (2): sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() NFSv3: only use NFS timeout for MOUNT when protocols are compatible Nícolas F. R. A. Prado (1): net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal Peiyang Wang (1): net: hns3: fix kernel crash when uninstalling driver Peng Fan (1): arm64: dts: imx8mp: correct sdhc ipg clk Philo Lu (1): virtio_net: Add hash_key_length check Pu Lehui (1): Revert "selftests/bpf: Implement get_hw_ring_size function to retrieve current and max interface size" Qi Xi (1): fs/proc: fix compile warning about variable 'vmcore_mmap_ops' Reinhard Speyerer (1): USB: serial: option: add Fibocom FG132 0x0112 composition Rex Nie (1): usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier Roberto Sassu (1): nfs: Fix KMSAN warning in decode_getfattr_attrs() Roger Quadros (1): usb: dwc3: fix fault at system suspend if device was already runtime suspended Roman Gushchin (1): signal: restore the override_rlimit logic Sergey Bostandzhyan (1): arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus Stefan Wahren (1): net: vertexcom: mse102x: Fix possible double free of TX skb Suraj Gupta (1): dt-bindings: net: xlnx,axi-ethernet: Correct phy-mode property value Takashi Iwai (1): ALSA: usb-audio: Add quirk for HP 320 FHD Webcam Trond Myklebust (1): filemap: Fix bounds checking in filemap_read() Vitaly Lifshits (1): e1000e: Remove Meteor Lake SMBUS workarounds Wei Fang (2): net: enetc: set MAC address to the VF net_device net: enetc: allocate vf_state during PF probes Wentao Liang (1): drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path Xin Long (1): sctp: properly validate chunk size in sctp_sf_ootb() Xinqi Zhang (1): firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() Zichen Xie (1): dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow Zijun Hu (1): usb: musb: sunxi: Fix accessing an released usb phy

5 months, 1 week

1
1
0 0

Linux 6.11.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.11.8 kernel. All users of the 6.11 kernel series must upgrade. The updated 6.11.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.11.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/xlnx,axi-ethernet.yaml | 2 Documentation/netlink/specs/mptcp_pm.yaml | 1 Makefile | 2 arch/arm/boot/dts/rockchip/rk3036-kylin.dts | 4 arch/arm/boot/dts/rockchip/rk3036.dtsi | 14 arch/arm64/Kconfig | 1 arch/arm64/boot/dts/freescale/imx8-ss-vpu.dtsi | 4 arch/arm64/boot/dts/freescale/imx8mp-phyboard-pollux-rdk.dts | 12 arch/arm64/boot/dts/freescale/imx8mp.dtsi | 6 arch/arm64/boot/dts/freescale/imx8qxp-ss-vpu.dtsi | 8 arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 arch/arm64/boot/dts/rockchip/Makefile | 1 arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 4 arch/arm64/boot/dts/rockchip/rk3328-nanopi-r2s-plus.dts | 30 ++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3368-lion.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3399-eaidk-610.dts | 2 arch/arm64/boot/dts/rockchip/rk3399-pinephone-pro.dts | 2 arch/arm64/boot/dts/rockchip/rk3399-rock960.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-sapphire-excavator.dts | 2 arch/arm64/boot/dts/rockchip/rk3566-anbernic-rg353p.dts | 2 arch/arm64/boot/dts/rockchip/rk3566-anbernic-rg353v.dts | 2 arch/arm64/boot/dts/rockchip/rk3566-box-demo.dts | 6 arch/arm64/boot/dts/rockchip/rk3566-lubancat-1.dts | 1 arch/arm64/boot/dts/rockchip/rk3566-pinenote.dtsi | 6 arch/arm64/boot/dts/rockchip/rk3566-radxa-cm3.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3568-lubancat-2.dts | 1 arch/arm64/boot/dts/rockchip/rk3568-roc-pc.dts | 3 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 20 - arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 4 arch/arm64/boot/dts/rockchip/rk3588-toybrick-x0.dts | 1 arch/arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 1 arch/arm64/kernel/fpsimd.c | 1 arch/arm64/kernel/smccc-call.S | 35 -- arch/powerpc/kvm/book3s_hv.c | 12 arch/xtensa/Kconfig | 1 arch/xtensa/include/asm/cmpxchg.h | 2 block/blk-map.c | 56 +-- block/blk-merge.c | 146 +++------- block/blk-mq.c | 11 block/blk.h | 63 +++- drivers/char/tpm/tpm-chip.c | 4 drivers/char/tpm/tpm-interface.c | 32 +- drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/gcc-x1e80100.c | 12 drivers/clk/qcom/videocc-sm8350.c | 4 drivers/edac/qcom_edac.c | 8 drivers/firmware/arm_scmi/bus.c | 7 drivers/firmware/qcom/Kconfig | 11 drivers/firmware/qcom/qcom_scm.c | 77 ++++- drivers/firmware/smccc/smccc.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 10 drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 + drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 4 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 49 ++- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 4 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 20 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 74 ----- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 8 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 2 drivers/gpu/drm/imagination/pvr_context.c | 33 ++ drivers/gpu/drm/imagination/pvr_context.h | 21 + drivers/gpu/drm/imagination/pvr_device.h | 10 drivers/gpu/drm/imagination/pvr_drv.c | 3 drivers/gpu/drm/imagination/pvr_vm.c | 22 + drivers/gpu/drm/imagination/pvr_vm.h | 1 drivers/gpu/drm/panthor/panthor_device.c | 4 drivers/gpu/drm/panthor/panthor_mmu.c | 2 drivers/gpu/drm/xe/regs/xe_gt_regs.h | 2 drivers/gpu/drm/xe/xe_device.h | 14 drivers/gpu/drm/xe/xe_exec.c | 13 drivers/gpu/drm/xe/xe_gt_ccs_mode.c | 6 drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 2 drivers/gpu/drm/xe/xe_guc_ct.c | 9 drivers/gpu/drm/xe/xe_wait_user_fence.c | 7 drivers/hid/hid-core.c | 2 drivers/i2c/busses/i2c-designware-common.c | 6 drivers/i2c/busses/i2c-designware-core.h | 1 drivers/irqchip/irq-gic-v3.c | 7 drivers/md/dm-cache-target.c | 59 ++-- drivers/md/dm-unstripe.c | 4 drivers/md/dm.c | 4 drivers/media/cec/usb/pulse8/pulse8-cec.c | 2 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 3 drivers/media/dvb-core/dvb_frontend.c | 4 drivers/media/dvb-core/dvb_vb2.c | 8 drivers/media/dvb-core/dvbdev.c | 17 + drivers/media/dvb-frontends/cx24116.c | 7 drivers/media/dvb-frontends/stb0899_algo.c | 2 drivers/media/i2c/adv7604.c | 26 + drivers/media/i2c/ar0521.c | 4 drivers/media/pci/mgb4/mgb4_cmt.c | 2 drivers/media/platform/samsung/s5p-jpeg/jpeg-core.c | 17 - drivers/media/test-drivers/vivid/vivid-core.c | 2 drivers/media/test-drivers/vivid/vivid-core.h | 4 drivers/media/test-drivers/vivid/vivid-ctrls.c | 2 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 drivers/media/usb/uvc/uvc_driver.c | 2 drivers/media/v4l2-core/v4l2-ctrls-api.c | 17 - drivers/net/can/c_can/c_can_main.c | 7 drivers/net/can/cc770/Kconfig | 2 drivers/net/can/m_can/m_can.c | 3 drivers/net/can/sja1000/Kconfig | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 8 drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 10 drivers/net/ethernet/arc/emac_main.c | 27 + drivers/net/ethernet/arc/emac_mdio.c | 9 drivers/net/ethernet/freescale/dpaa/dpaa_eth_trace.h | 2 drivers/net/ethernet/freescale/enetc/enetc_pf.c | 18 - drivers/net/ethernet/freescale/enetc/enetc_vf.c | 9 drivers/net/ethernet/hisilicon/hns3/hnae3.c | 5 drivers/net/ethernet/intel/e1000e/ich8lan.c | 17 - drivers/net/ethernet/intel/i40e/i40e.h | 1 drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 1 drivers/net/ethernet/intel/i40e/i40e_main.c | 12 drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 3 drivers/net/ethernet/intel/ice/ice_fdir.h | 4 drivers/net/ethernet/intel/idpf/idpf.h | 4 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 11 drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 3 drivers/net/ethernet/pensando/ionic/ionic_bus_pci.c | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 drivers/net/ethernet/vertexcom/mse102x.c | 5 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 drivers/net/phy/dp83848.c | 2 drivers/net/virtio_net.c | 119 ++++++-- drivers/net/wwan/t7xx/t7xx_hif_dpmaif_rx.c | 2 drivers/platform/x86/amd/pmc/pmc.c | 5 drivers/platform/x86/amd/pmf/core.c | 21 - drivers/platform/x86/amd/pmf/pmf.h | 55 +++ drivers/platform/x86/amd/pmf/spc.c | 52 ++- drivers/pwm/pwm-imx-tpm.c | 4 drivers/regulator/rtq2208-regulator.c | 2 drivers/rpmsg/qcom_glink_native.c | 10 drivers/scsi/sd_zbc.c | 3 drivers/soc/qcom/llcc-qcom.c | 3 drivers/staging/media/av7110/av7110.h | 4 drivers/staging/media/av7110/av7110_ca.c | 25 + drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 drivers/thermal/qcom/lmh.c | 7 drivers/thermal/thermal_of.c | 21 - drivers/thunderbolt/retimer.c | 2 drivers/thunderbolt/usb4.c | 2 drivers/ufs/core/ufshcd.c | 10 drivers/usb/dwc3/core.c | 25 - drivers/usb/musb/sunxi.c | 2 drivers/usb/serial/io_edgeport.c | 8 drivers/usb/serial/option.c | 6 drivers/usb/serial/qcserial.c | 2 drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c | 8 drivers/usb/typec/ucsi/ucsi_ccg.c | 2 fs/btrfs/bio.c | 30 +- fs/btrfs/delayed-ref.c | 2 fs/btrfs/inode.c | 2 fs/btrfs/super.c | 25 - fs/nfs/inode.c | 70 +++- fs/nfs/nfs4proc.c | 4 fs/nfs/super.c | 10 fs/ocfs2/xattr.c | 3 fs/proc/vmcore.c | 9 fs/smb/server/connection.c | 1 fs/smb/server/connection.h | 1 fs/smb/server/mgmt/user_session.c | 15 - fs/smb/server/server.c | 20 - fs/smb/server/smb_common.c | 10 fs/smb/server/smb_common.h | 2 fs/tracefs/inode.c | 12 include/linux/arm-smccc.h | 32 -- include/linux/bio.h | 4 include/linux/soc/qcom/llcc-qcom.h | 2 include/linux/user_namespace.h | 3 include/net/netfilter/nf_tables.h | 4 include/trace/events/rxrpc.h | 1 kernel/signal.c | 3 kernel/ucount.c | 9 lib/objpool.c | 18 - mm/damon/core.c | 42 +- mm/filemap.c | 2 mm/huge_memory.c | 35 +- mm/internal.h | 10 mm/memcontrol-v1.c | 25 + mm/memcontrol.c | 8 mm/migrate.c | 4 mm/mlock.c | 9 mm/page_alloc.c | 1 mm/slab_common.c | 31 +- mm/swap.c | 4 mm/vmscan.c | 4 net/mptcp/mptcp_pm_gen.c | 1 net/mptcp/pm_userspace.c | 3 net/netfilter/nf_tables_api.c | 41 ++ net/rxrpc/conn_client.c | 4 net/sctp/sm_statefuns.c | 2 net/smc/af_smc.c | 4 net/sunrpc/xprtsock.c | 1 net/vmw_vsock/hyperv_transport.c | 1 net/vmw_vsock/virtio_transport_common.c | 1 security/keys/keyring.c | 7 security/keys/trusted-keys/trusted_dcp.c | 9 sound/firewire/tascam/amdtp-tascam.c | 2 sound/pci/hda/patch_conexant.c | 2 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/sof/sof-client-probes-ipc4.c | 1 sound/soc/stm/stm32_spdifrx.c | 2 sound/usb/mixer.c | 1 sound/usb/quirks.c | 2 tools/lib/thermal/sampling.c | 2 tools/testing/selftests/mm/hugetlb_dio.c | 19 - 218 files changed, 1514 insertions(+), 861 deletions(-) Abel Vesa (1): clk: qcom: gcc-x1e80100: Fix USB MP SS1 PHY GDSC pwrsts flags Aleksandr Loktionov (1): i40e: fix race condition by adding filter's intermediate sync state Alex Deucher (3): drm/amdgpu: Adjust debugfs eviction and IB access permissions drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() drm/amdgpu: Adjust debugfs register access permissions Alexander Stein (1): arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs Amelie Delaunay (1): ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove Andrei Vagin (1): ucounts: fix counter leak in inc_rlimit_get_ucounts() Andrew Kanner (1): ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Antonio Quartulli (1): drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported Aurabindo Pillai (1): drm/amd/display: parse umc_info or vram_info based on ASIC Badal Nilawar (1): drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout Balasubramani Vivekanandan (1): drm/xe: Set mask bits for CCS_MODE register Barnabás Czémán (1): clk: qcom: clk-alpha-pll: Fix pll post div mask when width is not set Bart Van Assche (1): scsi: ufs: core: Start the RTC update work later Bartosz Golaszewski (1): firmware: qcom: scm: fix a NULL-pointer dereference Benoit Sevens (1): media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format Benoît Monin (1): USB: serial: option: add Quectel RG650V Bjorn Andersson (1): rpmsg: glink: Handle rejected intent request better Brendan King (2): drm/imagination: Add a per-file PVR context list drm/imagination: Break an object reference loop Chen Ridong (1): security/keys: fix slab-out-of-bounds in key_task_permission ChiYuan Huang (1): regulator: rtq2208: Fix uninitialized use of regulator_config Christoph Hellwig (2): block: rework bio splitting block: fix queue limits checks in blk_rq_map_user_bvec for real Corey Hickey (1): platform/x86/amd/pmc: Detect when STB is not available Dan Carpenter (2): usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() USB: serial: io_edgeport: fix use after free in debug printk Dario Binacchi (1): can: c_can: fix {rx,tx}_errors statistics David Gstir (1): KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation David Howells (1): rxrpc: Fix missing locking causing hanging calls Diederik de Haas (4): arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes Diogo Silva (1): net: phy: ti: add PHY_RST_AFTER_CLK_EN flag Dmitry Baryshkov (2): arm64: dts: qcom: sm8450 fix PIPE clock specification for pcie1 thermal/drivers/qcom/lmh: Remove false lockdep backtrace Dragan Simic (2): arm64: dts: rockchip: Move L3 cache outside CPUs in RK3588(S) SoC dtsi arm64: dts: rockchip: Start cooling maps numbering from zero on ROCK 5B Emil Dahl Juhl (1): tools/lib/thermal: Fix sampling handler context ptr Eric Dumazet (1): net/smc: do not leave a dangling sk pointer in __smc_create() Erik Schumacher (1): pwm: imx-tpm: Use correct MODULO value for EPWM mode Filipe Manana (1): btrfs: reinitialize delayed ref list after deleting it from the list Gautam Menghani (1): KVM: PPC: Book3S HV: Mask off LPCR_MER for a vCPU before running it to avoid spurious interrupts Geert Uytterhoeven (2): arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator Geliang Tang (1): mptcp: use sock_kfree_s instead of kfree Greg Kroah-Hartman (1): Linux 6.11.8 Haisu Wang (1): btrfs: fix the length of reserved qgroup to free Hans Verkuil (2): media: dvb-core: add missing buffer index check media: vivid: fix buffer overwrite when using > 32 buffers Heiko Stuebner (13): arm64: dts: rockchip: fix i2c2 pinctrl-names property on anbernic-rg353p/v arm64: dts: rockchip: Drop regulator-init-microvolt from two boards arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards arm64: dts: rockchip: Remove undocumented supports-emmc property arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc arm64: dts: rockchip: remove num-slots property from rk3328-nanopi-r2s-plus arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone pro ARM: dts: rockchip: fix rk3036 acodec node ARM: dts: rockchip: drop grf reference from rk3036 hdmi ARM: dts: rockchip: Fix the spi controller on rk3036 ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin Hugh Dickins (1): mm/thp: fix deferred split unqueue naming and locking Hyunwoo Kim (2): hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans Icenowy Zheng (1): thermal/of: support thermal zones w/o trips subnode Jack Wu (1): USB: serial: qcserial: add support for Sierra Wireless EM86xx Jann Horn (1): drm/panthor: Be stricter about IO mapping flags Jarkko Sakkinen (1): tpm: Lock TPM chip in tpm_pm_suspend() first Jarosław Janik (1): Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" Jinjie Ruan (2): ksmbd: Fix the missing xa_store error check net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() Jiri Kosina (1): HID: core: zero-initialize the report buffer Johan Hovold (2): clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs firmware: qcom: scm: suppress download mode error Johan Jonker (2): net: arc: fix the device for dma_map_single/dma_unmap_single net: arc: rockchip: fix emac mdio node support Johannes Thumshirn (1): scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer Jyri Sarha (1): ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits Kalesh Singh (1): tracing: Fix tracefs mount options Kenneth Feng (2): drm/amd/pm: always pick the pptable from IFWI drm/amd/pm: correct the workload setting Koichiro Den (1): mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create Lijo Lazar (1): drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 Liu Peibao (1): i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set Liviu Dudau (1): drm/panthor: Lock XArray when getting entries for the VM Marc Kleine-Budde (3): can: m_can: m_can_close(): don't call free_irq() for IRQ-less devices can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes Marc Zyngier (1): irqchip/gic-v3: Force propagation of the active state with a read-back Marek Vasut (1): arm64: dts: imx8mp-phyboard-pollux: Set Video PLL1 frequency to 506.8 MHz Mark Brown (1): arm64/sve: Discard stale CPU state when handling SVE traps Mark Rutland (2): arm64: Kconfig: Make SME depend on BROKEN for now arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint Masami Hiramatsu (Google) (1): objpool: fix to make percpu slot allocation more robust Mateusz Polchlopek (1): ice: change q_index variable type to s16 to store -1 value Matthew Brost (2): drm/xe: Fix possible exec queue leak in exec IOCTL drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL Matthieu Baerts (NGI0) (1): mptcp: no admin perm to list endpoints Mauro Carvalho Chehab (12): media: stb0899_algo: initialize cfr before using it media: dvbdev: prevent the risk of out of memory access media: dvb_frontend: don't play tricks with underflow values media: adv7604: prevent underflow condition when reporting colorspace media: mgb4: protect driver against spectre media: ar0521: don't overflow when checking PLL values media: s5p-jpeg: prevent buffer overflows media: cx24116: prevent overflows on SNR calculus media: av7110: fix a spectre vulnerability media: pulse8-cec: fix data timestamp at pulse8_setup() media: v4l2-tpg: prevent the risk of a division by zero media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() Mika Westerberg (2): thunderbolt: Add only on-board retimers when !CONFIG_USB4_DEBUGFS_MARGINING thunderbolt: Fix connection issue with Pluggable UD-4VPD dock Mike Snitzer (1): nfs: avoid i_lock contention in nfs_clear_invalid_mapping Mikulas Patocka (1): dm: fix a crash if blk_alloc_disk fails Ming-Hung Tsai (5): dm cache: correct the number of origin blocks to match the target length dm cache: fix flushing uninitialized delayed_work on cache_ctr error dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: optimize dirty bit checking with find_next_bit when resizing dm cache: fix potential out-of-bounds access on the first resume Mingcong Bai (1): ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 Muhammad Usama Anjum (1): selftests: hugetlb_dio: check for initial conditions to skip in the start Mukesh Ojha (1): firmware: qcom: scm: Refactor code to support multiple dload mode Murad Masimov (1): ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() Namjae Jeon (3): ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create ksmbd: check outstanding simultaneous SMB operations ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp NeilBrown (2): sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() NFSv3: only use NFS timeout for MOUNT when protocols are compatible Nirmoy Das (3): drm/xe: Move LNL scheduling WA to xe_device.h drm/xe/ufence: Flush xe ordered_wq in case of ufence timeout drm/xe/guc/tlb: Flush g2h worker in case of tlb timeout Nícolas F. R. A. Prado (1): net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal Paul E. McKenney (1): xtensa: Emulate one-byte cmpxchg Pavan Kumar Linga (2): idpf: avoid vport access in idpf_get_link_ksettings idpf: fix idpf_vc_core_init error path Peiyang Wang (1): net: hns3: fix kernel crash when uninstalling driver Peng Fan (1): arm64: dts: imx8mp: correct sdhc ipg clk Philo Lu (4): virtio_net: Support dynamic rss indirection table size virtio_net: Add hash_key_length check virtio_net: Sync rss config to device when virtnet_probe virtio_net: Update rss when set queue Qi Xi (1): fs/proc: fix compile warning about variable 'vmcore_mmap_ops' Qiang Yu (1): clk: qcom: gcc-x1e80100: Fix halt_check for pipediv2 clocks Qingqing Zhou (1): firmware: qcom: scm: Return -EOPNOTSUPP for unsupported SHM bridge enabling Qu Wenruo (1): btrfs: fix per-subvolume RO/RW flags with new mount API Rajendra Nayak (1): EDAC/qcom: Make irq configuration optional Reinhard Speyerer (1): USB: serial: option: add Fibocom FG132 0x0112 composition Rex Nie (1): usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier Roberto Sassu (1): nfs: Fix KMSAN warning in decode_getfattr_attrs() Roger Quadros (1): usb: dwc3: fix fault at system suspend if device was already runtime suspended Roman Gushchin (1): signal: restore the override_rlimit logic Sam Edwards (1): arm64: dts: rockchip: Designate Turing RK1's system power controller SeongJae Park (3): mm/damon/core: avoid overflow in damon_feed_loop_next_input() mm/damon/core: handle zero {aggregation,ops_update} intervals mm/damon/core: handle zero schemes apply interval Sergey Bostandzhyan (1): arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus Shyam Sundar S K (3): platform/x86/amd/pmf: Relocate CPU ID macros to the PMF header platform/x86/amd/pmf: Update SMU metrics table for 1AH family series platform/x86/amd/pmf: Add SMU metrics table support for 1Ah family 60h model Stefan Wahren (1): net: vertexcom: mse102x: Fix possible double free of TX skb Suraj Gupta (2): dt-bindings: net: xlnx,axi-ethernet: Correct phy-mode property value net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts Takashi Iwai (1): ALSA: usb-audio: Add quirk for HP 320 FHD Webcam Thomas Mühlbacher (1): can: {cc770,sja1000}_isa: allow building on x86_64 Tom Chung (1): drm/amd/display: Fix brightness level not retained over reboot Trond Myklebust (3): NFS: Fix attribute delegation behaviour on exclusive create NFS: Further fixes to attribute delegation a/mtime changes filemap: Fix bounds checking in filemap_read() Umang Jain (2): staging: vchiq_arm: Use devm_kzalloc() for drv_mgmt allocation staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation Vitaly Lifshits (1): e1000e: Remove Meteor Lake SMBUS workarounds Vladimir Oltean (1): net: dpaa_eth: print FD status in CPU endianness in dpaa_eth_fd tracepoint Wei Fang (2): net: enetc: set MAC address to the VF net_device net: enetc: allocate vf_state during PF probes Wei Yang (1): mm/mlock: set the correct prev on failure Wentao Liang (1): drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path Xin Long (1): sctp: properly validate chunk size in sctp_sf_ootb() Xinqi Zhang (1): firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() Zichen Xie (1): dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow Zijun Hu (1): usb: musb: sunxi: Fix accessing an released usb phy

5 months, 1 week

1
1
0 0

Linux 6.1.117

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.117 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/rk3036-kylin.dts | 4 arch/arm/boot/dts/rk3036.dtsi | 14 - arch/arm64/Kconfig | 1 arch/arm64/boot/dts/freescale/imx8-ss-vpu.dtsi | 4 arch/arm64/boot/dts/freescale/imx8mp.dtsi | 6 arch/arm64/boot/dts/freescale/imx8qxp-ss-vpu.dtsi | 25 ++ arch/arm64/boot/dts/freescale/imx8qxp.dtsi | 6 arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 4 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3368-lion.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3399-eaidk-610.dts | 2 arch/arm64/boot/dts/rockchip/rk3399-rock960.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-sapphire-excavator.dts | 2 arch/arm64/boot/dts/rockchip/rk3566-pinenote.dtsi | 4 arch/riscv/purgatory/entry.S | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 8 drivers/hid/hid-core.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/irqchip/irq-gic-v3.c | 7 drivers/md/dm-cache-target.c | 59 +++--- drivers/md/dm-unstripe.c | 4 drivers/media/cec/usb/pulse8/pulse8-cec.c | 2 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 3 drivers/media/dvb-core/dvb_frontend.c | 4 drivers/media/dvb-core/dvbdev.c | 17 + drivers/media/dvb-frontends/cx24116.c | 7 drivers/media/dvb-frontends/stb0899_algo.c | 2 drivers/media/i2c/adv7604.c | 26 +- drivers/media/i2c/ar0521.c | 4 drivers/media/platform/amphion/vpu_core.c | 2 drivers/media/platform/samsung/s5p-jpeg/jpeg-core.c | 17 + drivers/media/usb/uvc/uvc_driver.c | 2 drivers/media/v4l2-core/v4l2-ctrls-api.c | 17 + drivers/net/can/c_can/c_can_main.c | 7 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 8 drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 10 - drivers/net/ethernet/arc/emac_main.c | 27 +- drivers/net/ethernet/arc/emac_mdio.c | 9 drivers/net/ethernet/freescale/enetc/enetc_vf.c | 9 drivers/net/ethernet/hisilicon/hns3/hnae3.c | 5 drivers/net/ethernet/intel/i40e/i40e.h | 1 drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 1 drivers/net/ethernet/intel/i40e/i40e_main.c | 12 + drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 3 drivers/net/ethernet/intel/ice/ice_fdir.h | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 drivers/net/ethernet/vertexcom/mse102x.c | 5 drivers/net/phy/dp83848.c | 2 drivers/net/virtio_net.c | 6 drivers/net/wwan/t7xx/t7xx_hif_dpmaif_rx.c | 2 drivers/platform/x86/amd/pmc.c | 5 drivers/pwm/pwm-imx-tpm.c | 4 drivers/scsi/sd_zbc.c | 3 drivers/thermal/qcom/lmh.c | 7 drivers/thermal/thermal_of.c | 21 +- drivers/usb/dwc3/core.c | 25 +- drivers/usb/musb/sunxi.c | 2 drivers/usb/serial/io_edgeport.c | 8 drivers/usb/serial/option.c | 6 drivers/usb/serial/qcserial.c | 2 drivers/usb/typec/ucsi/ucsi_ccg.c | 2 fs/btrfs/delayed-ref.c | 2 fs/nfs/inode.c | 125 +++++++++++-- fs/nfs/super.c | 10 - fs/ocfs2/xattr.c | 3 fs/proc/vmcore.c | 9 fs/smb/server/mgmt/user_session.c | 15 + fs/smb/server/server.c | 4 include/linux/nfs_fs.h | 47 ++++ include/linux/tick.h | 8 include/linux/user_namespace.h | 3 kernel/fork.c | 2 kernel/signal.c | 3 kernel/ucount.c | 9 mm/filemap.c | 2 net/core/dst.c | 17 + net/mac80211/chan.c | 4 net/mac80211/mlme.c | 2 net/mac80211/scan.c | 2 net/mac80211/util.c | 4 net/mptcp/pm_userspace.c | 3 net/sched/sch_taprio.c | 18 + net/sctp/sm_statefuns.c | 2 net/sunrpc/xprtsock.c | 1 net/vmw_vsock/hyperv_transport.c | 1 net/vmw_vsock/virtio_transport_common.c | 1 security/keys/keyring.c | 7 sound/firewire/tascam/amdtp-tascam.c | 2 sound/pci/hda/patch_conexant.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/stm/stm32_spdifrx.c | 2 sound/usb/mixer.c | 1 sound/usb/quirks.c | 2 tools/lib/thermal/sampling.c | 2 tools/testing/selftests/arm64/signal/test_signals.c | 4 98 files changed, 569 insertions(+), 228 deletions(-) Aleksandr Loktionov (1): i40e: fix race condition by adding filter's intermediate sync state Alex Deucher (2): drm/amdgpu: Adjust debugfs eviction and IB access permissions drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Alexander Stein (4): arm64: dts: imx8qm: Fix VPU core alias name arm64: dts: imx8qxp: Add VPU subsystem file arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs media: amphion: Fix VPU core alias name Amelie Delaunay (1): ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove Andrei Vagin (1): ucounts: fix counter leak in inc_rlimit_get_ucounts() Andrew Kanner (1): ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Antonio Quartulli (1): drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported Benjamin Segall (1): posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone Benoit Sevens (1): media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format Benoît Monin (1): USB: serial: option: add Quectel RG650V Chen Ridong (1): security/keys: fix slab-out-of-bounds in key_task_permission Christoffer Sandberg (1): ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 Corey Hickey (1): platform/x86/amd/pmc: Detect when STB is not available Dan Carpenter (2): usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() USB: serial: io_edgeport: fix use after free in debug printk Daniel Maslowski (1): riscv/purgatory: align riscv_kernel_entry Dario Binacchi (1): can: c_can: fix {rx,tx}_errors statistics Diederik de Haas (2): arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node Diogo Silva (1): net: phy: ti: add PHY_RST_AFTER_CLK_EN flag Dmitry Antipov (1): net: sched: use RCU read-side critical section in taprio_dump() Dmitry Baryshkov (1): thermal/drivers/qcom/lmh: Remove false lockdep backtrace Emil Dahl Juhl (1): tools/lib/thermal: Fix sampling handler context ptr Eric Dumazet (1): net: do not delay dst_entries_add() in dst_release() Erik Schumacher (1): pwm: imx-tpm: Use correct MODULO value for EPWM mode Filipe Manana (1): btrfs: reinitialize delayed ref list after deleting it from the list Geert Uytterhoeven (2): arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator Geliang Tang (1): mptcp: use sock_kfree_s instead of kfree Greg Kroah-Hartman (2): Revert "wifi: mac80211: fix RCU list iterations" Linux 6.1.117 Heiko Stuebner (7): arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc ARM: dts: rockchip: fix rk3036 acodec node ARM: dts: rockchip: drop grf reference from rk3036 hdmi ARM: dts: rockchip: Fix the spi controller on rk3036 ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin Hyunwoo Kim (2): hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans Icenowy Zheng (1): thermal/of: support thermal zones w/o trips subnode Jack Wu (1): USB: serial: qcserial: add support for Sierra Wireless EM86xx Jarosław Janik (1): Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" Jinjie Ruan (2): ksmbd: Fix the missing xa_store error check net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() Jiri Kosina (1): HID: core: zero-initialize the report buffer Johan Jonker (2): net: arc: fix the device for dma_map_single/dma_unmap_single net: arc: rockchip: fix emac mdio node support Johannes Thumshirn (1): scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer Marc Kleine-Budde (2): can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes Marc Zyngier (1): irqchip/gic-v3: Force propagation of the active state with a read-back Mark Brown (1): kselftest/arm64: Initialise current at build time in signal tests Mark Rutland (1): arm64: Kconfig: Make SME depend on BROKEN for now Mateusz Polchlopek (1): ice: change q_index variable type to s16 to store -1 value Mauro Carvalho Chehab (10): media: stb0899_algo: initialize cfr before using it media: dvbdev: prevent the risk of out of memory access media: dvb_frontend: don't play tricks with underflow values media: adv7604: prevent underflow condition when reporting colorspace media: ar0521: don't overflow when checking PLL values media: s5p-jpeg: prevent buffer overflows media: cx24116: prevent overflows on SNR calculus media: pulse8-cec: fix data timestamp at pulse8_setup() media: v4l2-tpg: prevent the risk of a division by zero media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() Michal Schmidt (1): bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Mike Snitzer (1): nfs: avoid i_lock contention in nfs_clear_invalid_mapping Ming-Hung Tsai (5): dm cache: correct the number of origin blocks to match the target length dm cache: fix flushing uninitialized delayed_work on cache_ctr error dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: optimize dirty bit checking with find_next_bit when resizing dm cache: fix potential out-of-bounds access on the first resume Mingcong Bai (1): ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 Murad Masimov (1): ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() Namjae Jeon (2): ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp NeilBrown (3): sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() NFSv3: only use NFS timeout for MOUNT when protocols are compatible NFSv3: handle out-of-order write replies. Nícolas F. R. A. Prado (1): net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case Peiyang Wang (1): net: hns3: fix kernel crash when uninstalling driver Peng Fan (1): arm64: dts: imx8mp: correct sdhc ipg clk Philo Lu (1): virtio_net: Add hash_key_length check Qi Xi (1): fs/proc: fix compile warning about variable 'vmcore_mmap_ops' Reinhard Speyerer (1): USB: serial: option: add Fibocom FG132 0x0112 composition Roberto Sassu (1): nfs: Fix KMSAN warning in decode_getfattr_attrs() Roger Quadros (1): usb: dwc3: fix fault at system suspend if device was already runtime suspended Roman Gushchin (1): signal: restore the override_rlimit logic Stefan Wahren (1): net: vertexcom: mse102x: Fix possible double free of TX skb Takashi Iwai (1): ALSA: usb-audio: Add quirk for HP 320 FHD Webcam Trond Myklebust (1): filemap: Fix bounds checking in filemap_read() Wei Fang (1): net: enetc: set MAC address to the VF net_device Xin Long (1): sctp: properly validate chunk size in sctp_sf_ootb() Zichen Xie (1): dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow Zijun Hu (1): usb: musb: sunxi: Fix accessing an released usb phy

5 months, 1 week

1
1
0 0

Linux 5.15.172

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.172 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/rk3036-kylin.dts | 4 arch/arm/boot/dts/rk3036.dtsi | 14 - arch/arm64/boot/dts/freescale/imx8mp.dtsi | 6 arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 4 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3368-lion.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3399-rock960.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-sapphire-excavator.dts | 2 drivers/acpi/prmt.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 8 drivers/hid/hid-core.c | 2 drivers/irqchip/irq-gic-v3.c | 7 drivers/md/dm-cache-target.c | 35 +- drivers/md/dm-unstripe.c | 4 drivers/media/cec/usb/pulse8/pulse8-cec.c | 2 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 3 drivers/media/dvb-core/dvb_frontend.c | 4 drivers/media/dvb-core/dvbdev.c | 17 + drivers/media/dvb-frontends/cx24116.c | 7 drivers/media/dvb-frontends/stb0899_algo.c | 2 drivers/media/i2c/adv7604.c | 26 + drivers/media/platform/s5p-jpeg/jpeg-core.c | 17 - drivers/media/usb/uvc/uvc_driver.c | 2 drivers/media/v4l2-core/v4l2-ctrls-api.c | 17 - drivers/net/can/c_can/c_can_main.c | 7 drivers/net/ethernet/arc/emac_main.c | 27 +- drivers/net/ethernet/freescale/enetc/enetc_vf.c | 9 drivers/net/ethernet/hisilicon/hns3/hnae3.c | 5 drivers/net/ethernet/intel/i40e/i40e.h | 1 drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 1 drivers/net/ethernet/intel/i40e/i40e_main.c | 12 drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 drivers/net/ethernet/intel/ice/ice_fdir.h | 3 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 drivers/net/phy/dp83848.c | 2 drivers/pwm/pwm-imx-tpm.c | 4 drivers/scsi/sd_zbc.c | 3 drivers/thermal/qcom/lmh.c | 7 drivers/usb/dwc3/core.c | 25 - drivers/usb/musb/sunxi.c | 2 drivers/usb/serial/io_edgeport.c | 8 drivers/usb/serial/option.c | 6 drivers/usb/serial/qcserial.c | 2 drivers/usb/typec/ucsi/ucsi_ccg.c | 2 fs/btrfs/delayed-ref.c | 2 fs/nfs/inode.c | 126 ++++++++- fs/nfs/nfstrace.h | 1 fs/nfs/super.c | 10 fs/ocfs2/xattr.c | 3 fs/proc/vmcore.c | 9 include/linux/fs.h | 36 ++ include/linux/nfs_fs.h | 47 +++ include/linux/tick.h | 8 io_uring/io_uring.c | 50 ++- kernel/fork.c | 2 kernel/ucount.c | 3 net/bridge/br_device.c | 5 net/core/dst.c | 17 - net/sctp/sm_statefuns.c | 2 net/vmw_vsock/hyperv_transport.c | 1 net/vmw_vsock/virtio_transport_common.c | 1 security/keys/keyring.c | 7 sound/firewire/tascam/amdtp-tascam.c | 2 sound/pci/hda/patch_conexant.c | 2 sound/soc/stm/stm32_spdifrx.c | 2 sound/usb/mixer.c | 1 sound/usb/mixer_quirks.c | 170 +++++++++++++ sound/usb/quirks.c | 2 72 files changed, 673 insertions(+), 179 deletions(-) Ahmed Zaki (1): ice: Add a per-VF limit on number of FDIR filters Aleksandr Loktionov (1): i40e: fix race condition by adding filter's intermediate sync state Alex Deucher (2): drm/amdgpu: Adjust debugfs eviction and IB access permissions drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Amelie Delaunay (1): ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove Amir Goldstein (3): io_uring: rename kiocb_end_write() local helper fs: create kiocb_{start,end}_write() helpers io_uring: use kiocb_{start,end}_write() helpers Andrei Vagin (1): ucounts: fix counter leak in inc_rlimit_get_ucounts() Andrew Kanner (1): ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Antonio Quartulli (1): drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported Benjamin Coddington (1): NFS: Add a tracepoint to show the results of nfs_set_cache_invalid() Benjamin Segall (1): posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone Benoit Sevens (1): media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format Benoît Monin (1): USB: serial: option: add Quectel RG650V Chen Ridong (1): security/keys: fix slab-out-of-bounds in key_task_permission Dan Carpenter (3): usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() USB: serial: io_edgeport: fix use after free in debug printk ACPI: PRM: Clean up guid type in struct prm_handler_info Dario Binacchi (1): can: c_can: fix {rx,tx}_errors statistics Diederik de Haas (1): arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 Diogo Silva (1): net: phy: ti: add PHY_RST_AFTER_CLK_EN flag Dmitry Baryshkov (1): thermal/drivers/qcom/lmh: Remove false lockdep backtrace Eric Dumazet (1): net: do not delay dst_entries_add() in dst_release() Erik Schumacher (1): pwm: imx-tpm: Use correct MODULO value for EPWM mode Filipe Manana (1): btrfs: reinitialize delayed ref list after deleting it from the list Geert Uytterhoeven (1): arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator Greg Kroah-Hartman (1): Linux 5.15.172 Heiko Stuebner (7): arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc ARM: dts: rockchip: fix rk3036 acodec node ARM: dts: rockchip: drop grf reference from rk3036 hdmi ARM: dts: rockchip: Fix the spi controller on rk3036 ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin Hyunwoo Kim (2): hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans Jack Wu (1): USB: serial: qcserial: add support for Sierra Wireless EM86xx Jan Schär (3): ALSA: usb-audio: Support jack detection on Dell dock ALSA: usb-audio: Add quirks for Dell WD19 dock ALSA: usb-audio: Add endianness annotations Jarosław Janik (1): Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" Jens Axboe (1): io_uring/rw: fix missing NOWAIT check for O_DIRECT start write Jiri Kosina (1): HID: core: zero-initialize the report buffer Johan Jonker (1): net: arc: fix the device for dma_map_single/dma_unmap_single Johannes Thumshirn (1): scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer Marc Zyngier (1): irqchip/gic-v3: Force propagation of the active state with a read-back Mauro Carvalho Chehab (9): media: stb0899_algo: initialize cfr before using it media: dvbdev: prevent the risk of out of memory access media: dvb_frontend: don't play tricks with underflow values media: adv7604: prevent underflow condition when reporting colorspace media: s5p-jpeg: prevent buffer overflows media: cx24116: prevent overflows on SNR calculus media: pulse8-cec: fix data timestamp at pulse8_setup() media: v4l2-tpg: prevent the risk of a division by zero media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() Mike Snitzer (1): nfs: avoid i_lock contention in nfs_clear_invalid_mapping Ming-Hung Tsai (4): dm cache: correct the number of origin blocks to match the target length dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: optimize dirty bit checking with find_next_bit when resizing dm cache: fix potential out-of-bounds access on the first resume Murad Masimov (1): ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() NeilBrown (2): NFSv3: only use NFS timeout for MOUNT when protocols are compatible NFSv3: handle out-of-order write replies. Nikolay Aleksandrov (1): net: bridge: xmit: make sure we have at least eth header len bytes Nícolas F. R. A. Prado (1): net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case Peiyang Wang (1): net: hns3: fix kernel crash when uninstalling driver Peng Fan (1): arm64: dts: imx8mp: correct sdhc ipg clk Qi Xi (1): fs/proc: fix compile warning about variable 'vmcore_mmap_ops' Reinhard Speyerer (1): USB: serial: option: add Fibocom FG132 0x0112 composition Roberto Sassu (1): nfs: Fix KMSAN warning in decode_getfattr_attrs() Roger Quadros (1): usb: dwc3: fix fault at system suspend if device was already runtime suspended Takashi Iwai (1): ALSA: usb-audio: Add quirk for HP 320 FHD Webcam Wei Fang (1): net: enetc: set MAC address to the VF net_device Xin Long (1): sctp: properly validate chunk size in sctp_sf_ootb() Zichen Xie (1): dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow Zijun Hu (1): usb: musb: sunxi: Fix accessing an released usb phy

5 months, 1 week

1
1
0 0

FAILED: patch "[PATCH] mm: refactor map_deny_write_exec()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0fb4a7ad270b3b209e510eb9dc5b07bf02b7edaf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024111112-follicle-scapegoat-c6bf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0fb4a7ad270b3b209e510eb9dc5b07bf02b7edaf Mon Sep 17 00:00:00 2001 From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Date: Tue, 29 Oct 2024 18:11:46 +0000 Subject: [PATCH] mm: refactor map_deny_write_exec() Refactor the map_deny_write_exec() to not unnecessarily require a VMA parameter but rather to accept VMA flags parameters, which allows us to use this function early in mmap_region() in a subsequent commit. While we're here, we refactor the function to be more readable and add some additional documentation. Link: https://lkml.kernel.org/r/6be8bb59cd7c68006ebb006eb9d8dc27104b1f70.17302246… Fixes: deb0f6562884 ("mm/mmap: undo ->mmap() when arch_validate_flags() fails") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reported-by: Jann Horn <jannh(a)google.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: Jann Horn <jannh(a)google.com> Cc: Andreas Larsson <andreas(a)gaisler.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: David S. Miller <davem(a)davemloft.net> Cc: Helge Deller <deller(a)gmx.de> Cc: James E.J. Bottomley <James.Bottomley(a)HansenPartnership.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/mman.h b/include/linux/mman.h index bcb201ab7a41..8ddca62d6460 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -188,16 +188,31 @@ static inline bool arch_memory_deny_write_exec_supported(void) * * d) mmap(PROT_READ | PROT_EXEC) * mmap(PROT_READ | PROT_EXEC | PROT_BTI) + * + * This is only applicable if the user has set the Memory-Deny-Write-Execute + * (MDWE) protection mask for the current process. + * + * @old specifies the VMA flags the VMA originally possessed, and @new the ones + * we propose to set. + * + * Return: false if proposed change is OK, true if not ok and should be denied. */ -static inline bool map_deny_write_exec(struct vm_area_struct *vma, unsigned long vm_flags) +static inline bool map_deny_write_exec(unsigned long old, unsigned long new) { + /* If MDWE is disabled, we have nothing to deny. */ if (!test_bit(MMF_HAS_MDWE, &current->mm->flags)) return false; - if ((vm_flags & VM_EXEC) && (vm_flags & VM_WRITE)) + /* If the new VMA is not executable, we have nothing to deny. */ + if (!(new & VM_EXEC)) + return false; + + /* Under MDWE we do not accept newly writably executable VMAs... */ + if (new & VM_WRITE) return true; - if (!(vma->vm_flags & VM_EXEC) && (vm_flags & VM_EXEC)) + /* ...nor previously non-executable VMAs becoming executable. */ + if (!(old & VM_EXEC)) return true; return false; diff --git a/mm/mmap.c b/mm/mmap.c index ac0604f146f6..ab71d4c3464c 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1505,7 +1505,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, vma_set_anonymous(vma); } - if (map_deny_write_exec(vma, vma->vm_flags)) { + if (map_deny_write_exec(vma->vm_flags, vma->vm_flags)) { error = -EACCES; goto close_and_free_vma; } diff --git a/mm/mprotect.c b/mm/mprotect.c index 0c5d6d06107d..6f450af3252e 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -810,7 +810,7 @@ static int do_mprotect_pkey(unsigned long start, size_t len, break; } - if (map_deny_write_exec(vma, newflags)) { + if (map_deny_write_exec(vma->vm_flags, newflags)) { error = -EACCES; break; } diff --git a/mm/vma.h b/mm/vma.h index 75558b5e9c8c..d58068c0ff2e 100644 --- a/mm/vma.h +++ b/mm/vma.h @@ -42,7 +42,7 @@ struct vma_munmap_struct { int vma_count; /* Number of vmas that will be removed */ bool unlock; /* Unlock after the munmap */ bool clear_ptes; /* If there are outstanding PTE to be cleared */ - /* 1 byte hole */ + /* 2 byte hole */ unsigned long nr_pages; /* Number of pages being removed */ unsigned long locked_vm; /* Number of locked pages */ unsigned long nr_accounted; /* Number of VM_ACCOUNT pages */

5 months, 1 week

2
1
0 0

[PATCH] arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled

by Will Deacon

Commit 18011eac28c7 ("arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks") tried to optimise the context switching of tpidrro_el0 by eliding the clearing of the register when switching to a native task with kpti enabled, on the erroneous assumption that the kpti trampoline entry code would already have taken care of the write. Although the kpti trampoline does zero the register on entry from a native task, the check in tls_thread_switch() is on the *next* task and so we can end up leaving a stale, non-zero value in the register if the previous task was 32-bit. Drop the broken optimisation and zero tpidrro_el0 unconditionally when switching to a native 64-bit task. Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: <stable(a)vger.kernel.org> Fixes: 18011eac28c7 ("arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks") Signed-off-by: Will Deacon <will(a)kernel.org> --- You fix one side-channel and introduce another... :( arch/arm64/kernel/process.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 3e7c8c8195c3..2bbcbb11d844 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -442,7 +442,7 @@ static void tls_thread_switch(struct task_struct *next) if (is_compat_thread(task_thread_info(next))) write_sysreg(next->thread.uw.tp_value, tpidrro_el0); - else if (!arm64_kernel_unmapped_at_el0()) + else write_sysreg(0, tpidrro_el0); write_sysreg(*task_user_tls(next), tpidr_el0); -- 2.47.0.277.g8800431eea-goog

5 months, 1 week

4
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2024