Linux-stable-mirror
April 2024
linux-stable-mirror@lists.linaro.org
- 482 participants
- 1074 discussions
6.8.3+ panic at boot with CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y
by Mihai Moldovan
Hi
Since you backported 41044b41ad2c8c8165a42ec6e9a4096826dcf153 to 6.8.3 and
higher, the kernel crashes hard on boot if BTRFS's sanity checks have been
enabled (CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y).
Please backport b2136cc288fce2f24a92f3d656531b2d50ebec5a to the stable/mainline
series fix this issue.
Best regards
Mihai Moldovan
1 year, 1 month
- 2
- 1
[PATCH] media: cec: core: remove length check of Timer Status solution applies to 5.4 and 4.19
by Nini Song (宋宛妮)
Hi @stable@vger.kernel.org<mailto:stable@vger.kernel.org>
This patch has been merged in mainline as commit ce5d241c3ad45.
[patch diff]
[cid:image001.png@01DA8D04.BCD8A070]
Because of our customer used v5.15, v5.4 and 4.19 for MP production, which requires this solution.
We need your help apply the patch in v5.15, v5.4 and 4.19.
Thanks!
BR,
Nini Song
1 year, 1 month
- 2
- 1
FAILED: patch "[PATCH] r8169: fix LED-related deadlock on module removal" failed to apply to 6.8-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.8-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y
git checkout FETCH_HEAD
git cherry-pick -x 19fa4f2a85d777a8052e869c1b892a2f7556569d
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041459-lagging-tiny-7189@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^..
Possible dependencies:
19fa4f2a85d7 ("r8169: fix LED-related deadlock on module removal")
be51ed104ba9 ("r8169: add LED support for RTL8125/RTL8126")
3907f1ffc0ec ("r8169: add support for RTL8126A")
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 19fa4f2a85d777a8052e869c1b892a2f7556569d Mon Sep 17 00:00:00 2001
From: Heiner Kallweit <hkallweit1(a)gmail.com>
Date: Mon, 8 Apr 2024 20:47:40 +0200
Subject: [PATCH] r8169: fix LED-related deadlock on module removal
Binding devm_led_classdev_register() to the netdev is problematic
because on module removal we get a RTNL-related deadlock. Fix this
by avoiding the device-managed LED functions.
Note: We can safely call led_classdev_unregister() for a LED even
if registering it failed, because led_classdev_unregister() detects
this and is a no-op in this case.
Fixes: 18764b883e15 ("r8169: add support for LED's on RTL8168/RTL8101")
Cc: stable(a)vger.kernel.org
Reported-by: Lukas Wunner <lukas(a)wunner.de>
Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com>
Reviewed-by: Andrew Lunn <andrew(a)lunn.ch>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
diff --git a/drivers/net/ethernet/realtek/r8169.h b/drivers/net/ethernet/realtek/r8169.h
index 4c043052198d..00882ffc7a02 100644
--- a/drivers/net/ethernet/realtek/r8169.h
+++ b/drivers/net/ethernet/realtek/r8169.h
@@ -73,6 +73,7 @@ enum mac_version {
};
struct rtl8169_private;
+struct r8169_led_classdev;
void r8169_apply_firmware(struct rtl8169_private *tp);
u16 rtl8168h_2_get_adc_bias_ioffset(struct rtl8169_private *tp);
@@ -84,7 +85,8 @@ void r8169_get_led_name(struct rtl8169_private *tp, int idx,
char *buf, int buf_len);
int rtl8168_get_led_mode(struct rtl8169_private *tp);
int rtl8168_led_mod_ctrl(struct rtl8169_private *tp, u16 mask, u16 val);
-void rtl8168_init_leds(struct net_device *ndev);
+struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev);
int rtl8125_get_led_mode(struct rtl8169_private *tp, int index);
int rtl8125_set_led_mode(struct rtl8169_private *tp, int index, u16 mode);
-void rtl8125_init_leds(struct net_device *ndev);
+struct r8169_led_classdev *rtl8125_init_leds(struct net_device *ndev);
+void r8169_remove_leds(struct r8169_led_classdev *leds);
diff --git a/drivers/net/ethernet/realtek/r8169_leds.c b/drivers/net/ethernet/realtek/r8169_leds.c
index 7c5dc9d0df85..e10bee706bc6 100644
--- a/drivers/net/ethernet/realtek/r8169_leds.c
+++ b/drivers/net/ethernet/realtek/r8169_leds.c
@@ -146,22 +146,22 @@ static void rtl8168_setup_ldev(struct r8169_led_classdev *ldev,
led_cdev->hw_control_get_device = r8169_led_hw_control_get_device;
/* ignore errors */
- devm_led_classdev_register(&ndev->dev, led_cdev);
+ led_classdev_register(&ndev->dev, led_cdev);
}
-void rtl8168_init_leds(struct net_device *ndev)
+struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev)
{
- /* bind resource mgmt to netdev */
- struct device *dev = &ndev->dev;
struct r8169_led_classdev *leds;
int i;
- leds = devm_kcalloc(dev, RTL8168_NUM_LEDS, sizeof(*leds), GFP_KERNEL);
+ leds = kcalloc(RTL8168_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL);
if (!leds)
- return;
+ return NULL;
for (i = 0; i < RTL8168_NUM_LEDS; i++)
rtl8168_setup_ldev(leds + i, ndev, i);
+
+ return leds;
}
static int rtl8125_led_hw_control_is_supported(struct led_classdev *led_cdev,
@@ -245,20 +245,31 @@ static void rtl8125_setup_led_ldev(struct r8169_led_classdev *ldev,
led_cdev->hw_control_get_device = r8169_led_hw_control_get_device;
/* ignore errors */
- devm_led_classdev_register(&ndev->dev, led_cdev);
+ led_classdev_register(&ndev->dev, led_cdev);
}
-void rtl8125_init_leds(struct net_device *ndev)
+struct r8169_led_classdev *rtl8125_init_leds(struct net_device *ndev)
{
- /* bind resource mgmt to netdev */
- struct device *dev = &ndev->dev;
struct r8169_led_classdev *leds;
int i;
- leds = devm_kcalloc(dev, RTL8125_NUM_LEDS, sizeof(*leds), GFP_KERNEL);
+ leds = kcalloc(RTL8125_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL);
if (!leds)
- return;
+ return NULL;
for (i = 0; i < RTL8125_NUM_LEDS; i++)
rtl8125_setup_led_ldev(leds + i, ndev, i);
+
+ return leds;
+}
+
+void r8169_remove_leds(struct r8169_led_classdev *leds)
+{
+ if (!leds)
+ return;
+
+ for (struct r8169_led_classdev *l = leds; l->ndev; l++)
+ led_classdev_unregister(&l->led);
+
+ kfree(leds);
}
diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c
index 6f1e6f386b7b..8a27328eae34 100644
--- a/drivers/net/ethernet/realtek/r8169_main.c
+++ b/drivers/net/ethernet/realtek/r8169_main.c
@@ -647,6 +647,8 @@ struct rtl8169_private {
const char *fw_name;
struct rtl_fw *rtl_fw;
+ struct r8169_led_classdev *leds;
+
u32 ocp_base;
};
@@ -5044,6 +5046,8 @@ static void rtl_remove_one(struct pci_dev *pdev)
cancel_work_sync(&tp->wk.work);
+ r8169_remove_leds(tp->leds);
+
unregister_netdev(tp->dev);
if (tp->dash_type != RTL_DASH_NONE)
@@ -5501,9 +5505,9 @@ static int rtl_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
if (IS_ENABLED(CONFIG_R8169_LEDS)) {
if (rtl_is_8125(tp))
- rtl8125_init_leds(dev);
+ tp->leds = rtl8125_init_leds(dev);
else if (tp->mac_version > RTL_GIGA_MAC_VER_06)
- rtl8168_init_leds(dev);
+ tp->leds = rtl8168_init_leds(dev);
}
netdev_info(dev, "%s, %pM, XID %03x, IRQ %d\n",
1 year, 1 month
- 1
- 0
S4 fix for Phoenix laptops
by Mario Limonciello
Hi,
This fix was sent out for fixing S4 under stress on some Phoenix laptops.
31729e8c21ec ("drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11")
David Markey confirmed[1] it helps Framework 13 under S4 stress
testing. Can you please bring it to 6.1.y and later?
[1] https://community.frame.work/t/responded-arch-hibernation-woes-on-amd-13/45…
Thanks
1 year, 1 month
- 2
- 1
FAILED: patch "[PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x b372e96bd0a32729d55d27f613c8bc80708a82e1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041442-grumble-saggy-01f0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From b372e96bd0a32729d55d27f613c8bc80708a82e1 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb(a)suse.de>
Date: Mon, 25 Mar 2024 09:21:20 +1100
Subject: [PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE
The page has been marked clean before writepage is called. If we don't
redirty it before postponing the write, it might never get written.
Cc: stable(a)vger.kernel.org
Fixes: 503d4fa6ee28 ("ceph: remove reliance on bdi congestion")
Signed-off-by: NeilBrown <neilb(a)suse.de>
Reviewed-by: Jeff Layton <jlayton(a)kernel.org>
Reviewed-by: Xiubo Li <xiubli(a)redhat.org>
Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com>
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index 1340d77124ae..ee9caf7916fb 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -795,8 +795,10 @@ static int ceph_writepage(struct page *page, struct writeback_control *wbc)
ihold(inode);
if (wbc->sync_mode == WB_SYNC_NONE &&
- ceph_inode_to_fs_client(inode)->write_congested)
+ ceph_inode_to_fs_client(inode)->write_congested) {
+ redirty_page_for_writepage(wbc, page);
return AOP_WRITEPAGE_ACTIVATE;
+ }
wait_on_page_fscache(page);
1 year, 1 month
- 1
- 0
FAILED: patch "[PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x b372e96bd0a32729d55d27f613c8bc80708a82e1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041441-unabashed-swarm-244d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From b372e96bd0a32729d55d27f613c8bc80708a82e1 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb(a)suse.de>
Date: Mon, 25 Mar 2024 09:21:20 +1100
Subject: [PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE
The page has been marked clean before writepage is called. If we don't
redirty it before postponing the write, it might never get written.
Cc: stable(a)vger.kernel.org
Fixes: 503d4fa6ee28 ("ceph: remove reliance on bdi congestion")
Signed-off-by: NeilBrown <neilb(a)suse.de>
Reviewed-by: Jeff Layton <jlayton(a)kernel.org>
Reviewed-by: Xiubo Li <xiubli(a)redhat.org>
Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com>
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index 1340d77124ae..ee9caf7916fb 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -795,8 +795,10 @@ static int ceph_writepage(struct page *page, struct writeback_control *wbc)
ihold(inode);
if (wbc->sync_mode == WB_SYNC_NONE &&
- ceph_inode_to_fs_client(inode)->write_congested)
+ ceph_inode_to_fs_client(inode)->write_congested) {
+ redirty_page_for_writepage(wbc, page);
return AOP_WRITEPAGE_ACTIVATE;
+ }
wait_on_page_fscache(page);
1 year, 1 month
- 1
- 0
Add commit "eed14eb48ee1 drm/amdgpu/vpe: power on vpe when hw_init" to kernel 6.8.y
by Gong, Richard
Hi,
The commit below resolves s2idle failure on processor for AMD Family 1Ah
Model 20h,
eed14eb48ee1 drm/amdgpu/vpe: power on vpe when hw_init
Please add this commit to stable kernel 6.8.y. Thanks!
Regards,
Richard
1 year, 1 month
- 2
- 1
FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041458-gurgle-mulled-5492@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc(a)manguebit.com>
Date: Tue, 9 Apr 2024 11:28:59 -0300
Subject: [PATCH] smb: client: instantiate when creating SFU files
In cifs_sfu_make_node(), on success, instantiate rather than leave it
with dentry unhashed negative to support callers that expect mknod(2)
to always instantiate.
This fixes the following test case:
mount.cifs //srv/share /mnt -o ...,sfu
mkfifo /mnt/fifo
./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo
...
BUG: unable to handle page fault for address: 000000034cec4e58
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 1 PREEMPT SMP PTI
CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted
5.14.0-436.3987_1240945149.el9.x86_64 #1
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20
Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8
d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04
fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc
RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206
RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000
RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f
RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200
R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000
FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
? show_trace_log_lvl+0x1c4/0x2df
? show_trace_log_lvl+0x1c4/0x2df
? __mutex_lock.constprop.0+0x5f7/0x6a0
? __die_body.cold+0x8/0xd
? page_fault_oops+0x134/0x170
? exc_page_fault+0x62/0x150
? asm_exc_page_fault+0x22/0x30
? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10
__mutex_lock.constprop.0+0x5f7/0x6a0
? __mod_memcg_lruvec_state+0x84/0xd0
pipe_write+0x47/0x650
? do_anonymous_page+0x258/0x410
? inode_security+0x22/0x60
? selinux_file_permission+0x108/0x150
vfs_write+0x2cb/0x410
ksys_write+0x5f/0xe0
do_syscall_64+0x5c/0xf0
? syscall_exit_to_user_mode+0x22/0x40
? do_syscall_64+0x6b/0xf0
? sched_clock_cpu+0x9/0xc0
? exc_page_fault+0x62/0x150
entry_SYSCALL_64_after_hwframe+0x6e/0x76
Cc: stable(a)vger.kernel.org
Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option")
Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk>
Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com>
Signed-off-by: Steve French <stfrench(a)microsoft.com>
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index b156eefa75d7..78c94d0350fe 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf,
return 0;
}
-int cifs_sfu_make_node(unsigned int xid, struct inode *inode,
- struct dentry *dentry, struct cifs_tcon *tcon,
- const char *full_path, umode_t mode, dev_t dev)
+static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode,
+ struct dentry *dentry, struct cifs_tcon *tcon,
+ const char *full_path, umode_t mode, dev_t dev)
{
- struct cifs_open_info_data buf = {};
struct TCP_Server_Info *server = tcon->ses->server;
struct cifs_open_parms oparms;
struct cifs_io_parms io_parms = {};
struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
struct cifs_fid fid;
unsigned int bytes_written;
- struct win_dev *pdev;
+ struct win_dev pdev = {};
struct kvec iov[2];
__u32 oplock = server->oplocks ? REQ_OPLOCK : 0;
int rc;
- if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode))
+ switch (mode & S_IFMT) {
+ case S_IFCHR:
+ strscpy(pdev.type, "IntxCHR");
+ pdev.major = cpu_to_le64(MAJOR(dev));
+ pdev.minor = cpu_to_le64(MINOR(dev));
+ break;
+ case S_IFBLK:
+ strscpy(pdev.type, "IntxBLK");
+ pdev.major = cpu_to_le64(MAJOR(dev));
+ pdev.minor = cpu_to_le64(MINOR(dev));
+ break;
+ case S_IFIFO:
+ strscpy(pdev.type, "LnxFIFO");
+ break;
+ default:
return -EPERM;
+ }
- oparms = (struct cifs_open_parms) {
- .tcon = tcon,
- .cifs_sb = cifs_sb,
- .desired_access = GENERIC_WRITE,
- .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR |
- CREATE_OPTION_SPECIAL),
- .disposition = FILE_CREATE,
- .path = full_path,
- .fid = &fid,
- };
+ oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE,
+ FILE_CREATE, CREATE_NOT_DIR |
+ CREATE_OPTION_SPECIAL, ACL_NO_MODE);
+ oparms.fid = &fid;
- rc = server->ops->open(xid, &oparms, &oplock, &buf);
+ rc = server->ops->open(xid, &oparms, &oplock, NULL);
if (rc)
return rc;
- /*
- * BB Do not bother to decode buf since no local inode yet to put
- * timestamps in, but we can reuse it safely.
- */
- pdev = (struct win_dev *)&buf.fi;
io_parms.pid = current->tgid;
io_parms.tcon = tcon;
- io_parms.length = sizeof(*pdev);
- iov[1].iov_base = pdev;
- iov[1].iov_len = sizeof(*pdev);
- if (S_ISCHR(mode)) {
- memcpy(pdev->type, "IntxCHR", 8);
- pdev->major = cpu_to_le64(MAJOR(dev));
- pdev->minor = cpu_to_le64(MINOR(dev));
- } else if (S_ISBLK(mode)) {
- memcpy(pdev->type, "IntxBLK", 8);
- pdev->major = cpu_to_le64(MAJOR(dev));
- pdev->minor = cpu_to_le64(MINOR(dev));
- } else if (S_ISFIFO(mode)) {
- memcpy(pdev->type, "LnxFIFO", 8);
- }
+ io_parms.length = sizeof(pdev);
+ iov[1].iov_base = &pdev;
+ iov[1].iov_len = sizeof(pdev);
rc = server->ops->sync_write(xid, &fid, &io_parms,
&bytes_written, iov, 1);
server->ops->close(xid, tcon, &fid);
- d_drop(dentry);
- /* FIXME: add code here to set EAs */
- cifs_free_open_info(&buf);
+ return rc;
+}
+
+int cifs_sfu_make_node(unsigned int xid, struct inode *inode,
+ struct dentry *dentry, struct cifs_tcon *tcon,
+ const char *full_path, umode_t mode, dev_t dev)
+{
+ struct inode *new = NULL;
+ int rc;
+
+ rc = __cifs_sfu_make_node(xid, inode, dentry, tcon,
+ full_path, mode, dev);
+ if (rc)
+ return rc;
+
+ if (tcon->posix_extensions) {
+ rc = smb311_posix_get_inode_info(&new, full_path, NULL,
+ inode->i_sb, xid);
+ } else if (tcon->unix_ext) {
+ rc = cifs_get_inode_info_unix(&new, full_path,
+ inode->i_sb, xid);
+ } else {
+ rc = cifs_get_inode_info(&new, full_path, NULL,
+ inode->i_sb, xid, NULL);
+ }
+ if (!rc)
+ d_instantiate(dentry, new);
return rc;
}
1 year, 1 month
- 1
- 0
FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041457-sequester-eclipse-f130@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc(a)manguebit.com>
Date: Tue, 9 Apr 2024 11:28:59 -0300
Subject: [PATCH] smb: client: instantiate when creating SFU files
In cifs_sfu_make_node(), on success, instantiate rather than leave it
with dentry unhashed negative to support callers that expect mknod(2)
to always instantiate.
This fixes the following test case:
mount.cifs //srv/share /mnt -o ...,sfu
mkfifo /mnt/fifo
./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo
...
BUG: unable to handle page fault for address: 000000034cec4e58
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 1 PREEMPT SMP PTI
CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted
5.14.0-436.3987_1240945149.el9.x86_64 #1
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20
Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8
d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04
fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc
RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206
RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000
RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f
RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200
R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000
FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
? show_trace_log_lvl+0x1c4/0x2df
? show_trace_log_lvl+0x1c4/0x2df
? __mutex_lock.constprop.0+0x5f7/0x6a0
? __die_body.cold+0x8/0xd
? page_fault_oops+0x134/0x170
? exc_page_fault+0x62/0x150
? asm_exc_page_fault+0x22/0x30
? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10
__mutex_lock.constprop.0+0x5f7/0x6a0
? __mod_memcg_lruvec_state+0x84/0xd0
pipe_write+0x47/0x650
? do_anonymous_page+0x258/0x410
? inode_security+0x22/0x60
? selinux_file_permission+0x108/0x150
vfs_write+0x2cb/0x410
ksys_write+0x5f/0xe0
do_syscall_64+0x5c/0xf0
? syscall_exit_to_user_mode+0x22/0x40
? do_syscall_64+0x6b/0xf0
? sched_clock_cpu+0x9/0xc0
? exc_page_fault+0x62/0x150
entry_SYSCALL_64_after_hwframe+0x6e/0x76
Cc: stable(a)vger.kernel.org
Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option")
Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk>
Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com>
Signed-off-by: Steve French <stfrench(a)microsoft.com>
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index b156eefa75d7..78c94d0350fe 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf,
return 0;
}
-int cifs_sfu_make_node(unsigned int xid, struct inode *inode,
- struct dentry *dentry, struct cifs_tcon *tcon,
- const char *full_path, umode_t mode, dev_t dev)
+static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode,
+ struct dentry *dentry, struct cifs_tcon *tcon,
+ const char *full_path, umode_t mode, dev_t dev)
{
- struct cifs_open_info_data buf = {};
struct TCP_Server_Info *server = tcon->ses->server;
struct cifs_open_parms oparms;
struct cifs_io_parms io_parms = {};
struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
struct cifs_fid fid;
unsigned int bytes_written;
- struct win_dev *pdev;
+ struct win_dev pdev = {};
struct kvec iov[2];
__u32 oplock = server->oplocks ? REQ_OPLOCK : 0;
int rc;
- if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode))
+ switch (mode & S_IFMT) {
+ case S_IFCHR:
+ strscpy(pdev.type, "IntxCHR");
+ pdev.major = cpu_to_le64(MAJOR(dev));
+ pdev.minor = cpu_to_le64(MINOR(dev));
+ break;
+ case S_IFBLK:
+ strscpy(pdev.type, "IntxBLK");
+ pdev.major = cpu_to_le64(MAJOR(dev));
+ pdev.minor = cpu_to_le64(MINOR(dev));
+ break;
+ case S_IFIFO:
+ strscpy(pdev.type, "LnxFIFO");
+ break;
+ default:
return -EPERM;
+ }
- oparms = (struct cifs_open_parms) {
- .tcon = tcon,
- .cifs_sb = cifs_sb,
- .desired_access = GENERIC_WRITE,
- .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR |
- CREATE_OPTION_SPECIAL),
- .disposition = FILE_CREATE,
- .path = full_path,
- .fid = &fid,
- };
+ oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE,
+ FILE_CREATE, CREATE_NOT_DIR |
+ CREATE_OPTION_SPECIAL, ACL_NO_MODE);
+ oparms.fid = &fid;
- rc = server->ops->open(xid, &oparms, &oplock, &buf);
+ rc = server->ops->open(xid, &oparms, &oplock, NULL);
if (rc)
return rc;
- /*
- * BB Do not bother to decode buf since no local inode yet to put
- * timestamps in, but we can reuse it safely.
- */
- pdev = (struct win_dev *)&buf.fi;
io_parms.pid = current->tgid;
io_parms.tcon = tcon;
- io_parms.length = sizeof(*pdev);
- iov[1].iov_base = pdev;
- iov[1].iov_len = sizeof(*pdev);
- if (S_ISCHR(mode)) {
- memcpy(pdev->type, "IntxCHR", 8);
- pdev->major = cpu_to_le64(MAJOR(dev));
- pdev->minor = cpu_to_le64(MINOR(dev));
- } else if (S_ISBLK(mode)) {
- memcpy(pdev->type, "IntxBLK", 8);
- pdev->major = cpu_to_le64(MAJOR(dev));
- pdev->minor = cpu_to_le64(MINOR(dev));
- } else if (S_ISFIFO(mode)) {
- memcpy(pdev->type, "LnxFIFO", 8);
- }
+ io_parms.length = sizeof(pdev);
+ iov[1].iov_base = &pdev;
+ iov[1].iov_len = sizeof(pdev);
rc = server->ops->sync_write(xid, &fid, &io_parms,
&bytes_written, iov, 1);
server->ops->close(xid, tcon, &fid);
- d_drop(dentry);
- /* FIXME: add code here to set EAs */
- cifs_free_open_info(&buf);
+ return rc;
+}
+
+int cifs_sfu_make_node(unsigned int xid, struct inode *inode,
+ struct dentry *dentry, struct cifs_tcon *tcon,
+ const char *full_path, umode_t mode, dev_t dev)
+{
+ struct inode *new = NULL;
+ int rc;
+
+ rc = __cifs_sfu_make_node(xid, inode, dentry, tcon,
+ full_path, mode, dev);
+ if (rc)
+ return rc;
+
+ if (tcon->posix_extensions) {
+ rc = smb311_posix_get_inode_info(&new, full_path, NULL,
+ inode->i_sb, xid);
+ } else if (tcon->unix_ext) {
+ rc = cifs_get_inode_info_unix(&new, full_path,
+ inode->i_sb, xid);
+ } else {
+ rc = cifs_get_inode_info(&new, full_path, NULL,
+ inode->i_sb, xid, NULL);
+ }
+ if (!rc)
+ d_instantiate(dentry, new);
return rc;
}
1 year, 1 month
- 1
- 0
[PATCH v3] bootconfig: use memblock_free_late to free xbc memory to buddy
by qiang4.zhang@linux.intel.com
From: Qiang Zhang <qiang4.zhang(a)intel.com>
On the time to free xbc memory in xbc_exit(), memblock may has handed
over memory to buddy allocator. So it doesn't make sense to free memory
back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs
on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86.
Following KASAN logs shows this case.
This patch fixes the xbc memory free problem by calling memblock_free()
in early xbc init error rewind path and calling memblock_free_late() in
xbc exit path to free memory to buddy allocator.
[ 9.410890] ==================================================================
[ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260
[ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1
[ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5
[ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023
[ 9.460789] Call Trace:
[ 9.463518] <TASK>
[ 9.465859] dump_stack_lvl+0x53/0x70
[ 9.469949] print_report+0xce/0x610
[ 9.473944] ? __virt_addr_valid+0xf5/0x1b0
[ 9.478619] ? memblock_isolate_range+0x12d/0x260
[ 9.483877] kasan_report+0xc6/0x100
[ 9.487870] ? memblock_isolate_range+0x12d/0x260
[ 9.493125] memblock_isolate_range+0x12d/0x260
[ 9.498187] memblock_phys_free+0xb4/0x160
[ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10
[ 9.508021] ? mutex_unlock+0x7e/0xd0
[ 9.512111] ? __pfx_mutex_unlock+0x10/0x10
[ 9.516786] ? kernel_init_freeable+0x2d4/0x430
[ 9.521850] ? __pfx_kernel_init+0x10/0x10
[ 9.526426] xbc_exit+0x17/0x70
[ 9.529935] kernel_init+0x38/0x1e0
[ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30
[ 9.538601] ret_from_fork+0x2c/0x50
[ 9.542596] ? __pfx_kernel_init+0x10/0x10
[ 9.547170] ret_from_fork_asm+0x1a/0x30
[ 9.551552] </TASK>
[ 9.555649] The buggy address belongs to the physical page:
[ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30
[ 9.570821] flags: 0x200000000000000(node=0|zone=2)
[ 9.576271] page_type: 0xffffffff()
[ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000
[ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 9.597476] page dumped because: kasan: bad access detected
[ 9.605362] Memory state around the buggy address:
[ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.634930] ^
[ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.654675] ==================================================================
Cc: Stable(a)vger.kernel.org
Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com>
---
v3:
- add NULL pointer check in memblock_free_late() path.
v2:
- add an early flag in xbc_free_mem() to free memory back to memblock in
xbc_init error path or put memory to buddy allocator in normal xbc_exit.
---
include/linux/bootconfig.h | 7 ++++++-
lib/bootconfig.c | 19 +++++++++++--------
2 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h
index e5ee2c694401..3f4b4ac527ca 100644
--- a/include/linux/bootconfig.h
+++ b/include/linux/bootconfig.h
@@ -288,7 +288,12 @@ int __init xbc_init(const char *buf, size_t size, const char **emsg, int *epos);
int __init xbc_get_info(int *node_size, size_t *data_size);
/* XBC cleanup data structures */
-void __init xbc_exit(void);
+void __init _xbc_exit(bool early);
+
+static inline void xbc_exit(void)
+{
+ _xbc_exit(false);
+}
/* XBC embedded bootconfig data in kernel */
#ifdef CONFIG_BOOT_CONFIG_EMBED
diff --git a/lib/bootconfig.c b/lib/bootconfig.c
index c59d26068a64..8841554432d5 100644
--- a/lib/bootconfig.c
+++ b/lib/bootconfig.c
@@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_mem(size_t size)
return memblock_alloc(size, SMP_CACHE_BYTES);
}
-static inline void __init xbc_free_mem(void *addr, size_t size)
+static inline void __init xbc_free_mem(void *addr, size_t size, bool early)
{
- memblock_free(addr, size);
+ if (early)
+ memblock_free(addr, size);
+ else if (addr)
+ memblock_free_late(__pa(addr), size);
}
#else /* !__KERNEL__ */
@@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t size)
return malloc(size);
}
-static inline void xbc_free_mem(void *addr, size_t size)
+static inline void xbc_free_mem(void *addr, size_t size, bool early)
{
free(addr);
}
@@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void)
* If you need to reuse xbc_init() with new boot config, you can
* use this.
*/
-void __init xbc_exit(void)
+void __init _xbc_exit(bool early)
{
- xbc_free_mem(xbc_data, xbc_data_size);
+ xbc_free_mem(xbc_data, xbc_data_size, early);
xbc_data = NULL;
xbc_data_size = 0;
xbc_node_num = 0;
- xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX);
+ xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early);
xbc_nodes = NULL;
brace_index = 0;
}
@@ -963,7 +966,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos)
if (!xbc_nodes) {
if (emsg)
*emsg = "Failed to allocate bootconfig nodes";
- xbc_exit();
+ _xbc_exit(true);
return -ENOMEM;
}
memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX);
@@ -977,7 +980,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos)
*epos = xbc_err_pos;
if (emsg)
*emsg = xbc_err_msg;
- xbc_exit();
+ _xbc_exit(true);
} else
ret = xbc_node_num;
--
2.39.2
1 year, 1 month
- 2
- 1
[PATCH v2] bootconfig: use memblock_free_late to free xbc memory to buddy
by qiang4.zhang@linux.intel.com
From: Qiang Zhang <qiang4.zhang(a)intel.com>
On the time to free xbc memory in xbc_exit(), memblock may has handed
over memory to buddy allocator. So it doesn't make sense to free memory
back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs
on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86.
Following KASAN logs shows this case.
This patch fixes the xbc memory free problem by calling memblock_free()
in early xbc init error rewind path and calling memblock_free_late() in
xbc exit path to free memory to buddy allocator.
[ 9.410890] ==================================================================
[ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260
[ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1
[ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5
[ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023
[ 9.460789] Call Trace:
[ 9.463518] <TASK>
[ 9.465859] dump_stack_lvl+0x53/0x70
[ 9.469949] print_report+0xce/0x610
[ 9.473944] ? __virt_addr_valid+0xf5/0x1b0
[ 9.478619] ? memblock_isolate_range+0x12d/0x260
[ 9.483877] kasan_report+0xc6/0x100
[ 9.487870] ? memblock_isolate_range+0x12d/0x260
[ 9.493125] memblock_isolate_range+0x12d/0x260
[ 9.498187] memblock_phys_free+0xb4/0x160
[ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10
[ 9.508021] ? mutex_unlock+0x7e/0xd0
[ 9.512111] ? __pfx_mutex_unlock+0x10/0x10
[ 9.516786] ? kernel_init_freeable+0x2d4/0x430
[ 9.521850] ? __pfx_kernel_init+0x10/0x10
[ 9.526426] xbc_exit+0x17/0x70
[ 9.529935] kernel_init+0x38/0x1e0
[ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30
[ 9.538601] ret_from_fork+0x2c/0x50
[ 9.542596] ? __pfx_kernel_init+0x10/0x10
[ 9.547170] ret_from_fork_asm+0x1a/0x30
[ 9.551552] </TASK>
[ 9.555649] The buggy address belongs to the physical page:
[ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30
[ 9.570821] flags: 0x200000000000000(node=0|zone=2)
[ 9.576271] page_type: 0xffffffff()
[ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000
[ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 9.597476] page dumped because: kasan: bad access detected
[ 9.605362] Memory state around the buggy address:
[ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.634930] ^
[ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.654675] ==================================================================
Cc: Stable(a)vger.kernel.org
Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com>
---
v2:
- add an early flag in xbc_free_mem() to free memory back to memblock in
xbc_init error path or put memory to buddy allocator in normal xbc_exit.
---
include/linux/bootconfig.h | 7 ++++++-
lib/bootconfig.c | 19 +++++++++++--------
2 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h
index e5ee2c694401..3f4b4ac527ca 100644
--- a/include/linux/bootconfig.h
+++ b/include/linux/bootconfig.h
@@ -288,7 +288,12 @@ int __init xbc_init(const char *buf, size_t size, const char **emsg, int *epos);
int __init xbc_get_info(int *node_size, size_t *data_size);
/* XBC cleanup data structures */
-void __init xbc_exit(void);
+void __init _xbc_exit(bool early);
+
+static inline void xbc_exit(void)
+{
+ _xbc_exit(false);
+}
/* XBC embedded bootconfig data in kernel */
#ifdef CONFIG_BOOT_CONFIG_EMBED
diff --git a/lib/bootconfig.c b/lib/bootconfig.c
index c59d26068a64..f9a45adc6307 100644
--- a/lib/bootconfig.c
+++ b/lib/bootconfig.c
@@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_mem(size_t size)
return memblock_alloc(size, SMP_CACHE_BYTES);
}
-static inline void __init xbc_free_mem(void *addr, size_t size)
+static inline void __init xbc_free_mem(void *addr, size_t size, bool early)
{
- memblock_free(addr, size);
+ if (early)
+ memblock_free(addr, size);
+ else
+ memblock_free_late(__pa(addr), size);
}
#else /* !__KERNEL__ */
@@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t size)
return malloc(size);
}
-static inline void xbc_free_mem(void *addr, size_t size)
+static inline void xbc_free_mem(void *addr, size_t size, bool early)
{
free(addr);
}
@@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void)
* If you need to reuse xbc_init() with new boot config, you can
* use this.
*/
-void __init xbc_exit(void)
+void __init _xbc_exit(bool early)
{
- xbc_free_mem(xbc_data, xbc_data_size);
+ xbc_free_mem(xbc_data, xbc_data_size, early);
xbc_data = NULL;
xbc_data_size = 0;
xbc_node_num = 0;
- xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX);
+ xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early);
xbc_nodes = NULL;
brace_index = 0;
}
@@ -963,7 +966,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos)
if (!xbc_nodes) {
if (emsg)
*emsg = "Failed to allocate bootconfig nodes";
- xbc_exit();
+ _xbc_exit(true);
return -ENOMEM;
}
memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX);
@@ -977,7 +980,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos)
*epos = xbc_err_pos;
if (emsg)
*emsg = xbc_err_msg;
- xbc_exit();
+ _xbc_exit(true);
} else
ret = xbc_node_num;
--
2.39.2
1 year, 1 month
- 3
- 3
Linux 6.8.6
by Greg Kroah-Hartman
I'm announcing the release of the 6.8.6 kernel.
All users of the 6.8 kernel series must upgrade.
The updated 6.8.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 +
arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +
arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 28 +++
arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 17 ++
arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 18 ++
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 +
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +
arch/x86/entry/vdso/Makefile | 10 -
arch/x86/events/amd/lbr.c | 6
arch/x86/include/asm/xen/hypervisor.h | 5
arch/x86/pci/fixup.c | 48 +++++
arch/x86/platform/pvh/enlighten.c | 3
arch/x86/xen/enlighten.c | 32 +++
arch/x86/xen/enlighten_pvh.c | 68 ++++++++
arch/x86/xen/setup.c | 44 -----
arch/x86/xen/xen-ops.h | 14 +
block/blk-stat.c | 2
drivers/accel/habanalabs/common/habanalabs.h | 2
drivers/acpi/resource.c | 7
drivers/acpi/sleep.c | 12 -
drivers/acpi/x86/utils.c | 38 ++++
drivers/bluetooth/btintel.c | 2
drivers/bluetooth/btmtk.c | 1
drivers/bluetooth/btmtk.h | 1
drivers/bluetooth/btusb.c | 1
drivers/bus/mhi/host/init.c | 1
drivers/bus/mhi/host/internal.h | 9 -
drivers/bus/mhi/host/pm.c | 20 ++
drivers/cpufreq/cpufreq.c | 17 +-
drivers/cpuidle/driver.c | 3
drivers/crypto/intel/iaa/iaa_crypto_main.c | 4
drivers/firmware/tegra/bpmp-debugfs.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 +
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4
drivers/gpu/drm/amd/display/dc/dc.h | 1
drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4
drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2
drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 1
drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4
drivers/gpu/drm/ci/gitlab-ci.yml | 14 +
drivers/gpu/drm/ci/test.yml | 1
drivers/gpu/drm/drm_modeset_helper.c | 19 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +
drivers/gpu/drm/drm_probe_helper.c | 21 ++
drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 -
drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1
drivers/gpu/drm/panel/panel-simple.c | 20 ++
drivers/gpu/drm/ttm/ttm_bo.c | 7
drivers/gpu/drm/vc4/vc4_plane.c | 5
drivers/hid/hid-ids.h | 1
drivers/hid/hid-input.c | 2
drivers/i2c/busses/i2c-designware-core.h | 2
drivers/infiniband/core/cm.c | 20 ++
drivers/input/joystick/xpad.c | 3
drivers/input/rmi4/rmi_driver.c | 6
drivers/input/touchscreen/imagis.c | 20 --
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 22 +-
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 -
drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8
drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5
drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2
drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2
drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5
drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2
drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2
drivers/misc/vmw_vmci/vmci_datagram.c | 6
drivers/net/dsa/qca/qca8k-8xxx.c | 3
drivers/net/dummy.c | 1
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 -
drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 -
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 -
drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5
drivers/net/ethernet/stmicro/stmmac/Kconfig | 6
drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++
drivers/net/geneve.c | 1
drivers/net/loopback.c | 1
drivers/net/pcs/pcs-xpcs.c | 4
drivers/net/phy/phy_device.c | 13 -
drivers/net/veth.c | 1
drivers/net/vxlan/vxlan_core.c | 1
drivers/net/wireless/ath/ath11k/mhi.c | 2
drivers/net/wireless/ath/ath9k/antenna.c | 2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +
drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6
drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2
drivers/net/wireless/intel/iwlwifi/cfg/sc.c | 38 ++++
drivers/net/wireless/intel/iwlwifi/iwl-config.h | 8
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 +
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++---
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3
drivers/net/wireless/realtek/rtw89/mac80211.c | 4
drivers/net/wireless/realtek/rtw89/pci.c | 60 ++++++-
drivers/net/wireless/realtek/rtw89/pci.h | 6
drivers/net/wireless/realtek/rtw89/rtw8851be.c | 2
drivers/net/wireless/realtek/rtw89/rtw8852ae.c | 1
drivers/net/wireless/realtek/rtw89/rtw8852be.c | 1
drivers/net/wireless/realtek/rtw89/rtw8852ce.c | 1
drivers/net/wireless/realtek/rtw89/rtw8922ae.c | 1
drivers/nvme/host/pci.c | 3
drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++
drivers/pinctrl/renesas/core.c | 4
drivers/platform/x86/acer-wmi.c | 17 +-
drivers/platform/x86/intel/hid.c | 7
drivers/platform/x86/intel/vbtn.c | 5
drivers/platform/x86/touchscreen_dmi.c | 9 +
drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 -
drivers/pmdomain/ti/omap_prm.c | 2
drivers/scsi/lpfc/lpfc_nportdisc.c | 6
drivers/soundwire/dmi-quirks.c | 8
drivers/thermal/thermal_of.c | 12 -
drivers/thunderbolt/quirks.c | 14 +
drivers/thunderbolt/tb.c | 49 +++++
drivers/thunderbolt/tb.h | 4
drivers/thunderbolt/tunnel.c | 16 -
drivers/tty/serial/8250/8250_of.c | 44 ++++-
drivers/tty/serial/8250/8250_port.c | 24 --
drivers/ufs/host/ufs-qcom.c | 13 +
drivers/usb/gadget/function/uvc_video.c | 10 -
drivers/usb/host/sl811-hcd.c | 2
drivers/usb/typec/tcpm/tcpci.c | 1
drivers/usb/typec/ucsi/ucsi.c | 26 ++-
drivers/usb/typec/ucsi/ucsi.h | 11 +
drivers/usb/typec/ucsi/ucsi_glink.c | 1
drivers/video/fbdev/core/fbmon.c | 7
drivers/video/fbdev/via/accel.c | 4
drivers/xen/balloon.c | 2
fs/btrfs/export.c | 9 -
fs/btrfs/send.c | 10 +
fs/btrfs/volumes.c | 12 +
fs/ext4/mballoc.c | 5
fs/ext4/super.c | 12 +
fs/isofs/inode.c | 18 +-
fs/kernfs/dir.c | 31 ++-
fs/kernfs/kernfs-internal.h | 2
fs/orangefs/super.c | 2
fs/pstore/zone.c | 2
fs/sysv/itree.c | 10 -
include/acpi/acpi_bus.h | 14 -
include/linux/kernfs.h | 2
include/linux/overflow.h | 12 -
include/linux/printk.h | 2
include/linux/randomize_kstack.h | 2
include/linux/rcupdate.h | 4
include/linux/skbuff.h | 11 +
include/linux/sunrpc/sched.h | 2
include/net/bluetooth/hci.h | 8
include/uapi/linux/input-event-codes.h | 1
io_uring/io_uring.c | 25 +-
kernel/dma/direct.c | 9 -
kernel/panic.c | 8
kernel/printk/internal.h | 1
kernel/printk/printk.c | 3
kernel/rcu/tree_nocb.h | 2
kernel/trace/ring_buffer.c | 2
lib/dump_stack.c | 16 +
net/bluetooth/hci_event.c | 3
net/core/netdev-genl.c | 15 -
net/core/page_pool_user.c | 2
net/ipv4/ip_tunnel.c | 1
net/ipv6/ip6_gre.c | 2
net/ipv6/ip6_tunnel.c | 1
net/ipv6/ip6_vti.c | 1
net/ipv6/sit.c | 1
net/mpls/mpls_gso.c | 3
net/smc/smc_pnet.c | 10 +
net/wireless/util.c | 14 +
scripts/gcc-plugins/stackleak_plugin.c | 2
scripts/mod/modpost.c | 4
sound/firewire/amdtp-stream.c | 12 -
sound/firewire/amdtp-stream.h | 4
sound/pci/hda/patch_realtek.c | 12 +
sound/soc/amd/yc/acp6x-mach.c | 7
sound/soc/intel/avs/board_selection.c | 85 ++++++++++
sound/soc/intel/boards/sof_rt5682.c | 40 ----
sound/soc/intel/boards/sof_sdw.c | 11 +
sound/soc/soc-core.c | 3
sound/soc/sof/amd/acp.c | 3
tools/iio/iio_utils.c | 2
tools/lib/perf/evlist.c | 18 +-
tools/lib/perf/include/internal/evlist.h | 4
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1
tools/testing/ktest/ktest.pl | 1
191 files changed, 1530 insertions(+), 450 deletions(-)
Abhishek Pandit-Subedi (1):
usb: typec: ucsi: Limit read size on v1.2
Adam Ford (1):
pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain
Ahmad Rehman (1):
drm/amdgpu: Init zone device and drm client after mode-1 reset on reload
Alban Boyé (1):
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Aleksandr Burakov (1):
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Alex Henrie (1):
isofs: handle CDs with bad root inode but good Joliet root directory
Andre Werner (1):
net: phy: phy_device: Prevent nullptr exceptions on ISR
Andy Shevchenko (1):
serial: 8250_of: Drop quirk fot NPCM from 8250_port
Ard Biesheuvel (1):
gcc-plugins/stackleak: Avoid .head.text section
Aric Cyr (1):
drm/amd/display: Fix nanosec stat overflow
Arnd Bergmann (1):
media: sta2x11: fix irq handler cast
Baochen Qiang (1):
wifi: ath11k: decrease MHI channel buffer length to 8KB
Bjorn Andersson (1):
arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected
Borislav Petkov (AMD) (1):
x86/vdso: Fix rethunk patching for vdso-image-x32.o too
Brent Lu (1):
ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards
C Cheng (1):
cpuidle: Avoid potential overflow in integer multiplication
Cezary Rojewski (1):
ASoC: Intel: avs: Populate board selection with new I2S entries
Chancel Liu (1):
ASoC: soc-core.c: Skip dummy codec when adding platforms
Christian König (1):
drm/ttm: return ENOSPC from ttm_bo_mem_space v3
Colin Ian King (1):
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Cristian Ciocaltea (2):
net: stmmac: dwmac-starfive: Add support for JH7100 SoC
ASoC: SOF: amd: Optimize quirk for Valve Galileo
Dai Ngo (1):
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Daniel Drake (2):
PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Dave Airlie (2):
amdkfd: use calloc instead of kzalloc to avoid integer overflow
nouveau: fix devinit paths to only handle display on GSP.
David McFarland (1):
platform/x86/intel/hid: Don't wake on 5-button releases
David Sterba (3):
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Dmitry Antipov (1):
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
Dmitry Baryshkov (1):
arm64: dts: qcom: qrb2210-rb1: disable cluster power domains
Dmitry Torokhov (1):
HID: input: avoid polling stylus battery on Chromebook Pompom
Duje Mihanović (1):
Input: imagis - use FIELD_GET where applicable
Edward Adam Davis (1):
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Chanudet (1):
scsi: ufs: qcom: Avoid re-init quirk when gears match
Eric Dumazet (2):
net: add netdev_lockdep_set_classes() to virtual drivers
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Florian Westphal (2):
net: skbuff: add overflow debug check to pull/push helpers
net: mpls: error out if inner headers are not set
Geert Uytterhoeven (1):
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Gergo Koteles (1):
Input: allocate keycode for Display refresh rate toggle
Gil Fine (1):
thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities read
Greg Kroah-Hartman (1):
Linux 6.8.6
Gwendal Grignou (1):
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
Hans de Goede (3):
wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS
ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration()
Harshit Mogalapalli (1):
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Hui Liu (1):
arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs
Ian Rogers (1):
libperf evlist: Avoid out-of-bounds access
Jacob Keller (1):
ice: use relative VSI index for VFs instead of PF VSI number
Jakub Kicinski (1):
netdev: let netlink core handle -EMSGSIZE errors
Jarkko Nikula (1):
i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC
Jason Gunthorpe (1):
iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev
Jeffrey Hugo (1):
bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
Jens Axboe (1):
io_uring: clear opcode specific data for an early failure
Jiawei Fu (iBug) (1):
drivers/nvme: Add quirks for device 126f:2262
Jichi Zhang (1):
ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9
Johan Jonker (4):
ARM: dts: rockchip: fix rk3288 hdmi ports node
ARM: dts: rockchip: fix rk322x hdmi ports node
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
Johannes Berg (1):
wifi: cfg80211: check A-MSDU format more carefully
John Ogness (3):
printk: For @suppress_panic_printk check for other CPU in panic
panic: Flush kernel log buffer at the end
dump_stack: Do not get cpu_sync for panic CPU
Josh Poimboeuf (1):
x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o
Junhao He (1):
drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09
Justin Tee (1):
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Kees Cook (3):
bnx2x: Fix firmware version string character counts
overflow: Allow non-type arg to type_max() and type_min()
randomize_kstack: Improve entropy diffusion
Koby Elbaz (1):
accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings
Konrad Dybcio (1):
thermal/of: Assume polling-delay(-passive) 0 when absent
Kunwu Chan (3):
pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
pstore/zone: Add a null pointer check to the psz_kmsg_read
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Luca Weiss (1):
usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk
Luiz Augusto von Dentz (1):
Bluetooth: btintel: Fixe build regression
M Cooley (1):
ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE
Ma Jun (1):
Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()"
Manjunath Patil (1):
RDMA/cm: add timeout to cm_destroy_id wait
Marco Felsch (1):
usb: typec: tcpci: add generic tcpci fallback compatible
Markus Elfring (1):
firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename()
Markuss Broks (1):
input/touchscreen: imagis: Correct the maximum touch area value
Matt Scialabba (1):
Input: xpad - add support for Snakebyte GAMEPADs
Max Kellermann (1):
modpost: fix null pointer dereference
Maíra Canal (1):
drm/vc4: don't check if plane->state->fb == state->fb
Michael Grzeschik (2):
usb: gadget: uvc: refactor the check for a valid buffer in the pump worker
usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
Mika Westerberg (1):
thunderbolt: Keep the domain powered when USB4 port is in redrive mode
Mike Marshall (1):
Julia Lawall reported this null pointer dereference, this should fix it.
Mukesh Sisodiya (2):
wifi: iwlwifi: pcie: Add the PCI device id for new hardware
wifi: iwlwifi: pcie: Add new PCI device id and CNVI
Nicholas Kazlauskas (1):
drm/amd/display: Disable idle reallow as part of command/gpint execution
Nicolas Dufresne (1):
media: mediatek: vcodec: Fix oops when HEVC init fails
Paul E. McKenney (1):
rcu-tasks: Repair RCU Tasks Trace quiescence check
Peter Chiu (1):
wifi: mt76: mt7996: disable AMSDU for non-data frames
Petre Rodan (1):
tools: iio: replace seekdir() in iio_generic_buffer
Ping-Ke Shih (2):
wifi: rtw89: pci: validate RX tag for RXQ and RPQ
wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
Po-Hao Huang (1):
wifi: rtw89: fix null pointer access when abort scan
Ricardo B. Marliere (1):
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Rick Edgecombe (1):
dma-direct: Leak pages on dma_set_decrypted() failure
Roger Pau Monne (1):
x86/xen: attempt to inflate the memory balloon on PVH
Roman Smirnov (2):
block: prevent division by zero in blk_rq_stat_sum()
fbmon: prevent division by zero in fb_videomode_from_videomode()
Samasth Norway Ananda (1):
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Samuel Dionne-Riel (1):
drm: panel-orientation-quirks: Add quirk for GPD Win Mini
Sandipan Das (1):
perf/x86/amd/lbr: Discard erroneous branch entries
Serge Semin (1):
net: pcs: xpcs: Return EINVAL in the internal methods
Shannon Nelson (1):
ionic: set adminq irq affinity
Shayne Chen (2):
wifi: mt76: mt7915: add locking for accessing mapped registers
wifi: mt76: mt7996: add locking for accessing mapped registers
Shradha Gupta (2):
drm: Check output polling initialized before disabling
drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes
Sohaib Nadeem (1):
drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
Srinivasan Shanmugam (1):
drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
Stanley.Yang (1):
drm/amdgpu: Skip do PCI error slot reset during RAS recovery
SungHwan Jung (2):
platform/x86: acer-wmi: Add support for Acer PH16-71
platform/x86: acer-wmi: Add predator_v4 module parameter
Sviatoslav Harasymchuk (1):
ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA
Takashi Iwai (2):
wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm
Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
Takashi Sakamoto (1):
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Tejun Heo (1):
kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id()
Tetsuo Handa (1):
sysv: don't call sb_bread() with pointers_lock held
Tim Crawford (1):
ALSA: hda/realtek: Add quirks for some Clevo laptops
Tom Zanussi (1):
crypto: iaa - Fix async_disable descriptor leak
Tony Lindgren (1):
drm/panel: simple: Add BOE BP082WX1-100 8.2" panel
Vasiliy Kovalev (1):
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Vignesh Raman (1):
drm/ci: uprev mesa version: fix kdl commit fetch
Vinicius Peixoto (1):
Bluetooth: Add new quirk for broken read key length on ATS2851
Viresh Kumar (1):
cpufreq: Don't unregister cpufreq cooling on CPU hotplug
Vladimir Oltean (1):
net: dsa: qca8k: put MDIO controller OF node if unavailable
Ye Bin (1):
ext4: forbid commit inconsistent quota data when errors=remount-ro
Yunfei Dong (2):
media: mediatek: vcodec: adding lock to protect decoder context list
media: mediatek: vcodec: adding lock to protect encoder context list
Zhang Yi (1):
ext4: add a hint for block bitmap corrupt state in mb_groups
Zqiang (1):
rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
linke li (1):
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
mosomate (1):
ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops
1 year, 1 month
- 1
- 1
Linux 6.6.27
by Greg Kroah-Hartman
I'm announcing the release of the 6.6.27 kernel.
All users of the 6.6 kernel series must upgrade.
The updated 6.6.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 +
arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 +
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +
arch/x86/events/amd/lbr.c | 6
arch/x86/include/asm/xen/hypervisor.h | 5
arch/x86/pci/fixup.c | 48 +++++
arch/x86/platform/pvh/enlighten.c | 3
arch/x86/xen/enlighten.c | 32 +++
arch/x86/xen/enlighten_pvh.c | 68 ++++++++
arch/x86/xen/setup.c | 44 -----
arch/x86/xen/xen-ops.h | 14 +
block/blk-stat.c | 2
drivers/accel/habanalabs/common/habanalabs.h | 2
drivers/acpi/sleep.c | 12 -
drivers/acpi/x86/utils.c | 18 +-
drivers/bluetooth/btintel.c | 2
drivers/bluetooth/btmtk.c | 1
drivers/bluetooth/btmtk.h | 1
drivers/bluetooth/btusb.c | 1
drivers/bus/mhi/host/init.c | 1
drivers/bus/mhi/host/internal.h | 9 -
drivers/bus/mhi/host/pm.c | 20 ++
drivers/cpufreq/cpufreq.c | 17 +-
drivers/cpuidle/driver.c | 3
drivers/firmware/tegra/bpmp-debugfs.c | 2
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4
drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4
drivers/gpu/drm/drm_modeset_helper.c | 19 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +
drivers/gpu/drm/drm_probe_helper.c | 21 ++
drivers/gpu/drm/ttm/ttm_bo.c | 7
drivers/gpu/drm/vc4/vc4_plane.c | 5
drivers/hid/hid-ids.h | 1
drivers/hid/hid-input.c | 2
drivers/i2c/busses/i2c-designware-core.h | 2
drivers/infiniband/core/cm.c | 20 ++
drivers/input/joystick/xpad.c | 3
drivers/input/rmi4/rmi_driver.c | 6
drivers/input/touchscreen/imagis.c | 20 --
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 -
drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8
drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5
drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2
drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2
drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5
drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2
drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2
drivers/misc/vmw_vmci/vmci_datagram.c | 6
drivers/net/dummy.c | 1
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 -
drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 -
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 -
drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5
drivers/net/ethernet/stmicro/stmmac/Kconfig | 6
drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++
drivers/net/geneve.c | 1
drivers/net/loopback.c | 1
drivers/net/pcs/pcs-xpcs.c | 4
drivers/net/phy/phy_device.c | 13 -
drivers/net/veth.c | 1
drivers/net/vxlan/vxlan_core.c | 1
drivers/net/wireless/ath/ath11k/mhi.c | 2
drivers/net/wireless/ath/ath9k/antenna.c | 2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +
drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6
drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++---
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3
drivers/net/wireless/realtek/rtw89/mac80211.c | 4
drivers/net/wireless/realtek/rtw89/pci.h | 2
drivers/nvme/host/pci.c | 3
drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++
drivers/pinctrl/renesas/core.c | 4
drivers/platform/x86/intel/vbtn.c | 5
drivers/platform/x86/touchscreen_dmi.c | 9 +
drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 -
drivers/pmdomain/ti/omap_prm.c | 2
drivers/scsi/lpfc/lpfc_nportdisc.c | 6
drivers/soundwire/dmi-quirks.c | 8
drivers/thermal/thermal_of.c | 12 -
drivers/thunderbolt/quirks.c | 14 +
drivers/thunderbolt/tb.c | 49 +++++
drivers/thunderbolt/tb.h | 4
drivers/usb/gadget/function/uvc_video.c | 3
drivers/usb/host/sl811-hcd.c | 2
drivers/usb/typec/tcpm/tcpci.c | 1
drivers/usb/typec/ucsi/ucsi.c | 26 ++-
drivers/usb/typec/ucsi/ucsi.h | 11 +
drivers/video/fbdev/core/fbmon.c | 7
drivers/video/fbdev/via/accel.c | 4
drivers/xen/balloon.c | 2
fs/btrfs/export.c | 9 -
fs/btrfs/send.c | 10 +
fs/btrfs/volumes.c | 12 +
fs/ext4/mballoc.c | 5
fs/ext4/super.c | 12 +
fs/isofs/inode.c | 18 +-
fs/kernfs/dir.c | 31 ++-
fs/kernfs/kernfs-internal.h | 2
fs/orangefs/super.c | 2
fs/pstore/zone.c | 2
fs/sysv/itree.c | 10 -
include/acpi/acpi_bus.h | 14 -
include/linux/kernfs.h | 2
include/linux/overflow.h | 12 -
include/linux/randomize_kstack.h | 2
include/linux/rcupdate.h | 4
include/linux/skbuff.h | 11 +
include/linux/sunrpc/sched.h | 2
include/net/bluetooth/hci.h | 8
include/uapi/linux/input-event-codes.h | 1
io_uring/io_uring.c | 25 +-
kernel/dma/direct.c | 9 -
kernel/panic.c | 8
kernel/printk/printk.c | 3
kernel/rcu/tree_nocb.h | 2
kernel/trace/ring_buffer.c | 2
net/bluetooth/hci_event.c | 3
net/ipv4/ip_tunnel.c | 1
net/ipv6/ip6_gre.c | 2
net/ipv6/ip6_tunnel.c | 1
net/ipv6/ip6_vti.c | 1
net/ipv6/sit.c | 1
net/mpls/mpls_gso.c | 3
net/smc/smc_pnet.c | 10 +
net/wireless/util.c | 14 +
scripts/gcc-plugins/stackleak_plugin.c | 2
scripts/mod/modpost.c | 4
sound/firewire/amdtp-stream.c | 12 -
sound/firewire/amdtp-stream.h | 4
sound/pci/hda/patch_realtek.c | 12 +
sound/soc/amd/yc/acp6x-mach.c | 7
sound/soc/intel/avs/board_selection.c | 85 ++++++++++
sound/soc/intel/boards/sof_sdw.c | 11 +
sound/soc/soc-core.c | 3
sound/soc/sof/amd/acp.c | 3
tools/iio/iio_utils.c | 2
tools/lib/perf/evlist.c | 18 +-
tools/lib/perf/include/internal/evlist.h | 4
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1
tools/testing/ktest/ktest.pl | 1
tools/testing/selftests/net/mptcp/mptcp_join.sh | 5
151 files changed, 1134 insertions(+), 309 deletions(-)
Abhishek Pandit-Subedi (1):
usb: typec: ucsi: Limit read size on v1.2
Adam Ford (1):
pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain
Alban Boyé (1):
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Aleksandr Burakov (1):
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Alex Henrie (1):
isofs: handle CDs with bad root inode but good Joliet root directory
Andre Werner (1):
net: phy: phy_device: Prevent nullptr exceptions on ISR
Ard Biesheuvel (1):
gcc-plugins/stackleak: Avoid .head.text section
Aric Cyr (1):
drm/amd/display: Fix nanosec stat overflow
Arnd Bergmann (1):
media: sta2x11: fix irq handler cast
Baochen Qiang (1):
wifi: ath11k: decrease MHI channel buffer length to 8KB
C Cheng (1):
cpuidle: Avoid potential overflow in integer multiplication
Cezary Rojewski (1):
ASoC: Intel: avs: Populate board selection with new I2S entries
Chancel Liu (1):
ASoC: soc-core.c: Skip dummy codec when adding platforms
Christian König (1):
drm/ttm: return ENOSPC from ttm_bo_mem_space v3
Colin Ian King (1):
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Cristian Ciocaltea (2):
net: stmmac: dwmac-starfive: Add support for JH7100 SoC
ASoC: SOF: amd: Optimize quirk for Valve Galileo
Dai Ngo (1):
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Daniel Drake (2):
PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Dave Airlie (1):
amdkfd: use calloc instead of kzalloc to avoid integer overflow
David Sterba (3):
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Dmitry Antipov (1):
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
Dmitry Torokhov (1):
HID: input: avoid polling stylus battery on Chromebook Pompom
Duje Mihanović (1):
Input: imagis - use FIELD_GET where applicable
Edward Adam Davis (1):
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet (2):
net: add netdev_lockdep_set_classes() to virtual drivers
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Florian Westphal (2):
net: skbuff: add overflow debug check to pull/push helpers
net: mpls: error out if inner headers are not set
Geert Uytterhoeven (1):
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Geliang Tang (1):
selftests: mptcp: display simult in extra_msg
Gergo Koteles (1):
Input: allocate keycode for Display refresh rate toggle
Greg Kroah-Hartman (1):
Linux 6.6.27
Gwendal Grignou (1):
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
Hans de Goede (2):
wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS
Harshit Mogalapalli (1):
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Ian Rogers (1):
libperf evlist: Avoid out-of-bounds access
Jacob Keller (1):
ice: use relative VSI index for VFs instead of PF VSI number
Jarkko Nikula (1):
i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC
Jeffrey Hugo (1):
bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
Jens Axboe (1):
io_uring: clear opcode specific data for an early failure
Jiawei Fu (iBug) (1):
drivers/nvme: Add quirks for device 126f:2262
Jichi Zhang (1):
ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9
Johan Jonker (4):
ARM: dts: rockchip: fix rk3288 hdmi ports node
ARM: dts: rockchip: fix rk322x hdmi ports node
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
Johannes Berg (1):
wifi: cfg80211: check A-MSDU format more carefully
John Ogness (2):
printk: For @suppress_panic_printk check for other CPU in panic
panic: Flush kernel log buffer at the end
Junhao He (1):
drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09
Justin Tee (1):
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Kees Cook (3):
bnx2x: Fix firmware version string character counts
overflow: Allow non-type arg to type_max() and type_min()
randomize_kstack: Improve entropy diffusion
Koby Elbaz (1):
accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings
Konrad Dybcio (1):
thermal/of: Assume polling-delay(-passive) 0 when absent
Kunwu Chan (3):
pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
pstore/zone: Add a null pointer check to the psz_kmsg_read
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Luiz Augusto von Dentz (1):
Bluetooth: btintel: Fixe build regression
M Cooley (1):
ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE
Ma Jun (1):
Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()"
Manjunath Patil (1):
RDMA/cm: add timeout to cm_destroy_id wait
Marco Felsch (1):
usb: typec: tcpci: add generic tcpci fallback compatible
Markus Elfring (1):
firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename()
Markuss Broks (1):
input/touchscreen: imagis: Correct the maximum touch area value
Matt Scialabba (1):
Input: xpad - add support for Snakebyte GAMEPADs
Max Kellermann (1):
modpost: fix null pointer dereference
Maíra Canal (1):
drm/vc4: don't check if plane->state->fb == state->fb
Michael Grzeschik (1):
usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
Mika Westerberg (1):
thunderbolt: Keep the domain powered when USB4 port is in redrive mode
Mike Marshall (1):
Julia Lawall reported this null pointer dereference, this should fix it.
Mukesh Sisodiya (1):
wifi: iwlwifi: pcie: Add the PCI device id for new hardware
Nicolas Dufresne (1):
media: mediatek: vcodec: Fix oops when HEVC init fails
Paul E. McKenney (1):
rcu-tasks: Repair RCU Tasks Trace quiescence check
Peter Chiu (1):
wifi: mt76: mt7996: disable AMSDU for non-data frames
Petre Rodan (1):
tools: iio: replace seekdir() in iio_generic_buffer
Ping-Ke Shih (1):
wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
Po-Hao Huang (1):
wifi: rtw89: fix null pointer access when abort scan
Ricardo B. Marliere (1):
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Rick Edgecombe (1):
dma-direct: Leak pages on dma_set_decrypted() failure
Roger Pau Monne (1):
x86/xen: attempt to inflate the memory balloon on PVH
Roman Smirnov (2):
block: prevent division by zero in blk_rq_stat_sum()
fbmon: prevent division by zero in fb_videomode_from_videomode()
Samasth Norway Ananda (1):
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Samuel Dionne-Riel (1):
drm: panel-orientation-quirks: Add quirk for GPD Win Mini
Sandipan Das (1):
perf/x86/amd/lbr: Discard erroneous branch entries
Serge Semin (1):
net: pcs: xpcs: Return EINVAL in the internal methods
Shannon Nelson (1):
ionic: set adminq irq affinity
Shayne Chen (2):
wifi: mt76: mt7915: add locking for accessing mapped registers
wifi: mt76: mt7996: add locking for accessing mapped registers
Shradha Gupta (2):
drm: Check output polling initialized before disabling
drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes
Srinivasan Shanmugam (1):
drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
Takashi Iwai (2):
wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm
Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
Takashi Sakamoto (1):
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Tejun Heo (1):
kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id()
Tetsuo Handa (1):
sysv: don't call sb_bread() with pointers_lock held
Tim Crawford (1):
ALSA: hda/realtek: Add quirks for some Clevo laptops
Vasiliy Kovalev (1):
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Vinicius Peixoto (1):
Bluetooth: Add new quirk for broken read key length on ATS2851
Viresh Kumar (1):
cpufreq: Don't unregister cpufreq cooling on CPU hotplug
Ye Bin (1):
ext4: forbid commit inconsistent quota data when errors=remount-ro
Yunfei Dong (2):
media: mediatek: vcodec: adding lock to protect decoder context list
media: mediatek: vcodec: adding lock to protect encoder context list
Zhang Yi (1):
ext4: add a hint for block bitmap corrupt state in mb_groups
Zqiang (1):
rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
linke li (1):
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
mosomate (1):
ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops
1 year, 1 month
- 1
- 1
Linux 6.1.86
by Greg Kroah-Hartman
I'm announcing the release of the 6.1.86 kernel.
All users of the 6.1 kernel series must upgrade.
The updated 6.1.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 +-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +-
arch/x86/events/amd/lbr.c | 6 -
block/blk-stat.c | 2
drivers/acpi/sleep.c | 12 --
drivers/bluetooth/btintel.c | 2
drivers/bluetooth/btmtk.c | 1
drivers/bluetooth/btmtk.h | 1
drivers/bus/mhi/host/init.c | 1
drivers/bus/mhi/host/internal.h | 9 +
drivers/bus/mhi/host/pm.c | 20 +++
drivers/cpufreq/cpufreq.c | 17 ++-
drivers/cpuidle/driver.c | 3
drivers/firmware/tegra/bpmp-debugfs.c | 2
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4
drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 ++
drivers/gpu/drm/vc4/vc4_plane.c | 5
drivers/infiniband/core/cm.c | 20 +++
drivers/input/rmi4/rmi_driver.c | 6 -
drivers/input/touchscreen/imagis.c | 20 +--
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 -
drivers/misc/vmw_vmci/vmci_datagram.c | 6 -
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 -
drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +-
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 -
drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5
drivers/net/pcs/pcs-xpcs.c | 4
drivers/net/wireless/ath/ath11k/mhi.c | 2
drivers/net/wireless/ath/ath9k/antenna.c | 2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1
drivers/net/wireless/realtek/rtw89/pci.h | 2
drivers/nvme/host/pci.c | 3
drivers/pinctrl/renesas/core.c | 4
drivers/platform/x86/intel/vbtn.c | 5
drivers/platform/x86/touchscreen_dmi.c | 9 +
drivers/scsi/lpfc/lpfc_nportdisc.c | 6 -
drivers/scsi/scsi_lib.c | 52 +++++-----
drivers/scsi/sd.c | 4
drivers/soundwire/dmi-quirks.c | 8 +
drivers/thermal/thermal_of.c | 12 +-
drivers/thunderbolt/quirks.c | 14 ++
drivers/thunderbolt/tb.c | 49 +++++++++
drivers/thunderbolt/tb.h | 4
drivers/tty/n_gsm.c | 3
drivers/usb/gadget/function/uvc_video.c | 3
drivers/usb/host/sl811-hcd.c | 2
drivers/usb/typec/tcpm/tcpci.c | 1
drivers/video/fbdev/core/fbmon.c | 7 -
drivers/video/fbdev/via/accel.c | 4
drivers/virtio/virtio.c | 10 +
fs/btrfs/export.c | 9 +
fs/btrfs/send.c | 10 +
fs/btrfs/volumes.c | 12 ++
fs/ext4/mballoc.c | 5
fs/ext4/super.c | 12 ++
fs/isofs/inode.c | 18 +++
fs/orangefs/super.c | 2
fs/pstore/zone.c | 2
fs/sysv/itree.c | 10 -
include/linux/randomize_kstack.h | 2
include/linux/rcupdate.h | 4
include/linux/skbuff.h | 11 ++
include/linux/sunrpc/sched.h | 2
include/scsi/scsi_device.h | 51 ++-------
include/uapi/linux/input-event-codes.h | 1
io_uring/io_uring.c | 25 +++-
kernel/dma/direct.c | 9 -
kernel/panic.c | 8 +
kernel/trace/ring_buffer.c | 2
net/mpls/mpls_gso.c | 3
net/netfilter/nf_tables_api.c | 47 ++++++---
net/smc/smc_pnet.c | 10 +
scripts/gcc-plugins/stackleak_plugin.c | 2
sound/firewire/amdtp-stream.c | 12 +-
sound/firewire/amdtp-stream.h | 4
sound/soc/intel/boards/sof_sdw.c | 11 ++
sound/soc/soc-core.c | 3
tools/iio/iio_utils.c | 2
tools/lib/perf/evlist.c | 18 ++-
tools/lib/perf/include/internal/evlist.h | 4
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1
tools/testing/ktest/ktest.pl | 1
87 files changed, 544 insertions(+), 224 deletions(-)
Alban Boyé (1):
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Aleksandr Burakov (1):
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Alex Henrie (1):
isofs: handle CDs with bad root inode but good Joliet root directory
Ard Biesheuvel (1):
gcc-plugins/stackleak: Avoid .head.text section
Aric Cyr (1):
drm/amd/display: Fix nanosec stat overflow
Arnd Bergmann (1):
media: sta2x11: fix irq handler cast
Baochen Qiang (1):
wifi: ath11k: decrease MHI channel buffer length to 8KB
C Cheng (1):
cpuidle: Avoid potential overflow in integer multiplication
Chancel Liu (1):
ASoC: soc-core.c: Skip dummy codec when adding platforms
Colin Ian King (1):
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Dai Ngo (1):
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Daniel Drake (1):
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Dave Airlie (1):
amdkfd: use calloc instead of kzalloc to avoid integer overflow
David Hildenbrand (1):
virtio: reenable config if freezing device failed
David Sterba (3):
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Dmitry Antipov (1):
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
Duje Mihanović (1):
Input: imagis - use FIELD_GET where applicable
Edward Adam Davis (1):
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet (1):
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Florian Westphal (2):
net: skbuff: add overflow debug check to pull/push helpers
net: mpls: error out if inner headers are not set
Geert Uytterhoeven (1):
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Gergo Koteles (1):
Input: allocate keycode for Display refresh rate toggle
Greg Kroah-Hartman (3):
Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties"
Revert "scsi: core: Add struct for args to execution functions"
Linux 6.1.86
Gwendal Grignou (1):
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
Hans de Goede (1):
wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
Harshit Mogalapalli (1):
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Ian Rogers (1):
libperf evlist: Avoid out-of-bounds access
Jacob Keller (1):
ice: use relative VSI index for VFs instead of PF VSI number
Jeffrey Hugo (1):
bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
Jens Axboe (1):
io_uring: clear opcode specific data for an early failure
Jiawei Fu (iBug) (1):
drivers/nvme: Add quirks for device 126f:2262
Johan Jonker (2):
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
John Ogness (1):
panic: Flush kernel log buffer at the end
Justin Tee (1):
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Kees Cook (2):
bnx2x: Fix firmware version string character counts
randomize_kstack: Improve entropy diffusion
Konrad Dybcio (1):
thermal/of: Assume polling-delay(-passive) 0 when absent
Kunwu Chan (2):
pstore/zone: Add a null pointer check to the psz_kmsg_read
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Luiz Augusto von Dentz (1):
Bluetooth: btintel: Fixe build regression
Ma Jun (1):
Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()"
Manjunath Patil (1):
RDMA/cm: add timeout to cm_destroy_id wait
Marco Felsch (1):
usb: typec: tcpci: add generic tcpci fallback compatible
Markus Elfring (1):
firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename()
Markuss Broks (1):
input/touchscreen: imagis: Correct the maximum touch area value
Martin K. Petersen (1):
scsi: sd: usb_storage: uas: Access media prior to querying device properties
Maíra Canal (1):
drm/vc4: don't check if plane->state->fb == state->fb
Michael Grzeschik (1):
usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
Mika Westerberg (1):
thunderbolt: Keep the domain powered when USB4 port is in redrive mode
Mike Marshall (1):
Julia Lawall reported this null pointer dereference, this should fix it.
Mukesh Sisodiya (1):
wifi: iwlwifi: pcie: Add the PCI device id for new hardware
Pablo Neira Ayuso (3):
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
Paul E. McKenney (1):
rcu-tasks: Repair RCU Tasks Trace quiescence check
Petre Rodan (1):
tools: iio: replace seekdir() in iio_generic_buffer
Ping-Ke Shih (1):
wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
Ricardo B. Marliere (1):
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Rick Edgecombe (1):
dma-direct: Leak pages on dma_set_decrypted() failure
Roman Smirnov (2):
block: prevent division by zero in blk_rq_stat_sum()
fbmon: prevent division by zero in fb_videomode_from_videomode()
Samasth Norway Ananda (1):
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Samuel Dionne-Riel (1):
drm: panel-orientation-quirks: Add quirk for GPD Win Mini
Sandipan Das (1):
perf/x86/amd/lbr: Discard erroneous branch entries
Serge Semin (1):
net: pcs: xpcs: Return EINVAL in the internal methods
Shannon Nelson (1):
ionic: set adminq irq affinity
Srinivasan Shanmugam (1):
drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
Takashi Iwai (1):
Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
Takashi Sakamoto (1):
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Tetsuo Handa (1):
sysv: don't call sb_bread() with pointers_lock held
Thadeu Lima de Souza Cascardo (1):
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Vasiliy Kovalev (1):
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Viresh Kumar (1):
cpufreq: Don't unregister cpufreq cooling on CPU hotplug
Ye Bin (1):
ext4: forbid commit inconsistent quota data when errors=remount-ro
Zhang Yi (1):
ext4: add a hint for block bitmap corrupt state in mb_groups
linke li (1):
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
mosomate (1):
ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops
1 year, 1 month
- 1
- 1
Linux 5.15.155
by Greg Kroah-Hartman
I'm announcing the release of the 5.15.155 kernel.
All users of the 5.15 kernel series must upgrade.
The updated 5.15.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++
arch/x86/mm/pat/memtype.c | 49 +++++++---
block/blk-stat.c | 2
drivers/acpi/cppc_acpi.c | 27 -----
drivers/acpi/sleep.c | 12 --
drivers/bluetooth/btintel.c | 2
drivers/cpuidle/driver.c | 3
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4
drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4
drivers/infiniband/core/cm.c | 20 +++-
drivers/input/rmi4/rmi_driver.c | 6 +
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 -
drivers/misc/vmw_vmci/vmci_datagram.c | 6 -
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 -
drivers/net/pcs/pcs-xpcs.c | 4
drivers/net/wireless/ath/ath11k/mhi.c | 2
drivers/net/wireless/ath/ath9k/antenna.c | 2
drivers/nvme/host/pci.c | 3
drivers/pinctrl/renesas/core.c | 4
drivers/platform/x86/intel/vbtn.c | 5 -
drivers/platform/x86/touchscreen_dmi.c | 9 +
drivers/scsi/lpfc/lpfc_nportdisc.c | 6 -
drivers/tty/n_gsm.c | 3
drivers/usb/host/sl811-hcd.c | 2
drivers/usb/typec/tcpm/tcpci.c | 1
drivers/video/fbdev/core/fbmon.c | 7 -
drivers/video/fbdev/via/accel.c | 4
drivers/virtio/virtio.c | 10 +-
fs/btrfs/export.c | 9 +
fs/btrfs/send.c | 10 +-
fs/btrfs/volumes.c | 12 ++
fs/ext4/mballoc.c | 5 -
fs/ext4/super.c | 12 ++
fs/isofs/inode.c | 18 +++
fs/pstore/zone.c | 2
fs/sysv/itree.c | 10 --
include/linux/randomize_kstack.h | 2
include/linux/sunrpc/sched.h | 2
include/uapi/linux/input-event-codes.h | 1
kernel/panic.c | 8 +
kernel/trace/ring_buffer.c | 2
mm/memory.c | 4
net/dsa/dsa2.c | 25 +----
net/netfilter/nf_tables_api.c | 47 +++++++--
net/smc/smc_pnet.c | 10 ++
scripts/gcc-plugins/stackleak_plugin.c | 6 +
sound/firewire/amdtp-stream.c | 12 +-
sound/firewire/amdtp-stream.h | 4
sound/soc/soc-core.c | 3
tools/iio/iio_utils.c | 2
tools/lib/perf/evlist.c | 18 ++-
tools/lib/perf/include/internal/evlist.h | 4
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1
tools/testing/ktest/ktest.pl | 1
56 files changed, 321 insertions(+), 145 deletions(-)
Alban Boyé (1):
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Aleksandr Burakov (1):
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Alex Henrie (1):
isofs: handle CDs with bad root inode but good Joliet root directory
Ard Biesheuvel (1):
gcc-plugins/stackleak: Avoid .head.text section
Aric Cyr (1):
drm/amd/display: Fix nanosec stat overflow
Arnd Bergmann (1):
media: sta2x11: fix irq handler cast
Baochen Qiang (1):
wifi: ath11k: decrease MHI channel buffer length to 8KB
C Cheng (1):
cpuidle: Avoid potential overflow in integer multiplication
Chancel Liu (1):
ASoC: soc-core.c: Skip dummy codec when adding platforms
Colin Ian King (1):
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Dai Ngo (1):
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Daniel Drake (1):
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Dave Airlie (1):
amdkfd: use calloc instead of kzalloc to avoid integer overflow
David Hildenbrand (2):
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
David Sterba (3):
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Dmitry Antipov (1):
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
Edward Adam Davis (1):
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet (1):
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Geert Uytterhoeven (1):
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Gergo Koteles (1):
Input: allocate keycode for Display refresh rate toggle
Greg Kroah-Hartman (2):
Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"
Linux 5.15.155
Gwendal Grignou (1):
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
Harshit Mogalapalli (1):
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Ian Rogers (1):
libperf evlist: Avoid out-of-bounds access
Jiawei Fu (iBug) (1):
drivers/nvme: Add quirks for device 126f:2262
Johan Jonker (2):
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
John Ogness (1):
panic: Flush kernel log buffer at the end
Justin Tee (1):
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Kees Cook (2):
gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text
randomize_kstack: Improve entropy diffusion
Kunwu Chan (2):
pstore/zone: Add a null pointer check to the psz_kmsg_read
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Luiz Augusto von Dentz (1):
Bluetooth: btintel: Fixe build regression
Manjunath Patil (1):
RDMA/cm: add timeout to cm_destroy_id wait
Marco Felsch (1):
usb: typec: tcpci: add generic tcpci fallback compatible
Pablo Neira Ayuso (3):
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
Petre Rodan (1):
tools: iio: replace seekdir() in iio_generic_buffer
Ricardo B. Marliere (1):
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Roman Smirnov (2):
block: prevent division by zero in blk_rq_stat_sum()
fbmon: prevent division by zero in fb_videomode_from_videomode()
Samasth Norway Ananda (1):
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Serge Semin (1):
net: pcs: xpcs: Return EINVAL in the internal methods
Shannon Nelson (1):
ionic: set adminq irq affinity
Takashi Sakamoto (1):
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Tetsuo Handa (1):
sysv: don't call sb_bread() with pointers_lock held
Thadeu Lima de Souza Cascardo (1):
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Vasiliy Kovalev (1):
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Vladimir Oltean (1):
net: dsa: fix panic when DSA master device unbinds on shutdown
Ye Bin (1):
ext4: forbid commit inconsistent quota data when errors=remount-ro
Zhang Yi (1):
ext4: add a hint for block bitmap corrupt state in mb_groups
linke li (1):
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
1 year, 1 month
- 1
- 1
Linux 5.10.215
by Greg Kroah-Hartman
I'm announcing the release of the 5.10.215 kernel.
All users of the 5.10 kernel series must upgrade.
The updated 5.10.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/ABI/testing/sysfs-devices-system-cpu | 1
Documentation/admin-guide/hw-vuln/index.rst | 1
Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++++
Documentation/admin-guide/hw-vuln/spectre.rst | 18
Documentation/admin-guide/kernel-parameters.txt | 27 -
Documentation/block/queue-sysfs.rst | 7
Documentation/x86/mds.rst | 38 +
Makefile | 2
arch/arm/boot/dts/mmp2-brownstone.dts | 2
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12
arch/hexagon/kernel/vmlinux.lds.S | 1
arch/parisc/include/asm/assembly.h | 18
arch/parisc/include/asm/checksum.h | 10
arch/powerpc/include/asm/reg_fsl_emb.h | 11
arch/powerpc/lib/Makefile | 2
arch/riscv/include/asm/uaccess.h | 4
arch/s390/kernel/entry.S | 1
arch/sparc/kernel/nmi.c | 2
arch/sparc/vdso/vma.c | 7
arch/x86/Kconfig | 18
arch/x86/Makefile | 8
arch/x86/entry/entry.S | 23
arch/x86/entry/entry_32.S | 59 --
arch/x86/entry/entry_64.S | 10
arch/x86/entry/entry_64_compat.S | 1
arch/x86/include/asm/asm-prototypes.h | 1
arch/x86/include/asm/asm.h | 5
arch/x86/include/asm/cpufeature.h | 8
arch/x86/include/asm/cpufeatures.h | 5
arch/x86/include/asm/disabled-features.h | 3
arch/x86/include/asm/entry-common.h | 1
arch/x86/include/asm/irqflags.h | 1
arch/x86/include/asm/msr-index.h | 10
arch/x86/include/asm/nospec-branch.h | 47 +
arch/x86/include/asm/processor.h | 15
arch/x86/include/asm/ptrace.h | 5
arch/x86/include/asm/required-features.h | 3
arch/x86/include/asm/segment.h | 30 -
arch/x86/include/asm/setup.h | 1
arch/x86/include/asm/stackprotector.h | 79 ---
arch/x86/include/asm/suspend_32.h | 12
arch/x86/kernel/Makefile | 1
arch/x86/kernel/asm-offsets_32.c | 5
arch/x86/kernel/cpu/amd.c | 10
arch/x86/kernel/cpu/bugs.c | 245 ++++++----
arch/x86/kernel/cpu/common.c | 64 ++
arch/x86/kernel/cpu/mce/core.c | 4
arch/x86/kernel/doublefault_32.c | 4
arch/x86/kernel/head64.c | 9
arch/x86/kernel/head_32.S | 18
arch/x86/kernel/head_64.S | 24
arch/x86/kernel/nmi.c | 3
arch/x86/kernel/setup_percpu.c | 1
arch/x86/kernel/tls.c | 8
arch/x86/kvm/cpuid.h | 2
arch/x86/kvm/svm/sev.c | 16
arch/x86/kvm/vmx/run_flags.h | 7
arch/x86/kvm/vmx/vmenter.S | 9
arch/x86/kvm/vmx/vmx.c | 12
arch/x86/kvm/x86.c | 5
arch/x86/lib/insn-eval.c | 4
arch/x86/lib/retpoline.S | 6
arch/x86/mm/ident_map.c | 23
arch/x86/mm/pat/memtype.c | 50 +-
arch/x86/platform/pvh/head.S | 14
arch/x86/power/cpu.c | 6
arch/x86/xen/enlighten_pv.c | 1
block/blk-settings.c | 41 +
block/blk-stat.c | 2
block/blk-sysfs.c | 8
block/ioctl.c | 11
drivers/accessibility/speakup/synth.c | 4
drivers/acpi/acpica/dbnames.c | 8
drivers/acpi/sleep.c | 12
drivers/ata/ahci.c | 5
drivers/ata/sata_mv.c | 63 +-
drivers/ata/sata_sx4.c | 6
drivers/base/core.c | 26 -
drivers/base/cpu.c | 8
drivers/base/power/wakeirq.c | 4
drivers/bluetooth/btintel.c | 2
drivers/clk/qcom/gcc-ipq6018.c | 2
drivers/clk/qcom/gcc-ipq8074.c | 2
drivers/clk/qcom/gcc-sdm845.c | 1
drivers/clk/qcom/mmcc-apq8084.c | 2
drivers/clk/qcom/mmcc-msm8974.c | 2
drivers/cpufreq/brcmstb-avs-cpufreq.c | 5
drivers/cpufreq/cpufreq-dt.c | 2
drivers/crypto/qat/qat_common/adf_aer.c | 23
drivers/firmware/efi/vars.c | 17
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12
drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3
drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4
drivers/gpu/drm/drm_panel.c | 17
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2
drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9
drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4
drivers/gpu/drm/exynos/exynos_hdmi.c | 4
drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3
drivers/gpu/drm/i915/gt/intel_lrc.c | 3
drivers/gpu/drm/imx/parallel-display.c | 4
drivers/gpu/drm/ttm/ttm_memory.c | 2
drivers/gpu/drm/vc4/vc4_hdmi.c | 2
drivers/gpu/drm/vmwgfx/vmwgfx_binding.c | 20
drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 4
drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 92 ++-
drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c | 8
drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c | 4
drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c | 4
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2
drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 11
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 12
drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 2
drivers/gpu/drm/vmwgfx/vmwgfx_mob.c | 4
drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6
drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 12
drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 4
drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 4
drivers/gpu/drm/vmwgfx/vmwgfx_so.c | 3
drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 50 --
drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6
drivers/hwmon/amc6821.c | 11
drivers/infiniband/core/cm.c | 20
drivers/input/rmi4/rmi_driver.c | 6
drivers/md/dm-integrity.c | 2
drivers/md/dm-raid.c | 2
drivers/md/dm-snap.c | 4
drivers/md/raid5.c | 12
drivers/media/pci/sta2x11/sta2x11_vip.c | 9
drivers/media/tuners/xc4000.c | 4
drivers/misc/mei/hw-me-regs.h | 2
drivers/misc/mei/pci-me.c | 2
drivers/misc/vmw_vmci/vmci_datagram.c | 6
drivers/mmc/core/block.c | 14
drivers/mmc/host/tmio_mmc_core.c | 2
drivers/mtd/nand/raw/meson_nand.c | 2
drivers/mtd/ubi/fastmap.c | 7
drivers/mtd/ubi/vtbl.c | 6
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8
drivers/net/ethernet/intel/i40e/i40e_main.c | 7
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 -
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16
drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5
drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2
drivers/net/ethernet/neterion/vxge/vxge-config.c | 2
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5
drivers/net/ethernet/realtek/r8169_main.c | 9
drivers/net/ethernet/renesas/ravb_main.c | 7
drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +
drivers/net/ethernet/xilinx/ll_temac_main.c | 2
drivers/net/wireguard/netlink.c | 10
drivers/net/wireless/ath/ath9k/antenna.c | 2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4
drivers/nvme/host/pci.c | 3
drivers/nvmem/meson-efuse.c | 25 -
drivers/of/dynamic.c | 12
drivers/pci/controller/dwc/pcie-designware-ep.c | 7
drivers/pci/pci-driver.c | 23
drivers/pci/pci.c | 6
drivers/pci/pci.h | 17
drivers/pci/pcie/Makefile | 2
drivers/pci/pcie/dpc.c | 15
drivers/pci/pcie/err.c | 33 +
drivers/pci/pcie/rcec.c | 59 ++
drivers/pci/probe.c | 7
drivers/pci/quirks.c | 100 ++++
drivers/pci/setup-res.c | 8
drivers/phy/tegra/xusb.c | 13
drivers/pinctrl/renesas/core.c | 4
drivers/platform/x86/touchscreen_dmi.c | 9
drivers/s390/crypto/zcrypt_api.c | 2
drivers/scsi/hosts.c | 7
drivers/scsi/lpfc/lpfc_nportdisc.c | 6
drivers/scsi/lpfc/lpfc_nvmet.c | 2
drivers/scsi/myrb.c | 20
drivers/scsi/myrs.c | 24
drivers/scsi/qla2xxx/qla_attr.c | 14
drivers/scsi/qla2xxx/qla_def.h | 2
drivers/scsi/qla2xxx/qla_gs.c | 2
drivers/scsi/qla2xxx/qla_init.c | 102 +---
drivers/scsi/qla2xxx/qla_target.c | 10
drivers/scsi/sd.c | 7
drivers/slimbus/core.c | 4
drivers/soc/fsl/qbman/qman.c | 98 +++-
drivers/staging/comedi/drivers/comedi_test.c | 30 +
drivers/staging/media/ipu3/ipu3-v4l2.c | 16
drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5
drivers/tee/optee/device.c | 3
drivers/tty/n_gsm.c | 3
drivers/tty/serial/8250/8250_port.c | 6
drivers/tty/serial/fsl_lpuart.c | 7
drivers/tty/serial/max310x.c | 7
drivers/tty/serial/sc16is7xx.c | 15
drivers/tty/serial/serial_core.c | 12
drivers/tty/vt/vt.c | 2
drivers/usb/class/cdc-wdm.c | 6
drivers/usb/core/hub.c | 23
drivers/usb/core/hub.h | 2
drivers/usb/core/port.c | 5
drivers/usb/core/sysfs.c | 16
drivers/usb/dwc2/core.h | 14
drivers/usb/dwc2/core_intr.c | 63 +-
drivers/usb/dwc2/gadget.c | 4
drivers/usb/dwc2/hcd.c | 47 +
drivers/usb/dwc2/hcd_ddma.c | 17
drivers/usb/dwc2/hw.h | 2
drivers/usb/gadget/function/f_ncm.c | 2
drivers/usb/gadget/udc/core.c | 4
drivers/usb/gadget/udc/tegra-xudc.c | 53 +-
drivers/usb/host/sl811-hcd.c | 2
drivers/usb/phy/phy-generic.c | 7
drivers/usb/serial/cp210x.c | 4
drivers/usb/serial/ftdi_sio.c | 2
drivers/usb/serial/ftdi_sio_ids.h | 6
drivers/usb/serial/option.c | 6
drivers/usb/storage/isd200.c | 23
drivers/usb/typec/tcpm/tcpci.c | 1
drivers/usb/typec/ucsi/ucsi.c | 42 +
drivers/usb/typec/ucsi/ucsi.h | 4
drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7
drivers/vfio/pci/vfio_pci_intrs.c | 176 ++++---
drivers/vfio/platform/vfio_platform_irq.c | 106 ++--
drivers/vfio/virqfd.c | 21
drivers/video/fbdev/core/fbmon.c | 7
drivers/video/fbdev/via/accel.c | 4
drivers/virtio/virtio.c | 10
drivers/xen/events/events_base.c | 5
fs/aio.c | 8
fs/btrfs/export.c | 9
fs/btrfs/ioctl.c | 25 -
fs/btrfs/send.c | 10
fs/btrfs/volumes.c | 14
fs/exec.c | 1
fs/ext4/mballoc.c | 22
fs/ext4/resize.c | 3
fs/ext4/super.c | 12
fs/fat/nfs.c | 6
fs/fuse/dir.c | 4
fs/fuse/fuse_i.h | 1
fs/fuse/inode.c | 7
fs/isofs/inode.c | 18
fs/nfs/direct.c | 11
fs/nfs/write.c | 2
fs/nilfs2/btree.c | 9
fs/nilfs2/direct.c | 9
fs/nilfs2/inode.c | 2
fs/pstore/zone.c | 2
fs/sysv/itree.c | 10
fs/ubifs/file.c | 13
fs/vboxsf/super.c | 3
include/linux/blkdev.h | 15
include/linux/cpu.h | 2
include/linux/device.h | 1
include/linux/gfp.h | 9
include/linux/hyperv.h | 22
include/linux/nfs_fs.h | 1
include/linux/objtool.h | 8
include/linux/pci.h | 6
include/linux/phy/tegra/xusb.h | 2
include/linux/sunrpc/sched.h | 2
include/linux/timer.h | 18
include/linux/udp.h | 28 +
include/linux/vfio.h | 2
include/net/cfg802154.h | 1
include/net/inet_connection_sock.h | 1
include/net/sock.h | 7
include/soc/fsl/qman.h | 9
include/uapi/linux/input-event-codes.h | 1
init/initramfs.c | 2
io_uring/io_uring.c | 2
kernel/bounds.c | 2
kernel/bpf/verifier.c | 5
kernel/events/core.c | 9
kernel/panic.c | 8
kernel/power/suspend.c | 1
kernel/printk/printk.c | 63 +-
kernel/time/timer.c | 164 +++---
kernel/trace/ring_buffer.c | 193 ++++---
mm/compaction.c | 7
mm/memory-failure.c | 2
mm/memory.c | 4
mm/memtest.c | 4
mm/migrate.c | 6
mm/page_alloc.c | 10
mm/swapfile.c | 13
mm/vmscan.c | 5
net/bluetooth/hci_debugfs.c | 48 +
net/bluetooth/hci_event.c | 25 +
net/bridge/netfilter/ebtables.c | 6
net/core/sock_map.c | 6
net/ipv4/inet_connection_sock.c | 14
net/ipv4/ip_gre.c | 5
net/ipv4/netfilter/arp_tables.c | 4
net/ipv4/netfilter/ip_tables.c | 4
net/ipv4/tcp.c | 2
net/ipv4/udp.c | 7
net/ipv4/udp_offload.c | 13
net/ipv6/ip6_fib.c | 14
net/ipv6/ip6_gre.c | 3
net/ipv6/netfilter/ip6_tables.c | 4
net/ipv6/udp.c | 2
net/ipv6/udp_offload.c | 8
net/mac80211/cfg.c | 5
net/mac802154/llsec.c | 18
net/mptcp/protocol.c | 3
net/mptcp/subflow.c | 3
net/netfilter/nf_tables_api.c | 74 ++-
net/nfc/nci/core.c | 5
net/rds/rdma.c | 2
net/sched/act_skbmod.c | 10
net/smc/smc_pnet.c | 10
net/xfrm/xfrm_user.c | 3
scripts/Makefile.extrawarn | 2
scripts/dummy-tools/gcc | 6
scripts/gcc-x86_32-has-stack-protector.sh | 6
scripts/kernel-doc | 2
security/smack/smack_lsm.c | 12
sound/pci/hda/patch_realtek.c | 9
sound/sh/aica.c | 17
sound/soc/soc-ops.c | 2
tools/iio/iio_utils.c | 2
tools/include/linux/objtool.h | 8
tools/lib/perf/evlist.c | 18
tools/lib/perf/include/internal/evlist.h | 4
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1
tools/testing/ktest/ktest.pl | 1
tools/testing/selftests/mqueue/setting | 1
tools/testing/selftests/net/reuseaddr_conflict.c | 2
virt/kvm/async_pf.c | 31 +
334 files changed, 3242 insertions(+), 1521 deletions(-)
Alan Stern (3):
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
USB: core: Add hub_get() and hub_put() routines
USB: core: Fix deadlock in usb_deauthorize_interface()
Alban Boyé (1):
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Aleksandr Burakov (1):
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Aleksandr Loktionov (2):
i40e: fix i40e_count_filters() to count only active/new filters
i40e: fix vf may be used uninitialized in this function warning
Alex Henrie (1):
isofs: handle CDs with bad root inode but good Joliet root directory
Alex Williamson (7):
vfio/platform: Disable virqfds on cleanup
vfio/pci: Disable auto-enable of exclusive INTx IRQ
vfio/pci: Lock external INTx masking ops
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Create persistent INTx handler
vfio/platform: Create persistent IRQ handlers
vfio/fsl-mc: Block calling interrupt handler without trigger
Alexander Stein (1):
Revert "usb: phy: generic: Get the vbus supply"
Alexander Usyskin (2):
mei: me: add arrow lake point S DID
mei: me: add arrow lake point H DID
Amey Narkhede (1):
PCI: Cache PCIe Device Capabilities register
Amit Pundir (1):
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
Andrei Matei (1):
bpf: Protect against int overflow for stack access size
Andrey Jr. Melnikov (1):
ahci: asm1064: correct count of reported ports
Andy Lutomirski (1):
x86/stackprotector/32: Make the canary into a regular percpu variable
Antoine Tenart (2):
udp: do not transition UDP GRO fraglist partial checksums to unnecessary
udp: do not accept non-tunnel GSO skbs landing in a tunnel
Anton Altaparmakov (1):
x86/pm: Work around false positive kmemleak report in msr_build_context()
Aric Cyr (1):
drm/amd/display: Fix nanosec stat overflow
Arnd Bergmann (6):
staging: vc04_services: changen strncpy() to strscpy_pad()
dm integrity: fix out-of-range warning
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
scsi: mylex: Fix sysfs buffer lengths
ata: sata_mv: Fix PCI device ID table declaration compilation warning
media: sta2x11: fix irq handler cast
Arseniy Krasnov (1):
mtd: rawnand: meson: fix scrambling mode value in command macro
Aurélien Jacobs (1):
USB: serial: option: add MeiG Smart SLM320 product
Baokun Li (1):
ext4: correct best extent lstart adjustment logic
Bart Van Assche (1):
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
Bastien Nocera (1):
Bluetooth: Fix TOCTOU in HCI debugfs implementation
Bikash Hazarika (2):
scsi: qla2xxx: Update manufacturer details
scsi: qla2xxx: Update manufacturer detail
Bjorn Helgaas (1):
PCI: Work around Intel I210 ROM BAR overlap defect
Borislav Petkov (1):
x86/bugs: Use sysfs_emit()
Borislav Petkov (AMD) (5):
x86/CPU/AMD: Update the Zenbleed microcode revisions
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
x86/bugs: Fix the SRSO mitigation on Zen3/4
x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO
x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
Cameron Williams (1):
USB: serial: add device ID for VeriFone adapter
Chris Wilson (1):
drm/i915/gt: Reset queue_priority_hint on parking
Christian A. Ehrhardt (2):
usb: typec: ucsi: Ack unsupported commands
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
Christian Gmeiner (1):
drm/etnaviv: Restore some id values
Christian Häggström (1):
USB: serial: cp210x: add ID for MGP Instruments PDS100
Christian König (2):
drm/vmwgfx: stop using ttm_bo_create v2
drm/vmwgfx: switch over to the new pin interface v2
Christophe JAILLET (2):
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
vboxsf: Avoid an spurious warning if load_nls_xxx() fails
Claus Hansen Ries (1):
net: ll_temac: platform_get_resource replaced by wrong function
Colin Ian King (1):
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Conrad Kostecki (1):
ahci: asm1064: asm1166: don't limit reported ports
Dai Ngo (1):
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Damian Muszynski (1):
crypto: qat - resolve race condition during AER recovery
Damien Le Moal (2):
block: introduce zone_write_granularity limit
block: Clear zone limits for a non-zoned stacked queue
Dan Carpenter (1):
staging: vc04_services: fix information leak in create_component()
Daniel Drake (1):
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Daniel Vogelbacher (1):
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
Dave Airlie (1):
amdkfd: use calloc instead of kzalloc to avoid integer overflow
David Hildenbrand (2):
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
David Sterba (3):
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Davide Caratti (1):
mptcp: don't account accept() of non-MPC client as fallback to TCP
Dmitry Antipov (1):
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
Dominique Martinet (1):
mmc: core: Fix switch on gp3 partition
Duje Mihanović (1):
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
Duoming Zhou (1):
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
Edward Adam Davis (1):
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet (5):
tcp: properly terminate timers for kernel sockets
netfilter: validate user input for expected length
net/sched: act_skbmod: prevent kernel-infoleak
erspan: make sure erspan_base_hdr is present in skb->head
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Fedor Pchelkin (1):
mac802154: fix llsec key resources release in mac802154_llsec_key_del
Felix Fietkau (1):
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
Filipe Manana (1):
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
Gabor Juhos (4):
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
Geert Uytterhoeven (1):
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Gergo Koteles (1):
Input: allocate keycode for Display refresh rate toggle
Goldwyn Rodrigues (1):
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
Greg Kroah-Hartman (2):
cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
Linux 5.10.215
Guenter Roeck (4):
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
Gui-Dong Han (1):
media: xc4000: Fix atomicity violation in xc4000_get_frequency
Guilherme G. Piccoli (1):
scsi: core: Fix unremoved procfs host directory regression
Harald Freudenberger (1):
s390/zcrypt: fix reference counting on zcrypt card objects
Hariprasad Kelam (1):
Octeontx2-af: fix pause frame configuration in GMP mode
Harshit Mogalapalli (1):
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Heiner Kallweit (1):
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
Herve Codina (2):
driver core: Introduce device_link_wait_removal()
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
Hidenori Kobayashi (1):
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
Hugo Villeneuve (2):
serial: max310x: fix NULL pointer dereference in I2C instantiation
serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
Hui Wang (1):
Bluetooth: hci_event: set the conn encrypted before conn establishes
I Gede Agastya Darma Laksana (1):
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
Ian Abbott (1):
comedi: comedi_test: Prevent timers rescheduling during deletion
Ian Rogers (1):
libperf evlist: Avoid out-of-bounds access
Ingo Molnar (1):
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
Jakub Kicinski (1):
selftests: reuseaddr_conflict: add missing new line at the end of the output
Jakub Sitnicki (1):
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
Jameson Thies (1):
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
Jan Kara (1):
fat: fix uninitialized field in nostale filehandles
Jani Nikula (4):
drm/panel: do not return negative error codes from drm_panel_get_modes()
drm/exynos: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
Jason A. Donenfeld (2):
wireguard: netlink: check for dangling peer via is_dead instead of empty list
wireguard: netlink: access device through ctx instead of peer
Jens Axboe (1):
io_uring: ensure '0' is returned on file registration success
Jerome Brunet (1):
nvmem: meson-efuse: fix function pointer type mismatch
Jiawei Fu (iBug) (1):
drivers/nvme: Add quirks for device 126f:2262
Johan Hovold (1):
arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
Johan Jonker (2):
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
John David Anglin (1):
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
John Ogness (2):
printk: Update @console_may_schedule in console_trylock_spinning()
panic: Flush kernel log buffer at the end
John Sperbeck (1):
init: open /initrd.image with O_LARGEFILE
Jon Hunter (1):
usb: gadget: tegra-xudc: Use dev_err_probe()
Josef Bacik (1):
nfs: fix UAF in direct writes
Josh Poimboeuf (1):
objtool: Add asm version of STACK_FRAME_NON_STANDARD
Josua Mayer (1):
hwmon: (amc6821) add of_match table
Justin Tee (1):
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Kailang Yang (1):
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
Kim Phillips (2):
x86/cpu: Support AMD Automatic IBRS
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
Krishna Kurapati (1):
usb: gadget: ncm: Fix handling of zero block length packets
Kuniyuki Iwashima (1):
ipv6: Fix infinite recursion in fib6_dump_done().
Kunwu Chan (2):
pstore/zone: Add a null pointer check to the psz_kmsg_read
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Lee Jones (1):
drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret'
Leo Ma (1):
drm/amd/display: Fix noise issue on HDMI AV mute
Lin Yujun (1):
Documentation/hw-vuln: Update spectre doc
Liu Shixin (1):
mm/memory-failure: fix an incorrect use of tail pages
Luiz Augusto von Dentz (1):
Bluetooth: btintel: Fixe build regression
Mahmoud Adam (1):
net/rds: fix possible cp null dereference
Manjunath Patil (1):
RDMA/cm: add timeout to cm_destroy_id wait
Marco Felsch (1):
usb: typec: tcpci: add generic tcpci fallback compatible
Marek Szyprowski (1):
cpufreq: dt: always allocate zeroed cpumask
Mathias Nyman (1):
usb: port: Don't try to peer unused USB ports based on location
Matthew Wilcox (Oracle) (2):
bounds: support non-power-of-two CONFIG_NR_CPUS
ubifs: Set page uptodate in the correct place
Maulik Shah (1):
PM: suspend: Set mem_sleep_current during kernel command line setup
Max Filippov (1):
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
Maximilian Heyne (2):
ext4: fix corruption during on-line resize
xen/events: close evtchn after mapping cleanup
Michael Ellerman (1):
powerpc/fsl: Fix mfpmr build errors with newer binutils
Michael Kelley (1):
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
Michael Roth (1):
x86/head/64: Re-enable stack protection
Michal Kubecek (1):
kbuild: dummy-tools: adjust to stricter stackprotector check
Mika Westerberg (3):
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
PCI/DPC: Quirk PIO log size for certain Intel Root Ports
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
Mikko Rapeli (2):
mmc: core: Initialize mmc_blk_ioc_data
mmc: core: Avoid negative index with array access
Miklos Szeredi (2):
fuse: fix root lookup with nonzero generation
fuse: don't unhash root
Mikulas Patocka (1):
dm snapshot: fix lockup in dm_exception_table_exit
Min Li (1):
block: add check that partition length needs to be aligned with block size
Minas Harutyunyan (4):
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
Muhammad Usama Anjum (1):
scsi: lpfc: Correct size for wqe for memset()
Nathan Chancellor (4):
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
hexagon: vmlinux.lds.S: handle attributes section
Nicolas Pitre (1):
vt: fix unicode buffer corruption when deleting characters
Nikita Kiryushin (1):
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
Niklas Cassel (1):
PCI: dwc: endpoint: Fix advertised resizable BAR size
Oliver Neukum (1):
usb: cdc-wdm: close race between read and workqueue
Pablo Neira Ayuso (9):
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
netfilter: nf_tables: disallow timeout for anonymous sets
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: flush pending destroy work before exit_net release
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
Paul Barker (1):
net: ravb: Always process TX descriptor ring
Paul Menzel (1):
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
Pawan Gupta (11):
x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
x86/bugs: Add asm helpers for executing VERW
x86/entry_64: Add VERW just before userspace transition
x86/entry_32: Add VERW just before userspace transition
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
KVM/VMX: Move VERW closer to VMentry for MDS mitigation
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
Documentation/hw-vuln: Add documentation for RFDS
x86/rfds: Mitigate Register File Data Sampling (RFDS)
KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
Peter Collingbourne (1):
serial: Lock console when calling into driver before registration
Petr Mladek (1):
printk/console: Split out code that enables default console
Petre Rodan (1):
tools: iio: replace seekdir() in iio_generic_buffer
Piotr Wejman (1):
net: stmmac: fix rx queue priority assignment
Przemek Kitszel (1):
ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
Pu Wen (1):
x86/srso: Add SRSO mitigation for Hygon processors
Qiang Zhang (1):
memtest: use {READ,WRITE}_ONCE in memory scanning
Qingliang Li (1):
PM: sleep: wakeirq: fix wake irq warning in system suspend
Quinn Tran (3):
scsi: qla2xxx: Split FCE|EFT trace control
scsi: qla2xxx: Fix command flush on cable pull
scsi: qla2xxx: Delay I/O Abort on PCI error
Rafael J. Wysocki (1):
PCI/PM: Drain runtime-idle callbacks before driver removal
Randy Dunlap (2):
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
Ricardo B. Marliere (1):
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Richard Weinberger (1):
ubi: Check for too small LEB size in VTBL code
Roberto Sassu (2):
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
Rodrigo Siqueira (1):
drm/amd/display: Return the correct HDCP error code
Roman Smirnov (2):
block: prevent division by zero in blk_rq_stat_sum()
fbmon: prevent division by zero in fb_videomode_from_videomode()
Ryan Roberts (1):
mm: swap: fix race between free_swap_and_cache() and swapoff()
Ryosuke Yasuoka (1):
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
Ryusuke Konishi (2):
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
Salvatore Bonaccorso (1):
scripts: kernel-doc: Fix syntax error due to undeclared args variable
Samasth Norway Ananda (1):
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Samuel Holland (1):
riscv: Fix spurious errors from __get/put_kernel_nofault
Samuel Thibault (1):
speakup: Fix 8bit characters from direct synth
Sandipan Das (1):
x86/cpufeatures: Add new word for scattered features
Sean Anderson (4):
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
Sean Christopherson (3):
KVM: Always flush async #PF workqueue when vCPU is being destroyed
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
Sean V Kelley (2):
PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()
PCI/ERR: Clear AER status only when we control AER
SeongJae Park (1):
selftests/mqueue: Set timeout to 180 seconds
Shannon Nelson (1):
ionic: set adminq irq affinity
Sherry Sun (1):
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
Shin'ichiro Kawasaki (1):
scsi: sd: Fix wrong zone_write_granularity value during revalidate
Song Liu (1):
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
Stanislaw Gruszka (1):
PCI/AER: Block runtime suspend when handling errors
Stephen Lee (1):
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
Steven Rostedt (Google) (5):
ring-buffer: Fix waking up ring buffer readers
ring-buffer: Do not set shortest_full when full target is hit
ring-buffer: Fix resetting of shortest_full
ring-buffer: Fix full_waiters_pending in poll
net: hns3: tracing: fix hclgevf trace event strings
Su Hui (1):
octeontx2-pf: check negative error code in otx2_open()
Sumanth Korikkar (1):
s390/entry: align system call table on 8 bytes
Sumit Garg (1):
tee: optee: Fix kernel panic caused by incorrect error handling
Svyatoslav Pankratov (1):
crypto: qat - fix double free during reset
Tetsuo Handa (1):
sysv: don't call sb_bread() with pointers_lock held
Thadeu Lima de Souza Cascardo (1):
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Thomas Gleixner (3):
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
Tim Schumacher (1):
efivarfs: Request at most 512 bytes for variable names
Toru Katagiri (1):
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
Uwe Kleine-König (1):
PCI: Drop pci_device_remove() test of pci_dev->driver
Vasiliy Kovalev (1):
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Venkata Lakshmi Narayana Gubba (1):
arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor
Vlastimil Babka (1):
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
Wayne Chang (2):
phy: tegra: xusb: Add API to retrieve the port number of phy
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
Wolfram Sang (1):
mmc: tmio: avoid concurrent runs of mmc_request_done()
Xu Wang (1):
vxge: remove unnecessary cast in kfree()
Yang Jihong (1):
perf/core: Fix reentry problem in perf_output_read_group()
Ye Bin (1):
ext4: forbid commit inconsistent quota data when errors=remount-ro
Yu Kuai (1):
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Zack Rusin (2):
drm/vmwgfx: Fix some static checker warnings
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
Zhang Yi (2):
ubi: correct the calculation of fastmap size
ext4: add a hint for block bitmap corrupt state in mb_groups
Zheng Wang (1):
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
Zi Yan (1):
mm/migrate: set swap entry values of THP tail pages properly.
Ziyang Xuan (1):
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
linke li (1):
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
yuan linyu (1):
usb: udc: remove warning when queue disabled ep
1 year, 1 month
- 1
- 1
Linux 5.4.274
by Greg Kroah-Hartman
I'm announcing the release of the 5.4.274 kernel.
All users of the 5.4 kernel series must upgrade.
The updated 5.4.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/admin-guide/hw-vuln/spectre.rst | 18
Documentation/admin-guide/kernel-parameters.txt | 6
Makefile | 2
arch/arm/boot/dts/mmp2-brownstone.dts | 332 ++++------
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12
arch/parisc/include/asm/checksum.h | 107 +--
arch/powerpc/include/asm/reg_fsl_emb.h | 11
arch/powerpc/lib/Makefile | 2
arch/s390/kernel/entry.S | 1
arch/sparc/kernel/nmi.c | 2
arch/sparc/vdso/vma.c | 7
arch/x86/include/asm/cpufeature.h | 6
arch/x86/include/asm/cpufeatures.h | 4
arch/x86/include/asm/disabled-features.h | 3
arch/x86/include/asm/mmu_context.h | 9
arch/x86/include/asm/msr-index.h | 2
arch/x86/include/asm/nospec-branch.h | 7
arch/x86/include/asm/required-features.h | 3
arch/x86/include/asm/unwind_hints.h | 2
arch/x86/kernel/cpu/amd.c | 10
arch/x86/kernel/cpu/bugs.c | 117 +--
arch/x86/kernel/cpu/common.c | 19
arch/x86/kernel/cpu/mce/core.c | 4
arch/x86/mm/ident_map.c | 23
arch/x86/mm/pat.c | 50 +
block/blk-stat.c | 2
drivers/acpi/sleep.c | 12
drivers/ata/ahci.c | 5
drivers/ata/sata_mv.c | 63 -
drivers/ata/sata_sx4.c | 6
drivers/base/power/wakeirq.c | 4
drivers/block/loop.c | 185 +++--
drivers/bluetooth/btintel.c | 2
drivers/clk/qcom/gcc-ipq8074.c | 2
drivers/clk/qcom/gcc-sdm845.c | 1
drivers/clk/qcom/mmcc-apq8084.c | 2
drivers/clk/qcom/mmcc-msm8974.c | 2
drivers/crypto/qat/qat_common/adf_aer.c | 23
drivers/firmware/efi/vars.c | 17
drivers/firmware/meson/meson_sm.c | 96 +-
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4
drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4
drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4
drivers/gpu/drm/exynos/exynos_hdmi.c | 4
drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3
drivers/gpu/drm/i915/gt/intel_lrc.c | 3
drivers/gpu/drm/imx/parallel-display.c | 4
drivers/gpu/drm/vc4/vc4_hdmi.c | 2
drivers/gpu/drm/vkms/vkms_drv.c | 2
drivers/hwmon/amc6821.c | 11
drivers/input/rmi4/rmi_driver.c | 6
drivers/md/dm-integrity.c | 2
drivers/md/dm-raid.c | 2
drivers/md/dm-snap.c | 4
drivers/md/raid5.c | 12
drivers/media/pci/sta2x11/sta2x11_vip.c | 9
drivers/media/tuners/xc4000.c | 4
drivers/misc/vmw_vmci/vmci_datagram.c | 6
drivers/mmc/core/block.c | 14
drivers/mmc/host/tmio_mmc_core.c | 2
drivers/mtd/nand/raw/meson_nand.c | 2
drivers/mtd/ubi/fastmap.c | 7
drivers/mtd/ubi/vtbl.c | 6
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 -
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5
drivers/net/ethernet/realtek/r8169_main.c | 9
drivers/net/ethernet/renesas/ravb_main.c | 7
drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 -
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 -
drivers/net/wireless/ath/ath9k/antenna.c | 2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4
drivers/nvmem/meson-efuse.c | 45 -
drivers/pci/pci-driver.c | 23
drivers/s390/crypto/zcrypt_api.c | 2
drivers/scsi/hosts.c | 7
drivers/scsi/lpfc/lpfc_nportdisc.c | 6
drivers/scsi/lpfc/lpfc_nvmet.c | 2
drivers/scsi/myrb.c | 20
drivers/scsi/myrs.c | 24
drivers/scsi/qla2xxx/qla_target.c | 10
drivers/slimbus/core.c | 4
drivers/soc/fsl/qbman/qman.c | 98 ++
drivers/staging/comedi/drivers/comedi_test.c | 30
drivers/staging/media/ipu3/ipu3-v4l2.c | 16
drivers/staging/speakup/synth.c | 4
drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c | 40 -
drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h | 2
drivers/tty/n_gsm.c | 3
drivers/tty/serial/fsl_lpuart.c | 7
drivers/tty/serial/max310x.c | 7
drivers/tty/vt/vt.c | 4
drivers/usb/class/cdc-wdm.c | 6
drivers/usb/core/port.c | 5
drivers/usb/core/sysfs.c | 16
drivers/usb/dwc2/core.h | 14
drivers/usb/dwc2/core_intr.c | 63 +
drivers/usb/dwc2/gadget.c | 4
drivers/usb/dwc2/hcd.c | 47 +
drivers/usb/dwc2/hcd_ddma.c | 17
drivers/usb/dwc2/hw.h | 2
drivers/usb/gadget/function/f_ncm.c | 2
drivers/usb/gadget/udc/core.c | 4
drivers/usb/host/sl811-hcd.c | 2
drivers/usb/serial/cp210x.c | 4
drivers/usb/serial/ftdi_sio.c | 2
drivers/usb/serial/ftdi_sio_ids.h | 6
drivers/usb/serial/option.c | 6
drivers/usb/storage/isd200.c | 23
drivers/usb/typec/tcpm/tcpci.c | 1
drivers/vfio/pci/vfio_pci_intrs.c | 176 +++--
drivers/vfio/platform/vfio_platform_irq.c | 106 ++-
drivers/vfio/virqfd.c | 21
drivers/video/fbdev/core/fbmon.c | 7
drivers/video/fbdev/via/accel.c | 4
drivers/virtio/virtio.c | 10
drivers/xen/events/events_base.c | 5
fs/aio.c | 8
fs/btrfs/export.c | 9
fs/btrfs/ioctl.c | 25
fs/btrfs/send.c | 10
fs/btrfs/volumes.c | 14
fs/exec.c | 1
fs/ext4/mballoc.c | 17
fs/ext4/resize.c | 3
fs/fat/nfs.c | 6
fs/fuse/fuse_i.h | 1
fs/fuse/inode.c | 7
fs/isofs/inode.c | 18
fs/nilfs2/alloc.c | 38 -
fs/nilfs2/btree.c | 51 -
fs/nilfs2/cpfile.c | 10
fs/nilfs2/dat.c | 14
fs/nilfs2/direct.c | 23
fs/nilfs2/gcinode.c | 2
fs/nilfs2/ifile.c | 4
fs/nilfs2/inode.c | 31
fs/nilfs2/ioctl.c | 37 -
fs/nilfs2/mdt.c | 2
fs/nilfs2/namei.c | 6
fs/nilfs2/nilfs.h | 9
fs/nilfs2/page.c | 11
fs/nilfs2/recovery.c | 32
fs/nilfs2/segbuf.c | 2
fs/nilfs2/segment.c | 38 -
fs/nilfs2/sufile.c | 29
fs/nilfs2/super.c | 57 -
fs/nilfs2/sysfs.c | 29
fs/nilfs2/the_nilfs.c | 85 +-
fs/open.c | 38 -
fs/sysv/itree.c | 10
fs/ubifs/file.c | 13
include/linux/firmware/meson/meson_sm.h | 15
include/linux/frame.h | 11
include/linux/fs.h | 3
include/linux/gfp.h | 9
include/linux/sunrpc/sched.h | 2
include/linux/timer.h | 18
include/linux/vfio.h | 2
include/net/erspan.h | 19
include/net/inet_connection_sock.h | 1
include/net/sock.h | 7
include/soc/fsl/qman.h | 9
include/uapi/linux/input-event-codes.h | 1
init/initramfs.c | 47 -
kernel/bounds.c | 2
kernel/events/core.c | 9
kernel/panic.c | 8
kernel/power/suspend.c | 1
kernel/printk/printk.c | 6
kernel/time/timer.c | 164 ++--
kernel/trace/ring_buffer.c | 51 +
mm/compaction.c | 7
mm/memory-failure.c | 2
mm/memory.c | 4
mm/memtest.c | 4
mm/migrate.c | 6
mm/page_alloc.c | 10
mm/vmscan.c | 5
net/bluetooth/hci_debugfs.c | 48 -
net/bluetooth/hci_event.c | 25
net/core/sock_map.c | 6
net/ipv4/inet_connection_sock.c | 14
net/ipv4/ip_gre.c | 104 ++-
net/ipv4/tcp.c | 2
net/ipv6/ip6_fib.c | 14
net/ipv6/ip6_gre.c | 3
net/mac80211/cfg.c | 5
net/netfilter/nf_tables_api.c | 74 +-
net/nfc/nci/core.c | 5
net/rds/rdma.c | 2
net/sched/act_skbmod.c | 10
net/xfrm/xfrm_user.c | 3
scripts/Makefile.extrawarn | 2
security/smack/smack_lsm.c | 12
sound/pci/hda/patch_realtek.c | 9
sound/sh/aica.c | 17
sound/soc/soc-ops.c | 2
tools/iio/iio_utils.c | 2
tools/objtool/Documentation/stack-validation.txt | 8
tools/objtool/arch/x86/decode.c | 6
tools/objtool/check.c | 64 +
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1
tools/testing/ktest/ktest.pl | 1
tools/testing/selftests/mqueue/setting | 1
tools/testing/selftests/net/reuseaddr_conflict.c | 2
virt/kvm/async_pf.c | 31
208 files changed, 2528 insertions(+), 1429 deletions(-)
Alan Stern (2):
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
USB: core: Fix deadlock in usb_deauthorize_interface()
Aleksandr Burakov (1):
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Aleksandr Loktionov (1):
i40e: fix vf may be used uninitialized in this function warning
Alex Henrie (1):
isofs: handle CDs with bad root inode but good Joliet root directory
Alex Williamson (6):
vfio/platform: Disable virqfds on cleanup
vfio/pci: Disable auto-enable of exclusive INTx IRQ
vfio/pci: Lock external INTx masking ops
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Create persistent INTx handler
vfio/platform: Create persistent IRQ handlers
Alexandre Chartre (2):
objtool: is_fentry_call() crashes if call has no destination
objtool: Add support for intra-function calls
Amit Pundir (1):
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
Andrey Jr. Melnikov (1):
ahci: asm1064: correct count of reported ports
Aric Cyr (1):
drm/amd/display: Fix nanosec stat overflow
Arnd Bergmann (6):
dm integrity: fix out-of-range warning
staging: vc04_services: changen strncpy() to strscpy_pad()
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
scsi: mylex: Fix sysfs buffer lengths
ata: sata_mv: Fix PCI device ID table declaration compilation warning
media: sta2x11: fix irq handler cast
Arseniy Krasnov (1):
mtd: rawnand: meson: fix scrambling mode value in command macro
Aurélien Jacobs (1):
USB: serial: option: add MeiG Smart SLM320 product
Baokun Li (1):
ext4: correct best extent lstart adjustment logic
Bart Van Assche (1):
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
Bastien Nocera (1):
Bluetooth: Fix TOCTOU in HCI debugfs implementation
Borislav Petkov (1):
x86/bugs: Use sysfs_emit()
Borislav Petkov (AMD) (2):
x86/CPU/AMD: Update the Zenbleed microcode revisions
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
Cameron Williams (1):
USB: serial: add device ID for VeriFone adapter
Carlo Caione (1):
firmware: meson_sm: Rework driver as a proper platform driver
Chris Wilson (1):
drm/i915/gt: Reset queue_priority_hint on parking
Christian Häggström (1):
USB: serial: cp210x: add ID for MGP Instruments PDS100
Christoph Hellwig (3):
fs: add a vfs_fchown helper
fs: add a vfs_fchmod helper
initramfs: switch initramfs unpacking to struct file based APIs
Christophe JAILLET (1):
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
Colin Ian King (1):
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Conrad Kostecki (1):
ahci: asm1064: asm1166: don't limit reported ports
Dai Ngo (1):
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Damian Muszynski (1):
crypto: qat - resolve race condition during AER recovery
Dan Carpenter (1):
staging: vc04_services: fix information leak in create_component()
Daniel Drake (1):
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Daniel Vogelbacher (1):
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
Dave Airlie (1):
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Dave Stevenson (2):
staging: mmal-vchiq: Allocate and free components as required
staging: mmal-vchiq: Fix client_component for 64 bit kernel
David Hildenbrand (2):
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
David Sterba (3):
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Dmitry Antipov (1):
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
Dominique Martinet (1):
mmc: core: Fix switch on gp3 partition
Duje Mihanović (1):
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
Duoming Zhou (1):
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
Edward Adam Davis (1):
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet (3):
tcp: properly terminate timers for kernel sockets
net/sched: act_skbmod: prevent kernel-infoleak
erspan: make sure erspan_base_hdr is present in skb->head
Felix Fietkau (1):
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
Filipe Manana (1):
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
Gabor Juhos (3):
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
Genjian Zhang (1):
Revert "loop: Check for overflow while configuring loop"
Gergo Koteles (1):
Input: allocate keycode for Display refresh rate toggle
Goldwyn Rodrigues (1):
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
Greg Kroah-Hartman (1):
Linux 5.4.274
Guenter Roeck (4):
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
Gui-Dong Han (1):
media: xc4000: Fix atomicity violation in xc4000_get_frequency
Guilherme G. Piccoli (1):
scsi: core: Fix unremoved procfs host directory regression
Guo Mengqi (1):
drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()
Hangbin Liu (1):
ip_gre: do not report erspan version on GRE interface
Harald Freudenberger (1):
s390/zcrypt: fix reference counting on zcrypt card objects
Harshit Mogalapalli (1):
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Heiner Kallweit (1):
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
Helge Deller (1):
parisc: Do not hardcode registers in checksum functions
Hidenori Kobayashi (1):
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
Hugo Villeneuve (1):
serial: max310x: fix NULL pointer dereference in I2C instantiation
Hui Wang (1):
Bluetooth: hci_event: set the conn encrypted before conn establishes
I Gede Agastya Darma Laksana (1):
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
Ian Abbott (1):
comedi: comedi_test: Prevent timers rescheduling during deletion
Ingo Molnar (1):
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
Jakub Kicinski (1):
selftests: reuseaddr_conflict: add missing new line at the end of the output
Jakub Sitnicki (1):
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
Jan Kara (1):
fat: fix uninitialized field in nostale filehandles
Jani Nikula (3):
drm/exynos: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
Jerome Brunet (1):
nvmem: meson-efuse: fix function pointer type mismatch
Joe Perches (1):
nilfs2: use a more common logging style
Johan Jonker (2):
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
John Ogness (2):
printk: Update @console_may_schedule in console_trylock_spinning()
panic: Flush kernel log buffer at the end
John Sperbeck (1):
init: open /initrd.image with O_LARGEFILE
Josua Mayer (1):
hwmon: (amc6821) add of_match table
Juergen Gross (1):
x86/alternative: Don't call text_poke() in lazy TLB mode
Justin Tee (1):
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Kailang Yang (1):
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
Kim Phillips (2):
x86/cpu: Support AMD Automatic IBRS
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
Krishna Kurapati (1):
usb: gadget: ncm: Fix handling of zero block length packets
Kuniyuki Iwashima (1):
ipv6: Fix infinite recursion in fib6_dump_done().
Kunwu Chan (1):
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Lin Yujun (1):
Documentation/hw-vuln: Update spectre doc
Liu Shixin (1):
mm/memory-failure: fix an incorrect use of tail pages
Lubomir Rintel (1):
ARM: dts: mmp2-brownstone: Don't redeclare phandle references
Luiz Augusto von Dentz (1):
Bluetooth: btintel: Fixe build regression
Mahmoud Adam (1):
net/rds: fix possible cp null dereference
Marco Felsch (1):
usb: typec: tcpci: add generic tcpci fallback compatible
Martijn Coenen (5):
loop: Call loop_config_discard() only after new config is applied
loop: Remove sector_t truncation checks
loop: Factor out setting loop device size
loop: Refactor loop_set_status() size calculation
loop: Factor out configuring loop from status
Mathias Nyman (1):
usb: port: Don't try to peer unused USB ports based on location
Matthew Wilcox (Oracle) (2):
ubifs: Set page uptodate in the correct place
bounds: support non-power-of-two CONFIG_NR_CPUS
Maulik Shah (1):
PM: suspend: Set mem_sleep_current during kernel command line setup
Max Filippov (1):
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
Maximilian Heyne (2):
ext4: fix corruption during on-line resize
xen/events: close evtchn after mapping cleanup
Michael Ellerman (1):
powerpc/fsl: Fix mfpmr build errors with newer binutils
Mikko Rapeli (2):
mmc: core: Initialize mmc_blk_ioc_data
mmc: core: Avoid negative index with array access
Miklos Szeredi (1):
fuse: don't unhash root
Mikulas Patocka (1):
dm snapshot: fix lockup in dm_exception_table_exit
Minas Harutyunyan (4):
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
Muhammad Usama Anjum (1):
scsi: lpfc: Correct size for wqe for memset()
Nathan Chancellor (3):
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
Nicolas Pitre (1):
vt: fix unicode buffer corruption when deleting characters
Oliver Neukum (1):
usb: cdc-wdm: close race between read and workqueue
Pablo Neira Ayuso (9):
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
netfilter: nf_tables: disallow timeout for anonymous sets
netfilter: nf_tables: flush pending destroy work before exit_net release
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
Paul Barker (1):
net: ravb: Always process TX descriptor ring
Petre Rodan (1):
tools: iio: replace seekdir() in iio_generic_buffer
Piotr Wejman (1):
net: stmmac: fix rx queue priority assignment
Przemek Kitszel (1):
ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
Qiang Zhang (1):
memtest: use {READ,WRITE}_ONCE in memory scanning
Qingliang Li (1):
PM: sleep: wakeirq: fix wake irq warning in system suspend
Quinn Tran (1):
scsi: qla2xxx: Fix command flush on cable pull
Rafael J. Wysocki (1):
PCI/PM: Drain runtime-idle callbacks before driver removal
Randy Dunlap (2):
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
Ricardo B. Marliere (1):
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Richard Weinberger (1):
ubi: Check for too small LEB size in VTBL code
Roberto Sassu (2):
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
Roman Smirnov (2):
block: prevent division by zero in blk_rq_stat_sum()
fbmon: prevent division by zero in fb_videomode_from_videomode()
Rui Qi (1):
x86/speculation: Support intra-function call validation
Ryosuke Yasuoka (1):
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
Ryusuke Konishi (2):
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
Samasth Norway Ananda (1):
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Samuel Thibault (1):
speakup: Fix 8bit characters from direct synth
Sandipan Das (1):
x86/cpufeatures: Add new word for scattered features
Sean Anderson (4):
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
Sean Christopherson (1):
KVM: Always flush async #PF workqueue when vCPU is being destroyed
SeongJae Park (1):
selftests/mqueue: Set timeout to 180 seconds
Shannon Nelson (1):
ionic: set adminq irq affinity
Sherry Sun (1):
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
Siddh Raman Pant (1):
loop: Check for overflow while configuring loop
Song Liu (1):
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
Stephen Lee (1):
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
Steven Rostedt (Google) (2):
ring-buffer: Fix resetting of shortest_full
ring-buffer: Fix full_waiters_pending in poll
Sumanth Korikkar (1):
s390/entry: align system call table on 8 bytes
Svyatoslav Pankratov (1):
crypto: qat - fix double free during reset
Tetsuo Handa (1):
sysv: don't call sb_bread() with pointers_lock held
Thadeu Lima de Souza Cascardo (1):
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Thomas Gleixner (3):
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
Tim Schumacher (1):
efivarfs: Request at most 512 bytes for variable names
Toru Katagiri (1):
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
Uwe Kleine-König (1):
PCI: Drop pci_device_remove() test of pci_dev->driver
Vasiliy Kovalev (1):
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Vlastimil Babka (1):
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
William Tu (2):
erspan: Add type I version 0 support.
erspan: Check IFLA_GRE_ERSPAN_VER is set.
Wolfram Sang (1):
mmc: tmio: avoid concurrent runs of mmc_request_done()
Yang Jihong (1):
perf/core: Fix reentry problem in perf_output_read_group()
Yangxi Xiang (1):
vt: fix memory overlapping when deleting chars in the buffer
Yu Kuai (1):
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Zhang Shurong (1):
firmware: meson_sm: fix to avoid potential NULL pointer dereference
Zhang Yi (1):
ubi: correct the calculation of fastmap size
Zheng Wang (1):
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
Zhong Jinghua (1):
loop: loop_set_status_from_info() check before assignment
Zi Yan (1):
mm/migrate: set swap entry values of THP tail pages properly.
Ziyang Xuan (1):
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
yuan linyu (1):
usb: udc: remove warning when queue disabled ep
1 year, 1 month
- 1
- 1
Linux 4.19.312
by Greg Kroah-Hartman
I'm announcing the release of the 4.19.312 kernel.
All users of the 4.19 kernel series must upgrade.
The updated 4.19.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/admin-guide/hw-vuln/spectre.rst | 18
Documentation/admin-guide/kernel-parameters.txt | 6
Makefile | 2
arch/arm/boot/dts/mmp2-brownstone.dts | 332 ++++------
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12
arch/parisc/include/asm/checksum.h | 107 +--
arch/powerpc/include/asm/reg_fsl_emb.h | 11
arch/powerpc/lib/Makefile | 2
arch/sparc/kernel/nmi.c | 2
arch/sparc/vdso/vma.c | 7
arch/x86/include/asm/cpufeatures.h | 2
arch/x86/include/asm/msr-index.h | 2
arch/x86/kernel/cpu/amd.c | 10
arch/x86/kernel/cpu/bugs.c | 117 +--
arch/x86/kernel/cpu/common.c | 17
arch/x86/mm/ident_map.c | 23
arch/x86/mm/pat.c | 50 +
block/blk-stat.c | 2
drivers/ata/ahci.c | 5
drivers/ata/sata_mv.c | 63 -
drivers/ata/sata_sx4.c | 6
drivers/base/power/wakeirq.c | 4
drivers/block/loop.c | 204 +++---
drivers/bluetooth/btintel.c | 2
drivers/clk/qcom/gcc-ipq8074.c | 2
drivers/clk/qcom/mmcc-apq8084.c | 2
drivers/clk/qcom/mmcc-msm8974.c | 2
drivers/crypto/qat/qat_common/adf_aer.c | 23
drivers/firmware/efi/vars.c | 17
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4
drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4
drivers/gpu/drm/imx/parallel-display.c | 4
drivers/gpu/drm/vc4/vc4_hdmi.c | 2
drivers/gpu/drm/vkms/vkms_drv.c | 2
drivers/hwmon/amc6821.c | 11
drivers/input/rmi4/rmi_driver.c | 6
drivers/md/dm-raid.c | 2
drivers/md/raid5.c | 12
drivers/media/pci/sta2x11/sta2x11_vip.c | 9
drivers/media/tuners/xc4000.c | 4
drivers/misc/vmw_vmci/vmci_datagram.c | 6
drivers/mmc/core/block.c | 10
drivers/mmc/host/tmio_mmc_core.c | 2
drivers/mtd/ubi/fastmap.c | 7
drivers/mtd/ubi/vtbl.c | 6
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 -
drivers/net/ethernet/realtek/r8169_main.c | 9
drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 -
drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 40 -
drivers/net/wireless/ath/ath9k/antenna.c | 2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4
drivers/pci/pci-driver.c | 23
drivers/s390/crypto/zcrypt_api.c | 2
drivers/scsi/lpfc/lpfc_nportdisc.c | 6
drivers/scsi/lpfc/lpfc_nvmet.c | 2
drivers/scsi/qla2xxx/qla_target.c | 10
drivers/slimbus/core.c | 4
drivers/soc/fsl/qbman/qman.c | 98 ++
drivers/staging/comedi/drivers/comedi_test.c | 30
drivers/staging/speakup/synth.c | 4
drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c | 52 +
drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h | 6
drivers/tty/n_gsm.c | 3
drivers/tty/serial/fsl_lpuart.c | 7
drivers/tty/vt/vt.c | 4
drivers/usb/class/cdc-wdm.c | 6
drivers/usb/core/port.c | 5
drivers/usb/core/sysfs.c | 16
drivers/usb/dwc2/core.h | 14
drivers/usb/dwc2/core_intr.c | 63 +
drivers/usb/dwc2/gadget.c | 4
drivers/usb/dwc2/hcd.c | 47 +
drivers/usb/dwc2/hcd_ddma.c | 17
drivers/usb/dwc2/hw.h | 2
drivers/usb/gadget/function/f_ncm.c | 2
drivers/usb/gadget/udc/core.c | 4
drivers/usb/host/sl811-hcd.c | 2
drivers/usb/serial/cp210x.c | 4
drivers/usb/serial/ftdi_sio.c | 2
drivers/usb/serial/ftdi_sio_ids.h | 6
drivers/usb/serial/option.c | 6
drivers/usb/storage/isd200.c | 23
drivers/vfio/platform/vfio_platform_irq.c | 5
drivers/video/fbdev/core/fbmon.c | 7
drivers/video/fbdev/via/accel.c | 4
drivers/virtio/virtio.c | 10
fs/aio.c | 8
fs/btrfs/export.c | 9
fs/btrfs/ioctl.c | 25
fs/btrfs/send.c | 10
fs/btrfs/volumes.c | 12
fs/exec.c | 1
fs/ext4/resize.c | 3
fs/fat/nfs.c | 6
fs/fuse/fuse_i.h | 1
fs/fuse/inode.c | 7
fs/isofs/inode.c | 18
fs/nilfs2/alloc.c | 38 -
fs/nilfs2/btree.c | 51 -
fs/nilfs2/cpfile.c | 10
fs/nilfs2/dat.c | 14
fs/nilfs2/direct.c | 23
fs/nilfs2/gcinode.c | 2
fs/nilfs2/ifile.c | 4
fs/nilfs2/inode.c | 31
fs/nilfs2/ioctl.c | 37 -
fs/nilfs2/mdt.c | 2
fs/nilfs2/namei.c | 6
fs/nilfs2/nilfs.h | 9
fs/nilfs2/page.c | 11
fs/nilfs2/recovery.c | 32
fs/nilfs2/segbuf.c | 2
fs/nilfs2/segment.c | 38 -
fs/nilfs2/sufile.c | 29
fs/nilfs2/super.c | 57 -
fs/nilfs2/sysfs.c | 29
fs/nilfs2/the_nilfs.c | 85 +-
fs/open.c | 38 -
fs/sysv/itree.c | 10
fs/ubifs/file.c | 13
include/linux/fs.h | 3
include/linux/gfp.h | 9
include/linux/sunrpc/sched.h | 2
include/linux/timer.h | 18
include/net/erspan.h | 19
include/net/inet_connection_sock.h | 1
include/net/sock.h | 9
include/soc/fsl/qman.h | 9
include/trace/events/timer.h | 17
include/uapi/linux/input-event-codes.h | 1
init/initramfs.c | 77 +-
kernel/events/core.c | 9
kernel/power/suspend.c | 1
kernel/printk/printk.c | 6
kernel/time/timer.c | 282 ++++++--
mm/compaction.c | 7
mm/memory-failure.c | 2
mm/memory.c | 4
mm/memtest.c | 4
mm/migrate.c | 6
mm/page_alloc.c | 10
mm/vmscan.c | 5
net/bluetooth/hci_debugfs.c | 48 -
net/bluetooth/hci_event.c | 25
net/core/sock.c | 7
net/ipv4/inet_connection_sock.c | 14
net/ipv4/ip_gre.c | 104 ++-
net/ipv4/tcp.c | 2
net/ipv6/ip6_fib.c | 14
net/ipv6/ip6_gre.c | 3
net/mac80211/cfg.c | 5
net/netfilter/nf_tables_api.c | 22
net/nfc/nci/core.c | 5
net/rds/rdma.c | 2
net/sched/act_skbmod.c | 10
net/xfrm/xfrm_user.c | 3
scripts/Makefile.extrawarn | 2
security/smack/smack_lsm.c | 12
sound/pci/hda/patch_realtek.c | 9
sound/sh/aica.c | 17
sound/soc/soc-ops.c | 2
tools/iio/iio_utils.c | 2
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1
tools/testing/ktest/ktest.pl | 1
tools/testing/selftests/net/reuseaddr_conflict.c | 2
virt/kvm/async_pf.c | 31
166 files changed, 2098 insertions(+), 1189 deletions(-)
Alan Stern (2):
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
USB: core: Fix deadlock in usb_deauthorize_interface()
Aleksandr Burakov (1):
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Aleksandr Loktionov (1):
i40e: fix vf may be used uninitialized in this function warning
Alex Henrie (1):
isofs: handle CDs with bad root inode but good Joliet root directory
Alex Williamson (1):
vfio/platform: Disable virqfds on cleanup
Andrey Jr. Melnikov (1):
ahci: asm1064: correct count of reported ports
Anna-Maria Gleixner (3):
timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps
timer/trace: Improve timer tracing
timers: Prepare support for PREEMPT_RT
Aric Cyr (1):
drm/amd/display: Fix nanosec stat overflow
Arnd Bergmann (4):
staging: vc04_services: changen strncpy() to strscpy_pad()
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
ata: sata_mv: Fix PCI device ID table declaration compilation warning
media: sta2x11: fix irq handler cast
Aurélien Jacobs (1):
USB: serial: option: add MeiG Smart SLM320 product
Bart Van Assche (1):
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
Bastien Nocera (1):
Bluetooth: Fix TOCTOU in HCI debugfs implementation
Borislav Petkov (1):
x86/bugs: Use sysfs_emit()
Borislav Petkov (AMD) (1):
x86/CPU/AMD: Update the Zenbleed microcode revisions
Cameron Williams (1):
USB: serial: add device ID for VeriFone adapter
Christian Häggström (1):
USB: serial: cp210x: add ID for MGP Instruments PDS100
Christoph Hellwig (4):
initramfs: factor out a helper to populate the initrd image
fs: add a vfs_fchown helper
fs: add a vfs_fchmod helper
initramfs: switch initramfs unpacking to struct file based APIs
Christophe JAILLET (1):
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
Colin Ian King (1):
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Conrad Kostecki (1):
ahci: asm1064: asm1166: don't limit reported ports
Dai Ngo (1):
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Damian Muszynski (1):
crypto: qat - resolve race condition during AER recovery
Dan Carpenter (1):
staging: vc04_services: fix information leak in create_component()
Daniel Vogelbacher (1):
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
Dave Airlie (1):
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Dave Stevenson (3):
staging: mmal-vchiq: Avoid use of bool in structures
staging: mmal-vchiq: Allocate and free components as required
staging: mmal-vchiq: Fix client_component for 64 bit kernel
David Hildenbrand (2):
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
David Sterba (3):
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Dmitry Antipov (1):
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
Dominique Martinet (1):
mmc: core: Fix switch on gp3 partition
Duje Mihanović (1):
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
Duoming Zhou (1):
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
Edward Adam Davis (1):
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet (3):
tcp: properly terminate timers for kernel sockets
net/sched: act_skbmod: prevent kernel-infoleak
erspan: make sure erspan_base_hdr is present in skb->head
Felix Fietkau (1):
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
Gabor Juhos (3):
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
Geert Uytterhoeven (1):
initramfs: fix populate_initrd_image() section mismatch
Geliang Tang (1):
mptcp: add sk_stop_timer_sync helper
Genjian Zhang (1):
Revert "loop: Check for overflow while configuring loop"
Gergo Koteles (1):
Input: allocate keycode for Display refresh rate toggle
Goldwyn Rodrigues (1):
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
Greg Kroah-Hartman (1):
Linux 4.19.312
Guenter Roeck (4):
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
Gui-Dong Han (1):
media: xc4000: Fix atomicity violation in xc4000_get_frequency
Guo Mengqi (1):
drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()
Hangbin Liu (1):
ip_gre: do not report erspan version on GRE interface
Harald Freudenberger (1):
s390/zcrypt: fix reference counting on zcrypt card objects
Harshit Mogalapalli (1):
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Heiner Kallweit (1):
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
Helge Deller (1):
parisc: Do not hardcode registers in checksum functions
Holger Hoffstätte (1):
loop: properly observe rotational flag of underlying device
Hui Wang (1):
Bluetooth: hci_event: set the conn encrypted before conn establishes
I Gede Agastya Darma Laksana (1):
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
Ian Abbott (1):
comedi: comedi_test: Prevent timers rescheduling during deletion
Ingo Molnar (1):
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
Jakub Kicinski (1):
selftests: reuseaddr_conflict: add missing new line at the end of the output
Jan Kara (1):
fat: fix uninitialized field in nostale filehandles
Jani Nikula (2):
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
Joe Perches (1):
nilfs2: use a more common logging style
Johan Jonker (1):
arm64: dts: rockchip: fix rk3399 hdmi ports node
John Ogness (1):
printk: Update @console_may_schedule in console_trylock_spinning()
John Sperbeck (1):
init: open /initrd.image with O_LARGEFILE
Josua Mayer (1):
hwmon: (amc6821) add of_match table
Justin Tee (1):
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Kailang Yang (1):
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
Kim Phillips (2):
x86/cpu: Support AMD Automatic IBRS
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
Krishna Kurapati (1):
usb: gadget: ncm: Fix handling of zero block length packets
Kuniyuki Iwashima (1):
ipv6: Fix infinite recursion in fib6_dump_done().
Kunwu Chan (1):
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Lin Yujun (1):
Documentation/hw-vuln: Update spectre doc
Liu Shixin (1):
mm/memory-failure: fix an incorrect use of tail pages
Lubomir Rintel (1):
ARM: dts: mmp2-brownstone: Don't redeclare phandle references
Luiz Augusto von Dentz (1):
Bluetooth: btintel: Fixe build regression
Mahmoud Adam (1):
net/rds: fix possible cp null dereference
Martijn Coenen (5):
loop: Call loop_config_discard() only after new config is applied
loop: Remove sector_t truncation checks
loop: Factor out setting loop device size
loop: Refactor loop_set_status() size calculation
loop: Factor out configuring loop from status
Mathias Nyman (1):
usb: port: Don't try to peer unused USB ports based on location
Matthew Wilcox (Oracle) (1):
ubifs: Set page uptodate in the correct place
Maulik Shah (1):
PM: suspend: Set mem_sleep_current during kernel command line setup
Max Filippov (1):
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
Maximilian Heyne (1):
ext4: fix corruption during on-line resize
Michael Ellerman (1):
powerpc/fsl: Fix mfpmr build errors with newer binutils
Miklos Szeredi (1):
fuse: don't unhash root
Minas Harutyunyan (4):
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
Muhammad Usama Anjum (1):
scsi: lpfc: Correct size for wqe for memset()
Nathan Chancellor (3):
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
Nicolas Pitre (1):
vt: fix unicode buffer corruption when deleting characters
Oliver Neukum (1):
usb: cdc-wdm: close race between read and workqueue
Pablo Neira Ayuso (3):
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
netfilter: nf_tables: disallow timeout for anonymous sets
Petre Rodan (1):
tools: iio: replace seekdir() in iio_generic_buffer
Piotr Wejman (1):
net: stmmac: fix rx queue priority assignment
Qiang Zhang (1):
memtest: use {READ,WRITE}_ONCE in memory scanning
Qingliang Li (1):
PM: sleep: wakeirq: fix wake irq warning in system suspend
Quinn Tran (1):
scsi: qla2xxx: Fix command flush on cable pull
Rafael J. Wysocki (1):
PCI/PM: Drain runtime-idle callbacks before driver removal
Randy Dunlap (2):
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
Ricardo B. Marliere (1):
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Richard Weinberger (1):
ubi: Check for too small LEB size in VTBL code
Roberto Sassu (2):
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
Roman Smirnov (2):
block: prevent division by zero in blk_rq_stat_sum()
fbmon: prevent division by zero in fb_videomode_from_videomode()
Ryosuke Yasuoka (1):
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
Ryusuke Konishi (2):
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
Samasth Norway Ananda (1):
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Samuel Thibault (1):
speakup: Fix 8bit characters from direct synth
Sean Anderson (4):
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
Sean Christopherson (1):
KVM: Always flush async #PF workqueue when vCPU is being destroyed
Sherry Sun (1):
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
Siddh Raman Pant (1):
loop: Check for overflow while configuring loop
Song Liu (1):
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
Stephen Lee (1):
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
Svyatoslav Pankratov (1):
crypto: qat - fix double free during reset
Tetsuo Handa (1):
sysv: don't call sb_bread() with pointers_lock held
Thadeu Lima de Souza Cascardo (1):
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Thomas Gleixner (3):
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
Tim Schumacher (1):
efivarfs: Request at most 512 bytes for variable names
Toru Katagiri (1):
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
Uwe Kleine-König (1):
PCI: Drop pci_device_remove() test of pci_dev->driver
Vasiliy Kovalev (1):
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Vlastimil Babka (1):
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
William Tu (2):
erspan: Add type I version 0 support.
erspan: Check IFLA_GRE_ERSPAN_VER is set.
Wolfram Sang (1):
mmc: tmio: avoid concurrent runs of mmc_request_done()
Yang Jihong (1):
perf/core: Fix reentry problem in perf_output_read_group()
Yangxi Xiang (1):
vt: fix memory overlapping when deleting chars in the buffer
Yu Kuai (1):
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Zhang Yi (1):
ubi: correct the calculation of fastmap size
Zheng Wang (1):
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
Zhong Jinghua (1):
loop: loop_set_status_from_info() check before assignment
Zi Yan (1):
mm/migrate: set swap entry values of THP tail pages properly.
Ziyang Xuan (1):
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
yuan linyu (1):
usb: udc: remove warning when queue disabled ep
1 year, 1 month
- 1
- 1
+ mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Miaohe Lin <linmiaohe(a)huawei.com>
Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
Date: Fri, 12 Apr 2024 10:57:54 +0800
extend comment per Oscar
Link: https://lkml.kernel.org/r/20240412025754.1897615-1-linmiaohe@huawei.com
Fixes: a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key")
Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com>
Acked-by: Oscar Salvador <osalvador(a)suse.de>
Cc: <stable(a)vger.kernel.org>
Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/memory-failure.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2
+++ a/mm/memory-failure.c
@@ -159,6 +159,10 @@ static int __page_handle_poison(struct p
* dissolve_free_huge_page() might hold cpu_hotplug_lock via static_key_slow_dec()
* when hugetlb vmemmap optimization is enabled. This will break current lock
* dependency chain and leads to deadlock.
+ * Disabling pcp before dissolving the page was a deterministic approach because
+ * we made sure that those pages cannot end up in any PCP list. Draining PCP lists
+ * expels those pages to the buddy system, but nothing guarantees that those pages
+ * do not get back to a PCP queue if we need to refill those.
*/
ret = dissolve_free_huge_page(page);
if (!ret) {
_
Patches currently in -mm which might be from linmiaohe(a)huawei.com are
mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch
mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch
fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch
1 year, 1 month
- 1
- 0
[PATCH 1/3] drm/xe/vm: prevent UAF with asid based lookup
by Matthew Auld
The asid is only erased from the xarray when the vm refcount reaches
zero, however this leads to potential UAF since the xe_vm_get() only
works on a vm with refcount != 0. Since the asid is allocated in the vm
create ioctl, rather erase it when closing the vm, prior to dropping the
potential last ref. This should also work when user closes driver fd
without explicit vm destroy.
Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs")
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1594
Signed-off-by: Matthew Auld <matthew.auld(a)intel.com>
Cc: Matthew Brost <matthew.brost(a)intel.com>
Cc: <stable(a)vger.kernel.org> # v6.8+
---
drivers/gpu/drm/xe/xe_vm.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c
index a196dbe65252..c5c26b3d1b76 100644
--- a/drivers/gpu/drm/xe/xe_vm.c
+++ b/drivers/gpu/drm/xe/xe_vm.c
@@ -1581,6 +1581,16 @@ void xe_vm_close_and_put(struct xe_vm *vm)
xe->usm.num_vm_in_fault_mode--;
else if (!(vm->flags & XE_VM_FLAG_MIGRATION))
xe->usm.num_vm_in_non_fault_mode--;
+
+ if (vm->usm.asid) {
+ void *lookup;
+
+ xe_assert(xe, xe->info.has_asid);
+ xe_assert(xe, !(vm->flags & XE_VM_FLAG_MIGRATION));
+
+ lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid);
+ xe_assert(xe, lookup == vm);
+ }
mutex_unlock(&xe->usm.lock);
for_each_tile(tile, xe, id)
@@ -1596,24 +1606,15 @@ static void vm_destroy_work_func(struct work_struct *w)
struct xe_device *xe = vm->xe;
struct xe_tile *tile;
u8 id;
- void *lookup;
/* xe_vm_close_and_put was not called? */
xe_assert(xe, !vm->size);
mutex_destroy(&vm->snap_mutex);
- if (!(vm->flags & XE_VM_FLAG_MIGRATION)) {
+ if (!(vm->flags & XE_VM_FLAG_MIGRATION))
xe_device_mem_access_put(xe);
- if (xe->info.has_asid && vm->usm.asid) {
- mutex_lock(&xe->usm.lock);
- lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid);
- xe_assert(xe, lookup == vm);
- mutex_unlock(&xe->usm.lock);
- }
- }
-
for_each_tile(tile, xe, id)
XE_WARN_ON(vm->pt_root[id]);
--
2.44.0
1 year, 1 month
- 3
- 3
[PATCH 6.6 000/114] 6.6.27-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.6.27 release.
There are 114 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.6.27-rc1
Ma Jun <Jun.Ma2(a)amd.com>
Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()"
Vasiliy Kovalev <kovalev(a)altlinux.org>
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Florian Westphal <fw(a)strlen.de>
net: mpls: error out if inner headers are not set
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: btintel: Fixe build regression
Gwendal Grignou <gwendal(a)chromium.org>
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
Kees Cook <keescook(a)chromium.org>
randomize_kstack: Improve entropy diffusion
Yunfei Dong <yunfei.dong(a)mediatek.com>
media: mediatek: vcodec: adding lock to protect encoder context list
Yunfei Dong <yunfei.dong(a)mediatek.com>
media: mediatek: vcodec: adding lock to protect decoder context list
Nicolas Dufresne <nicolas.dufresne(a)collabora.com>
media: mediatek: vcodec: Fix oops when HEVC init fails
Geliang Tang <geliang.tang(a)suse.com>
selftests: mptcp: display simult in extra_msg
Ard Biesheuvel <ardb(a)kernel.org>
gcc-plugins/stackleak: Avoid .head.text section
Tim Crawford <tcrawford(a)system76.com>
ALSA: hda/realtek: Add quirks for some Clevo laptops
Roman Smirnov <r.smirnov(a)omp.ru>
fbmon: prevent division by zero in fb_videomode_from_videomode()
Jiawei Fu (iBug) <i(a)ibugone.com>
drivers/nvme: Add quirks for device 126f:2262
Max Kellermann <max.kellermann(a)ionos.com>
modpost: fix null pointer dereference
Jens Axboe <axboe(a)kernel.dk>
io_uring: clear opcode specific data for an early failure
Aleksandr Burakov <a.burakov(a)rosalinux.ru>
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Roger Pau Monne <roger.pau(a)citrix.com>
x86/xen: attempt to inflate the memory balloon on PVH
Chancel Liu <chancel.liu(a)nxp.com>
ASoC: soc-core.c: Skip dummy codec when adding platforms
Konrad Dybcio <konrad.dybcio(a)linaro.org>
thermal/of: Assume polling-delay(-passive) 0 when absent
M Cooley <m.cooley.198(a)gmail.com>
ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE
Colin Ian King <colin.i.king(a)gmail.com>
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Marco Felsch <m.felsch(a)pengutronix.de>
usb: typec: tcpci: add generic tcpci fallback compatible
Mika Westerberg <mika.westerberg(a)linux.intel.com>
thunderbolt: Keep the domain powered when USB4 port is in redrive mode
Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org>
usb: typec: ucsi: Limit read size on v1.2
Michael Grzeschik <m.grzeschik(a)pengutronix.de>
usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
Tejun Heo <tj(a)kernel.org>
kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id()
Jeffrey Hugo <quic_jhugo(a)quicinc.com>
bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
Petre Rodan <petre.rodan(a)subdimension.ro>
tools: iio: replace seekdir() in iio_generic_buffer
linke li <lilinke99(a)qq.com>
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
Matt Scialabba <matt.git(a)fastmail.fm>
Input: xpad - add support for Snakebyte GAMEPADs
Ricardo B. Marliere <ricardo(a)marliere.net>
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Jichi Zhang <i(a)jichi.ca>
ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9
Sandipan Das <sandipan.das(a)amd.com>
perf/x86/amd/lbr: Discard erroneous branch entries
Alban Boyé <alban.boye(a)protonmail.com>
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Gergo Koteles <soyer(a)irl.hu>
Input: allocate keycode for Display refresh rate toggle
Duje Mihanović <duje.mihanovic(a)skole.hr>
Input: imagis - use FIELD_GET where applicable
Manjunath Patil <manjunath.b.patil(a)oracle.com>
RDMA/cm: add timeout to cm_destroy_id wait
Roman Smirnov <r.smirnov(a)omp.ru>
block: prevent division by zero in blk_rq_stat_sum()
Junhao He <hejunhao3(a)huawei.com>
drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09
Markuss Broks <markuss.broks(a)gmail.com>
input/touchscreen: imagis: Correct the maximum touch area value
Ian Rogers <irogers(a)google.com>
libperf evlist: Avoid out-of-bounds access
Daniel Drake <drake(a)endlessos.org>
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Daniel Drake <drake(a)endlessos.org>
PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge
Dai Ngo <dai.ngo(a)oracle.com>
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Shradha Gupta <shradhagupta(a)linux.microsoft.com>
drm: Check output polling initialized before disabling
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
Dmitry Torokhov <dmitry.torokhov(a)gmail.com>
HID: input: avoid polling stylus battery on Chromebook Pompom
Jarkko Nikula <jarkko.nikula(a)linux.intel.com>
i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC
Koby Elbaz <kelbaz(a)habana.ai>
accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings
Aric Cyr <aric.cyr(a)amd.com>
drm/amd/display: Fix nanosec stat overflow
Ye Bin <yebin10(a)huawei.com>
ext4: forbid commit inconsistent quota data when errors=remount-ro
Zhang Yi <yi.zhang(a)huawei.com>
ext4: add a hint for block bitmap corrupt state in mb_groups
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Populate board selection with new I2S entries
Takashi Sakamoto <o-takashi(a)sakamocchi.jp>
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Arnd Bergmann <arnd(a)arndb.de>
media: sta2x11: fix irq handler cast
Mike Marshall <hubcap(a)omnibond.com>
Julia Lawall reported this null pointer dereference, this should fix it.
Paul E. McKenney <paulmck(a)kernel.org>
rcu-tasks: Repair RCU Tasks Trace quiescence check
Zqiang <qiang.zhang1211(a)gmail.com>
rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
mosomate <mosomate(a)gmail.com>
ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops
Alex Henrie <alexhenrie24(a)gmail.com>
isofs: handle CDs with bad root inode but good Joliet root directory
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
sysv: don't call sb_bread() with pointers_lock held
Geert Uytterhoeven <geert+renesas(a)glider.be>
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Christian König <christian.koenig(a)amd.com>
drm/ttm: return ENOSPC from ttm_bo_mem_space v3
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
ASoC: SOF: amd: Optimize quirk for Valve Galileo
Samuel Dionne-Riel <samuel(a)dionne-riel.com>
drm: panel-orientation-quirks: Add quirk for GPD Win Mini
Kunwu Chan <chentao(a)kylinos.cn>
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Maíra Canal <mcanal(a)igalia.com>
drm/vc4: don't check if plane->state->fb == state->fb
Vinicius Peixoto <nukelet64(a)gmail.com>
Bluetooth: Add new quirk for broken read key length on ATS2851
Takashi Iwai <tiwai(a)suse.de>
Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
Edward Adam Davis <eadavis(a)qq.com>
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet <edumazet(a)google.com>
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Jacob Keller <jacob.e.keller(a)intel.com>
ice: use relative VSI index for VFs instead of PF VSI number
David Sterba <dsterba(a)suse.com>
btrfs: send: handle path ref underflow in header iterate_inode_ref()
David Sterba <dsterba(a)suse.com>
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
David Sterba <dsterba(a)suse.com>
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
Johannes Berg <johannes.berg(a)intel.com>
wifi: cfg80211: check A-MSDU format more carefully
Takashi Iwai <tiwai(a)suse.de>
wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm
Kees Cook <keescook(a)chromium.org>
overflow: Allow non-type arg to type_max() and type_min()
Viresh Kumar <viresh.kumar(a)linaro.org>
cpufreq: Don't unregister cpufreq cooling on CPU hotplug
Baochen Qiang <quic_bqiang(a)quicinc.com>
wifi: ath11k: decrease MHI channel buffer length to 8KB
Rick Edgecombe <rick.p.edgecombe(a)intel.com>
dma-direct: Leak pages on dma_set_decrypted() failure
Serge Semin <fancer.lancer(a)gmail.com>
net: pcs: xpcs: Return EINVAL in the internal methods
Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com>
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Kunwu Chan <chentao(a)kylinos.cn>
pstore/zone: Add a null pointer check to the psz_kmsg_read
Hans de Goede <hdegoede(a)redhat.com>
ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: add locking for accessing mapped registers
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: disable AMSDU for non-data frames
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7915: add locking for accessing mapped registers
Hans de Goede <hdegoede(a)redhat.com>
wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
Markus Elfring <elfring(a)users.sourceforge.net>
firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename()
Florian Westphal <fw(a)strlen.de>
net: skbuff: add overflow debug check to pull/push helpers
Shannon Nelson <shannon.nelson(a)amd.com>
ionic: set adminq irq affinity
Adam Ford <aford173(a)gmail.com>
pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain
Kunwu Chan <chentao(a)kylinos.cn>
pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
Eric Dumazet <edumazet(a)google.com>
net: add netdev_lockdep_set_classes() to virtual drivers
Johan Jonker <jbx6244(a)gmail.com>
arm64: dts: rockchip: fix rk3399 hdmi ports node
Johan Jonker <jbx6244(a)gmail.com>
arm64: dts: rockchip: fix rk3328 hdmi ports node
Johan Jonker <jbx6244(a)gmail.com>
ARM: dts: rockchip: fix rk322x hdmi ports node
Johan Jonker <jbx6244(a)gmail.com>
ARM: dts: rockchip: fix rk3288 hdmi ports node
C Cheng <C.Cheng(a)mediatek.com>
cpuidle: Avoid potential overflow in integer multiplication
John Ogness <john.ogness(a)linutronix.de>
panic: Flush kernel log buffer at the end
John Ogness <john.ogness(a)linutronix.de>
printk: For @suppress_panic_printk check for other CPU in panic
Mukesh Sisodiya <mukesh.sisodiya(a)intel.com>
wifi: iwlwifi: pcie: Add the PCI device id for new hardware
Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
Andre Werner <andre.werner(a)systec-electronic.com>
net: phy: phy_device: Prevent nullptr exceptions on ISR
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
net: stmmac: dwmac-starfive: Add support for JH7100 SoC
Markus Elfring <elfring(a)users.sourceforge.net>
batman-adv: Improve exception handling in batadv_throw_uevent()
Markus Elfring <elfring(a)users.sourceforge.net>
batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()
Kees Cook <keescook(a)chromium.org>
bnx2x: Fix firmware version string character counts
Po-Hao Huang <phhuang(a)realtek.com>
wifi: rtw89: fix null pointer access when abort scan
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++--
arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++-
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++-
arch/x86/events/amd/lbr.c | 6 +-
arch/x86/include/asm/xen/hypervisor.h | 5 ++
arch/x86/pci/fixup.c | 48 ++++++++++++
arch/x86/platform/pvh/enlighten.c | 3 +
arch/x86/xen/enlighten.c | 32 ++++++++
arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++
arch/x86/xen/setup.c | 44 -----------
arch/x86/xen/xen-ops.h | 14 ++++
block/blk-stat.c | 2 +-
drivers/accel/habanalabs/common/habanalabs.h | 2 +-
drivers/acpi/sleep.c | 12 ---
drivers/acpi/x86/utils.c | 18 ++++-
drivers/bluetooth/btintel.c | 2 +-
drivers/bluetooth/btmtk.c | 1 +
drivers/bluetooth/btmtk.h | 1 +
drivers/bluetooth/btusb.c | 1 +
drivers/bus/mhi/host/init.c | 1 +
drivers/bus/mhi/host/internal.h | 9 ++-
drivers/bus/mhi/host/pm.c | 20 ++++-
drivers/cpufreq/cpufreq.c | 17 +++--
drivers/cpuidle/driver.c | 3 +-
drivers/firmware/tegra/bpmp-debugfs.c | 2 +-
.../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +-
drivers/gpu/drm/drm_modeset_helper.c | 19 ++++-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++
drivers/gpu/drm/drm_probe_helper.c | 13 +++-
drivers/gpu/drm/ttm/ttm_bo.c | 7 +-
drivers/gpu/drm/vc4/vc4_plane.c | 5 +-
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-input.c | 2 +
drivers/i2c/busses/i2c-designware-core.h | 2 +-
drivers/infiniband/core/cm.c | 20 ++++-
drivers/input/joystick/xpad.c | 3 +
drivers/input/rmi4/rmi_driver.c | 6 +-
drivers/input/touchscreen/imagis.c | 20 ++---
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +--
.../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +-
.../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++
.../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 +
.../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +-
.../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 +
.../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++
.../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 +
.../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 +
drivers/misc/vmw_vmci/vmci_datagram.c | 6 +-
drivers/net/dummy.c | 1 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++-
.../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++--
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +--
drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +-
drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +-
.../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++-
drivers/net/geneve.c | 1 +
drivers/net/loopback.c | 1 +
drivers/net/pcs/pcs-xpcs.c | 4 +-
drivers/net/phy/phy_device.c | 13 ++--
drivers/net/veth.c | 1 +
drivers/net/vxlan/vxlan_core.c | 1 +
drivers/net/wireless/ath/ath11k/mhi.c | 2 +-
drivers/net/wireless/ath/ath9k/antenna.c | 2 +-
.../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++
drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++
drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 +
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++--
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +-
drivers/net/wireless/realtek/rtw89/pci.h | 2 +-
drivers/nvme/host/pci.c | 3 +
drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++-
drivers/pinctrl/renesas/core.c | 4 +-
drivers/platform/x86/intel/vbtn.c | 5 +-
drivers/platform/x86/touchscreen_dmi.c | 9 +++
drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +--
drivers/pmdomain/ti/omap_prm.c | 2 +
drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +-
drivers/soundwire/dmi-quirks.c | 8 ++
drivers/thermal/thermal_of.c | 12 ++-
drivers/thunderbolt/quirks.c | 14 ++++
drivers/thunderbolt/tb.c | 49 ++++++++++++-
drivers/thunderbolt/tb.h | 4 +
drivers/usb/gadget/function/uvc_video.c | 3 +
drivers/usb/host/sl811-hcd.c | 2 +
drivers/usb/typec/tcpm/tcpci.c | 1 +
drivers/usb/typec/ucsi/ucsi.c | 26 ++++++-
drivers/usb/typec/ucsi/ucsi.h | 11 +++
drivers/video/fbdev/core/fbmon.c | 7 +-
drivers/video/fbdev/via/accel.c | 4 +-
drivers/xen/balloon.c | 2 -
fs/btrfs/export.c | 9 ++-
fs/btrfs/send.c | 10 ++-
fs/btrfs/volumes.c | 12 ++-
fs/ext4/mballoc.c | 5 +-
fs/ext4/super.c | 12 +++
fs/isofs/inode.c | 18 ++++-
fs/kernfs/dir.c | 31 +++++---
fs/kernfs/kernfs-internal.h | 2 +
fs/orangefs/super.c | 2 +-
fs/pstore/zone.c | 2 +
fs/sysv/itree.c | 10 +--
include/acpi/acpi_bus.h | 22 +++---
include/linux/kernfs.h | 2 +
include/linux/overflow.h | 12 +--
include/linux/randomize_kstack.h | 2 +-
include/linux/rcupdate.h | 4 +-
include/linux/skbuff.h | 11 +++
include/linux/sunrpc/sched.h | 2 +-
include/net/bluetooth/hci.h | 8 ++
include/uapi/linux/input-event-codes.h | 1 +
io_uring/io_uring.c | 25 ++++---
kernel/dma/direct.c | 9 ++-
kernel/panic.c | 8 ++
kernel/printk/printk.c | 3 +-
kernel/rcu/tree_nocb.h | 2 +-
kernel/trace/ring_buffer.c | 2 +-
net/batman-adv/distributed-arp-table.c | 3 +-
net/batman-adv/main.c | 14 ++--
net/bluetooth/hci_event.c | 3 +-
net/ipv4/ip_tunnel.c | 1 +
net/ipv6/ip6_gre.c | 2 +
net/ipv6/ip6_tunnel.c | 1 +
net/ipv6/ip6_vti.c | 1 +
net/ipv6/sit.c | 1 +
net/mpls/mpls_gso.c | 3 +
net/smc/smc_pnet.c | 10 +++
net/wireless/util.c | 14 +++-
scripts/gcc-plugins/stackleak_plugin.c | 2 +
scripts/mod/modpost.c | 4 +-
sound/firewire/amdtp-stream.c | 12 ++-
sound/firewire/amdtp-stream.h | 4 +
sound/pci/hda/patch_realtek.c | 12 +++
sound/soc/amd/yc/acp6x-mach.c | 7 ++
sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++
sound/soc/intel/boards/sof_sdw.c | 11 +++
sound/soc/soc-core.c | 3 +
sound/soc/sof/amd/acp.c | 3 +-
tools/iio/iio_utils.c | 2 +-
tools/lib/perf/evlist.c | 18 +++--
tools/lib/perf/include/internal/evlist.h | 4 +-
.../x86_energy_perf_policy.c | 1 +
tools/testing/ktest/ktest.pl | 1 +
tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 +-
152 files changed, 1140 insertions(+), 318 deletions(-)
1 year, 1 month
- 11
- 125
[PATCH 6.1 00/83] 6.1.86-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.1.86 release.
There are 83 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.86-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.1.86-rc1
Ma Jun <Jun.Ma2(a)amd.com>
Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()"
Vasiliy Kovalev <kovalev(a)altlinux.org>
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Florian Westphal <fw(a)strlen.de>
net: mpls: error out if inner headers are not set
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: btintel: Fixe build regression
Gwendal Grignou <gwendal(a)chromium.org>
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
Kees Cook <keescook(a)chromium.org>
randomize_kstack: Improve entropy diffusion
David Hildenbrand <david(a)redhat.com>
virtio: reenable config if freezing device failed
Martin K. Petersen <martin.petersen(a)oracle.com>
scsi: sd: usb_storage: uas: Access media prior to querying device properties
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Revert "scsi: core: Add struct for args to execution functions"
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties"
Ard Biesheuvel <ardb(a)kernel.org>
gcc-plugins/stackleak: Avoid .head.text section
Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com>
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: discard table flag update with pending basechain deletion
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: release batch on table validation from abort path
Roman Smirnov <r.smirnov(a)omp.ru>
fbmon: prevent division by zero in fb_videomode_from_videomode()
Jiawei Fu (iBug) <i(a)ibugone.com>
drivers/nvme: Add quirks for device 126f:2262
Jens Axboe <axboe(a)kernel.dk>
io_uring: clear opcode specific data for an early failure
Aleksandr Burakov <a.burakov(a)rosalinux.ru>
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Chancel Liu <chancel.liu(a)nxp.com>
ASoC: soc-core.c: Skip dummy codec when adding platforms
Konrad Dybcio <konrad.dybcio(a)linaro.org>
thermal/of: Assume polling-delay(-passive) 0 when absent
Colin Ian King <colin.i.king(a)gmail.com>
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Marco Felsch <m.felsch(a)pengutronix.de>
usb: typec: tcpci: add generic tcpci fallback compatible
Mika Westerberg <mika.westerberg(a)linux.intel.com>
thunderbolt: Keep the domain powered when USB4 port is in redrive mode
Michael Grzeschik <m.grzeschik(a)pengutronix.de>
usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
Jeffrey Hugo <quic_jhugo(a)quicinc.com>
bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
Petre Rodan <petre.rodan(a)subdimension.ro>
tools: iio: replace seekdir() in iio_generic_buffer
linke li <lilinke99(a)qq.com>
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
Ricardo B. Marliere <ricardo(a)marliere.net>
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Sandipan Das <sandipan.das(a)amd.com>
perf/x86/amd/lbr: Discard erroneous branch entries
Alban Boyé <alban.boye(a)protonmail.com>
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Gergo Koteles <soyer(a)irl.hu>
Input: allocate keycode for Display refresh rate toggle
Duje Mihanović <duje.mihanovic(a)skole.hr>
Input: imagis - use FIELD_GET where applicable
Manjunath Patil <manjunath.b.patil(a)oracle.com>
RDMA/cm: add timeout to cm_destroy_id wait
Roman Smirnov <r.smirnov(a)omp.ru>
block: prevent division by zero in blk_rq_stat_sum()
Markuss Broks <markuss.broks(a)gmail.com>
input/touchscreen: imagis: Correct the maximum touch area value
Ian Rogers <irogers(a)google.com>
libperf evlist: Avoid out-of-bounds access
Daniel Drake <drake(a)endlessos.org>
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Dai Ngo <dai.ngo(a)oracle.com>
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
Aric Cyr <aric.cyr(a)amd.com>
drm/amd/display: Fix nanosec stat overflow
Ye Bin <yebin10(a)huawei.com>
ext4: forbid commit inconsistent quota data when errors=remount-ro
Zhang Yi <yi.zhang(a)huawei.com>
ext4: add a hint for block bitmap corrupt state in mb_groups
Takashi Sakamoto <o-takashi(a)sakamocchi.jp>
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Arnd Bergmann <arnd(a)arndb.de>
media: sta2x11: fix irq handler cast
Mike Marshall <hubcap(a)omnibond.com>
Julia Lawall reported this null pointer dereference, this should fix it.
Paul E. McKenney <paulmck(a)kernel.org>
rcu-tasks: Repair RCU Tasks Trace quiescence check
mosomate <mosomate(a)gmail.com>
ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops
Alex Henrie <alexhenrie24(a)gmail.com>
isofs: handle CDs with bad root inode but good Joliet root directory
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
sysv: don't call sb_bread() with pointers_lock held
Geert Uytterhoeven <geert+renesas(a)glider.be>
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Samuel Dionne-Riel <samuel(a)dionne-riel.com>
drm: panel-orientation-quirks: Add quirk for GPD Win Mini
Kunwu Chan <chentao(a)kylinos.cn>
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Maíra Canal <mcanal(a)igalia.com>
drm/vc4: don't check if plane->state->fb == state->fb
Takashi Iwai <tiwai(a)suse.de>
Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
Edward Adam Davis <eadavis(a)qq.com>
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet <edumazet(a)google.com>
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Jacob Keller <jacob.e.keller(a)intel.com>
ice: use relative VSI index for VFs instead of PF VSI number
David Sterba <dsterba(a)suse.com>
btrfs: send: handle path ref underflow in header iterate_inode_ref()
David Sterba <dsterba(a)suse.com>
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
David Sterba <dsterba(a)suse.com>
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
Viresh Kumar <viresh.kumar(a)linaro.org>
cpufreq: Don't unregister cpufreq cooling on CPU hotplug
Baochen Qiang <quic_bqiang(a)quicinc.com>
wifi: ath11k: decrease MHI channel buffer length to 8KB
Rick Edgecombe <rick.p.edgecombe(a)intel.com>
dma-direct: Leak pages on dma_set_decrypted() failure
Serge Semin <fancer.lancer(a)gmail.com>
net: pcs: xpcs: Return EINVAL in the internal methods
Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com>
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Kunwu Chan <chentao(a)kylinos.cn>
pstore/zone: Add a null pointer check to the psz_kmsg_read
Hans de Goede <hdegoede(a)redhat.com>
wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
Markus Elfring <elfring(a)users.sourceforge.net>
firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename()
Florian Westphal <fw(a)strlen.de>
net: skbuff: add overflow debug check to pull/push helpers
Shannon Nelson <shannon.nelson(a)amd.com>
ionic: set adminq irq affinity
Johan Jonker <jbx6244(a)gmail.com>
arm64: dts: rockchip: fix rk3399 hdmi ports node
Johan Jonker <jbx6244(a)gmail.com>
arm64: dts: rockchip: fix rk3328 hdmi ports node
C Cheng <C.Cheng(a)mediatek.com>
cpuidle: Avoid potential overflow in integer multiplication
John Ogness <john.ogness(a)linutronix.de>
panic: Flush kernel log buffer at the end
Mukesh Sisodiya <mukesh.sisodiya(a)intel.com>
wifi: iwlwifi: pcie: Add the PCI device id for new hardware
Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
Markus Elfring <elfring(a)users.sourceforge.net>
batman-adv: Improve exception handling in batadv_throw_uevent()
Markus Elfring <elfring(a)users.sourceforge.net>
batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()
Kees Cook <keescook(a)chromium.org>
bnx2x: Fix firmware version string character counts
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
-------------
Diffstat:
Makefile | 4 +-
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++++-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++++-
arch/x86/events/amd/lbr.c | 6 ++-
block/blk-stat.c | 2 +-
drivers/acpi/sleep.c | 12 -----
drivers/bluetooth/btintel.c | 2 +-
drivers/bluetooth/btmtk.c | 1 +
drivers/bluetooth/btmtk.h | 1 +
drivers/bus/mhi/host/init.c | 1 +
drivers/bus/mhi/host/internal.h | 9 ++--
drivers/bus/mhi/host/pm.c | 20 +++++++--
drivers/cpufreq/cpufreq.c | 17 ++++---
drivers/cpuidle/driver.c | 3 +-
drivers/firmware/tegra/bpmp-debugfs.c | 2 +-
.../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++++
drivers/gpu/drm/vc4/vc4_plane.c | 5 +--
drivers/infiniband/core/cm.c | 20 ++++++++-
drivers/input/rmi4/rmi_driver.c | 6 ++-
drivers/input/touchscreen/imagis.c | 20 ++++-----
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 ++--
drivers/misc/vmw_vmci/vmci_datagram.c | 6 ++-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++--
.../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +++---
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +---
drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 ++++
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 ++-
drivers/net/pcs/pcs-xpcs.c | 4 +-
drivers/net/wireless/ath/ath11k/mhi.c | 2 +-
drivers/net/wireless/ath/ath9k/antenna.c | 2 +-
.../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 ++++
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 +
drivers/net/wireless/realtek/rtw89/pci.h | 2 +-
drivers/nvme/host/pci.c | 3 ++
drivers/pinctrl/renesas/core.c | 4 +-
drivers/platform/x86/intel/vbtn.c | 5 ++-
drivers/platform/x86/touchscreen_dmi.c | 9 ++++
drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++-
drivers/scsi/scsi_lib.c | 52 +++++++++++-----------
drivers/scsi/sd.c | 4 +-
drivers/soundwire/dmi-quirks.c | 8 ++++
drivers/thermal/thermal_of.c | 12 +++--
drivers/thunderbolt/quirks.c | 14 ++++++
drivers/thunderbolt/tb.c | 49 +++++++++++++++++++-
drivers/thunderbolt/tb.h | 4 ++
drivers/tty/n_gsm.c | 3 ++
drivers/usb/gadget/function/uvc_video.c | 3 ++
drivers/usb/host/sl811-hcd.c | 2 +
drivers/usb/typec/tcpm/tcpci.c | 1 +
drivers/video/fbdev/core/fbmon.c | 7 +--
drivers/video/fbdev/via/accel.c | 4 +-
drivers/virtio/virtio.c | 10 ++++-
fs/btrfs/export.c | 9 +++-
fs/btrfs/send.c | 10 ++++-
fs/btrfs/volumes.c | 12 ++++-
fs/ext4/mballoc.c | 5 ++-
fs/ext4/super.c | 12 +++++
fs/isofs/inode.c | 18 +++++++-
fs/orangefs/super.c | 2 +-
fs/pstore/zone.c | 2 +
fs/sysv/itree.c | 10 ++---
include/linux/randomize_kstack.h | 2 +-
include/linux/rcupdate.h | 4 +-
include/linux/skbuff.h | 11 +++++
include/linux/sunrpc/sched.h | 2 +-
include/scsi/scsi_device.h | 51 ++++++---------------
include/uapi/linux/input-event-codes.h | 1 +
io_uring/io_uring.c | 25 +++++++----
kernel/dma/direct.c | 9 ++--
kernel/panic.c | 8 ++++
kernel/trace/ring_buffer.c | 2 +-
net/batman-adv/distributed-arp-table.c | 3 +-
net/batman-adv/main.c | 14 +++---
net/mpls/mpls_gso.c | 3 ++
net/netfilter/nf_tables_api.c | 47 ++++++++++++++-----
net/smc/smc_pnet.c | 10 +++++
scripts/gcc-plugins/stackleak_plugin.c | 2 +
sound/firewire/amdtp-stream.c | 12 +++--
sound/firewire/amdtp-stream.h | 4 ++
sound/soc/intel/boards/sof_sdw.c | 11 +++++
sound/soc/soc-core.c | 3 ++
tools/iio/iio_utils.c | 2 +-
tools/lib/perf/evlist.c | 18 +++++---
tools/lib/perf/include/internal/evlist.h | 4 +-
.../x86_energy_perf_policy.c | 1 +
tools/testing/ktest/ktest.pl | 1 +
88 files changed, 552 insertions(+), 231 deletions(-)
1 year, 1 month
- 12
- 97
[to-be-updated] bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: bootconfig: use memblock_free_late to free xbc memory to buddy
has been removed from the -mm tree. Its filename was
bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Qiang Zhang <qiang4.zhang(a)intel.com>
Subject: bootconfig: use memblock_free_late to free xbc memory to buddy
Date: Fri, 12 Apr 2024 10:41:04 +0800
At the time to free xbc memory, memblock has handed over memory to buddy
allocator. So it doesn't make sense to free memory back to memblock.
memblock_free() called by xbc_exit() even causes UAF bugs on architectures
with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs
shows this case.
[ 9.410890] ==================================================================
[ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260
[ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1
[ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5
[ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023
[ 9.460789] Call Trace:
[ 9.463518] <TASK>
[ 9.465859] dump_stack_lvl+0x53/0x70
[ 9.469949] print_report+0xce/0x610
[ 9.473944] ? __virt_addr_valid+0xf5/0x1b0
[ 9.478619] ? memblock_isolate_range+0x12d/0x260
[ 9.483877] kasan_report+0xc6/0x100
[ 9.487870] ? memblock_isolate_range+0x12d/0x260
[ 9.493125] memblock_isolate_range+0x12d/0x260
[ 9.498187] memblock_phys_free+0xb4/0x160
[ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10
[ 9.508021] ? mutex_unlock+0x7e/0xd0
[ 9.512111] ? __pfx_mutex_unlock+0x10/0x10
[ 9.516786] ? kernel_init_freeable+0x2d4/0x430
[ 9.521850] ? __pfx_kernel_init+0x10/0x10
[ 9.526426] xbc_exit+0x17/0x70
[ 9.529935] kernel_init+0x38/0x1e0
[ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30
[ 9.538601] ret_from_fork+0x2c/0x50
[ 9.542596] ? __pfx_kernel_init+0x10/0x10
[ 9.547170] ret_from_fork_asm+0x1a/0x30
[ 9.551552] </TASK>
[ 9.555649] The buggy address belongs to the physical page:
[ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30
[ 9.570821] flags: 0x200000000000000(node=0|zone=2)
[ 9.576271] page_type: 0xffffffff()
[ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000
[ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 9.597476] page dumped because: kasan: bad access detected
[ 9.605362] Memory state around the buggy address:
[ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.634930] ^
[ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.654675] ==================================================================
Link: https://lkml.kernel.org/r/20240412024103.3078378-1-qiang4.zhang@linux.intel…
Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com>
Cc: Masami Hiramatsu <mhiramat(a)kernel.org>
Cc: Mike Rapoport <rppt(a)linux.ibm.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
lib/bootconfig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy
+++ a/lib/bootconfig.c
@@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_me
static inline void __init xbc_free_mem(void *addr, size_t size)
{
- memblock_free(addr, size);
+ memblock_free_late(__pa(addr), size);
}
#else /* !__KERNEL__ */
_
Patches currently in -mm which might be from qiang4.zhang(a)intel.com are
1 year, 1 month
- 1
- 0
+ bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: bootconfig: use memblock_free_late to free xbc memory to buddy
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Qiang Zhang <qiang4.zhang(a)intel.com>
Subject: bootconfig: use memblock_free_late to free xbc memory to buddy
Date: Fri, 12 Apr 2024 10:41:04 +0800
At the time to free xbc memory, memblock has handed over memory to buddy
allocator. So it doesn't make sense to free memory back to memblock.
memblock_free() called by xbc_exit() even causes UAF bugs on architectures
with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs
shows this case.
[ 9.410890] ==================================================================
[ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260
[ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1
[ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5
[ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023
[ 9.460789] Call Trace:
[ 9.463518] <TASK>
[ 9.465859] dump_stack_lvl+0x53/0x70
[ 9.469949] print_report+0xce/0x610
[ 9.473944] ? __virt_addr_valid+0xf5/0x1b0
[ 9.478619] ? memblock_isolate_range+0x12d/0x260
[ 9.483877] kasan_report+0xc6/0x100
[ 9.487870] ? memblock_isolate_range+0x12d/0x260
[ 9.493125] memblock_isolate_range+0x12d/0x260
[ 9.498187] memblock_phys_free+0xb4/0x160
[ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10
[ 9.508021] ? mutex_unlock+0x7e/0xd0
[ 9.512111] ? __pfx_mutex_unlock+0x10/0x10
[ 9.516786] ? kernel_init_freeable+0x2d4/0x430
[ 9.521850] ? __pfx_kernel_init+0x10/0x10
[ 9.526426] xbc_exit+0x17/0x70
[ 9.529935] kernel_init+0x38/0x1e0
[ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30
[ 9.538601] ret_from_fork+0x2c/0x50
[ 9.542596] ? __pfx_kernel_init+0x10/0x10
[ 9.547170] ret_from_fork_asm+0x1a/0x30
[ 9.551552] </TASK>
[ 9.555649] The buggy address belongs to the physical page:
[ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30
[ 9.570821] flags: 0x200000000000000(node=0|zone=2)
[ 9.576271] page_type: 0xffffffff()
[ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000
[ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 9.597476] page dumped because: kasan: bad access detected
[ 9.605362] Memory state around the buggy address:
[ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.634930] ^
[ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.654675] ==================================================================
Link: https://lkml.kernel.org/r/20240412024103.3078378-1-qiang4.zhang@linux.intel…
Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com>
Cc: Masami Hiramatsu <mhiramat(a)kernel.org>
Cc: Mike Rapoport <rppt(a)linux.ibm.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
lib/bootconfig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy
+++ a/lib/bootconfig.c
@@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_me
static inline void __init xbc_free_mem(void *addr, size_t size)
{
- memblock_free(addr, size);
+ memblock_free_late(__pa(addr), size);
}
#else /* !__KERNEL__ */
_
Patches currently in -mm which might be from qiang4.zhang(a)intel.com are
bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch
1 year, 1 month
- 1
- 0
[PATCH 6.8 000/143] 6.8.6-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.8.6 release.
There are 143 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.6-rc1.…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.8.6-rc1
Ma Jun <Jun.Ma2(a)amd.com>
Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()"
Borislav Petkov (AMD) <bp(a)alien8.de>
x86/vdso: Fix rethunk patching for vdso-image-x32.o too
Vasiliy Kovalev <kovalev(a)altlinux.org>
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Florian Westphal <fw(a)strlen.de>
net: mpls: error out if inner headers are not set
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: btintel: Fixe build regression
Dave Airlie <airlied(a)gmail.com>
nouveau: fix devinit paths to only handle display on GSP.
Gwendal Grignou <gwendal(a)chromium.org>
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
David McFarland <corngood(a)gmail.com>
platform/x86/intel/hid: Don't wake on 5-button releases
Kees Cook <keescook(a)chromium.org>
randomize_kstack: Improve entropy diffusion
Yunfei Dong <yunfei.dong(a)mediatek.com>
media: mediatek: vcodec: adding lock to protect encoder context list
Yunfei Dong <yunfei.dong(a)mediatek.com>
media: mediatek: vcodec: adding lock to protect decoder context list
Nicolas Dufresne <nicolas.dufresne(a)collabora.com>
media: mediatek: vcodec: Fix oops when HEVC init fails
Ard Biesheuvel <ardb(a)kernel.org>
gcc-plugins/stackleak: Avoid .head.text section
Ahmad Rehman <Ahmad.Rehman(a)amd.com>
drm/amdgpu: Init zone device and drm client after mode-1 reset on reload
Tim Crawford <tcrawford(a)system76.com>
ALSA: hda/realtek: Add quirks for some Clevo laptops
Roman Smirnov <r.smirnov(a)omp.ru>
fbmon: prevent division by zero in fb_videomode_from_videomode()
Jiawei Fu (iBug) <i(a)ibugone.com>
drivers/nvme: Add quirks for device 126f:2262
Max Kellermann <max.kellermann(a)ionos.com>
modpost: fix null pointer dereference
Jens Axboe <axboe(a)kernel.dk>
io_uring: clear opcode specific data for an early failure
Aleksandr Burakov <a.burakov(a)rosalinux.ru>
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Roger Pau Monne <roger.pau(a)citrix.com>
x86/xen: attempt to inflate the memory balloon on PVH
Chancel Liu <chancel.liu(a)nxp.com>
ASoC: soc-core.c: Skip dummy codec when adding platforms
Konrad Dybcio <konrad.dybcio(a)linaro.org>
thermal/of: Assume polling-delay(-passive) 0 when absent
M Cooley <m.cooley.198(a)gmail.com>
ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE
Colin Ian King <colin.i.king(a)gmail.com>
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Marco Felsch <m.felsch(a)pengutronix.de>
usb: typec: tcpci: add generic tcpci fallback compatible
Mika Westerberg <mika.westerberg(a)linux.intel.com>
thunderbolt: Keep the domain powered when USB4 port is in redrive mode
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
serial: 8250_of: Drop quirk fot NPCM from 8250_port
Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org>
usb: typec: ucsi: Limit read size on v1.2
Michael Grzeschik <m.grzeschik(a)pengutronix.de>
usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
Michael Grzeschik <m.grzeschik(a)pengutronix.de>
usb: gadget: uvc: refactor the check for a valid buffer in the pump worker
Gil Fine <gil.fine(a)linux.intel.com>
thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities read
Luca Weiss <luca.weiss(a)fairphone.com>
usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk
Tejun Heo <tj(a)kernel.org>
kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id()
Jeffrey Hugo <quic_jhugo(a)quicinc.com>
bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
Petre Rodan <petre.rodan(a)subdimension.ro>
tools: iio: replace seekdir() in iio_generic_buffer
linke li <lilinke99(a)qq.com>
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
Matt Scialabba <matt.git(a)fastmail.fm>
Input: xpad - add support for Snakebyte GAMEPADs
Ricardo B. Marliere <ricardo(a)marliere.net>
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Jichi Zhang <i(a)jichi.ca>
ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9
Sandipan Das <sandipan.das(a)amd.com>
perf/x86/amd/lbr: Discard erroneous branch entries
Alban Boyé <alban.boye(a)protonmail.com>
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
SungHwan Jung <onenowy(a)gmail.com>
platform/x86: acer-wmi: Add predator_v4 module parameter
SungHwan Jung <onenowy(a)gmail.com>
platform/x86: acer-wmi: Add support for Acer PH16-71
Gergo Koteles <soyer(a)irl.hu>
Input: allocate keycode for Display refresh rate toggle
Duje Mihanović <duje.mihanovic(a)skole.hr>
Input: imagis - use FIELD_GET where applicable
Manjunath Patil <manjunath.b.patil(a)oracle.com>
RDMA/cm: add timeout to cm_destroy_id wait
Roman Smirnov <r.smirnov(a)omp.ru>
block: prevent division by zero in blk_rq_stat_sum()
Junhao He <hejunhao3(a)huawei.com>
drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09
Markuss Broks <markuss.broks(a)gmail.com>
input/touchscreen: imagis: Correct the maximum touch area value
Tom Zanussi <tom.zanussi(a)linux.intel.com>
crypto: iaa - Fix async_disable descriptor leak
Ian Rogers <irogers(a)google.com>
libperf evlist: Avoid out-of-bounds access
Daniel Drake <drake(a)endlessos.org>
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Daniel Drake <drake(a)endlessos.org>
PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge
Dai Ngo <dai.ngo(a)oracle.com>
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Shradha Gupta <shradhagupta(a)linux.microsoft.com>
drm: Check output polling initialized before disabling
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
Dmitry Torokhov <dmitry.torokhov(a)gmail.com>
HID: input: avoid polling stylus battery on Chromebook Pompom
Jarkko Nikula <jarkko.nikula(a)linux.intel.com>
i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC
Koby Elbaz <kelbaz(a)habana.ai>
accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings
Aric Cyr <aric.cyr(a)amd.com>
drm/amd/display: Fix nanosec stat overflow
Ye Bin <yebin10(a)huawei.com>
ext4: forbid commit inconsistent quota data when errors=remount-ro
Zhang Yi <yi.zhang(a)huawei.com>
ext4: add a hint for block bitmap corrupt state in mb_groups
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Populate board selection with new I2S entries
Josh Poimboeuf <jpoimboe(a)kernel.org>
x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o
Tony Lindgren <tony(a)atomide.com>
drm/panel: simple: Add BOE BP082WX1-100 8.2" panel
Takashi Sakamoto <o-takashi(a)sakamocchi.jp>
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Arnd Bergmann <arnd(a)arndb.de>
media: sta2x11: fix irq handler cast
Mike Marshall <hubcap(a)omnibond.com>
Julia Lawall reported this null pointer dereference, this should fix it.
Paul E. McKenney <paulmck(a)kernel.org>
rcu-tasks: Repair RCU Tasks Trace quiescence check
Zqiang <qiang.zhang1211(a)gmail.com>
rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
mosomate <mosomate(a)gmail.com>
ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops
Brent Lu <brent.lu(a)intel.com>
ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards
Alex Henrie <alexhenrie24(a)gmail.com>
isofs: handle CDs with bad root inode but good Joliet root directory
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Disable idle reallow as part of command/gpint execution
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
sysv: don't call sb_bread() with pointers_lock held
Geert Uytterhoeven <geert+renesas(a)glider.be>
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Sohaib Nadeem <sohaib.nadeem(a)amd.com>
drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
Eric Chanudet <echanude(a)redhat.com>
scsi: ufs: qcom: Avoid re-init quirk when gears match
Christian König <christian.koenig(a)amd.com>
drm/ttm: return ENOSPC from ttm_bo_mem_space v3
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
ASoC: SOF: amd: Optimize quirk for Valve Galileo
Samuel Dionne-Riel <samuel(a)dionne-riel.com>
drm: panel-orientation-quirks: Add quirk for GPD Win Mini
Kunwu Chan <chentao(a)kylinos.cn>
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Stanley.Yang <Stanley.Yang(a)amd.com>
drm/amdgpu: Skip do PCI error slot reset during RAS recovery
Vignesh Raman <vignesh.raman(a)collabora.com>
drm/ci: uprev mesa version: fix kdl commit fetch
Maíra Canal <mcanal(a)igalia.com>
drm/vc4: don't check if plane->state->fb == state->fb
Vinicius Peixoto <nukelet64(a)gmail.com>
Bluetooth: Add new quirk for broken read key length on ATS2851
Takashi Iwai <tiwai(a)suse.de>
Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
Edward Adam Davis <eadavis(a)qq.com>
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Jakub Kicinski <kuba(a)kernel.org>
netdev: let netlink core handle -EMSGSIZE errors
Eric Dumazet <edumazet(a)google.com>
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Jacob Keller <jacob.e.keller(a)intel.com>
ice: use relative VSI index for VFs instead of PF VSI number
David Sterba <dsterba(a)suse.com>
btrfs: send: handle path ref underflow in header iterate_inode_ref()
David Sterba <dsterba(a)suse.com>
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
David Sterba <dsterba(a)suse.com>
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
Johannes Berg <johannes.berg(a)intel.com>
wifi: cfg80211: check A-MSDU format more carefully
Takashi Iwai <tiwai(a)suse.de>
wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm
Kees Cook <keescook(a)chromium.org>
overflow: Allow non-type arg to type_max() and type_min()
Viresh Kumar <viresh.kumar(a)linaro.org>
cpufreq: Don't unregister cpufreq cooling on CPU hotplug
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev
Baochen Qiang <quic_bqiang(a)quicinc.com>
wifi: ath11k: decrease MHI channel buffer length to 8KB
Rick Edgecombe <rick.p.edgecombe(a)intel.com>
dma-direct: Leak pages on dma_set_decrypted() failure
Serge Semin <fancer.lancer(a)gmail.com>
net: pcs: xpcs: Return EINVAL in the internal methods
Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com>
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Kunwu Chan <chentao(a)kylinos.cn>
pstore/zone: Add a null pointer check to the psz_kmsg_read
Hans de Goede <hdegoede(a)redhat.com>
ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration()
Hans de Goede <hdegoede(a)redhat.com>
ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: add locking for accessing mapped registers
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: disable AMSDU for non-data frames
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7915: add locking for accessing mapped registers
Hans de Goede <hdegoede(a)redhat.com>
wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
Markus Elfring <elfring(a)users.sourceforge.net>
firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename()
Florian Westphal <fw(a)strlen.de>
net: skbuff: add overflow debug check to pull/push helpers
Shannon Nelson <shannon.nelson(a)amd.com>
ionic: set adminq irq affinity
Sviatoslav Harasymchuk <sviatoslav.harasymchuk(a)gmail.com>
ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA
Adam Ford <aford173(a)gmail.com>
pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain
Kunwu Chan <chentao(a)kylinos.cn>
pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
Bjorn Andersson <quic_bjorande(a)quicinc.com>
arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected
Eric Dumazet <edumazet(a)google.com>
net: add netdev_lockdep_set_classes() to virtual drivers
Johan Jonker <jbx6244(a)gmail.com>
arm64: dts: rockchip: fix rk3399 hdmi ports node
Johan Jonker <jbx6244(a)gmail.com>
arm64: dts: rockchip: fix rk3328 hdmi ports node
Johan Jonker <jbx6244(a)gmail.com>
ARM: dts: rockchip: fix rk322x hdmi ports node
Johan Jonker <jbx6244(a)gmail.com>
ARM: dts: rockchip: fix rk3288 hdmi ports node
C Cheng <C.Cheng(a)mediatek.com>
cpuidle: Avoid potential overflow in integer multiplication
Mukesh Sisodiya <mukesh.sisodiya(a)intel.com>
wifi: iwlwifi: pcie: Add new PCI device id and CNVI
John Ogness <john.ogness(a)linutronix.de>
dump_stack: Do not get cpu_sync for panic CPU
John Ogness <john.ogness(a)linutronix.de>
panic: Flush kernel log buffer at the end
John Ogness <john.ogness(a)linutronix.de>
printk: For @suppress_panic_printk check for other CPU in panic
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb2210-rb1: disable cluster power domains
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: qca8k: put MDIO controller OF node if unavailable
Hui Liu <quic_huliu(a)quicinc.com>
arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs
Mukesh Sisodiya <mukesh.sisodiya(a)intel.com>
wifi: iwlwifi: pcie: Add the PCI device id for new hardware
Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: pci: validate RX tag for RXQ and RPQ
Andre Werner <andre.werner(a)systec-electronic.com>
net: phy: phy_device: Prevent nullptr exceptions on ISR
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
net: stmmac: dwmac-starfive: Add support for JH7100 SoC
Markus Elfring <elfring(a)users.sourceforge.net>
batman-adv: Improve exception handling in batadv_throw_uevent()
Markus Elfring <elfring(a)users.sourceforge.net>
batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()
Kees Cook <keescook(a)chromium.org>
bnx2x: Fix firmware version string character counts
Po-Hao Huang <phhuang(a)realtek.com>
wifi: rtw89: fix null pointer access when abort scan
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++--
arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++-
arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 28 +++++++
arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 17 +++++
arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 18 +++++
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++-
arch/x86/entry/vdso/Makefile | 10 ++-
arch/x86/events/amd/lbr.c | 6 +-
arch/x86/include/asm/xen/hypervisor.h | 5 ++
arch/x86/pci/fixup.c | 48 ++++++++++++
arch/x86/platform/pvh/enlighten.c | 3 +
arch/x86/xen/enlighten.c | 32 ++++++++
arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++
arch/x86/xen/setup.c | 44 -----------
arch/x86/xen/xen-ops.h | 14 ++++
block/blk-stat.c | 2 +-
drivers/accel/habanalabs/common/habanalabs.h | 2 +-
drivers/acpi/resource.c | 7 ++
drivers/acpi/sleep.c | 12 ---
drivers/acpi/x86/utils.c | 38 +++++++++-
drivers/bluetooth/btintel.c | 2 +-
drivers/bluetooth/btmtk.c | 1 +
drivers/bluetooth/btmtk.h | 1 +
drivers/bluetooth/btusb.c | 1 +
drivers/bus/mhi/host/init.c | 1 +
drivers/bus/mhi/host/internal.h | 9 ++-
drivers/bus/mhi/host/pm.c | 20 ++++-
drivers/cpufreq/cpufreq.c | 17 +++--
drivers/cpuidle/driver.c | 3 +-
drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +-
drivers/firmware/tegra/bpmp-debugfs.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 ++++
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 +-
drivers/gpu/drm/amd/display/dc/dc.h | 1 +
drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4 +-
.../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 +-
.../amd/display/dc/resource/dcn35/dcn35_resource.c | 1 +
.../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +-
drivers/gpu/drm/ci/gitlab-ci.yml | 14 +++-
drivers/gpu/drm/ci/test.yml | 1 +
drivers/gpu/drm/drm_modeset_helper.c | 19 ++++-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++
drivers/gpu/drm/drm_probe_helper.c | 13 +++-
.../gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 ++-
drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 +
drivers/gpu/drm/panel/panel-simple.c | 20 +++++
drivers/gpu/drm/ttm/ttm_bo.c | 7 +-
drivers/gpu/drm/vc4/vc4_plane.c | 5 +-
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-input.c | 2 +
drivers/i2c/busses/i2c-designware-core.h | 2 +-
drivers/infiniband/core/cm.c | 20 ++++-
drivers/input/joystick/xpad.c | 3 +
drivers/input/rmi4/rmi_driver.c | 6 +-
drivers/input/touchscreen/imagis.c | 20 ++---
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 22 +++---
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +--
.../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +-
.../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++
.../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 +
.../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +-
.../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 +
.../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++
.../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 +
.../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 +
drivers/misc/vmw_vmci/vmci_datagram.c | 6 +-
drivers/net/dsa/qca/qca8k-8xxx.c | 3 +-
drivers/net/dummy.c | 1 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++-
.../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++--
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +--
drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +-
drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +-
.../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++-
drivers/net/geneve.c | 1 +
drivers/net/loopback.c | 1 +
drivers/net/pcs/pcs-xpcs.c | 4 +-
drivers/net/phy/phy_device.c | 13 ++--
drivers/net/veth.c | 1 +
drivers/net/vxlan/vxlan_core.c | 1 +
drivers/net/wireless/ath/ath11k/mhi.c | 2 +-
drivers/net/wireless/ath/ath9k/antenna.c | 2 +-
.../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++
drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++
drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 +
drivers/net/wireless/intel/iwlwifi/cfg/sc.c | 38 +++++++++-
drivers/net/wireless/intel/iwlwifi/iwl-config.h | 8 +-
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 +++-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++--
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +-
drivers/net/wireless/realtek/rtw89/pci.c | 60 +++++++++++++--
drivers/net/wireless/realtek/rtw89/pci.h | 6 +-
drivers/net/wireless/realtek/rtw89/rtw8851be.c | 2 +
drivers/net/wireless/realtek/rtw89/rtw8852ae.c | 1 +
drivers/net/wireless/realtek/rtw89/rtw8852be.c | 1 +
drivers/net/wireless/realtek/rtw89/rtw8852ce.c | 1 +
drivers/net/wireless/realtek/rtw89/rtw8922ae.c | 1 +
drivers/nvme/host/pci.c | 3 +
drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++-
drivers/pinctrl/renesas/core.c | 4 +-
drivers/platform/x86/acer-wmi.c | 17 ++++-
drivers/platform/x86/intel/hid.c | 7 +-
drivers/platform/x86/intel/vbtn.c | 5 +-
drivers/platform/x86/touchscreen_dmi.c | 9 +++
drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +--
drivers/pmdomain/ti/omap_prm.c | 2 +
drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +-
drivers/soundwire/dmi-quirks.c | 8 ++
drivers/thermal/thermal_of.c | 12 ++-
drivers/thunderbolt/quirks.c | 14 ++++
drivers/thunderbolt/tb.c | 49 ++++++++++++-
drivers/thunderbolt/tb.h | 4 +
drivers/thunderbolt/tunnel.c | 16 ++--
drivers/tty/serial/8250/8250_of.c | 44 ++++++++++-
drivers/tty/serial/8250/8250_port.c | 24 ------
drivers/ufs/host/ufs-qcom.c | 13 +++-
drivers/usb/gadget/function/uvc_video.c | 10 ++-
drivers/usb/host/sl811-hcd.c | 2 +
drivers/usb/typec/tcpm/tcpci.c | 1 +
drivers/usb/typec/ucsi/ucsi.c | 26 ++++++-
drivers/usb/typec/ucsi/ucsi.h | 11 +++
drivers/usb/typec/ucsi/ucsi_glink.c | 1 +
drivers/video/fbdev/core/fbmon.c | 7 +-
drivers/video/fbdev/via/accel.c | 4 +-
drivers/xen/balloon.c | 2 -
fs/btrfs/export.c | 9 ++-
fs/btrfs/send.c | 10 ++-
fs/btrfs/volumes.c | 12 ++-
fs/ext4/mballoc.c | 5 +-
fs/ext4/super.c | 12 +++
fs/isofs/inode.c | 18 ++++-
fs/kernfs/dir.c | 31 +++++---
fs/kernfs/kernfs-internal.h | 2 +
fs/orangefs/super.c | 2 +-
fs/pstore/zone.c | 2 +
fs/sysv/itree.c | 10 +--
include/acpi/acpi_bus.h | 22 +++---
include/linux/kernfs.h | 2 +
include/linux/overflow.h | 12 +--
include/linux/printk.h | 2 +
include/linux/randomize_kstack.h | 2 +-
include/linux/rcupdate.h | 4 +-
include/linux/skbuff.h | 11 +++
include/linux/sunrpc/sched.h | 2 +-
include/net/bluetooth/hci.h | 8 ++
include/uapi/linux/input-event-codes.h | 1 +
io_uring/io_uring.c | 25 ++++---
kernel/dma/direct.c | 9 ++-
kernel/panic.c | 8 ++
kernel/printk/internal.h | 1 -
kernel/printk/printk.c | 3 +-
kernel/rcu/tree_nocb.h | 2 +-
kernel/trace/ring_buffer.c | 2 +-
lib/dump_stack.c | 16 +++-
net/batman-adv/distributed-arp-table.c | 3 +-
net/batman-adv/main.c | 14 ++--
net/bluetooth/hci_event.c | 3 +-
net/core/netdev-genl.c | 15 +---
net/core/page_pool_user.c | 2 -
net/ipv4/ip_tunnel.c | 1 +
net/ipv6/ip6_gre.c | 2 +
net/ipv6/ip6_tunnel.c | 1 +
net/ipv6/ip6_vti.c | 1 +
net/ipv6/sit.c | 1 +
net/mpls/mpls_gso.c | 3 +
net/smc/smc_pnet.c | 10 +++
net/wireless/util.c | 14 +++-
scripts/gcc-plugins/stackleak_plugin.c | 2 +
scripts/mod/modpost.c | 4 +-
sound/firewire/amdtp-stream.c | 12 ++-
sound/firewire/amdtp-stream.h | 4 +
sound/pci/hda/patch_realtek.c | 12 +++
sound/soc/amd/yc/acp6x-mach.c | 7 ++
sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++
sound/soc/intel/boards/sof_rt5682.c | 40 ----------
sound/soc/intel/boards/sof_sdw.c | 11 +++
sound/soc/soc-core.c | 3 +
sound/soc/sof/amd/acp.c | 3 +-
tools/iio/iio_utils.c | 2 +-
tools/lib/perf/evlist.c | 18 +++--
tools/lib/perf/include/internal/evlist.h | 4 +-
.../x86_energy_perf_policy.c | 1 +
tools/testing/ktest/ktest.pl | 1 +
192 files changed, 1536 insertions(+), 459 deletions(-)
1 year, 1 month
- 11
- 154
[PATCH v2] arm64: dts: qcom: sa8155p-adp: fix SDHC2 configuration
by Volodymyr Babchuk
There are multiple issues with SDHC2 configuration for SA8155P-ADP,
which prevent use of SDHC2 and causes issues with ethernet:
- Card Detect pin for SHDC2 on SA8155P-ADP is connected to gpio4 of
PMM8155AU_1, not to SoC itself. SoC's gpio4 is used for DWMAC
TX. If sdhc driver probes after dwmac driver, it reconfigures
gpio4 and this breaks Ethernet MAC.
- pinctrl configuration mentions gpio96 as CD pin. It seems it was
copied from some SM8150 example, because as mentioned above,
correct CD pin is gpio4 on PMM8155AU_1.
- L13C voltage regulator limits minimal voltage to 2.504V, which
prevents use 1.8V to power SD card, which in turns does not allow
card to work in UHS mode.
This patch fixes all the mentioned issues.
Fixes: 0deb2624e2d0 ("arm64: dts: qcom: sa8155p-adp: Add support for uSD card")
Cc: stable(a)vger.kernel.org
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk(a)epam.com>
---
In v2:
- Added "Fixes:" tag
- CCed stable ML
- Fixed pinctrl configuration
- Extended voltage range for L13C voltage regulator
---
arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 32 +++++++++++-------------
1 file changed, 14 insertions(+), 18 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts
index 5e4287f8c8cd1..b9d56bda96759 100644
--- a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts
+++ b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts
@@ -283,7 +283,7 @@ vreg_l12c_1p808: ldo12 {
vreg_l13c_2p96: ldo13 {
regulator-name = "vreg_l13c_2p96";
- regulator-min-microvolt = <2504000>;
+ regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <2960000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
};
@@ -384,10 +384,10 @@ &remoteproc_cdsp {
&sdhc_2 {
status = "okay";
- cd-gpios = <&tlmm 4 GPIO_ACTIVE_LOW>;
+ cd-gpios = <&pmm8155au_1_gpios 4 GPIO_ACTIVE_LOW>;
pinctrl-names = "default", "sleep";
- pinctrl-0 = <&sdc2_on>;
- pinctrl-1 = <&sdc2_off>;
+ pinctrl-0 = <&sdc2_on &pmm8155au_1_sdc2_cd>;
+ pinctrl-1 = <&sdc2_off &pmm8155au_1_sdc2_cd>;
vqmmc-supply = <&vreg_l13c_2p96>; /* IO line power */
vmmc-supply = <&vreg_l17a_2p96>; /* Card power line */
bus-width = <4>;
@@ -505,13 +505,6 @@ data-pins {
bias-pull-up; /* pull up */
drive-strength = <16>; /* 16 MA */
};
-
- sd-cd-pins {
- pins = "gpio96";
- function = "gpio";
- bias-pull-up; /* pull up */
- drive-strength = <2>; /* 2 MA */
- };
};
sdc2_off: sdc2-off-state {
@@ -532,13 +525,6 @@ data-pins {
bias-pull-up; /* pull up */
drive-strength = <2>; /* 2 MA */
};
-
- sd-cd-pins {
- pins = "gpio96";
- function = "gpio";
- bias-pull-up; /* pull up */
- drive-strength = <2>; /* 2 MA */
- };
};
usb2phy_ac_en1_default: usb2phy-ac-en1-default-state {
@@ -604,3 +590,13 @@ phy-reset-pins {
};
};
};
+
+&pmm8155au_1_gpios {
+ pmm8155au_1_sdc2_cd: pmm8155au_1-sdc2-cd {
+ pins = "gpio4";
+ function = "normal";
+ input-enable;
+ bias-pull-up;
+ power-source = <0>;
+ };
+};
--
2.44.0
1 year, 1 month
- 3
- 4
[PATCH] sched: Add missing memory barrier in switch_mm_cid
by Mathieu Desnoyers
Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb()
which the core scheduler code has depended upon since commit:
commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid")
If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can
unset the actively used cid when it fails to observe active task after it
sets lazy_put.
There *is* a memory barrier between storing to rq->curr and _return to
userspace_ (as required by membarrier), but the rseq mm_cid has stricter
requirements: the barrier needs to be issued between store to rq->curr
and switch_mm_cid(), which happens earlier than:
- spin_unlock(),
- switch_to().
So it's fine when the architecture switch_mm() happens to have that
barrier already, but less so when the architecture only provides the
full barrier in switch_to() or spin_unlock().
It is a bug in the rseq switch_mm_cid() implementation. All architectures
that don't have memory barriers in switch_mm(), but rather have the full
barrier either in finish_lock_switch() or switch_to() have them too late
for the needs of switch_mm_cid().
Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the
generic barrier.h header, and use it in switch_mm_cid() for scheduler
transitions where switch_mm() is expected to provide a memory barrier.
Architectures can override smp_mb__after_switch_mm() if their
switch_mm() implementation provides an implicit memory barrier.
Override it with a no-op on x86 which implicitly provide this memory
barrier by writing to CR3.
Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/
Reported-by: levi.yun <yeoreum.yun(a)arm.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> # for arm64
Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> # for x86
Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid")
Cc: <stable(a)vger.kernel.org> # 6.4.x
Cc: Ingo Molnar <mingo(a)redhat.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Steven Rostedt <rostedt(a)goodmis.org>
Cc: Vincent Guittot <vincent.guittot(a)linaro.org>
Cc: Juri Lelli <juri.lelli(a)redhat.com>
Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com>
Cc: Ben Segall <bsegall(a)google.com>
Cc: Mel Gorman <mgorman(a)suse.de>
Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com>
Cc: Valentin Schneider <vschneid(a)redhat.com>
Cc: levi.yun <yeoreum.yun(a)arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Catalin Marinas <catalin.marinas(a)arm.com>
Cc: Mark Rutland <mark.rutland(a)arm.com>
Cc: Will Deacon <will(a)kernel.org>
Cc: Aaron Lu <aaron.lu(a)intel.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Borislav Petkov <bp(a)alien8.de>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: "H. Peter Anvin" <hpa(a)zytor.com>
Cc: Arnd Bergmann <arnd(a)arndb.de>
Cc: Andrew Morton <akpm(a)linux-foundation.org>
Cc: linux-arch(a)vger.kernel.org
Cc: linux-mm(a)kvack.org
Cc: x86(a)kernel.org
---
arch/x86/include/asm/barrier.h | 3 +++
include/asm-generic/barrier.h | 8 ++++++++
kernel/sched/sched.h | 20 ++++++++++++++------
3 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h
index 0216f63a366b..d0795b5fab46 100644
--- a/arch/x86/include/asm/barrier.h
+++ b/arch/x86/include/asm/barrier.h
@@ -79,6 +79,9 @@ do { \
#define __smp_mb__before_atomic() do { } while (0)
#define __smp_mb__after_atomic() do { } while (0)
+/* Writing to CR3 provides a full memory barrier in switch_mm(). */
+#define smp_mb__after_switch_mm() do { } while (0)
+
#include <asm-generic/barrier.h>
#endif /* _ASM_X86_BARRIER_H */
diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h
index 961f4d88f9ef..5a6c94d7a598 100644
--- a/include/asm-generic/barrier.h
+++ b/include/asm-generic/barrier.h
@@ -296,5 +296,13 @@ do { \
#define io_stop_wc() do { } while (0)
#endif
+/*
+ * Architectures that guarantee an implicit smp_mb() in switch_mm()
+ * can override smp_mb__after_switch_mm.
+ */
+#ifndef smp_mb__after_switch_mm
+#define smp_mb__after_switch_mm() smp_mb()
+#endif
+
#endif /* !__ASSEMBLY__ */
#endif /* __ASM_GENERIC_BARRIER_H */
diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
index 001fe047bd5d..35717359d3ca 100644
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -79,6 +79,8 @@
# include <asm/paravirt_api_clock.h>
#endif
+#include <asm/barrier.h>
+
#include "cpupri.h"
#include "cpudeadline.h"
@@ -3445,13 +3447,19 @@ static inline void switch_mm_cid(struct rq *rq,
* between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu].
* Provide it here.
*/
- if (!prev->mm) // from kernel
+ if (!prev->mm) { // from kernel
smp_mb();
- /*
- * user -> user transition guarantees a memory barrier through
- * switch_mm() when current->mm changes. If current->mm is
- * unchanged, no barrier is needed.
- */
+ } else { // from user
+ /*
+ * user -> user transition relies on an implicit
+ * memory barrier in switch_mm() when
+ * current->mm changes. If the architecture
+ * switch_mm() does not have an implicit memory
+ * barrier, it is emitted here. If current->mm
+ * is unchanged, no barrier is needed.
+ */
+ smp_mb__after_switch_mm();
+ }
}
if (prev->mm_cid_active) {
mm_cid_snapshot_time(rq, prev->mm);
--
2.25.1
1 year, 1 month
- 2
- 2
[PATCH 1/3] tracing/kprobes: Fix symbol counting logic by looking at modules as well
by Maxime MERE
From: Andrii Nakryiko <andrii(a)kernel.org>
Recent changes to count number of matching symbols when creating
a kprobe event failed to take into account kernel modules. As such, it
breaks kprobes on kernel module symbols, by assuming there is no match.
Fix this my calling module_kallsyms_on_each_symbol() in addition to
kallsyms_on_each_match_symbol() to perform a proper counting.
Link: https://lore.kernel.org/all/20231027233126.2073148-1-andrii@kernel.org/
Cc: Francis Laniel <flaniel(a)linux.microsoft.com>
Cc: stable(a)vger.kernel.org
Cc: Masami Hiramatsu <mhiramat(a)kernel.org>
Cc: Steven Rostedt <rostedt(a)goodmis.org>
Fixes: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")
Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org>
Acked-by: Song Liu <song(a)kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
---
kernel/trace/trace_kprobe.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
index 95c5b0668cb7..e834f149695b 100644
--- a/kernel/trace/trace_kprobe.c
+++ b/kernel/trace/trace_kprobe.c
@@ -714,14 +714,30 @@ static int count_symbols(void *data, unsigned long unused)
return 0;
}
+struct sym_count_ctx {
+ unsigned int count;
+ const char *name;
+};
+
+static int count_mod_symbols(void *data, const char *name, unsigned long unused)
+{
+ struct sym_count_ctx *ctx = data;
+
+ if (strcmp(name, ctx->name) == 0)
+ ctx->count++;
+
+ return 0;
+}
+
static unsigned int number_of_same_symbols(char *func_name)
{
- unsigned int count;
+ struct sym_count_ctx ctx = { .count = 0, .name = func_name };
+
+ kallsyms_on_each_match_symbol(count_symbols, func_name, &ctx.count);
- count = 0;
- kallsyms_on_each_match_symbol(count_symbols, func_name, &count);
+ module_kallsyms_on_each_symbol(NULL, count_mod_symbols, &ctx);
- return count;
+ return ctx.count;
}
static int __trace_kprobe_create(int argc, const char *argv[])
--
2.25.1
1 year, 1 month
- 2
- 2
[for-linus][PATCH 4/4] ring-buffer: Only update pages_touched when a new page is touched
by Steven Rostedt
From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org>
The "buffer_percent" logic that is used by the ring buffer splice code to
only wake up the tasks when there's no data after the buffer is filled to
the percentage of the "buffer_percent" file is dependent on three
variables that determine the amount of data that is in the ring buffer:
1) pages_read - incremented whenever a new sub-buffer is consumed
2) pages_lost - incremented every time a writer overwrites a sub-buffer
3) pages_touched - incremented when a write goes to a new sub-buffer
The percentage is the calculation of:
(pages_touched - (pages_lost + pages_read)) / nr_pages
Basically, the amount of data is the total number of sub-bufs that have been
touched, minus the number of sub-bufs lost and sub-bufs consumed. This is
divided by the total count to give the buffer percentage. When the
percentage is greater than the value in the "buffer_percent" file, it
wakes up splice readers waiting for that amount.
It was observed that over time, the amount read from the splice was
constantly decreasing the longer the trace was running. That is, if one
asked for 60%, it would read over 60% when it first starts tracing, but
then it would be woken up at under 60% and would slowly decrease the
amount of data read after being woken up, where the amount becomes much
less than the buffer percent.
This was due to an accounting of the pages_touched incrementation. This
value is incremented whenever a writer transfers to a new sub-buffer. But
the place where it was incremented was incorrect. If a writer overflowed
the current sub-buffer it would go to the next one. If it gets preempted
by an interrupt at that time, and the interrupt performs a trace, it too
will end up going to the next sub-buffer. But only one should increment
the counter. Unfortunately, that was not the case.
Change the cmpxchg() that does the real switch of the tail-page into a
try_cmpxchg(), and on success, perform the increment of pages_touched. This
will only increment the counter once for when the writer moves to a new
sub-buffer, and not when there's a race and is incremented for when a
writer and its preempting writer both move to the same new sub-buffer.
Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.…
Cc: stable(a)vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader")
Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
---
kernel/trace/ring_buffer.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 25476ead681b..6511dc3a00da 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write);
old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries);
- local_inc(&cpu_buffer->pages_touched);
/*
* Just make sure we have seen our old_write and synchronize
* with any interrupts that come in.
@@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
*/
local_set(&next_page->page->commit, 0);
- /* Again, either we update tail_page or an interrupt does */
- (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page);
+ /* Either we update tail_page or an interrupt does */
+ if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page))
+ local_inc(&cpu_buffer->pages_touched);
}
}
--
2.43.0
1 year, 1 month
- 1
- 0
[tip: timers/urgent] selftests: timers: Fix posix_timers ksft_print_msg() warning
by tip-bot2 for John Stultz
The following commit has been merged into the timers/urgent branch of tip:
Commit-ID: e4a6bceac98eba3c00e874892736b34ea5fdaca3
Gitweb: https://git.kernel.org/tip/e4a6bceac98eba3c00e874892736b34ea5fdaca3
Author: John Stultz <jstultz(a)google.com>
AuthorDate: Wed, 10 Apr 2024 16:26:28 -07:00
Committer: Thomas Gleixner <tglx(a)linutronix.de>
CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00
selftests: timers: Fix posix_timers ksft_print_msg() warning
After commit 6d029c25b71f ("selftests/timers/posix_timers: Reimplement
check_timer_distribution()") the following warning occurs when building
with an older gcc:
posix_timers.c:250:2: warning: format not a string literal and no format arguments [-Wformat-security]
250 | ksft_print_msg(errmsg);
| ^~~~~~~~~~~~~~
Fix this up by changing it to ksft_print_msg("%s", errmsg)
Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()")
Signed-off-by: John Stultz <jstultz(a)google.com>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Acked-by: Justin Stitt <justinstitt(a)google.com>
Acked-by: Shuah Khan <skhan(a)linuxfoundation.org>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/r/20240410232637.4135564-1-jstultz@google.com
---
tools/testing/selftests/timers/posix_timers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c
index d86a0e0..348f471 100644
--- a/tools/testing/selftests/timers/posix_timers.c
+++ b/tools/testing/selftests/timers/posix_timers.c
@@ -247,7 +247,7 @@ static int check_timer_distribution(void)
ksft_test_result_skip("check signal distribution (old kernel)\n");
return 0;
err:
- ksft_print_msg(errmsg);
+ ksft_print_msg("%s", errmsg);
return -1;
}
1 year, 1 month
- 1
- 0
[tip: timers/urgent] selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn
by tip-bot2 for Nathan Chancellor
The following commit has been merged into the timers/urgent branch of tip:
Commit-ID: f7d5bcd35d427daac7e206b1073ca14f5db85c27
Gitweb: https://git.kernel.org/tip/f7d5bcd35d427daac7e206b1073ca14f5db85c27
Author: Nathan Chancellor <nathan(a)kernel.org>
AuthorDate: Thu, 11 Apr 2024 11:45:40 -07:00
Committer: Thomas Gleixner <tglx(a)linutronix.de>
CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00
selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn
After commit 6d029c25b71f ("selftests/timers/posix_timers: Reimplement
check_timer_distribution()"), clang warns:
tools/testing/selftests/timers/../kselftest.h:398:6: warning: variable 'major' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized]
398 | if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2)
| ^~~~~~~~~~~~
tools/testing/selftests/timers/../kselftest.h:401:9: note: uninitialized use occurs here
401 | return major > min_major || (major == min_major && minor >= min_minor);
| ^~~~~
tools/testing/selftests/timers/../kselftest.h:398:6: note: remove the '||' if its condition is always false
398 | if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2)
| ^~~~~~~~~~~~~~~
tools/testing/selftests/timers/../kselftest.h:395:20: note: initialize the variable 'major' to silence this warning
395 | unsigned int major, minor;
| ^
| = 0
This is a false positive because if uname() fails, ksft_exit_fail_msg()
will be called, which unconditionally calls exit(), a noreturn function.
However, clang does not know that ksft_exit_fail_msg() will call exit() at
the point in the pipeline that the warning is emitted because inlining has
not occurred, so it assumes control flow will resume normally after
ksft_exit_fail_msg() is called.
Make it clear to clang that all of the functions that call exit()
unconditionally in kselftest.h are noreturn transitively by marking them
explicitly with '__attribute__((__noreturn__))', which clears up the
warning above and any future warnings that may appear for the same reason.
Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()")
Reported-by: John Stultz <jstultz(a)google.com>
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Acked-by: Shuah Khan <skhan(a)linuxfoundation.org>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/r/20240411-mark-kselftest-exit-funcs-noreturn-v1-1-…
Closes: https://lore.kernel.org/all/20240410232637.4135564-2-jstultz@google.com/
---
tools/testing/selftests/kselftest.h | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h
index 973b18e..0591974 100644
--- a/tools/testing/selftests/kselftest.h
+++ b/tools/testing/selftests/kselftest.h
@@ -80,6 +80,9 @@
#define KSFT_XPASS 3
#define KSFT_SKIP 4
+#ifndef __noreturn
+#define __noreturn __attribute__((__noreturn__))
+#endif
#define __printf(a, b) __attribute__((format(printf, a, b)))
/* counters */
@@ -300,13 +303,13 @@ void ksft_test_result_code(int exit_code, const char *test_name,
va_end(args);
}
-static inline int ksft_exit_pass(void)
+static inline __noreturn int ksft_exit_pass(void)
{
ksft_print_cnts();
exit(KSFT_PASS);
}
-static inline int ksft_exit_fail(void)
+static inline __noreturn int ksft_exit_fail(void)
{
ksft_print_cnts();
exit(KSFT_FAIL);
@@ -333,7 +336,7 @@ static inline int ksft_exit_fail(void)
ksft_cnt.ksft_xfail + \
ksft_cnt.ksft_xskip)
-static inline __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...)
+static inline __noreturn __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...)
{
int saved_errno = errno;
va_list args;
@@ -348,19 +351,19 @@ static inline __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...)
exit(KSFT_FAIL);
}
-static inline int ksft_exit_xfail(void)
+static inline __noreturn int ksft_exit_xfail(void)
{
ksft_print_cnts();
exit(KSFT_XFAIL);
}
-static inline int ksft_exit_xpass(void)
+static inline __noreturn int ksft_exit_xpass(void)
{
ksft_print_cnts();
exit(KSFT_XPASS);
}
-static inline __printf(1, 2) int ksft_exit_skip(const char *msg, ...)
+static inline __noreturn __printf(1, 2) int ksft_exit_skip(const char *msg, ...)
{
int saved_errno = errno;
va_list args;
1 year, 1 month
- 1
- 0
[tip: timers/urgent] selftests: timers: Fix abs() warning in posix_timers test
by tip-bot2 for John Stultz
The following commit has been merged into the timers/urgent branch of tip:
Commit-ID: ed366de8ec89d4f960d66c85fc37d9de22f7bf6d
Gitweb: https://git.kernel.org/tip/ed366de8ec89d4f960d66c85fc37d9de22f7bf6d
Author: John Stultz <jstultz(a)google.com>
AuthorDate: Wed, 10 Apr 2024 16:26:30 -07:00
Committer: Thomas Gleixner <tglx(a)linutronix.de>
CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00
selftests: timers: Fix abs() warning in posix_timers test
Building with clang results in the following warning:
posix_timers.c:69:6: warning: absolute value function 'abs' given an
argument of type 'long long' but has parameter of type 'int' which may
cause truncation of value [-Wabsolute-value]
if (abs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) {
^
So switch to using llabs() instead.
Fixes: 0bc4b0cf1570 ("selftests: add basic posix timers selftests")
Signed-off-by: John Stultz <jstultz(a)google.com>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/r/20240410232637.4135564-3-jstultz@google.com
---
tools/testing/selftests/timers/posix_timers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c
index 348f471..c001dd7 100644
--- a/tools/testing/selftests/timers/posix_timers.c
+++ b/tools/testing/selftests/timers/posix_timers.c
@@ -66,7 +66,7 @@ static int check_diff(struct timeval start, struct timeval end)
diff = end.tv_usec - start.tv_usec;
diff += (end.tv_sec - start.tv_sec) * USECS_PER_SEC;
- if (abs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) {
+ if (llabs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) {
printf("Diff too high: %lld..", diff);
return -1;
}
1 year, 1 month
- 1
- 0
[PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6
by Johan Hovold
Commit 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3")
fixed a regression introduced in 6.5 by making sure that the correct
offset is used for the DP_PHY_VCO_DIV register on v3 hardware.
Unfortunately, that fix instead broke DisplayPort on v5_5nm and v6
hardware as it failed to add the corresponding offsets also to those
register tables.
Fixes: 815891eee668 ("phy: qcom-qmp-combo: Introduce orientation variable")
Fixes: 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3")
Cc: stable(a)vger.kernel.org # 6.5: 5abed58a8bde
Cc: Stephen Boyd <swboyd(a)chromium.org>
Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com>
Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 2 ++
drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h | 1 +
drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h | 1 +
3 files changed, 4 insertions(+)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c
index a03b6f6881df..e48e87c3cb05 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c
@@ -153,6 +153,7 @@ static const unsigned int qmp_v5_5nm_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = {
[QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V5_COM_BIAS_EN_CLKBUFLR_EN,
[QPHY_DP_PHY_STATUS] = QSERDES_V5_DP_PHY_STATUS,
+ [QPHY_DP_PHY_VCO_DIV] = QSERDES_V5_DP_PHY_VCO_DIV,
[QPHY_TX_TX_POL_INV] = QSERDES_V5_5NM_TX_TX_POL_INV,
[QPHY_TX_TX_DRV_LVL] = QSERDES_V5_5NM_TX_TX_DRV_LVL,
@@ -177,6 +178,7 @@ static const unsigned int qmp_v6_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = {
[QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V6_COM_PLL_BIAS_EN_CLK_BUFLR_EN,
[QPHY_DP_PHY_STATUS] = QSERDES_V6_DP_PHY_STATUS,
+ [QPHY_DP_PHY_VCO_DIV] = QSERDES_V6_DP_PHY_VCO_DIV,
[QPHY_TX_TX_POL_INV] = QSERDES_V6_TX_TX_POL_INV,
[QPHY_TX_TX_DRV_LVL] = QSERDES_V6_TX_TX_DRV_LVL,
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h
index f5cfacf9be96..181057421c11 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h
@@ -7,6 +7,7 @@
#define QCOM_PHY_QMP_DP_PHY_V5_H_
/* Only for QMP V5 PHY - DP PHY registers */
+#define QSERDES_V5_DP_PHY_VCO_DIV 0x070
#define QSERDES_V5_DP_PHY_AUX_INTERRUPT_STATUS 0x0d8
#define QSERDES_V5_DP_PHY_STATUS 0x0dc
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h
index 01a20d3be4b8..fa967a1af058 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h
@@ -7,6 +7,7 @@
#define QCOM_PHY_QMP_DP_PHY_V6_H_
/* Only for QMP V6 PHY - DP PHY registers */
+#define QSERDES_V6_DP_PHY_VCO_DIV 0x070
#define QSERDES_V6_DP_PHY_AUX_INTERRUPT_STATUS 0x0e0
#define QSERDES_V6_DP_PHY_STATUS 0x0e4
--
2.43.2
1 year, 1 month
- 5
- 4
[PATCH RESEND] bootconfig: use memblock_free_late to free xbc memory to buddy
by qiang4.zhang@linux.intel.com
From: Qiang Zhang <qiang4.zhang(a)intel.com>
On the time to free xbc memory, memblock has handed over memory to buddy
allocator. So it doesn't make sense to free memory back to memblock.
memblock_free() called by xbc_exit() even causes UAF bugs on architectures
with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs
shows this case.
[ 9.410890] ==================================================================
[ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260
[ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1
[ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5
[ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023
[ 9.460789] Call Trace:
[ 9.463518] <TASK>
[ 9.465859] dump_stack_lvl+0x53/0x70
[ 9.469949] print_report+0xce/0x610
[ 9.473944] ? __virt_addr_valid+0xf5/0x1b0
[ 9.478619] ? memblock_isolate_range+0x12d/0x260
[ 9.483877] kasan_report+0xc6/0x100
[ 9.487870] ? memblock_isolate_range+0x12d/0x260
[ 9.493125] memblock_isolate_range+0x12d/0x260
[ 9.498187] memblock_phys_free+0xb4/0x160
[ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10
[ 9.508021] ? mutex_unlock+0x7e/0xd0
[ 9.512111] ? __pfx_mutex_unlock+0x10/0x10
[ 9.516786] ? kernel_init_freeable+0x2d4/0x430
[ 9.521850] ? __pfx_kernel_init+0x10/0x10
[ 9.526426] xbc_exit+0x17/0x70
[ 9.529935] kernel_init+0x38/0x1e0
[ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30
[ 9.538601] ret_from_fork+0x2c/0x50
[ 9.542596] ? __pfx_kernel_init+0x10/0x10
[ 9.547170] ret_from_fork_asm+0x1a/0x30
[ 9.551552] </TASK>
[ 9.555649] The buggy address belongs to the physical page:
[ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30
[ 9.570821] flags: 0x200000000000000(node=0|zone=2)
[ 9.576271] page_type: 0xffffffff()
[ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000
[ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 9.597476] page dumped because: kasan: bad access detected
[ 9.605362] Memory state around the buggy address:
[ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.634930] ^
[ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 9.654675] ==================================================================
Cc: Stable(a)vger.kernel.org
Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com>
---
lib/bootconfig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/bootconfig.c b/lib/bootconfig.c
index c59d26068a64..4524ee944df0 100644
--- a/lib/bootconfig.c
+++ b/lib/bootconfig.c
@@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_mem(size_t size)
static inline void __init xbc_free_mem(void *addr, size_t size)
{
- memblock_free(addr, size);
+ memblock_free_late(__pa(addr), size);
}
#else /* !__KERNEL__ */
--
2.39.2
1 year, 1 month
- 3
- 2
RE: [PATCH 6.8 000/143] 6.8.6-rc1 review
by Chris Rankin
The SCSI sg driver oopsed on my 6.8.4 kernel, and I noticed that a
patch (presumably) to fix this was pulled from 6.8.5. However, I also
noticed this email:
>> Reverted this patch and I couldn't see the reposted warning.
>> scsi: sg: Avoid sg device teardown race
>> [ Upstream commit 27f58c04a8f438078583041468ec60597841284d ]
>
> Fix is here:
>
> https://git.kernel.org/mkp/scsi/c/d4e655c49f47
Is this unsuitable for 6.8.6 please?
Thanks,
Chris
1 year, 1 month
- 3
- 7
[PATCH 6.8 000/399] 6.8.3-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.8.3 release.
There are 399 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.3-rc1.…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.8.3-rc1
Natanael Copa <ncopa(a)alpinelinux.org>
tools/resolve_btfids: fix build with musl libc
Kevin Loughlin <kevinloughlin(a)google.com>
x86/sev: Skip ROM range scans and validation for SEV-SNP guests
Sandipan Das <sandipan.das(a)amd.com>
perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later
Xingui Yang <yangxingui(a)huawei.com>
scsi: libsas: Fix disk not being scanned in after being removed
Xingui Yang <yangxingui(a)huawei.com>
scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
Muhammad Usama Anjum <usama.anjum(a)collabora.com>
scsi: lpfc: Correct size for wqe for memset()
Muhammad Usama Anjum <usama.anjum(a)collabora.com>
scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
usb: dwc3: pci: Drop duplicate ID
Dave Hansen <dave.hansen(a)linux.intel.com>
Revert "x86/bugs: Use fixed addressing for VERW operand"
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/bugs: Use fixed addressing for VERW operand
Hamza Mahfooz <hamza.mahfooz(a)amd.com>
drm/amd/display: fix IPX enablement
Baoquan He <bhe(a)redhat.com>
crash: use macro to add crashk_res into iomem early for specific arch
Borislav Petkov (AMD) <bp(a)alien8.de>
x86/bugs: Fix the SRSO mitigation on Zen3/4
Quinn Tran <qutran(a)marvell.com>
scsi: qla2xxx: Delay I/O Abort on PCI error
Saurav Kashyap <skashyap(a)marvell.com>
scsi: qla2xxx: Change debug message during driver unload
Saurav Kashyap <skashyap(a)marvell.com>
scsi: qla2xxx: Fix double free of fcport
Saurav Kashyap <skashyap(a)marvell.com>
scsi: qla2xxx: Fix double free of the ha->vp_map pointer
Quinn Tran <qutran(a)marvell.com>
scsi: qla2xxx: Fix command flush on cable pull
Quinn Tran <qutran(a)marvell.com>
scsi: qla2xxx: NVME|FCP prefer flag not being honored
Bikash Hazarika <bhazarika(a)marvell.com>
scsi: qla2xxx: Update manufacturer detail
Quinn Tran <qutran(a)marvell.com>
scsi: qla2xxx: Split FCE|EFT trace control
Quinn Tran <qutran(a)marvell.com>
scsi: qla2xxx: Fix N2N stuck connection
Quinn Tran <qutran(a)marvell.com>
scsi: qla2xxx: Prevent command send on chip reset
Christian A. Ehrhardt <lk(a)c--e.de>
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
Christian A. Ehrhardt <lk(a)c--e.de>
usb: typec: ucsi_acpi: Refactor and fix DELL quirk
Christian A. Ehrhardt <lk(a)c--e.de>
usb: typec: ucsi: Ack unsupported commands
Christian A. Ehrhardt <lk(a)c--e.de>
usb: typec: ucsi: Check for notifications after init
Christian A. Ehrhardt <lk(a)c--e.de>
usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
Kyle Tso <kyletso(a)google.com>
usb: typec: Return size of buffer if pd_set operation succeeds
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpm: Update PD of Type-C port upon pd_set
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpm: Correct port source pdo array in pd_set callback
Xu Yang <xu.yang_2(a)nxp.com>
usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()
Krishna Kurapati <quic_kriskura(a)quicinc.com>
usb: typec: ucsi: Fix race between typec_switch and role_switch
yuan linyu <yuanlinyu(a)hihonor.com>
usb: udc: remove warning when queue disabled ep
Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com>
usb: dwc2: gadget: LPM flow fix
Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com>
usb: dwc2: gadget: Fix exiting from clock gating
Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com>
usb: dwc2: host: Fix ISOC flow in DDMA mode
Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com>
usb: dwc2: host: Fix hibernation flow
Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com>
usb: dwc2: host: Fix remote wakeup from hibernation
Alan Stern <stern(a)rowland.harvard.edu>
USB: core: Fix deadlock in port "disable" sysfs attribute
Alan Stern <stern(a)rowland.harvard.edu>
USB: core: Add hub_get() and hub_put() routines
Alan Stern <stern(a)rowland.harvard.edu>
USB: core: Fix deadlock in usb_deauthorize_interface()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: dwc3: Properly set system wakeup
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd
Dan Carpenter <dan.carpenter(a)linaro.org>
staging: vc04_services: fix information leak in create_component()
Arnd Bergmann <arnd(a)arndb.de>
staging: vc04_services: changen strncpy() to strscpy_pad()
Guilherme G. Piccoli <gpiccoli(a)igalia.com>
scsi: core: Fix unremoved procfs host directory regression
Alexander Wetzel <Alexander(a)wetzel-home.de>
scsi: sg: Avoid sg device teardown race
Damien Le Moal <dlemoal(a)kernel.org>
scsi: sd: Fix TCG OPAL unlock on system resume
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
scsi: ufs: qcom: Provide default cycles_in_1us value
Duoming Zhou <duoming(a)zju.edu.cn>
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache()
Steven Rostedt (Google) <rostedt(a)goodmis.org>
ring-buffer: Make wake once of ring_buffer_wait() more robust
Brett Creeley <brett.creeley(a)amd.com>
vfio/pds: Make sure migration file isn't accessed after reset
Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
USB: UAS: return ENODEV when submit urbs fail with device not attached
Yongzhi Liu <hyperlyzcs(a)gmail.com>
usb: misc: ljca: Fix double free in error handling path
Oliver Neukum <oneukum(a)suse.com>
usb: cdc-wdm: close race between read and workqueue
Alexander Stein <alexander.stein(a)ew.tq-group.com>
Revert "usb: phy: generic: Get the vbus supply"
Ezra Buehler <ezra.buehler(a)husqvarnagroup.com>
mtd: spinand: Add support for 5-byte IDs
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
Roman Li <roman.li(a)amd.com>
drm/amd/display: Fix bounds check for dcn35 DcfClocks
Chris Wilson <chris(a)chris-wilson.co.uk>
drm/i915/gt: Reset queue_priority_hint on parking
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Pre-populate the cursor physical dma address
Jonathon Hall <jonathon.hall(a)puri.sm>
drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed()
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915/dsb: Fix DSB vblank waits when using VRR
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915/vrr: Generate VRR "safe window" for DSB
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/i915/vma: Fix UAF on destroy against retire race
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/i915/hwmon: Fix locking inversion in sysfs getter
Xi Liu <xi.liu(a)amd.com>
drm/amd/display: Set DCN351 BB and IP the same as DCN35
George Shen <george.shen(a)amd.com>
drm/amd/display: Remove MPC rate control logic from DCN30 and above
Johannes Weiner <hannes(a)cmpxchg.org>
drm/amdgpu: fix deadlock while reading mqd from debugfs
Eric Huang <jinhuieric.huang(a)amd.com>
drm/amdkfd: fix TLB flush after unmap for GFX9.4.2
Jocelyn Falempe <jfalempe(a)redhat.com>
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
Chris Bainbridge <chris.bainbridge(a)gmail.com>
drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/query: fix gt_id bounds check
Christian Marangi <ansuelsmth(a)gmail.com>
net: phy: qcom: at803x: fix kernel panic with at8031_probe
Herve Codina <herve.codina(a)bootlin.com>
net: wan: framer: Add missing static inline qualifiers
Claus Hansen Ries <chr(a)terma.com>
net: ll_temac: platform_get_resource replaced by wrong function
Duoming Zhou <duoming(a)zju.edu.cn>
nouveau/dmem: handle kcalloc() allocation failure
Daniel Lezcano <daniel.lezcano(a)linaro.org>
Revert "thermal: core: Don't update trip points inside the hysteresis range"
Ye Zhang <ye.zhang(a)rock-chips.com>
thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
Damien Le Moal <dlemoal(a)kernel.org>
block: Do not force full zone append completion in req_bio_endio()
Liming Sun <limings(a)nvidia.com>
sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove()
Mikko Rapeli <mikko.rapeli(a)linaro.org>
mmc: core: Avoid negative index with array access
Mikko Rapeli <mikko.rapeli(a)linaro.org>
mmc: core: Initialize mmc_blk_ioc_data
Romain Naour <romain.naour(a)skf.com>
mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode
Edward Liaw <edliaw(a)google.com>
selftests/mm: fix ARM related issue with fork after pthread_create
Edward Liaw <edliaw(a)google.com>
selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM
Johannes Weiner <hannes(a)cmpxchg.org>
mm: cachestat: fix two shmem bugs
Nathan Chancellor <nathan(a)kernel.org>
hexagon: vmlinux.lds.S: handle attributes section
Max Filippov <jcmvbkbc(a)gmail.com>
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
Thomas Zimmermann <tzimmermann(a)suse.de>
fbdev: Select I/O-memory framebuffer ops for SBus
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: cdev: sanitize the label before requesting the interrupt
Harry Wentland <harry.wentland(a)amd.com>
Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR"
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: mvm: handle debugfs names more carefully
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: don't always use FW dump trig
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: mvm: disable MLO for the time being
Johannes Berg <johannes.berg(a)intel.com>
wifi: cfg80211: add a flag to disable wireless extensions
Felix Fietkau <nbd(a)nbd.name>
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: fix use-after-free in do_zone_finish()
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: use zone aware sb location for scrub
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: don't skip block groups with 100% zone unusable
Tavian Barnes <tavianator(a)tavianator.com>
btrfs: fix race in read_extent_buffer_pages()
Anand Jain <anand.jain(a)oracle.com>
btrfs: validate device maj:min during open
Carlos Maiolino <cem(a)kernel.org>
tmpfs: fix race on handling dquot rbtree
Zev Weiss <zev(a)bewilderbeest.net>
ARM: prctl: reject PR_SET_MDWE on pre-ARMv6
Zev Weiss <zev(a)bewilderbeest.net>
prctl: generalize PR_SET_MDWE support check to be per-arch
Ard Biesheuvel <ardb(a)kernel.org>
x86/efistub: Reinstate soft limit for initrd loading
Ard Biesheuvel <ardb(a)kernel.org>
efi/libstub: Cast away type warning in use of max()
Ard Biesheuvel <ardb(a)kernel.org>
x86/efistub: Add missing boot_params for mixed mode compat entry
John Sperbeck <jsperbeck(a)google.com>
init: open /initrd.image with O_LARGEFILE
Johannes Weiner <hannes(a)cmpxchg.org>
mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion
Gergo Koteles <soyer(a)irl.hu>
ALSA: hda/tas2781: add locks to kcontrols
Gergo Koteles <soyer(a)irl.hu>
ALSA: hda/tas2781: remove digital gain kcontrol
Chris Park <chris.park(a)amd.com>
drm/amd/display: Prevent crash when disable stream
Tom Zanussi <tom.zanussi(a)linux.intel.com>
crypto: iaa - Fix nr_cpus < nr_iaa case
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Include the PLL name in the debug messages
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Replace a memset() with zero initialization
Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com>
mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530
Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com>
mfd: intel-lpss: Switch to generalized quirk table
Anand Jain <anand.jain(a)oracle.com>
btrfs: do not skip re-registration for the mounted device
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix warning messages not printing interval at unpin_extent_range()
David Sterba <dsterba(a)suse.com>
btrfs: handle errors returned from unpin_extent_cache()
Vitaly Chikunov <vt(a)altlinux.org>
selftests/mm: Fix build with _FORTIFY_SOURCE
Zoltan HERPAI <wigyori(a)uid0.hu>
pwm: img: fix pwm clock lookup
Oleksandr Tymoshenko <ovt(a)google.com>
efi: fix panic in kdump kernel
Adamos Ttofari <attofari(a)amazon.de>
x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
Thomas Gleixner <tglx(a)linutronix.de>
x86/mpparse: Register APIC address only once
KONDO KAZUMA(近藤 和真) <kazuma-kondo(a)nec.com>
efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
Biju Das <biju.das.jz(a)bp.renesas.com>
irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type
Biju Das <biju.das.jz(a)bp.renesas.com>
irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
Biju Das <biju.das.jz(a)bp.renesas.com>
irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
Biju Das <biju.das.jz(a)bp.renesas.com>
irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
John Ogness <john.ogness(a)linutronix.de>
printk: Update @console_may_schedule in console_trylock_spinning()
Nicolin Chen <nicolinc(a)nvidia.com>
iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
Will Deacon <will(a)kernel.org>
swiotlb: Fix alignment checks when both allocation and DMA masks are present
Will Deacon <will(a)kernel.org>
swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc()
Will Deacon <will(a)kernel.org>
swiotlb: Fix double-allocation of slots due to broken alignment handling
André Rösti <an.roesti(a)gmail.com>
entry: Respect changes to system call number by trace_sys_enter()
Yongqiang Liu <liuyongqiang13(a)huawei.com>
ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
Ard Biesheuvel <ardb(a)kernel.org>
ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores
Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>
clocksource/drivers/arm_global_timer: Fix maximum prescaler value
Ard Biesheuvel <ardb(a)kernel.org>
x86/sev: Fix position dependent variable references in startup code
Borislav Petkov (AMD) <bp(a)alien8.de>
x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw88: 8821cu: Fix connection failure
Linus Torvalds <torvalds(a)linux-foundation.org>
Fix memory leak in posix_clock_open()
Jiawei Wang <me(a)jwang.link>
ASoC: amd: yc: Revert "add new YC platform variant (0x63) support"
Jiawei Wang <me(a)jwang.link>
ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
Ard Biesheuvel <ardb(a)kernel.org>
x86/efistub: Call mixed mode boot services on the firmware's stack
Eric Biggers <ebiggers(a)google.com>
Revert "crypto: pkcs7 - remove sha1 support"
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject constant set with timeout
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found
Audra Mitchell <audra(a)redhat.com>
workqueue: Shorten events_freezable_power_efficient name
Wenjing Liu <wenjing.liu(a)amd.com>
drm/amd/display: Revert Remove pixle rate limit for subvp
Alvin Lee <alvin.lee2(a)amd.com>
drm/amd/display: Remove pixle rate limit for subvp
Jani Nikula <jani.nikula(a)intel.com>
drm/bridge: lt8912b: do not return negative values from .get_modes()
Jani Nikula <jani.nikula(a)intel.com>
drm/bridge: lt8912b: clear the EDID property on failures
Jani Nikula <jani.nikula(a)intel.com>
drm/bridge: lt8912b: use drm_bridge_edid_read()
Jani Nikula <jani.nikula(a)intel.com>
drm/bridge: add ->edid_read hook and drm_bridge_edid_read()
Alex Williamson <alex.williamson(a)redhat.com>
vfio/pci: Create persistent INTx handler
Alex Williamson <alex.williamson(a)redhat.com>
vfio: Introduce interface to flush virqfd inject workqueue
Qu Wenruo <wqu(a)suse.com>
btrfs: qgroup: validate btrfs_qgroup_inherit parameter
David Sterba <dsterba(a)suse.com>
btrfs: add helper to get fs_info from struct inode pointer
David Sterba <dsterba(a)suse.com>
btrfs: add helpers to get fs_info from page/folio pointers
David Sterba <dsterba(a)suse.com>
btrfs: add helpers to get inode from page/folio pointers
David Sterba <dsterba(a)suse.com>
btrfs: replace sb::s_blocksize by fs_info::sectorsize
Matthew Wilcox (Oracle) <willy(a)infradead.org>
btrfs: add set_folio_extent_mapped() helper
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Add more checks for exiting idle in DC
Aric Cyr <aric.cyr(a)amd.com>
drm/amd/display: Unify optimize_required flags and VRR adjustments
Zack Rusin <zack.rusin(a)broadcom.com>
drm/ttm: Make sure the mapped tt pages are decrypted when needed
Hector Martin <marcan(a)marcan.st>
wifi: brcmfmac: Demote vendor-specific attach/detach messages to info
Hector Martin <marcan(a)marcan.st>
wifi: brcmfmac: cfg80211: Use WSEC to set SAE password
Arend van Spriel <arend.vanspriel(a)broadcom.com>
wifi: brcmfmac: add per-vendor feature detection callback
Anton Altaparmakov <anton(a)tuxera.com>
x86/pm: Work around false positive kmemleak report in msr_build_context()
Mikulas Patocka <mpatocka(a)redhat.com>
dm snapshot: fix lockup in dm_exception_table_exit
Leo Ma <hanghong.ma(a)amd.com>
drm/amd/display: Fix noise issue on HDMI AV mute
Allen Pan <allen.pan(a)amd.com>
drm/amd/display: Add a dc_state NULL check in dc_state_release
Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com>
drm/amd/display: Return the correct HDCP error code
Wenjing Liu <wenjing.liu(a)amd.com>
drm/amd/display: Implement wait_for_odm_update_pending_complete
Wenjing Liu <wenjing.liu(a)amd.com>
drm/amd/display: Lock all enabled otg pipes even with no planes
ChunTao Tso <chuntao.tso(a)amd.com>
drm/amd/display: Amend coasting vtotal for replay low hz
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Fix idle check for shared firmware state
Wenjing Liu <wenjing.liu(a)amd.com>
drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane
Dillon Varone <dillon.varone(a)amd.com>
drm/amd/display: Init DPPCLK from SMU on dcn32
Josip Pavic <josip.pavic(a)amd.com>
drm/amd/display: Allow dirty rects to be sent to dmub when abm is active
Sohaib Nadeem <sohaib.nadeem(a)amd.com>
drm/amd/display: Override min required DCFCLK in dml1_validate
Ma Jun <Jun.Ma2(a)amd.com>
drm/amdgpu/pm: Check the validity of overdiver power limit
Ma Jun <Jun.Ma2(a)amd.com>
drm/amdgpu/pm: Fix NULL pointer dereference when get power limit
Philip Yang <Philip.Yang(a)amd.com>
drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
Swapnil Patel <swapnil.patel(a)amd.com>
drm/amd/display: Change default size for dummy plane in DML2
Conrad Kostecki <conikost(a)gentoo.org>
ahci: asm1064: asm1166: don't limit reported ports
Jason A. Donenfeld <Jason(a)zx2c4.com>
wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64}
Jason A. Donenfeld <Jason(a)zx2c4.com>
wireguard: netlink: access device through ctx instead of peer
Jason A. Donenfeld <Jason(a)zx2c4.com>
wireguard: netlink: check for dangling peer via is_dead instead of empty list
Yuli Wang <wangyuli(a)uniontech.com>
LoongArch/crypto: Clean up useless assignment operations
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Define the __io_aw() hook as mmiowb()
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Change __my_cpu_offset definition to avoid mis-optimization
David Hildenbrand <david(a)redhat.com>
virtio: reenable config if freezing device failed
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix potencial out-of-bounds when buffer offset is invalid
Alison Schofield <alison.schofield(a)intel.com>
cxl/trace: Properly initialize cxl_poison region name
Steven Rostedt (Google) <rostedt(a)goodmis.org>
net: hns3: tracing: fix hclgevf trace event strings
Steven Rostedt (Google) <rostedt(a)goodmis.org>
drm/i915: Add missing ; to __assign_str() macros in tracepoint code
Steven Rostedt (Google) <rostedt(a)goodmis.org>
NFSD: Fix nfsd_clid_class use of __string_len() macro
Dragos Tatulea <dtatulea(a)nvidia.com>
net: esp: fix bad handling of pages from page_pool
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
Borislav Petkov (AMD) <bp(a)alien8.de>
x86/CPU/AMD: Update the Zenbleed microcode revisions
Jens Axboe <axboe(a)kernel.dk>
io_uring/waitid: always remove waitid entry for cancel all
Jens Axboe <axboe(a)kernel.dk>
io_uring/futex: always remove futex entry for cancel all
Marek Szyprowski <m.szyprowski(a)samsung.com>
cpufreq: dt: always allocate zeroed cpumask
Miquel Raynal <miquel.raynal(a)bootlin.com>
mtd: rawnand: Constrain even more when continuous reads are enabled
Miquel Raynal <miquel.raynal(a)bootlin.com>
mtd: rawnand: Ensure all continuous terms are always in sync
Miquel Raynal <miquel.raynal(a)bootlin.com>
mtd: rawnand: Add a helper for calculating a page index
Miquel Raynal <miquel.raynal(a)bootlin.com>
mtd: rawnand: Fix and simplify again the continuous read derivations
Eugene Korenevsky <ekorenevsky(a)astralinux.ru>
cifs: open_cached_dir(): add FILE_READ_EA to desired access
Shyam Prasad N <sprasad(a)microsoft.com>
cifs: reduce warning log level for server not advertising interfaces
Shyam Prasad N <sprasad(a)microsoft.com>
cifs: make sure server interfaces are requested only for SMB3+
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: prevent kernel bug at submit_bh_wbc()
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
Sunmin Jeong <s_min.jeong(a)samsung.com>
f2fs: truncate page cache before clearing flags when aborting atomic write
Sunmin Jeong <s_min.jeong(a)samsung.com>
f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
Paul Moore <paul(a)paul-moore.com>
lsm: handle the NULL buffer case in lsm_fill_user_ctx()
Casey Schaufler <casey(a)schaufler-ca.com>
lsm: use 32-bit compatible data types in LSM syscalls
Bart Van Assche <bvanassche(a)acm.org>
Revert "block/mq-deadline: use correct way to throttling write requests"
Qiang Zhang <qiang4.zhang(a)intel.com>
memtest: use {READ,WRITE}_ONCE in memory scanning
Ley Foon Tan <leyfoon.tan(a)starfivetech.com>
clocksource/drivers/timer-riscv: Clear timer interrupt on timer initialization
Jani Nikula <jani.nikula(a)intel.com>
drm/vc4: hdmi: do not return negative values from .get_modes()
Jani Nikula <jani.nikula(a)intel.com>
drm/imx/ipuv3: do not return negative values from .get_modes()
Jani Nikula <jani.nikula(a)intel.com>
drm/exynos: do not return negative values from .get_modes()
Jani Nikula <jani.nikula(a)intel.com>
drm/panel: do not return negative error codes from drm_panel_get_modes()
Jani Nikula <jani.nikula(a)intel.com>
drm/probe-helper: warn about negative .get_modes()
Harald Freudenberger <freude(a)linux.ibm.com>
s390/zcrypt: fix reference counting on zcrypt card objects
Sean Anderson <sean.anderson(a)linux.dev>
soc: fsl: qbman: Use raw spinlock for cgr_lock
Sean Anderson <sean.anderson(a)linux.dev>
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
Alexander Aring <aahringo(a)redhat.com>
dlm: fix user space lkb refcounting
Steven Rostedt (Google) <rostedt(a)goodmis.org>
tracing/ring-buffer: Fix wait_on_pipe() race
Steven Rostedt (Google) <rostedt(a)goodmis.org>
ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
Steven Rostedt (Google) <rostedt(a)goodmis.org>
ring-buffer: Fix full_waiters_pending in poll
Steven Rostedt (Google) <rostedt(a)goodmis.org>
ring-buffer: Do not set shortest_full when full target is hit
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: clean rings on NO_MMAP alloc fail
Jens Axboe <axboe(a)kernel.dk>
io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
platform/x86/intel/tpmi: Change vsec offset to u64
Marios Makassikis <mmakassikis(a)freebox.fr>
ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info
Marios Makassikis <mmakassikis(a)freebox.fr>
ksmbd: replace generic_fillattr with vfs_getattr
Lino Sanfilippo <l.sanfilippo(a)kunbus.com>
tpm,tpm_tis: Avoid warning splat at shutdown
Alex Williamson <alex.williamson(a)redhat.com>
vfio/fsl-mc: Block calling interrupt handler without trigger
Alex Williamson <alex.williamson(a)redhat.com>
vfio/platform: Create persistent IRQ handlers
Alex Williamson <alex.williamson(a)redhat.com>
vfio/platform: Disable virqfds on cleanup
Alex Williamson <alex.williamson(a)redhat.com>
vfio/pci: Lock external INTx masking ops
Alex Williamson <alex.williamson(a)redhat.com>
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Frank Wunderlich <frank-w(a)public-files.de>
thermal/drivers/mediatek: Fix control buffer enablement on MT7896
Steve French <stfrench(a)microsoft.com>
cifs: allow changing password during remount
Bharath SM <bharathsm(a)microsoft.com>
cifs: prevent updating file size from server if we have a read/write lease
Michael Kelley <mhklinux(a)outlook.com>
PCI: hv: Fix ring buffer size calculation
Niklas Cassel <cassel(a)kernel.org>
PCI: dwc: endpoint: Fix advertised resizable BAR size
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: qcom: Enable BDF to SID translation properly
Nathan Chancellor <nathan(a)kernel.org>
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
Benjamin Coddington <bcodding(a)redhat.com>
NFS: Read unlock folio on nfs_page_create_from_folio() error
Josef Bacik <josef(a)toxicpanda.com>
nfs: fix UAF in direct writes
Sam Ravnborg <sam(a)ravnborg.org>
sparc32: Fix parport build with sparc32
Johan Hovold <johan+linaro(a)kernel.org>
PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: fix mshot io-wq checks
Jens Axboe <axboe(a)kernel.dk>
io_uring/net: correctly handle multishot recvmsg retry setup
Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com>
PCI/AER: Block runtime suspend when handling errors
Johannes Berg <johannes.berg(a)intel.com>
debugfs: fix wait/cancellation handling during remove
Samuel Thibault <samuel.thibault(a)ens-lyon.org>
speakup: Fix 8bit characters from direct synth
Wayne Chang <waynec(a)nvidia.com>
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
Wayne Chang <waynec(a)nvidia.com>
phy: tegra: xusb: Add API to retrieve the port number of phy
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
Jerome Brunet <jbrunet(a)baylibre.com>
nvmem: meson-efuse: fix function pointer type mismatch
Maximilian Heyne <mheyne(a)amazon.de>
ext4: fix corruption during on-line resize
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: fix io_queue_proc modifying req->flags
Josua Mayer <josua(a)solid-run.com>
hwmon: (amc6821) add of_match table
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: fix mshot read defer taskrun cqe posting
Mickaël Salaün <mic(a)digikod.net>
landlock: Warn once if a Landlock action is requested while disabled
Christian Gmeiner <cgmeiner(a)igalia.com>
drm/etnaviv: Restore some id values
Christian Marangi <ansuelsmth(a)gmail.com>
leds: trigger: netdev: Fix kernel panic on interface rename trig notify
Marcel Ziswiler <marcel.ziswiler(a)toradex.com>
Bluetooth: btnxpuart: Fix btnxpuart_close
Dominique Martinet <dominique.martinet(a)atmark-techno.com>
mmc: core: Fix switch on gp3 partition
Ryan Roberts <ryan.roberts(a)arm.com>
mm: swap: fix race between free_swap_and_cache() and swapoff()
Fedor Pchelkin <pchelkin(a)ispras.ru>
mac802154: fix llsec key resources release in mac802154_llsec_key_del
Tony Battersby <tonyb(a)cybernetics.com>
block: Fix page refcounts for unaligned buffers in __bio_release_pages()
Nathan Chancellor <nathan(a)kernel.org>
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
Yu Kuai <yukuai3(a)huawei.com>
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Yu Kuai <yukuai3(a)huawei.com>
dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape
Yu Kuai <yukuai3(a)huawei.com>
dm-raid: add a new helper prepare_suspend() in md_personality
Yu Kuai <yukuai3(a)huawei.com>
md/dm-raid: don't call md_reap_sync_thread() directly
Yu Kuai <yukuai3(a)huawei.com>
dm-raid: really frozen sync_thread during suspend
Yu Kuai <yukuai3(a)huawei.com>
md: add a new helper reshape_interrupted()
Yu Kuai <yukuai3(a)huawei.com>
md: export helper md_is_rdwr()
Yu Kuai <yukuai3(a)huawei.com>
md: export helpers to stop sync_thread
Yu Kuai <yukuai3(a)huawei.com>
md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume
Song Liu <song(a)kernel.org>
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
Jarred White <jarredwhite(a)linux.microsoft.com>
ACPI: CPPC: Use access_width over bit_width for system memory accesses
Paul Menzel <pmenzel(a)molgen.mpg.de>
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PCI/PM: Drain runtime-idle callbacks before driver removal
Akira Yokosawa <akiyks(a)gmail.com>
docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than htmldocs
Nick Morrow <morrownr(a)gmail.com>
wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
Qu Wenruo <wqu(a)suse.com>
btrfs: qgroup: always free reserved space for extent records
Peter Collingbourne <pcc(a)google.com>
serial: Lock console when calling into driver before registration
Jonas Gorski <jonas.gorski(a)gmail.com>
serial: core: only stop transmit when HW fifo is empty
Roger Quadros <rogerq(a)kernel.org>
usb: dwc3-am62: Disable wakeup at remove
Roger Quadros <rogerq(a)kernel.org>
usb: dwc3-am62: fix module unload/reload behavior
Jameson Thies <jthies(a)google.com>
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
Miklos Szeredi <mszeredi(a)redhat.com>
fuse: don't unhash root
Miklos Szeredi <mszeredi(a)redhat.com>
fuse: fix root lookup with nonzero generation
Miklos Szeredi <mszeredi(a)redhat.com>
fuse: replace remaining make_bad_inode() with fuse_make_bad()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
mmc: tmio: avoid concurrent runs of mmc_request_done()
Qingliang Li <qingliang.li(a)mediatek.com>
PM: sleep: wakeirq: fix wake irq warning in system suspend
Toru Katagiri <Toru.Katagiri(a)tdk.com>
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
Aurélien Jacobs <aurel(a)gnuage.org>
USB: serial: option: add MeiG Smart SLM320 product
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: track capability/opmode NSS separately
Christian Häggström <christian.haggstrom(a)orexplore.com>
USB: serial: cp210x: add ID for MGP Instruments PDS100
Cameron Williams <cang1(a)live.co.uk>
USB: serial: add device ID for VeriFone adapter
Daniel Vogelbacher <daniel(a)chaospixel.com>
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
Michael Ellerman <mpe(a)ellerman.id.au>
powerpc/fsl: Fix mfpmr build errors with newer binutils
Prashanth K <quic_prashk(a)quicinc.com>
usb: xhci: Add error handling in xhci_map_urb_for_dma
Gabor Juhos <j4g8y7(a)gmail.com>
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7(a)gmail.com>
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7(a)gmail.com>
clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7(a)gmail.com>
clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7(a)gmail.com>
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7(a)gmail.com>
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7(a)gmail.com>
clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays
Brett Creeley <brett.creeley(a)amd.com>
vfio/pds: Always clear the save/restore FDs on reset
Maulik Shah <quic_mkshah(a)quicinc.com>
PM: suspend: Set mem_sleep_current during kernel command line setup
Shivnandan Kumar <quic_kshivnan(a)quicinc.com>
cpufreq: Limit resolving a frequency to policy min/max
Akira Yokosawa <akiyks(a)gmail.com>
docs: Restore "smart quotes" for quotes
Quentin Schulz <quentin.schulz(a)theobroma-systems.com>
iio: adc: rockchip_saradc: use mask for write_enable bitfield
Quentin Schulz <quentin.schulz(a)theobroma-systems.com>
iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2
Gui-Dong Han <2045gemini(a)gmail.com>
md/raid5: fix atomicity violation in raid5_cache_count
Guenter Roeck <linux(a)roeck-us.net>
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
Guenter Roeck <linux(a)roeck-us.net>
parisc: Fix csum_ipv6_magic on 64-bit systems
Guenter Roeck <linux(a)roeck-us.net>
parisc: Fix csum_ipv6_magic on 32-bit systems
Guenter Roeck <linux(a)roeck-us.net>
parisc: Fix ip_fast_csum
John David Anglin <dave.anglin(a)bell.net>
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
Guenter Roeck <linux(a)roeck-us.net>
parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd()
Breno Leitao <leitao(a)debian.org>
x86/nmi: Fix the inverse "in NMI handler" check
Heming Zhao <heming.zhao(a)suse.com>
md/md-bitmap: fix incorrect usage for sb_index
Arseniy Krasnov <avkrasnov(a)salutedevices.com>
mtd: rawnand: meson: fix scrambling mode value in command macro
Zhihao Cheng <chengzhihao1(a)huawei.com>
ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
Zhang Yi <yi.zhang(a)huawei.com>
ubi: correct the calculation of fastmap size
Richard Weinberger <richard(a)nod.at>
ubi: Check for too small LEB size in VTBL code
Matthew Wilcox (Oracle) <willy(a)infradead.org>
ubifs: Set page uptodate in the correct place
Alexander Sverdlin <alexander.sverdlin(a)siemens.com>
mfd: twl: Select MFD_CORE
Bernd Schubert <bschubert(a)ddn.com>
fuse: fix VM_MAYSHARE and direct_io_allow_mmap
Jan Kara <jack(a)suse.cz>
fat: fix uninitialized field in nostale filehandles
Matthew Wilcox (Oracle) <willy(a)infradead.org>
bounds: support non-power-of-two CONFIG_NR_CPUS
Arnd Bergmann <arnd(a)arndb.de>
kasan/test: avoid gcc warning for intentional overflow
Damien Le Moal <dlemoal(a)kernel.org>
block: Clear zone limits for a non-zoned stacked queue
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects'
Baokun Li <libaokun1(a)huawei.com>
ext4: correct best extent lstart adjustment logic
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name
SeongJae Park <sj(a)kernel.org>
selftests/mqueue: Set timeout to 180 seconds
Damian Muszynski <damian.muszynski(a)intel.com>
crypto: qat - resolve race condition during AER recovery
Damian Muszynski <damian.muszynski(a)intel.com>
crypto: qat - change SLAs cleanup flow at shutdown
Randy Dunlap <rdunlap(a)infradead.org>
sparc: vDSO: fix return value of __setup handler
Randy Dunlap <rdunlap(a)infradead.org>
sparc64: NMI watchdog: fix return value of __setup handler
Michael Ellerman <mpe(a)ellerman.id.au>
powerpc/smp: Increase nr_cpu_ids to include the boot CPU
Michael Ellerman <mpe(a)ellerman.id.au>
powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core
Zhang Rui <rui.zhang(a)intel.com>
powercap: intel_rapl_tpmi: Fix System Domain probing
Zhang Rui <rui.zhang(a)intel.com>
powercap: intel_rapl_tpmi: Fix a register bug
Zhang Rui <rui.zhang(a)intel.com>
powercap: intel_rapl: Fix locking in TPMI RAPL
Zhang Rui <rui.zhang(a)intel.com>
powercap: intel_rapl: Fix a NULL pointer dereference
Zhang Rui <rui.zhang(a)intel.com>
thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature
Tor Vic <torvic9(a)mailbox.org>
cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf()
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping
Sean Christopherson <seanjc(a)google.com>
KVM: Always flush async #PF workqueue when vCPU is being destroyed
Li Lingfeng <lilingfeng3(a)huawei.com>
md: use RCU lock to protect traversal in md_spares_need_change()
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: mc: Expand MUST_CONNECT flag to always require an enabled link
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: mc: Rename pad variable to clarify intent
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: mc: Add num_links flag to media_pad
Marek Vasut <marex(a)denx.de>
media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: mc: Fix flags handling when creating pad links
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: mc: Add local pad to pipeline regardless of the link state
Gui-Dong Han <2045gemini(a)gmail.com>
media: xc4000: Fix atomicity violation in xc4000_get_frequency
Philipp Stanner <pstanner(a)redhat.com>
pci_iounmap(): Fix MMIO mapping leak
Zack Rusin <zack.rusin(a)broadcom.com>
drm/vmwgfx: Fix the lifetime of the bo cursor memory
Hugo Villeneuve <hvilleneuve(a)dimonoff.com>
serial: max310x: fix NULL pointer dereference in I2C instantiation
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones
Zack Rusin <zack.rusin(a)broadcom.com>
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
Duje Mihanović <duje.mihanovic(a)skole.hr>
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
Roberto Sassu <roberto.sassu(a)huawei.com>
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
Roberto Sassu <roberto.sassu(a)huawei.com>
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
Joakim Zhang <joakim.zhang(a)cixtech.com>
remoteproc: virtio: Fix wdg cannot recovery remote processor
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
arm64: dts: qcom: sc7280: Add additional MSI interrupts
Hidenori Kobayashi <hidenorik(a)chromium.org>
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
Arend van Spriel <arend.vanspriel(a)broadcom.com>
wifi: brcmfmac: avoid invalid list operation when vendor attach fails
Zheng Wang <zyytlz.wz(a)163.com>
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
Zack Rusin <zack.rusin(a)broadcom.com>
drm/vmwgfx: Unmap the surface before resetting it on a plane state
-------------
Diffstat:
Documentation/Makefile | 4 +-
Documentation/admin-guide/kernel-parameters.txt | 4 +-
Documentation/arch/x86/amd-memory-encryption.rst | 16 +-
Documentation/conf.py | 6 +-
.../userspace-api/media/mediactl/media-types.rst | 11 +-
Makefile | 4 +-
arch/arm/Kconfig | 4 +-
arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 +-
arch/arm/include/asm/mman.h | 14 ++
arch/arm/kernel/Makefile | 2 -
arch/arm/kernel/iwmmxt.S | 51 ++--
arch/arm/kernel/pj4-cp0.c | 135 -----------
arch/arm/mm/flush.c | 3 +
arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +-
arch/arm64/boot/dts/qcom/sm8450-hdk.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/hexagon/kernel/vmlinux.lds.S | 1 +
arch/loongarch/crypto/crc32-loongarch.c | 2 -
arch/loongarch/include/asm/Kbuild | 1 +
arch/loongarch/include/asm/io.h | 2 +
arch/loongarch/include/asm/percpu.h | 7 +-
arch/loongarch/include/asm/qspinlock.h | 18 --
arch/parisc/include/asm/assembly.h | 18 +-
arch/parisc/include/asm/checksum.h | 10 +-
arch/parisc/include/asm/mman.h | 14 ++
arch/parisc/kernel/unaligned.c | 27 +--
arch/powerpc/include/asm/reg_fsl_emb.h | 11 +-
arch/powerpc/kernel/prom.c | 12 +
arch/powerpc/lib/Makefile | 2 +-
arch/sparc/include/asm/parport.h | 259 +--------------------
arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++
arch/sparc/kernel/nmi.c | 2 +-
arch/sparc/vdso/vma.c | 7 +-
arch/x86/Kconfig | 13 --
arch/x86/boot/compressed/efi_mixed.S | 29 ++-
arch/x86/coco/core.c | 7 +-
arch/x86/events/amd/core.c | 20 +-
arch/x86/include/asm/asm-prototypes.h | 1 +
arch/x86/include/asm/asm.h | 14 ++
arch/x86/include/asm/coco.h | 8 +-
arch/x86/include/asm/crash_core.h | 2 +
arch/x86/include/asm/mem_encrypt.h | 15 +-
arch/x86/include/asm/nospec-branch.h | 21 +-
arch/x86/include/asm/sev.h | 4 +-
arch/x86/include/asm/suspend_32.h | 10 +-
arch/x86/include/asm/x86_init.h | 3 +-
arch/x86/kernel/cpu/amd.c | 10 +-
arch/x86/kernel/eisa.c | 3 +-
arch/x86/kernel/fpu/xstate.c | 5 +-
arch/x86/kernel/fpu/xstate.h | 14 +-
arch/x86/kernel/kprobes/core.c | 11 +-
arch/x86/kernel/mpparse.c | 10 +-
arch/x86/kernel/nmi.c | 2 +-
arch/x86/kernel/probe_roms.c | 10 -
arch/x86/kernel/setup.c | 3 +-
arch/x86/kernel/sev-shared.c | 12 +-
arch/x86/kernel/sev.c | 31 ++-
arch/x86/kernel/x86_init.c | 2 +
arch/x86/kvm/lapic.c | 5 +-
arch/x86/kvm/xen.c | 2 +-
arch/x86/kvm/xen.h | 18 ++
arch/x86/lib/retpoline.S | 11 +-
arch/x86/mm/mem_encrypt_amd.c | 18 ++
arch/x86/mm/mem_encrypt_identity.c | 38 ++-
block/bio.c | 7 +-
block/blk-mq.c | 9 +-
block/blk-settings.c | 4 +
block/mq-deadline.c | 3 +-
crypto/asymmetric_keys/mscode_parser.c | 3 +
crypto/asymmetric_keys/pkcs7_parser.c | 4 +
crypto/asymmetric_keys/public_key.c | 3 +-
crypto/asymmetric_keys/signature.c | 2 +-
crypto/asymmetric_keys/x509_cert_parser.c | 8 +
crypto/testmgr.h | 80 +++++++
drivers/accessibility/speakup/synth.c | 4 +-
drivers/acpi/cppc_acpi.c | 31 ++-
drivers/ata/ahci.c | 13 --
drivers/ata/libata-eh.c | 5 +-
drivers/ata/libata-scsi.c | 9 +
drivers/base/power/wakeirq.c | 4 +-
drivers/bluetooth/btnxpuart.c | 3 +
drivers/char/tpm/tpm_tis_core.c | 3 +-
drivers/clk/qcom/camcc-sc8280xp.c | 21 ++
drivers/clk/qcom/gcc-ipq5018.c | 3 +
drivers/clk/qcom/gcc-ipq6018.c | 2 +
drivers/clk/qcom/gcc-ipq8074.c | 2 +
drivers/clk/qcom/gcc-ipq9574.c | 1 +
drivers/clk/qcom/gcc-sdm845.c | 1 +
drivers/clk/qcom/mmcc-apq8084.c | 2 +
drivers/clk/qcom/mmcc-msm8974.c | 2 +
drivers/clocksource/arm_global_timer.c | 2 +-
drivers/clocksource/timer-riscv.c | 3 +
drivers/cpufreq/amd-pstate.c | 2 +-
drivers/cpufreq/cpufreq-dt.c | 2 +-
drivers/crypto/intel/iaa/iaa_crypto_main.c | 10 +-
drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 +-
drivers/crypto/intel/qat/qat_common/adf_rl.c | 20 +-
drivers/cxl/core/trace.h | 14 +-
drivers/firmware/efi/efi.c | 2 +
drivers/firmware/efi/libstub/randomalloc.c | 2 +-
drivers/firmware/efi/libstub/x86-stub.c | 1 +
drivers/gpio/gpiolib-cdev.c | 38 ++-
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 ++--
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 34 +--
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 8 +-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.h | 2 +-
.../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 ++
.../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 2 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 127 ++++++++--
drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 +-
drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 18 ++
drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 +
drivers/gpu/drm/amd/display/dc/dc.h | 2 +-
drivers/gpu/drm/amd/display/dc/dc_stream.h | 2 -
drivers/gpu/drm/amd/display/dc/dc_types.h | 4 +-
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c | 1 +
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c | 14 ++
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h | 2 +
drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c | 1 +
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.c | 54 +++--
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.h | 14 +-
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_mpc.c | 5 +-
.../amd/display/dc/dcn32/dcn32_resource_helpers.c | 6 +
.../amd/display/dc/dml2/dml2_translation_helper.c | 24 +-
drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 28 ++-
drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 3 +
.../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +-
.../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 53 ++---
.../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 12 +-
.../drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 41 ----
.../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 71 +++---
.../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h | 2 +
.../gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c | 2 +-
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 41 ----
drivers/gpu/drm/amd/display/dc/inc/hw/opp.h | 3 +
.../drm/amd/display/dc/inc/hw/timing_generator.h | 1 +
drivers/gpu/drm/amd/display/dc/inc/link.h | 4 +-
.../dc/link/protocols/link_edp_panel_control.c | 4 +-
.../dc/link/protocols/link_edp_panel_control.h | 4 +-
.../gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h | 3 +-
.../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 8 +
.../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h | 1 +
.../amd/display/dc/resource/dcn32/dcn32_resource.c | 3 +
.../amd/display/dc/resource/dcn32/dcn32_resource.h | 3 +
.../display/dc/resource/dcn321/dcn321_resource.c | 2 +
drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 8 +
.../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 +
.../amd/display/modules/info_packet/info_packet.c | 13 +-
.../drm/amd/display/modules/power/power_helpers.c | 2 +-
.../drm/amd/display/modules/power/power_helpers.h | 2 +-
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 19 +-
drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 19 +-
.../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 31 +--
.../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 18 +-
.../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 18 +-
drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 +-
drivers/gpu/drm/display/drm_dp_helper.c | 7 +
drivers/gpu/drm/drm_bridge.c | 46 +++-
drivers/gpu/drm/drm_panel.c | 17 +-
drivers/gpu/drm/drm_probe_helper.c | 7 +
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +-
drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 +
drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +-
drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +-
drivers/gpu/drm/i915/display/icl_dsi.c | 3 +-
drivers/gpu/drm/i915/display/intel_bios.c | 46 +++-
drivers/gpu/drm/i915/display/intel_cursor.c | 4 +-
drivers/gpu/drm/i915/display/intel_display_trace.h | 6 +-
drivers/gpu/drm/i915/display/intel_display_types.h | 1 +
drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 76 +++---
drivers/gpu/drm/i915/display/intel_dpll_mgr.h | 4 +
drivers/gpu/drm/i915/display/intel_dsb.c | 14 ++
drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 +
drivers/gpu/drm/i915/display/intel_vrr.c | 7 +-
drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 -
.../gpu/drm/i915/gt/intel_execlists_submission.c | 3 +
drivers/gpu/drm/i915/i915_hwmon.c | 37 +--
drivers/gpu/drm/i915/i915_reg.h | 2 +-
drivers/gpu/drm/i915/i915_vma.c | 50 +++-
drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 +-
drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/gpu/drm/ttm/ttm_tt.c | 13 ++
drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +-
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +-
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 +-
drivers/gpu/drm/xe/xe_query.c | 2 +-
drivers/hwmon/amc6821.c | 11 +
drivers/iio/adc/rockchip_saradc.c | 6 +-
drivers/iommu/dma-iommu.c | 9 +
drivers/irqchip/irq-renesas-rzg2l.c | 67 ++++--
drivers/leds/trigger/ledtrig-netdev.c | 4 +-
drivers/md/dm-raid.c | 93 ++++++--
drivers/md/dm-snap.c | 4 +-
drivers/md/md-bitmap.c | 9 +-
drivers/md/md.c | 82 +++++--
drivers/md/md.h | 38 ++-
drivers/md/raid5.c | 58 ++++-
drivers/media/mc/mc-entity.c | 93 ++++++--
.../platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 +-
drivers/media/tuners/xc4000.c | 4 +-
drivers/mfd/Kconfig | 1 +
drivers/mfd/intel-lpss-pci.c | 28 ++-
drivers/mfd/intel-lpss.c | 9 +-
drivers/mfd/intel-lpss.h | 14 +-
drivers/mmc/core/block.c | 14 +-
drivers/mmc/host/sdhci-of-dwcmshc.c | 28 ++-
drivers/mmc/host/sdhci-omap.c | 3 +
drivers/mmc/host/tmio_mmc_core.c | 2 +
drivers/mtd/nand/raw/meson_nand.c | 2 +-
drivers/mtd/nand/raw/nand_base.c | 87 ++++---
drivers/mtd/ubi/fastmap.c | 7 +-
drivers/mtd/ubi/vtbl.c | 6 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +-
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/phy/at803x.c | 4 +-
drivers/net/wireguard/netlink.c | 10 +-
.../broadcom/brcm80211/brcmfmac/bca/core.c | 15 +-
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 60 ++---
.../broadcom/brcm80211/brcmfmac/cfg80211.h | 2 +
.../broadcom/brcm80211/brcmfmac/cyw/core.c | 33 ++-
.../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 +
.../wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 +
.../broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 39 ++--
.../broadcom/brcm80211/brcmfmac/wcc/core.c | 16 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +-
.../net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 11 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +-
drivers/net/wireless/realtek/rtw88/mac.c | 7 +
drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 46 ++--
drivers/nvmem/meson-efuse.c | 25 +-
drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +-
drivers/pci/controller/dwc/pcie-qcom.c | 41 +++-
drivers/pci/controller/pci-hyperv.c | 3 +-
drivers/pci/pci-driver.c | 7 +
drivers/pci/pcie/err.c | 20 ++
drivers/pci/quirks.c | 2 +
drivers/phy/tegra/xusb.c | 13 ++
drivers/pinctrl/pinctrl-amd.c | 2 +-
drivers/pinctrl/qcom/Kconfig | 2 +-
drivers/platform/x86/intel/tpmi.c | 9 +-
drivers/powercap/intel_rapl_common.c | 34 ++-
drivers/powercap/intel_rapl_msr.c | 8 +-
drivers/powercap/intel_rapl_tpmi.c | 15 ++
drivers/pwm/pwm-img.c | 4 +-
drivers/remoteproc/remoteproc_virtio.c | 6 +-
drivers/s390/crypto/zcrypt_api.c | 2 +
drivers/scsi/hosts.c | 7 +-
drivers/scsi/libsas/sas_expander.c | 51 ++--
drivers/scsi/lpfc/lpfc_bsg.c | 4 +-
drivers/scsi/lpfc/lpfc_nvmet.c | 2 +-
drivers/scsi/qla2xxx/qla_attr.c | 14 +-
drivers/scsi/qla2xxx/qla_def.h | 2 +-
drivers/scsi/qla2xxx/qla_gbl.h | 2 +-
drivers/scsi/qla2xxx/qla_init.c | 128 +++++-----
drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++--
drivers/scsi/qla2xxx/qla_mbx.c | 2 +-
drivers/scsi/qla2xxx/qla_os.c | 3 +-
drivers/scsi/qla2xxx/qla_target.c | 10 +
drivers/scsi/scsi_scan.c | 34 +++
drivers/scsi/sd.c | 23 +-
drivers/scsi/sg.c | 4 +-
drivers/slimbus/core.c | 4 +-
drivers/soc/fsl/qbman/qman.c | 25 +-
drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +-
.../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +-
drivers/thermal/devfreq_cooling.c | 2 +-
.../int340x_thermal/processor_thermal_device.c | 8 +-
.../intel/int340x_thermal/processor_thermal_rapl.c | 8 +-
drivers/thermal/intel/intel_tcc.c | 12 +-
drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 +-
drivers/thermal/mediatek/auxadc_thermal.c | 3 +
drivers/thermal/thermal_trip.c | 19 +-
drivers/tty/serial/8250/8250_port.c | 6 -
drivers/tty/serial/max310x.c | 7 +-
drivers/tty/serial/serial_core.c | 12 +
drivers/ufs/host/ufs-qcom.c | 6 +-
drivers/usb/class/cdc-wdm.c | 6 +-
drivers/usb/core/hub.c | 23 +-
drivers/usb/core/hub.h | 2 +
drivers/usb/core/port.c | 38 ++-
drivers/usb/core/sysfs.c | 16 +-
drivers/usb/dwc2/core.h | 14 ++
drivers/usb/dwc2/core_intr.c | 72 ++++--
drivers/usb/dwc2/gadget.c | 10 +
drivers/usb/dwc2/hcd.c | 49 +++-
drivers/usb/dwc2/hcd_ddma.c | 17 +-
drivers/usb/dwc2/hw.h | 2 +-
drivers/usb/dwc2/platform.c | 2 +-
drivers/usb/dwc3/core.c | 2 +
drivers/usb/dwc3/core.h | 2 +
drivers/usb/dwc3/dwc3-am62.c | 13 +-
drivers/usb/dwc3/dwc3-pci.c | 2 -
drivers/usb/dwc3/gadget.c | 10 +
drivers/usb/dwc3/host.c | 11 +
drivers/usb/gadget/udc/core.c | 4 +-
drivers/usb/gadget/udc/tegra-xudc.c | 39 ++--
drivers/usb/host/xhci.c | 2 +
drivers/usb/misc/usb-ljca.c | 22 +-
drivers/usb/phy/phy-generic.c | 7 -
drivers/usb/serial/cp210x.c | 4 +
drivers/usb/serial/ftdi_sio.c | 2 +
drivers/usb/serial/ftdi_sio_ids.h | 6 +
drivers/usb/serial/option.c | 6 +
drivers/usb/storage/uas.c | 28 ++-
drivers/usb/typec/class.c | 7 +-
drivers/usb/typec/tcpm/tcpm.c | 6 +-
drivers/usb/typec/ucsi/ucsi.c | 56 ++++-
drivers/usb/typec/ucsi/ucsi.h | 4 +-
drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++---
drivers/usb/typec/ucsi/ucsi_glink.c | 14 ++
drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +-
drivers/vfio/pci/pds/lm.c | 13 ++
drivers/vfio/pci/pds/lm.h | 1 +
drivers/vfio/pci/pds/vfio_dev.c | 4 +-
drivers/vfio/pci/vfio_pci_intrs.c | 180 ++++++++------
drivers/vfio/platform/vfio_platform_irq.c | 105 ++++++---
drivers/vfio/virqfd.c | 21 ++
drivers/video/fbdev/Kconfig | 3 +
drivers/virtio/virtio.c | 4 +-
fs/btrfs/block-group.c | 3 +-
fs/btrfs/compression.c | 8 +-
fs/btrfs/defrag.c | 4 +-
fs/btrfs/disk-io.c | 13 +-
fs/btrfs/export.c | 2 +-
fs/btrfs/extent_io.c | 61 +++--
fs/btrfs/extent_io.h | 1 +
fs/btrfs/extent_map.c | 16 +-
fs/btrfs/file.c | 14 +-
fs/btrfs/free-space-cache.c | 2 +-
fs/btrfs/fs.h | 11 +
fs/btrfs/inode.c | 54 +++--
fs/btrfs/ioctl.c | 58 ++---
fs/btrfs/lzo.c | 4 +-
fs/btrfs/props.c | 2 +-
fs/btrfs/qgroup.c | 61 ++++-
fs/btrfs/qgroup.h | 3 +
fs/btrfs/reflink.c | 12 +-
fs/btrfs/relocation.c | 2 +-
fs/btrfs/scrub.c | 12 +-
fs/btrfs/send.c | 2 +-
fs/btrfs/super.c | 2 +-
fs/btrfs/volumes.c | 69 +++++-
fs/btrfs/zoned.c | 14 +-
fs/debugfs/inode.c | 25 +-
fs/dlm/user.c | 10 +-
fs/exec.c | 1 +
fs/ext4/mballoc.c | 17 +-
fs/ext4/resize.c | 3 +-
fs/f2fs/f2fs.h | 1 +
fs/f2fs/segment.c | 4 +-
fs/fat/nfs.c | 6 +
fs/fuse/dir.c | 6 +-
fs/fuse/file.c | 8 +-
fs/fuse/fuse_i.h | 1 -
fs/fuse/inode.c | 7 +-
fs/nfs/direct.c | 11 +-
fs/nfs/read.c | 2 +
fs/nfs/write.c | 2 +-
fs/nfsd/trace.h | 2 +-
fs/nilfs2/btree.c | 9 +-
fs/nilfs2/direct.c | 9 +-
fs/nilfs2/inode.c | 2 +-
fs/smb/client/cached_dir.c | 3 +-
fs/smb/client/cifs_debug.c | 2 +
fs/smb/client/cifsglob.h | 4 +
fs/smb/client/cifsproto.h | 6 +-
fs/smb/client/connect.c | 6 +-
fs/smb/client/file.c | 8 +-
fs/smb/client/fs_context.c | 27 ++-
fs/smb/client/inode.c | 13 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/sess.c | 4 +-
fs/smb/client/smb2ops.c | 2 +
fs/smb/client/smb2pdu.c | 10 +-
fs/smb/server/smb2misc.c | 26 ++-
fs/smb/server/smb2pdu.c | 228 +++++++++++-------
fs/smb/server/smb_common.c | 11 +-
fs/smb/server/vfs.c | 12 +-
fs/ubifs/dir.c | 2 +
fs/ubifs/file.c | 13 +-
include/drm/drm_bridge.h | 33 +++
include/drm/drm_modeset_helper_vtables.h | 3 +-
include/drm/ttm/ttm_tt.h | 9 +-
include/linux/cpufreq.h | 15 +-
include/linux/framer/framer.h | 4 +-
include/linux/intel_rapl.h | 6 +
include/linux/intel_tcc.h | 2 +-
include/linux/interrupt.h | 3 +
include/linux/libata.h | 1 +
include/linux/lsm_hook_defs.h | 4 +-
include/linux/mman.h | 8 +
include/linux/mtd/spinand.h | 2 +-
include/linux/nfs_fs.h | 1 +
include/linux/oid_registry.h | 4 +
include/linux/phy/tegra/xusb.h | 1 +
include/linux/ring_buffer.h | 4 +-
include/linux/security.h | 8 +-
include/linux/serial_core.h | 3 +-
include/linux/skbuff.h | 10 +
include/linux/syscalls.h | 6 +-
include/linux/trace_events.h | 5 +-
include/linux/vfio.h | 2 +
include/media/media-entity.h | 2 +
include/net/cfg80211.h | 2 +
include/net/cfg802154.h | 1 +
include/scsi/scsi_driver.h | 1 +
include/scsi/scsi_host.h | 1 +
include/uapi/linux/btrfs.h | 1 +
init/initramfs.c | 2 +-
io_uring/futex.c | 1 +
io_uring/io_uring.c | 5 +-
io_uring/net.c | 5 +-
io_uring/poll.c | 19 +-
io_uring/rw.c | 4 +
io_uring/waitid.c | 7 +-
kernel/bounds.c | 2 +-
kernel/crash_core.c | 8 +
kernel/dma/swiotlb.c | 37 +--
kernel/entry/common.c | 8 +-
kernel/irq/manage.c | 9 +-
kernel/module/Kconfig | 5 +
kernel/power/suspend.c | 1 +
kernel/printk/printk.c | 27 ++-
kernel/sys.c | 7 +-
kernel/time/posix-clock.c | 16 +-
kernel/trace/ring_buffer.c | 161 ++++++++-----
kernel/trace/trace.c | 43 +++-
kernel/workqueue.c | 2 +-
lib/pci_iomap.c | 2 +-
mm/filemap.c | 16 ++
mm/kasan/kasan_test.c | 3 +-
mm/memtest.c | 4 +-
mm/shmem_quota.c | 10 +-
mm/swapfile.c | 13 +-
mm/zswap.c | 8 +
net/bluetooth/hci_core.c | 6 +-
net/bluetooth/hci_sync.c | 5 +-
net/ipv4/esp4.c | 8 +-
net/ipv6/esp6.c | 8 +-
net/mac80211/cfg.c | 7 +-
net/mac80211/ieee80211_i.h | 2 +-
net/mac80211/rate.c | 2 +-
net/mac80211/sta_info.h | 6 +-
net/mac80211/vht.c | 46 ++--
net/mac802154/llsec.c | 18 +-
net/netfilter/nf_tables_api.c | 3 +
net/wireless/wext-core.c | 7 +-
scripts/Makefile.extrawarn | 2 +
security/apparmor/lsm.c | 4 +-
security/landlock/syscalls.c | 18 +-
security/lsm_syscalls.c | 10 +-
security/security.c | 20 +-
security/selinux/hooks.c | 4 +-
security/smack/smack_lsm.c | 16 +-
sound/pci/hda/tas2781_hda_i2c.c | 83 ++++---
sound/sh/aica.c | 17 +-
sound/soc/amd/yc/acp6x-mach.c | 7 -
sound/soc/amd/yc/pci-acp6x.c | 1 -
tools/include/linux/btf_ids.h | 2 +
tools/testing/selftests/lsm/common.h | 6 +-
.../testing/selftests/lsm/lsm_get_self_attr_test.c | 10 +-
.../testing/selftests/lsm/lsm_list_modules_test.c | 8 +-
.../testing/selftests/lsm/lsm_set_self_attr_test.c | 6 +-
tools/testing/selftests/mm/gup_test.c | 2 +-
tools/testing/selftests/mm/soft-dirty.c | 2 +-
tools/testing/selftests/mm/split_huge_page_test.c | 2 +-
tools/testing/selftests/mm/uffd-common.c | 3 +
tools/testing/selftests/mm/uffd-common.h | 2 +
tools/testing/selftests/mm/uffd-unit-tests.c | 13 +-
tools/testing/selftests/mqueue/setting | 1 +
.../selftests/wireguard/qemu/arch/riscv32.config | 1 +
.../selftests/wireguard/qemu/arch/riscv64.config | 1 +
virt/kvm/async_pf.c | 31 ++-
482 files changed, 4826 insertions(+), 2566 deletions(-)
1 year, 1 month
- 19
- 425
[PATCH v3 2/2] PCI: of: Attach created of_node to existing device
by Herve Codina
The commit 407d1a51921e ("PCI: Create device tree node for bridge")
creates of_node for PCI devices.
During the insertion handling of these new DT nodes done by of_platform,
new devices (struct device) are created. For each PCI devices a struct
device is already present (created and handled by the PCI core).
Having a second struct device to represent the exact same PCI device is
not correct.
On the of_node creation:
- tell the of_platform that there is no need to create a device for this
node (OF_POPULATED flag),
- link this newly created of_node to the already present device,
- tell fwnode that the device attached to this of_node is ready using
fwnode_dev_initialized().
With this fix, the of_node are available in the sysfs device tree:
/sys/devices/platform/soc/d0070000.pcie/
+ of_node -> .../devicetree/base/soc/pcie@d0070000
+ pci0000:00
+ 0000:00:00.0
+ of_node -> .../devicetree/base/soc/pcie@d0070000/pci@0,0
+ 0000:01:00.0
+ of_node -> .../devicetree/base/soc/pcie@d0070000/pci@0,0/dev@0,0
On the of_node removal, revert the operations.
Fixes: 407d1a51921e ("PCI: Create device tree node for bridge")
Cc: stable(a)vger.kernel.org
Signed-off-by: Herve Codina <herve.codina(a)bootlin.com>
---
drivers/pci/of.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/of.c b/drivers/pci/of.c
index 51e3dd0ea5ab..5afd2731e876 100644
--- a/drivers/pci/of.c
+++ b/drivers/pci/of.c
@@ -615,7 +615,8 @@ void of_pci_remove_node(struct pci_dev *pdev)
np = pci_device_to_OF_node(pdev);
if (!np || !of_node_check_flag(np, OF_DYNAMIC))
return;
- pdev->dev.of_node = NULL;
+
+ device_remove_of_node(&pdev->dev);
of_changeset_revert(np->data);
of_changeset_destroy(np->data);
@@ -668,12 +669,22 @@ void of_pci_make_dev_node(struct pci_dev *pdev)
if (ret)
goto out_free_node;
+ /*
+ * This of_node will be added to an existing device.
+ * Avoid any device creation and use the existing device
+ */
+ of_node_set_flag(np, OF_POPULATED);
+ np->fwnode.dev = &pdev->dev;
+ fwnode_dev_initialized(&np->fwnode, true);
+
ret = of_changeset_apply(cset);
if (ret)
goto out_free_node;
np->data = cset;
- pdev->dev.of_node = np;
+
+ /* Add the of_node to the existing device */
+ device_add_of_node(&pdev->dev, np);
kfree(name);
return;
--
2.44.0
1 year, 1 month
- 3
- 4
[PATCH] misc/pvpanic-pci: register attributes via pci_driver
by Thomas Weißschuh
In __pci_register_driver(), the pci core overwrites the dev_groups field of
the embedded struct device_driver with the dev_groups from the outer
struct pci_driver unconditionally.
Set dev_groups in the pci_driver to make sure it is used.
This was broken since the introduction of pvpanic-pci.
Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver")
Cc: stable(a)vger.kernel.org
Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net>
---
Greg,
does it make sense to duplicate fields between struct pci_driver and
struct device_driver?
The fields "name", "groups" and "dev_groups" are duplicated.
pci_driver::dev_groups was introduced in
commit ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver")
because "this helps converting PCI drivers sysfs attributes to static"
I don't understand the reasoning. The embedded device_driver shares the
same storage lifetime and the fields have the exact same type.
---
drivers/misc/pvpanic/pvpanic-pci.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c
index 9ad20e82785b..b21598a18f6d 100644
--- a/drivers/misc/pvpanic/pvpanic-pci.c
+++ b/drivers/misc/pvpanic/pvpanic-pci.c
@@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = {
.name = "pvpanic-pci",
.id_table = pvpanic_pci_id_tbl,
.probe = pvpanic_pci_probe,
- .driver = {
- .dev_groups = pvpanic_dev_groups,
- },
+ .dev_groups = pvpanic_dev_groups,
};
module_pci_driver(pvpanic_pci_driver);
---
base-commit: 00dcf5d862e86e57f5ce46344039f11bb1ad61f6
change-id: 20240411-pvpanic-pci-dev-groups-e3beebcbc4e4
Best regards,
--
Thomas Weißschuh <linux(a)weissschuh.net>
1 year, 1 month
- 2
- 2
FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.7-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.7-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y
git checkout FETCH_HEAD
git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033027-expensive-footage-f3ea@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001
From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
Date: Tue, 5 Mar 2024 15:35:06 +0100
Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Object debugging tools were sporadically reporting illegal attempts to
free a still active i915 VMA object when parking a GT believed to be idle.
[161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915]
[161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0
...
[161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1
[161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022
[161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915]
[161.360592] RIP: 0010:debug_print_object+0x80/0xb0
...
[161.361347] debug_object_free+0xeb/0x110
[161.361362] i915_active_fini+0x14/0x130 [i915]
[161.361866] release_references+0xfe/0x1f0 [i915]
[161.362543] i915_vma_parked+0x1db/0x380 [i915]
[161.363129] __gt_park+0x121/0x230 [i915]
[161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915]
That has been tracked down to be happening when another thread is
deactivating the VMA inside __active_retire() helper, after the VMA's
active counter has been already decremented to 0, but before deactivation
of the VMA's object is reported to the object debugging tool.
We could prevent from that race by serializing i915_active_fini() with
__active_retire() via ref->tree_lock, but that wouldn't stop the VMA from
being used, e.g. from __i915_vma_retire() called at the end of
__active_retire(), after that VMA has been already freed by a concurrent
i915_vma_destroy() on return from the i915_active_fini(). Then, we should
rather fix the issue at the VMA level, not in i915_active.
Since __i915_vma_parked() is called from __gt_park() on last put of the
GT's wakeref, the issue could be addressed by holding the GT wakeref long
enough for __active_retire() to complete before that wakeref is released
and the GT parked.
I believe the issue was introduced by commit d93939730347 ("drm/i915:
Remove the vma refcount") which moved a call to i915_active_fini() from
a dropped i915_vma_release(), called on last put of the removed VMA kref,
to i915_vma_parked() processing path called on last put of a GT wakeref.
However, its visibility to the object debugging tool was suppressed by a
bug in i915_active that was fixed two weeks later with commit e92eb246feb9
("drm/i915/active: Fix missing debug object activation").
A VMA associated with a request doesn't acquire a GT wakeref by itself.
Instead, it depends on a wakeref held directly by the request's active
intel_context for a GT associated with its VM, and indirectly on that
intel_context's engine wakeref if the engine belongs to the same GT as the
VMA's VM. Those wakerefs are released asynchronously to VMA deactivation.
Fix the issue by getting a wakeref for the VMA's GT when activating it,
and putting that wakeref only after the VMA is deactivated. However,
exclude global GTT from that processing path, otherwise the GPU never goes
idle. Since __i915_vma_retire() may be called from atomic contexts, use
async variant of wakeref put. Also, to avoid circular locking dependency,
take care of acquiring the wakeref before VM mutex when both are needed.
v7: Add inline comments with justifications for:
- using untracked variants of intel_gt_pm_get/put() (Nirmoy),
- using async variant of _put(),
- not getting the wakeref in case of a global GTT,
- always getting the first wakeref outside vm->mutex.
v6: Since __i915_vma_active/retire() callbacks are not serialized, storing
a wakeref tracking handle inside struct i915_vma is not safe, and
there is no other good place for that. Use untracked variants of
intel_gt_pm_get/put_async().
v5: Replace "tile" with "GT" across commit description (Rodrigo),
- avoid mentioning multi-GT case in commit description (Rodrigo),
- explain why we need to take a temporary wakeref unconditionally inside
i915_vma_pin_ww() (Rodrigo).
v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm
wakerefs") (Andi),
- for more easy backporting, split out removal of former insufficient
workarounds and move them to separate patches (Nirmoy).
- clean up commit message and description a bit.
v3: Identify root cause more precisely, and a commit to blame,
- identify and drop former workarounds,
- update commit message and description.
v2: Get the wakeref before VM mutex to avoid circular locking dependency,
- drop questionable Fixes: tag.
Fixes: d93939730347 ("drm/i915: Remove the vma refcount")
Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875
Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com>
Cc: Nirmoy Das <nirmoy.das(a)intel.com>
Cc: Andi Shyti <andi.shyti(a)linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com>
Cc: stable(a)vger.kernel.org # v5.19+
Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com>
Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus…
(cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com>
diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c
index d09aad34ba37..b70715b1411d 100644
--- a/drivers/gpu/drm/i915/i915_vma.c
+++ b/drivers/gpu/drm/i915/i915_vma.c
@@ -34,6 +34,7 @@
#include "gt/intel_engine.h"
#include "gt/intel_engine_heartbeat.h"
#include "gt/intel_gt.h"
+#include "gt/intel_gt_pm.h"
#include "gt/intel_gt_requests.h"
#include "gt/intel_tlb.h"
@@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref)
static int __i915_vma_active(struct i915_active *ref)
{
- return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT;
+ struct i915_vma *vma = active_to_vma(ref);
+
+ if (!i915_vma_tryget(vma))
+ return -ENOENT;
+
+ /*
+ * Exclude global GTT VMA from holding a GT wakeref
+ * while active, otherwise GPU never goes idle.
+ */
+ if (!i915_vma_is_ggtt(vma)) {
+ /*
+ * Since we and our _retire() counterpart can be
+ * called asynchronously, storing a wakeref tracking
+ * handle inside struct i915_vma is not safe, and
+ * there is no other good place for that. Hence,
+ * use untracked variants of intel_gt_pm_get/put().
+ */
+ intel_gt_pm_get_untracked(vma->vm->gt);
+ }
+
+ return 0;
}
static void __i915_vma_retire(struct i915_active *ref)
{
- i915_vma_put(active_to_vma(ref));
+ struct i915_vma *vma = active_to_vma(ref);
+
+ if (!i915_vma_is_ggtt(vma)) {
+ /*
+ * Since we can be called from atomic contexts,
+ * use an async variant of intel_gt_pm_put().
+ */
+ intel_gt_pm_put_async_untracked(vma->vm->gt);
+ }
+
+ i915_vma_put(vma);
}
static struct i915_vma *
@@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww,
struct i915_vma_work *work = NULL;
struct dma_fence *moving = NULL;
struct i915_vma_resource *vma_res = NULL;
- intel_wakeref_t wakeref = 0;
+ intel_wakeref_t wakeref;
unsigned int bound;
int err;
@@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww,
if (err)
return err;
- if (flags & PIN_GLOBAL)
- wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm);
+ /*
+ * In case of a global GTT, we must hold a runtime-pm wakeref
+ * while global PTEs are updated. In other cases, we hold
+ * the rpm reference while the VMA is active. Since runtime
+ * resume may require allocations, which are forbidden inside
+ * vm->mutex, get the first rpm wakeref outside of the mutex.
+ */
+ wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm);
if (flags & vma->vm->bind_async_flags) {
/* lock VM */
@@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww,
if (work)
dma_fence_work_commit_imm(&work->base);
err_rpm:
- if (wakeref)
- intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref);
+ intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref);
if (moving)
dma_fence_put(moving);
1 year, 1 month
- 3
- 2
[PATCH v4] mtd: limit OTP NVMEM Cell parse to non Nand devices
by Christian Marangi
MTD OTP logic is very fragile on parsing NVMEM Cell and can be
problematic with some specific kind of devices.
The problem was discovered by e87161321a40 ("mtd: rawnand: macronix:
OTP access for MX30LFxG18AC") where OTP support was added to a NAND
device. With the case of NAND devices, it does require a node where ECC
info are declared and all the fixed partitions, and this cause the OTP
codepath to parse this node as OTP NVMEM Cells, making probe fail and
the NAND device registration fail.
MTD OTP parsing should have been limited to always using compatible to
prevent this error by using node with compatible "otp-user" or
"otp-factory".
NVMEM across the years had various iteration on how Cells could be
declared in DT, in some old implementation, no_of_node should have been
enabled but now add_legacy_fixed_of_cells should be used to disable
NVMEM to parse child node as NVMEM Cell.
To fix this and limit any regression with other MTD that makes use of
declaring OTP as direct child of the dev node, disable
add_legacy_fixed_of_cells if we detect the MTD type is Nand.
With the following logic, the OTP NVMEM entry is correctly created with
no Cells and the MTD Nand is correctly probed and partitions are
correctly exposed.
Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support")
Cc: <stable(a)vger.kernel.org> # v6.7+
Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com>
---
To backport this to v6.6 and previous,
config.no_of_node = mtd_type_is_nand(mtd);
should be used as it does pose the same usage of
add_legacy_fixed_of_cells.
Changes v4:
- Add info on how to backport this to previous kernel
- Fix Fixes tag
- Reformat commit description as it was unprecise and
had false statement
Changes v3:
- Fix commit description
Changes v2:
- Use mtd_type_is_nand instead of node name check
drivers/mtd/mtdcore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c
index 5887feb347a4..0de87bc63840 100644
--- a/drivers/mtd/mtdcore.c
+++ b/drivers/mtd/mtdcore.c
@@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd,
config.name = compatible;
config.id = NVMEM_DEVID_AUTO;
config.owner = THIS_MODULE;
- config.add_legacy_fixed_of_cells = true;
+ config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd);
config.type = NVMEM_TYPE_OTP;
config.root_only = true;
config.ignore_wp = true;
--
2.43.0
1 year, 1 month
- 3
- 3
[PATCH v2 5.10.y 1/1] mailbox: imx: fix suspend failure
by Daisuke Mizobuchi
imx_mu_isr() always calls pm_system_wakeup() even when it should not,
making the system unable to enter sleep.
Suspend fails as follows:
armadillo:~# echo mem > /sys/power/state
[ 2614.602432] PM: suspend entry (deep)
[ 2614.610640] Filesystems sync: 0.004 seconds
[ 2614.618016] Freezing user space processes ... (elapsed 0.001 seconds) done.
[ 2614.626555] OOM killer disabled.
[ 2614.629792] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done.
[ 2614.638456] printk: Suspending console(s) (use no_console_suspend to debug)
[ 2614.649504] PM: Some devices failed to suspend, or early wake event detected
[ 2614.730103] PM: resume devices took 0.080 seconds
[ 2614.741924] OOM killer enabled.
[ 2614.745073] Restarting tasks ... done.
[ 2614.754532] PM: suspend exit
ash: write error: Resource busy
armadillo:~#
Upstream commit 892cb524ae8a is correct, so this seems to be a
mistake during cherry-pick.
Cc: <stable(a)vger.kernel.org>
Fixes: a16f5ae8ade1 ("mailbox: imx: fix wakeup failure from freeze mode")
Signed-off-by: Daisuke Mizobuchi <mizo(a)atmark-techno.com>
Reviewed-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com>
---
drivers/mailbox/imx-mailbox.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c
index c5663398c6b7..28f5450e4130 100644
--- a/drivers/mailbox/imx-mailbox.c
+++ b/drivers/mailbox/imx-mailbox.c
@@ -331,8 +331,6 @@ static int imx_mu_startup(struct mbox_chan *chan)
break;
}
- priv->suspend = true;
-
return 0;
}
@@ -550,8 +548,6 @@ static int imx_mu_probe(struct platform_device *pdev)
clk_disable_unprepare(priv->clk);
- priv->suspend = false;
-
return 0;
disable_runtime_pm:
@@ -614,6 +610,8 @@ static int __maybe_unused imx_mu_suspend_noirq(struct device *dev)
if (!priv->clk)
priv->xcr = imx_mu_read(priv, priv->dcfg->xCR);
+ priv->suspend = true;
+
return 0;
}
@@ -632,6 +630,8 @@ static int __maybe_unused imx_mu_resume_noirq(struct device *dev)
if (!imx_mu_read(priv, priv->dcfg->xCR) && !priv->clk)
imx_mu_write(priv, priv->xcr, priv->dcfg->xCR);
+ priv->suspend = false;
+
return 0;
}
--
2.30.2
1 year, 1 month
- 3
- 2
[PATCH v2 5/5] drm/vmwgfx: Sort primary plane formats by order of preference
by Zack Rusin
The table of primary plane formats wasn't sorted at all, leading to
applications picking our least desirable formats by defaults.
Sort the primary plane formats according to our order of preference.
Nice side-effect of this change is that it makes IGT's kms_atomic
plane-invalid-params pass because the test picks the first format
which for vmwgfx was DRM_FORMAT_XRGB1555 and uses fb's with odd sizes
which make Pixman, which IGT depends on assert due to the fact that our
16bpp formats aren't 32 bit aligned like Pixman requires all formats
to be.
Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com>
Fixes: 36cc79bc9077 ("drm/vmwgfx: Add universal plane support")
Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com>
Cc: dri-devel(a)lists.freedesktop.org
Cc: <stable(a)vger.kernel.org> # v4.12+
Acked-by: Pekka Paalanen <pekka.paalanen(a)collabora.com>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h
index bf9931e3a728..bf24f2f0dcfc 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h
@@ -233,10 +233,10 @@ struct vmw_framebuffer_bo {
static const uint32_t __maybe_unused vmw_primary_plane_formats[] = {
- DRM_FORMAT_XRGB1555,
- DRM_FORMAT_RGB565,
DRM_FORMAT_XRGB8888,
DRM_FORMAT_ARGB8888,
+ DRM_FORMAT_RGB565,
+ DRM_FORMAT_XRGB1555,
};
static const uint32_t __maybe_unused vmw_cursor_plane_formats[] = {
--
2.40.1
1 year, 1 month
- 1
- 0
[PATCH v2 4/5] drm/vmwgfx: Fix crtc's atomic check conditional
by Zack Rusin
The conditional was supposed to prevent enabling of a crtc state
without a set primary plane. Accidently it also prevented disabling
crtc state with a set primary plane. Neither is correct.
Fix the conditional and just driver-warn when a crtc state has been
enabled without a primary plane which will help debug broken userspace.
Fixes IGT's kms_atomic_interruptible and kms_atomic_transition tests.
Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com>
Fixes: 06ec41909e31 ("drm/vmwgfx: Add and connect CRTC helper functions")
Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com>
Cc: dri-devel(a)lists.freedesktop.org
Cc: <stable(a)vger.kernel.org> # v4.12+
Reviewed-by: Ian Forbes <ian.forbes(a)broadcom.com>
Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index e33e5993d8fc..13b2820cae51 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -931,6 +931,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane,
int vmw_du_crtc_atomic_check(struct drm_crtc *crtc,
struct drm_atomic_state *state)
{
+ struct vmw_private *vmw = vmw_priv(crtc->dev);
struct drm_crtc_state *new_state = drm_atomic_get_new_crtc_state(state,
crtc);
struct vmw_display_unit *du = vmw_crtc_to_du(new_state->crtc);
@@ -938,9 +939,13 @@ int vmw_du_crtc_atomic_check(struct drm_crtc *crtc,
bool has_primary = new_state->plane_mask &
drm_plane_mask(crtc->primary);
- /* We always want to have an active plane with an active CRTC */
- if (has_primary != new_state->enable)
- return -EINVAL;
+ /*
+ * This is fine in general, but broken userspace might expect
+ * some actual rendering so give a clue as why it's blank.
+ */
+ if (new_state->enable && !has_primary)
+ drm_dbg_driver(&vmw->drm,
+ "CRTC without a primary plane will be blank.\n");
if (new_state->connector_mask != connector_mask &&
--
2.40.1
1 year, 1 month
- 1
- 0
[PATCH v2 3/5] drm/vmwgfx: Fix prime import/export
by Zack Rusin
vmwgfx never supported prime import of external buffers. Furthermore the
driver exposes two different objects to userspace: vmw_surface's and
gem buffers but prime import/export only worked with vmw_surfaces.
Because gem buffers are used through the dumb_buffer interface this meant
that the driver created buffers couldn't have been prime exported or
imported.
Fix prime import/export. Makes IGT's kms_prime pass.
Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com>
Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM")
Cc: <stable(a)vger.kernel.org> # v6.6+
Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com>
---
drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++++++++++++++--
drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 ++--
drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 +
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 +
drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 ++
drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++++++++++++++
drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +++++++-
drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++++++++++++++-------
8 files changed, 117 insertions(+), 22 deletions(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c
index c52c7bf1485b..717d624e9a05 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c
@@ -456,8 +456,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst,
.no_wait_gpu = false
};
u32 j, initial_line = dst_offset / dst_stride;
- struct vmw_bo_blit_line_data d;
+ struct vmw_bo_blit_line_data d = {0};
int ret = 0;
+ struct page **dst_pages = NULL;
+ struct page **src_pages = NULL;
/* Buffer objects need to be either pinned or reserved: */
if (!(dst->pin_count))
@@ -477,12 +479,35 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst,
return ret;
}
+ if (!src->ttm->pages && src->ttm->sg) {
+ src_pages = kvmalloc_array(src->ttm->num_pages,
+ sizeof(struct page *), GFP_KERNEL);
+ if (!src_pages)
+ return -ENOMEM;
+ ret = drm_prime_sg_to_page_array(src->ttm->sg, src_pages,
+ src->ttm->num_pages);
+ if (ret)
+ goto out;
+ }
+ if (!dst->ttm->pages && dst->ttm->sg) {
+ dst_pages = kvmalloc_array(dst->ttm->num_pages,
+ sizeof(struct page *), GFP_KERNEL);
+ if (!dst_pages) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ ret = drm_prime_sg_to_page_array(dst->ttm->sg, dst_pages,
+ dst->ttm->num_pages);
+ if (ret)
+ goto out;
+ }
+
d.mapped_dst = 0;
d.mapped_src = 0;
d.dst_addr = NULL;
d.src_addr = NULL;
- d.dst_pages = dst->ttm->pages;
- d.src_pages = src->ttm->pages;
+ d.dst_pages = dst->ttm->pages ? dst->ttm->pages : dst_pages;
+ d.src_pages = src->ttm->pages ? src->ttm->pages : src_pages;
d.dst_num_pages = PFN_UP(dst->resource->size);
d.src_num_pages = PFN_UP(src->resource->size);
d.dst_prot = ttm_io_prot(dst, dst->resource, PAGE_KERNEL);
@@ -504,6 +529,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst,
kunmap_atomic(d.src_addr);
if (d.dst_addr)
kunmap_atomic(d.dst_addr);
+ if (src_pages)
+ kvfree(src_pages);
+ if (dst_pages)
+ kvfree(dst_pages);
return ret;
}
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
index bfd41ce3c8f4..e5eb21a471a6 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
@@ -377,7 +377,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv,
{
struct ttm_operation_ctx ctx = {
.interruptible = params->bo_type != ttm_bo_type_kernel,
- .no_wait_gpu = false
+ .no_wait_gpu = false,
+ .resv = params->resv,
};
struct ttm_device *bdev = &dev_priv->bdev;
struct drm_device *vdev = &dev_priv->drm;
@@ -394,8 +395,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv,
vmw_bo_placement_set(vmw_bo, params->domain, params->busy_domain);
ret = ttm_bo_init_reserved(bdev, &vmw_bo->tbo, params->bo_type,
- &vmw_bo->placement, 0, &ctx, NULL,
- NULL, destroy);
+ &vmw_bo->placement, 0, &ctx,
+ params->sg, params->resv, destroy);
if (unlikely(ret))
return ret;
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h
index 0d496dc9c6af..f349642e6190 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h
@@ -55,6 +55,8 @@ struct vmw_bo_params {
enum ttm_bo_type bo_type;
size_t size;
bool pin;
+ struct dma_resv *resv;
+ struct sg_table *sg;
};
/**
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
index 89d3679d2608..41ad13e45554 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
@@ -1631,6 +1631,7 @@ static const struct drm_driver driver = {
.prime_fd_to_handle = vmw_prime_fd_to_handle,
.prime_handle_to_fd = vmw_prime_handle_to_fd,
+ .gem_prime_import_sg_table = vmw_prime_import_sg_table,
.fops = &vmwgfx_driver_fops,
.name = VMWGFX_DRIVER_NAME,
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
index ddbceaa31b59..4ecaea0026fc 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
@@ -1107,6 +1107,9 @@ extern int vmw_prime_handle_to_fd(struct drm_device *dev,
struct drm_file *file_priv,
uint32_t handle, uint32_t flags,
int *prime_fd);
+struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev,
+ struct dma_buf_attachment *attach,
+ struct sg_table *table);
/*
* MemoryOBject management - vmwgfx_mob.c
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c
index 186150f41fbc..2132a8ad8c0c 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c
@@ -136,6 +136,38 @@ int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv,
return ret;
}
+struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev,
+ struct dma_buf_attachment *attach,
+ struct sg_table *table)
+{
+ int ret;
+ struct vmw_private *dev_priv = vmw_priv(dev);
+ struct drm_gem_object *gem = NULL;
+ struct vmw_bo *vbo;
+ struct vmw_bo_params params = {
+ .domain = (dev_priv->has_mob) ? VMW_BO_DOMAIN_SYS : VMW_BO_DOMAIN_VRAM,
+ .busy_domain = VMW_BO_DOMAIN_SYS,
+ .bo_type = ttm_bo_type_sg,
+ .size = attach->dmabuf->size,
+ .pin = false,
+ .resv = attach->dmabuf->resv,
+ .sg = table,
+
+ };
+
+ dma_resv_lock(params.resv, NULL);
+
+ ret = vmw_bo_create(dev_priv, ¶ms, &vbo);
+ if (ret != 0)
+ goto out_no_bo;
+
+ vbo->tbo.base.funcs = &vmw_gem_object_funcs;
+
+ gem = &vbo->tbo.base;
+out_no_bo:
+ dma_resv_unlock(params.resv);
+ return gem;
+}
int vmw_gem_object_create_ioctl(struct drm_device *dev, void *data,
struct drm_file *filp)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c
index 2d72a5ee7c0c..c99cad444991 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c
@@ -75,8 +75,12 @@ int vmw_prime_fd_to_handle(struct drm_device *dev,
int fd, u32 *handle)
{
struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile;
+ int ret = ttm_prime_fd_to_handle(tfile, fd, handle);
- return ttm_prime_fd_to_handle(tfile, fd, handle);
+ if (ret)
+ ret = drm_gem_prime_fd_to_handle(dev, file_priv, fd, handle);
+
+ return ret;
}
int vmw_prime_handle_to_fd(struct drm_device *dev,
@@ -85,5 +89,12 @@ int vmw_prime_handle_to_fd(struct drm_device *dev,
int *prime_fd)
{
struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile;
- return ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd);
+ int ret;
+
+ if (handle > VMWGFX_NUM_MOB)
+ ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd);
+ else
+ ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd);
+
+ return ret;
}
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c
index 4d23d0a70bcb..621d98b376bb 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c
@@ -188,13 +188,18 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt)
switch (dev_priv->map_mode) {
case vmw_dma_map_bind:
case vmw_dma_map_populate:
- vsgt->sgt = &vmw_tt->sgt;
- ret = sg_alloc_table_from_pages_segment(
- &vmw_tt->sgt, vsgt->pages, vsgt->num_pages, 0,
- (unsigned long)vsgt->num_pages << PAGE_SHIFT,
- dma_get_max_seg_size(dev_priv->drm.dev), GFP_KERNEL);
- if (ret)
- goto out_sg_alloc_fail;
+ if (vmw_tt->dma_ttm.page_flags & TTM_TT_FLAG_EXTERNAL) {
+ vsgt->sgt = vmw_tt->dma_ttm.sg;
+ } else {
+ vsgt->sgt = &vmw_tt->sgt;
+ ret = sg_alloc_table_from_pages_segment(&vmw_tt->sgt,
+ vsgt->pages, vsgt->num_pages, 0,
+ (unsigned long)vsgt->num_pages << PAGE_SHIFT,
+ dma_get_max_seg_size(dev_priv->drm.dev),
+ GFP_KERNEL);
+ if (ret)
+ goto out_sg_alloc_fail;
+ }
ret = vmw_ttm_map_for_dma(vmw_tt);
if (unlikely(ret != 0))
@@ -209,8 +214,9 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt)
return 0;
out_map_fail:
- sg_free_table(vmw_tt->vsgt.sgt);
- vmw_tt->vsgt.sgt = NULL;
+ drm_warn(&dev_priv->drm, "VSG table map failed!");
+ sg_free_table(vsgt->sgt);
+ vsgt->sgt = NULL;
out_sg_alloc_fail:
return ret;
}
@@ -356,15 +362,17 @@ static void vmw_ttm_destroy(struct ttm_device *bdev, struct ttm_tt *ttm)
static int vmw_ttm_populate(struct ttm_device *bdev,
struct ttm_tt *ttm, struct ttm_operation_ctx *ctx)
{
- int ret;
+ bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0;
- /* TODO: maybe completely drop this ? */
if (ttm_tt_is_populated(ttm))
return 0;
- ret = ttm_pool_alloc(&bdev->pool, ttm, ctx);
+ if (external && ttm->sg)
+ return drm_prime_sg_to_dma_addr_array(ttm->sg,
+ ttm->dma_address,
+ ttm->num_pages);
- return ret;
+ return ttm_pool_alloc(&bdev->pool, ttm, ctx);
}
static void vmw_ttm_unpopulate(struct ttm_device *bdev,
@@ -372,6 +380,10 @@ static void vmw_ttm_unpopulate(struct ttm_device *bdev,
{
struct vmw_ttm_tt *vmw_tt = container_of(ttm, struct vmw_ttm_tt,
dma_ttm);
+ bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0;
+
+ if (external)
+ return;
vmw_ttm_unbind(bdev, ttm);
@@ -390,6 +402,7 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo,
{
struct vmw_ttm_tt *vmw_be;
int ret;
+ bool external = bo->type == ttm_bo_type_sg;
vmw_be = kzalloc(sizeof(*vmw_be), GFP_KERNEL);
if (!vmw_be)
@@ -398,7 +411,10 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo,
vmw_be->dev_priv = vmw_priv_from_ttm(bo->bdev);
vmw_be->mob = NULL;
- if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent)
+ if (external)
+ page_flags |= TTM_TT_FLAG_EXTERNAL | TTM_TT_FLAG_EXTERNAL_MAPPABLE;
+
+ if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent || external)
ret = ttm_sg_tt_init(&vmw_be->dma_ttm, bo, page_flags,
ttm_cached);
else
--
2.40.1
1 year, 1 month
- 1
- 0
[PATCH v2] firmware: qcom: uefisecapp: Fix memory related IO errors and crashes
by Maximilian Luz
It turns out that while the QSEECOM APP_SEND command has specific fields
for request and response buffers, uefisecapp expects them both to be in
a single memory region. Failure to adhere to this has (so far) resulted
in either no response being written to the response buffer (causing an
EIO to be emitted down the line), the SCM call to fail with EINVAL
(i.e., directly from TZ/firmware), or the device to be hard-reset.
While this issue can be triggered deterministically, in the current form
it seems to happen rather sporadically (which is why it has gone
unnoticed during earlier testing). This is likely due to the two
kzalloc() calls (for request and response) being directly after each
other. Which means that those likely return consecutive regions most of
the time, especially when not much else is going on in the system.
Fix this by allocating a single memory region for both request and
response buffers, properly aligning both structs inside it. This
unfortunately also means that the qcom_scm_qseecom_app_send() interface
needs to be restructured, as it should no longer map the DMA regions
separately. Therefore, move the responsibility of DMA allocation (or
mapping) to the caller.
Fixes: 759e7a2b62eb ("firmware: Add support for Qualcomm UEFI Secure Application")
Cc: stable(a)vger.kernel.org # 6.7
Tested-by: Johan Hovold <johan+linaro(a)kernel.org>
Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org>
Signed-off-by: Maximilian Luz <luzmaximilian(a)gmail.com>
---
Changes in v2:
- rename DMA related variables
- replace _phys suffix with _dma
- drop _virt suffix
- use DMA-based naming in comments instead of referring to physical
addresses/memory
---
.../firmware/qcom/qcom_qseecom_uefisecapp.c | 137 ++++++++++++------
drivers/firmware/qcom/qcom_scm.c | 37 +----
include/linux/firmware/qcom/qcom_qseecom.h | 55 ++++++-
include/linux/firmware/qcom/qcom_scm.h | 10 +-
4 files changed, 153 insertions(+), 86 deletions(-)
diff --git a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c
index 32188f098ef34..bc550ad0dbe0c 100644
--- a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c
+++ b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c
@@ -221,6 +221,19 @@ struct qsee_rsp_uefi_query_variable_info {
* alignment of 8 bytes (64 bits) for GUIDs. Our definition of efi_guid_t,
* however, has an alignment of 4 byte (32 bits). So far, this seems to work
* fine here. See also the comment on the typedef of efi_guid_t.
+ *
+ * Note: It looks like uefisecapp is quite picky about how the memory passed to
+ * it is structured and aligned. In particular the request/response setup used
+ * for QSEE_CMD_UEFI_GET_VARIABLE. While qcom_qseecom_app_send(), in theory,
+ * accepts separate buffers/addresses for the request and response parts, in
+ * practice, however, it seems to expect them to be both part of a larger
+ * contiguous block. We initially allocated separate buffers for the request
+ * and response but this caused the QSEE_CMD_UEFI_GET_VARIABLE command to
+ * either not write any response to the response buffer or outright crash the
+ * device. Therefore, we now allocate a single contiguous block of DMA memory
+ * for both and properly align the data using the macros below. In particular,
+ * request and response structs are aligned at 8 byte (via __reqdata_offs()),
+ * following the driver that this has been reverse-engineered from.
*/
#define qcuefi_buf_align_fields(fields...) \
({ \
@@ -244,6 +257,12 @@ struct qsee_rsp_uefi_query_variable_info {
#define __array_offs(type, count, offset) \
__field_impl(sizeof(type) * (count), __alignof__(type), offset)
+#define __array_offs_aligned(type, count, align, offset) \
+ __field_impl(sizeof(type) * (count), align, offset)
+
+#define __reqdata_offs(size, offset) \
+ __array_offs_aligned(u8, size, 8, offset)
+
#define __array(type, count) __array_offs(type, count, NULL)
#define __field_offs(type, offset) __array_offs(type, 1, offset)
#define __field(type) __array_offs(type, 1, NULL)
@@ -277,10 +296,15 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e
unsigned long buffer_size = *data_size;
efi_status_t efi_status = EFI_SUCCESS;
unsigned long name_length;
+ dma_addr_t cmd_buf_dma;
+ size_t cmd_buf_size;
+ void *cmd_buf;
size_t guid_offs;
size_t name_offs;
size_t req_size;
size_t rsp_size;
+ size_t req_offs;
+ size_t rsp_offs;
ssize_t status;
if (!name || !guid)
@@ -304,17 +328,19 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e
__array(u8, buffer_size)
);
- req_data = kzalloc(req_size, GFP_KERNEL);
- if (!req_data) {
+ cmd_buf_size = qcuefi_buf_align_fields(
+ __reqdata_offs(req_size, &req_offs)
+ __reqdata_offs(rsp_size, &rsp_offs)
+ );
+
+ cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL);
+ if (!cmd_buf) {
efi_status = EFI_OUT_OF_RESOURCES;
goto out;
}
- rsp_data = kzalloc(rsp_size, GFP_KERNEL);
- if (!rsp_data) {
- efi_status = EFI_OUT_OF_RESOURCES;
- goto out_free_req;
- }
+ req_data = cmd_buf + req_offs;
+ rsp_data = cmd_buf + rsp_offs;
req_data->command_id = QSEE_CMD_UEFI_GET_VARIABLE;
req_data->data_size = buffer_size;
@@ -332,7 +358,9 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e
memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size);
- status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size);
+ status = qcom_qseecom_app_send(qcuefi->client,
+ cmd_buf_dma + req_offs, req_size,
+ cmd_buf_dma + rsp_offs, rsp_size);
if (status) {
efi_status = EFI_DEVICE_ERROR;
goto out_free;
@@ -407,9 +435,7 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e
memcpy(data, ((void *)rsp_data) + rsp_data->data_offset, rsp_data->data_size);
out_free:
- kfree(rsp_data);
-out_free_req:
- kfree(req_data);
+ qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma);
out:
return efi_status;
}
@@ -422,10 +448,15 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e
struct qsee_rsp_uefi_set_variable *rsp_data;
efi_status_t efi_status = EFI_SUCCESS;
unsigned long name_length;
+ dma_addr_t cmd_buf_dma;
+ size_t cmd_buf_size;
+ void *cmd_buf;
size_t name_offs;
size_t guid_offs;
size_t data_offs;
size_t req_size;
+ size_t req_offs;
+ size_t rsp_offs;
ssize_t status;
if (!name || !guid)
@@ -450,17 +481,19 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e
__array_offs(u8, data_size, &data_offs)
);
- req_data = kzalloc(req_size, GFP_KERNEL);
- if (!req_data) {
+ cmd_buf_size = qcuefi_buf_align_fields(
+ __reqdata_offs(req_size, &req_offs)
+ __reqdata_offs(sizeof(*rsp_data), &rsp_offs)
+ );
+
+ cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL);
+ if (!cmd_buf) {
efi_status = EFI_OUT_OF_RESOURCES;
goto out;
}
- rsp_data = kzalloc(sizeof(*rsp_data), GFP_KERNEL);
- if (!rsp_data) {
- efi_status = EFI_OUT_OF_RESOURCES;
- goto out_free_req;
- }
+ req_data = cmd_buf + req_offs;
+ rsp_data = cmd_buf + rsp_offs;
req_data->command_id = QSEE_CMD_UEFI_SET_VARIABLE;
req_data->attributes = attributes;
@@ -483,8 +516,9 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e
if (data_size)
memcpy(((void *)req_data) + req_data->data_offset, data, req_data->data_size);
- status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data,
- sizeof(*rsp_data));
+ status = qcom_qseecom_app_send(qcuefi->client,
+ cmd_buf_dma + req_offs, req_size,
+ cmd_buf_dma + rsp_offs, sizeof(*rsp_data));
if (status) {
efi_status = EFI_DEVICE_ERROR;
goto out_free;
@@ -507,9 +541,7 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e
}
out_free:
- kfree(rsp_data);
-out_free_req:
- kfree(req_data);
+ qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma);
out:
return efi_status;
}
@@ -521,10 +553,15 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi,
struct qsee_req_uefi_get_next_variable *req_data;
struct qsee_rsp_uefi_get_next_variable *rsp_data;
efi_status_t efi_status = EFI_SUCCESS;
+ dma_addr_t cmd_buf_dma;
+ size_t cmd_buf_size;
+ void *cmd_buf;
size_t guid_offs;
size_t name_offs;
size_t req_size;
size_t rsp_size;
+ size_t req_offs;
+ size_t rsp_offs;
ssize_t status;
if (!name_size || !name || !guid)
@@ -545,17 +582,19 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi,
__array(*name, *name_size / sizeof(*name))
);
- req_data = kzalloc(req_size, GFP_KERNEL);
- if (!req_data) {
+ cmd_buf_size = qcuefi_buf_align_fields(
+ __reqdata_offs(req_size, &req_offs)
+ __reqdata_offs(rsp_size, &rsp_offs)
+ );
+
+ cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL);
+ if (!cmd_buf) {
efi_status = EFI_OUT_OF_RESOURCES;
goto out;
}
- rsp_data = kzalloc(rsp_size, GFP_KERNEL);
- if (!rsp_data) {
- efi_status = EFI_OUT_OF_RESOURCES;
- goto out_free_req;
- }
+ req_data = cmd_buf + req_offs;
+ rsp_data = cmd_buf + rsp_offs;
req_data->command_id = QSEE_CMD_UEFI_GET_NEXT_VARIABLE;
req_data->guid_offset = guid_offs;
@@ -572,7 +611,9 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi,
goto out_free;
}
- status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size);
+ status = qcom_qseecom_app_send(qcuefi->client,
+ cmd_buf_dma + req_offs, req_size,
+ cmd_buf_dma + rsp_offs, rsp_size);
if (status) {
efi_status = EFI_DEVICE_ERROR;
goto out_free;
@@ -645,9 +686,7 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi,
}
out_free:
- kfree(rsp_data);
-out_free_req:
- kfree(req_data);
+ qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma);
out:
return efi_status;
}
@@ -659,26 +698,34 @@ static efi_status_t qsee_uefi_query_variable_info(struct qcuefi_client *qcuefi,
struct qsee_req_uefi_query_variable_info *req_data;
struct qsee_rsp_uefi_query_variable_info *rsp_data;
efi_status_t efi_status = EFI_SUCCESS;
+ dma_addr_t cmd_buf_dma;
+ size_t cmd_buf_size;
+ void *cmd_buf;
+ size_t req_offs;
+ size_t rsp_offs;
int status;
- req_data = kzalloc(sizeof(*req_data), GFP_KERNEL);
- if (!req_data) {
+ cmd_buf_size = qcuefi_buf_align_fields(
+ __reqdata_offs(sizeof(*req_data), &req_offs)
+ __reqdata_offs(sizeof(*rsp_data), &rsp_offs)
+ );
+
+ cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL);
+ if (!cmd_buf) {
efi_status = EFI_OUT_OF_RESOURCES;
goto out;
}
- rsp_data = kzalloc(sizeof(*rsp_data), GFP_KERNEL);
- if (!rsp_data) {
- efi_status = EFI_OUT_OF_RESOURCES;
- goto out_free_req;
- }
+ req_data = cmd_buf + req_offs;
+ rsp_data = cmd_buf + rsp_offs;
req_data->command_id = QSEE_CMD_UEFI_QUERY_VARIABLE_INFO;
req_data->attributes = attr;
req_data->length = sizeof(*req_data);
- status = qcom_qseecom_app_send(qcuefi->client, req_data, sizeof(*req_data), rsp_data,
- sizeof(*rsp_data));
+ status = qcom_qseecom_app_send(qcuefi->client,
+ cmd_buf_dma + req_offs, sizeof(*req_data),
+ cmd_buf_dma + rsp_offs, sizeof(*rsp_data));
if (status) {
efi_status = EFI_DEVICE_ERROR;
goto out_free;
@@ -711,9 +758,7 @@ static efi_status_t qsee_uefi_query_variable_info(struct qcuefi_client *qcuefi,
*max_variable_size = rsp_data->max_variable_size;
out_free:
- kfree(rsp_data);
-out_free_req:
- kfree(req_data);
+ qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma);
out:
return efi_status;
}
diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c
index 81c15aeff934a..f9c9fcfeaadaf 100644
--- a/drivers/firmware/qcom/qcom_scm.c
+++ b/drivers/firmware/qcom/qcom_scm.c
@@ -1579,9 +1579,9 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_get_id);
/**
* qcom_scm_qseecom_app_send() - Send to and receive data from a given QSEE app.
* @app_id: The ID of the target app.
- * @req: Request buffer sent to the app (must be DMA-mappable).
+ * @req: DMA address of the request buffer sent to the app.
* @req_size: Size of the request buffer.
- * @rsp: Response buffer, written to by the app (must be DMA-mappable).
+ * @rsp: DMA address of the response buffer, written to by the app.
* @rsp_size: Size of the response buffer.
*
* Sends a request to the QSEE app associated with the given ID and read back
@@ -1592,33 +1592,13 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_get_id);
*
* Return: Zero on success, nonzero on failure.
*/
-int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp,
- size_t rsp_size)
+int qcom_scm_qseecom_app_send(u32 app_id, dma_addr_t req, size_t req_size,
+ dma_addr_t rsp, size_t rsp_size)
{
struct qcom_scm_qseecom_resp res = {};
struct qcom_scm_desc desc = {};
- dma_addr_t req_phys;
- dma_addr_t rsp_phys;
int status;
- /* Map request buffer */
- req_phys = dma_map_single(__scm->dev, req, req_size, DMA_TO_DEVICE);
- status = dma_mapping_error(__scm->dev, req_phys);
- if (status) {
- dev_err(__scm->dev, "qseecom: failed to map request buffer\n");
- return status;
- }
-
- /* Map response buffer */
- rsp_phys = dma_map_single(__scm->dev, rsp, rsp_size, DMA_FROM_DEVICE);
- status = dma_mapping_error(__scm->dev, rsp_phys);
- if (status) {
- dma_unmap_single(__scm->dev, req_phys, req_size, DMA_TO_DEVICE);
- dev_err(__scm->dev, "qseecom: failed to map response buffer\n");
- return status;
- }
-
- /* Set up SCM call data */
desc.owner = QSEECOM_TZ_OWNER_TZ_APPS;
desc.svc = QSEECOM_TZ_SVC_APP_ID_PLACEHOLDER;
desc.cmd = QSEECOM_TZ_CMD_APP_SEND;
@@ -1626,18 +1606,13 @@ int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp,
QCOM_SCM_RW, QCOM_SCM_VAL,
QCOM_SCM_RW, QCOM_SCM_VAL);
desc.args[0] = app_id;
- desc.args[1] = req_phys;
+ desc.args[1] = req;
desc.args[2] = req_size;
- desc.args[3] = rsp_phys;
+ desc.args[3] = rsp;
desc.args[4] = rsp_size;
- /* Perform call */
status = qcom_scm_qseecom_call(&desc, &res);
- /* Unmap buffers */
- dma_unmap_single(__scm->dev, rsp_phys, rsp_size, DMA_FROM_DEVICE);
- dma_unmap_single(__scm->dev, req_phys, req_size, DMA_TO_DEVICE);
-
if (status)
return status;
diff --git a/include/linux/firmware/qcom/qcom_qseecom.h b/include/linux/firmware/qcom/qcom_qseecom.h
index 5c28298a98bec..366243ee96096 100644
--- a/include/linux/firmware/qcom/qcom_qseecom.h
+++ b/include/linux/firmware/qcom/qcom_qseecom.h
@@ -10,6 +10,7 @@
#define __QCOM_QSEECOM_H
#include <linux/auxiliary_bus.h>
+#include <linux/dma-mapping.h>
#include <linux/types.h>
#include <linux/firmware/qcom/qcom_scm.h>
@@ -24,12 +25,57 @@ struct qseecom_client {
u32 app_id;
};
+/**
+ * qseecom_scm_dev() - Get the SCM device associated with the QSEECOM client.
+ * @client: The QSEECOM client device.
+ *
+ * Returns the SCM device under which the provided QSEECOM client device
+ * operates. This function is intended to be used for DMA allocations.
+ */
+static inline struct device *qseecom_scm_dev(struct qseecom_client *client)
+{
+ return client->aux_dev.dev.parent->parent;
+}
+
+/**
+ * qseecom_dma_alloc() - Allocate DMA memory for a QSEECOM client.
+ * @client: The QSEECOM client to allocate the memory for.
+ * @size: The number of bytes to allocate.
+ * @dma_handle: Pointer to where the DMA address should be stored.
+ * @gfp: Allocation flags.
+ *
+ * Wrapper function for dma_alloc_coherent(), allocating DMA memory usable for
+ * TZ/QSEECOM communication. Refer to dma_alloc_coherent() for details.
+ */
+static inline void *qseecom_dma_alloc(struct qseecom_client *client, size_t size,
+ dma_addr_t *dma_handle, gfp_t gfp)
+{
+ return dma_alloc_coherent(qseecom_scm_dev(client), size, dma_handle, gfp);
+}
+
+/**
+ * dma_free_coherent() - Free QSEECOM DMA memory.
+ * @client: The QSEECOM client for which the memory has been allocated.
+ * @size: The number of bytes allocated.
+ * @cpu_addr: Virtual memory address to free.
+ * @dma_handle: DMA memory address to free.
+ *
+ * Wrapper function for dma_free_coherent(), freeing memory previously
+ * allocated with qseecom_dma_alloc(). Refer to dma_free_coherent() for
+ * details.
+ */
+static inline void qseecom_dma_free(struct qseecom_client *client, size_t size,
+ void *cpu_addr, dma_addr_t dma_handle)
+{
+ return dma_free_coherent(qseecom_scm_dev(client), size, cpu_addr, dma_handle);
+}
+
/**
* qcom_qseecom_app_send() - Send to and receive data from a given QSEE app.
* @client: The QSEECOM client associated with the target app.
- * @req: Request buffer sent to the app (must be DMA-mappable).
+ * @req: DMA address of the request buffer sent to the app.
* @req_size: Size of the request buffer.
- * @rsp: Response buffer, written to by the app (must be DMA-mappable).
+ * @rsp: DMA address of the response buffer, written to by the app.
* @rsp_size: Size of the response buffer.
*
* Sends a request to the QSEE app associated with the given client and read
@@ -43,8 +89,9 @@ struct qseecom_client {
*
* Return: Zero on success, nonzero on failure.
*/
-static inline int qcom_qseecom_app_send(struct qseecom_client *client, void *req, size_t req_size,
- void *rsp, size_t rsp_size)
+static inline int qcom_qseecom_app_send(struct qseecom_client *client,
+ dma_addr_t req, size_t req_size,
+ dma_addr_t rsp, size_t rsp_size)
{
return qcom_scm_qseecom_app_send(client->app_id, req, req_size, rsp, rsp_size);
}
diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h
index ccaf288460546..aaa19f93ac430 100644
--- a/include/linux/firmware/qcom/qcom_scm.h
+++ b/include/linux/firmware/qcom/qcom_scm.h
@@ -118,8 +118,8 @@ bool qcom_scm_lmh_dcvsh_available(void);
#ifdef CONFIG_QCOM_QSEECOM
int qcom_scm_qseecom_app_get_id(const char *app_name, u32 *app_id);
-int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp,
- size_t rsp_size);
+int qcom_scm_qseecom_app_send(u32 app_id, dma_addr_t req, size_t req_size,
+ dma_addr_t rsp, size_t rsp_size);
#else /* CONFIG_QCOM_QSEECOM */
@@ -128,9 +128,9 @@ static inline int qcom_scm_qseecom_app_get_id(const char *app_name, u32 *app_id)
return -EINVAL;
}
-static inline int qcom_scm_qseecom_app_send(u32 app_id, void *req,
- size_t req_size, void *rsp,
- size_t rsp_size)
+static inline int qcom_scm_qseecom_app_send(u32 app_id,
+ dma_addr_t req, size_t req_size,
+ dma_addr_t rsp, size_t rsp_size)
{
return -EINVAL;
}
--
2.44.0
1 year, 1 month
- 3
- 2
[PATCH v2 5.10/5.15] ata: libata-scsi: check cdb length for VARIABLE_LENGTH_CMD commands
by Mikhail Ukhin
No upstream commit exists for this patch.
Fuzzing of 5.10 stable branch reports a slab-out-of-bounds error in
ata_scsi_pass_thru.
The error is fixed in 5.18 by commit ce70fd9a551a ("scsi: core: Remove the
cmd field from struct scsi_request") upstream.
Backporting this commit would require significant changes to the code so
it is bettter to use a simple fix for that particular error.
The problem is that the length of the received SCSI command is not
validated if scsi_op == VARIABLE_LENGTH_CMD. It can lead to out-of-bounds
reading if the user sends a request with SCSI command of length less than
32.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com>
Signed-off-by: Mikhail Ivanov <iwanov-23(a)bk.ru>
Signed-off-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru>
---
v2: The new addresses were added and the text was updated.
drivers/ata/libata-scsi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index dfa090ccd21c..77589e911d3d 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -4065,6 +4065,9 @@ int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev)
if (unlikely(!scmd->cmd_len))
goto bad_cdb_len;
+
+ if (scsi_op == VARIABLE_LENGTH_CMD && scmd->cmd_len < 32)
+ goto bad_cdb_len;
if (dev->class == ATA_DEV_ATA || dev->class == ATA_DEV_ZAC) {
if (unlikely(scmd->cmd_len > dev->cdb_len))
--
2.25.1
1 year, 1 month
- 2
- 1
[PATCH v2] ACPI: CPPC: Fix access width used for PCC registers
by Vanshidhar Konda
commit 2f4a4d63a193be6fd530d180bb13c3592052904c modified
cpc_read/cpc_write to use access_width to read CPC registers. For PCC
registers the access width field in the ACPI register macro specifies
the PCC subspace id. For non-zero PCC subspace id the access width is
incorrectly treated as access width. This causes errors when reading
from PCC registers in the CPPC driver.
For PCC registers base the size of read/write on the bit width field.
The debug message in cpc_read/cpc_write is updated to print relevant
information for the address space type used to read the register.
Signed-off-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com>
Tested-by: Jarred White <jarredwhite(a)linux.microsoft.com>
Reviewed-by: Jarred White <jarredwhite(a)linux.microsoft.com>
Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+
---
When testing v6.9-rc1 kernel on AmpereOne system dmesg showed that
cpufreq policy had failed to initialize on some cores during boot because
cpufreq->get() always returned 0. On this system CPPC registers are in PCC
subspace index 2 that are 32 bits wide. With this patch the CPPC driver
interpreted the access width field as 16 bits, causing the register read
to roll over too quickly to provide valid values during frequency
computation.
v2:
- Use size variable in debug print message
- Use size instead of reg->bit_width for acpi_os_read_memory and
acpi_os_write_memory
drivers/acpi/cppc_acpi.c | 53 ++++++++++++++++++++++++++++------------
1 file changed, 37 insertions(+), 16 deletions(-)
diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
index 4bfbe55553f4..a037e9d15f48 100644
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -1002,14 +1002,14 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val)
}
*val = 0;
+ size = GET_BIT_WIDTH(reg);
if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) {
- u32 width = GET_BIT_WIDTH(reg);
u32 val_u32;
acpi_status status;
status = acpi_os_read_port((acpi_io_address)reg->address,
- &val_u32, width);
+ &val_u32, size);
if (ACPI_FAILURE(status)) {
pr_debug("Error: Failed to read SystemIO port %llx\n",
reg->address);
@@ -1018,17 +1018,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val)
*val = val_u32;
return 0;
- } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0)
+ } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) {
+ /*
+ * For registers in PCC space, the register size is determined
+ * by the bit width field; the access size is used to indicate
+ * the PCC subspace id.
+ */
+ size = reg->bit_width;
vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id);
+ }
else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY)
vaddr = reg_res->sys_mem_vaddr;
else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE)
return cpc_read_ffh(cpu, reg, val);
else
return acpi_os_read_memory((acpi_physical_address)reg->address,
- val, reg->bit_width);
-
- size = GET_BIT_WIDTH(reg);
+ val, size);
switch (size) {
case 8:
@@ -1044,8 +1049,13 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val)
*val = readq_relaxed(vaddr);
break;
default:
- pr_debug("Error: Cannot read %u bit width from PCC for ss: %d\n",
- reg->bit_width, pcc_ss_id);
+ if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) {
+ pr_debug("Error: Cannot read %u width from for system memory: 0x%llx\n",
+ size, reg->address);
+ } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) {
+ pr_debug("Error: Cannot read %u bit width to PCC for ss: %d\n",
+ size, pcc_ss_id);
+ }
return -EFAULT;
}
@@ -1063,12 +1073,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val)
int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu);
struct cpc_reg *reg = ®_res->cpc_entry.reg;
+ size = GET_BIT_WIDTH(reg);
+
if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) {
- u32 width = GET_BIT_WIDTH(reg);
acpi_status status;
status = acpi_os_write_port((acpi_io_address)reg->address,
- (u32)val, width);
+ (u32)val, size);
if (ACPI_FAILURE(status)) {
pr_debug("Error: Failed to write SystemIO port %llx\n",
reg->address);
@@ -1076,17 +1087,22 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val)
}
return 0;
- } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0)
+ } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) {
+ /*
+ * For registers in PCC space, the register size is determined
+ * by the bit width field; the access size is used to indicate
+ * the PCC subspace id.
+ */
+ size = reg->bit_width;
vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id);
+ }
else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY)
vaddr = reg_res->sys_mem_vaddr;
else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE)
return cpc_write_ffh(cpu, reg, val);
else
return acpi_os_write_memory((acpi_physical_address)reg->address,
- val, reg->bit_width);
-
- size = GET_BIT_WIDTH(reg);
+ val, size);
if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY)
val = MASK_VAL(reg, val);
@@ -1105,8 +1121,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val)
writeq_relaxed(val, vaddr);
break;
default:
- pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n",
- reg->bit_width, pcc_ss_id);
+ if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) {
+ pr_debug("Error: Cannot write %u width from for system memory: 0x%llx\n",
+ size, reg->address);
+ } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) {
+ pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n",
+ size, pcc_ss_id);
+ }
ret_val = -EFAULT;
break;
}
--
2.43.1
1 year, 1 month
- 2
- 1
[PATCH RESEND 0/2] usb: typec: tipd: fix event checking in interrupt service routines
by Javier Carrasco
The ISRs of the tps25750 and tps6598x do not handle generated events
properly under all circumstances.
The tps6598x ISR does not read all bits of the INT_EVENTX registers,
leaving events signaled with bits above 64 unattended. Moreover, these
events are not cleared, leaving the interrupt enabled.
The tps25750 reads all bits of the INT_EVENT1 register, but the event
checking is not right because the same event is checked in two different
regions of the same register by means of an OR operation.
This series aims to fix both issues by reading all bits of the
INT_EVENTX registers, and limiting the event checking to the region
where the supported events are defined (currently they are limited to
the first 64 bits of the registers, as the are defined as BIT_ULL()).
If the need for events above the first 64 bits of the INT_EVENTX
registers arises, a different mechanism might be required. But for the
current needs, all definitions can be left as they are.
Note: resend to add the Cc tag for 'stable' (fixes in the series).
Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net>
---
Javier Carrasco (2):
usb: typec: tipd: fix event checking for tps25750
usb: typec: tipd: fix event checking for tps6598x
drivers/usb/typec/tipd/core.c | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)
---
base-commit: 4cece764965020c22cff7665b18a012006359095
change-id: 20240328-tps6598x_fix_event_handling-3398d3d82f85
Best regards,
--
Javier Carrasco <javier.carrasco(a)wolfvision.net>
1 year, 1 month
- 2
- 9
[PATCH net] Bluetooth: hci_event: fix double hci_conn_drop() when conn->state == BT_CONNECTED
by kovalev@altlinux.org
From: Vasiliy Kovalev <kovalev(a)altlinux.org>
There is no need to drop the connection of some functions in which the
conn->state in BT_CONNECTED is marked, since in the future the same check
takes place (for example, in the hci_encrypt_change_evt() function) and
the hci_conn_drop() is called.
Otherwise, the conn->refcnt will become below zero, which will trigger a
warning and may cause a crash on kernels with the panic_on_warn parameter
enabled.
Syzkaller hit 'WARNING in hci_conn_timeout' bug.
[ 23.485892] Bluetooth: Core ver 2.22
[ 23.485916] NET: Registered PF_BLUETOOTH protocol family
[ 23.485917] Bluetooth: HCI device and connection manager initialized
[ 23.486407] Bluetooth: HCI socket layer initialized
[ 23.486410] Bluetooth: L2CAP socket layer initialized
[ 23.486413] Bluetooth: SCO socket layer initialized
[ 24.507112] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 24.507142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 24.507165] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 24.508091] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 24.508109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 24.508117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 24.545962] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 24.545969] Bluetooth: BNEP filters: protocol multicast
[ 24.545973] Bluetooth: BNEP socket layer initialized
[ 24.547521] Bluetooth: MGMT ver 1.22
[ 26.553008] Bluetooth: hci0: command tx timeout
[ 26.561518] Bluetooth: RFCOMM TTY layer initialized
[ 26.561526] Bluetooth: RFCOMM socket layer initialized
[ 26.561532] Bluetooth: RFCOMM ver 1.11
[ 28.602024] Bluetooth: hci0: Opcode 0x0c13 failed: -110
[ 28.602054] Bluetooth: hci0: command tx timeout
[ 30.650011] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 30.650021] Bluetooth: hci0: command tx timeout
[ 32.696973] Bluetooth: hci0: command tx timeout
[ 32.696985] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 34.744973] Bluetooth: hci0: command 0x0406 tx timeout
[ 34.745008] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 36.792966] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 36.792980] Bluetooth: hci0: command 0x0406 tx timeout
[ 38.841027] Bluetooth: hci0: command 0x0406 tx timeout
[ 38.841035] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 40.889026] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 40.889999] Bluetooth: hci0: command 0x0406 tx timeout
[ 40.890012] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 40.893629] NET: Registered PF_ALG protocol family
[ 42.937008] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 42.937023] Bluetooth: hci0: command 0x0406 tx timeout
[ 44.984984] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 44.985008] Bluetooth: hci0: command 0x0406 tx timeout
[ 47.033023] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 47.033044] Bluetooth: hci0: command 0x0406 tx timeout
[ 49.080976] Bluetooth: hci0: command 0x0406 tx timeout
[ 49.080985] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 51.129140] Bluetooth: hci0: Opcode 0x0c24 failed: -110
[ 51.130051] Bluetooth: hci0: command 0x0406 tx timeout
[ 53.177011] Bluetooth: hci0: command 0x0406 tx timeout
[ 55.225969] Bluetooth: hci0: command 0x0406 tx timeout
[ 57.272968] Bluetooth: hci0: command 0x0406 tx timeout
[ 59.320982] Bluetooth: hci0: command 0x0406 tx timeout
[ 61.368989] Bluetooth: hci0: command 0x0406 tx timeout
[ 148.474066] ------------[ cut here ]------------
[ 148.474072] WARNING: CPU: 0 PID: 3835 at net/bluetooth/hci_conn.c:612
hci_conn_timeout+0x16/0x60 [bluetooth]
[ 148.474115] Modules linked in: cmac algif_hash algif_skcipher af_alg
rfcomm bnep hci_vhci bluetooth ecdh_generic uinput af_packet
rfkill joydev hid_generic usbhid hid qrtr intel_rapl_msr
intel_rapl_common intel_pmc_core kvm_intel nls_utf8 iTCO_wdt
intel_pmc_bxt iTCO_vendor_support nls_cp866 vfat fat kvm irqbypass
crct10dif_pclmul crc32_pclmul snd_hda_codec_generic crc32c_intel
ghash_clmulni_intel ledtrig_audio sha512_ssse3 snd_hda_intel
sha256_ssse3 sha1_ssse3 snd_intel_dspcfg snd_intel_sdw_acpi
snd_hda_codec aesni_intel crypto_simd cryptd i2c_i801 snd_hda_core
psmouse snd_hwdep i2c_smbus xhci_pci pcspkr snd_pcm lpc_ich
xhci_pci_renesas xhci_hcd tiny_power_button qemu_fw_cfg button
sch_fq_codel vboxvideo drm_vram_helper drm_ttm_helper ttm vboxsf
vboxguest snd_seq_midi snd_seq_midi_event snd_seq snd_rawmidi
snd_seq_device snd_timer snd soundcore msr fuse efi_pstore dm_mod
ip_tables x_tables autofs4 virtio_gpu virtio_net virtio_dma_buf
drm_shmem_helper net_failover drm_kms_helper
[ 148.474210] virtio_rng drm virtio_scsi rng_core virtio_console
virtio_balloon virtio_blk failover ahci libahci libata evdev
input_leds serio_raw scsi_mod scsi_common virtio_pci
virtio_pci_legacy_dev virtio_pci_modern_dev virtio_ring virtio
intel_agp intel_gtt
[ 148.474234] CPU: 0 PID: 3835 Comm: kworker/u5:2
Not tainted 6.1.85-un-def-alt1 #1
[ 148.474238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
BIOS 1.16.0-alt1 04/01/2014
[ 148.474241] Workqueue: hci0 hci_conn_timeout [bluetooth]
[ 148.474265] RIP: 0010:hci_conn_timeout+0x16/0x60 [bluetooth]
[ 148.474288] Code: 00 00 66 89 44 24 06 e8 58 a7 ff ff eb a8 e8 41 7b ee
c1 90 0f 1f 44 00 00 8b 87 20 fd ff ff 85 c0 78 07 74 07 c3
cc cc cc cc <0f> 0b 55 0f b6 87 49 fd ff ff 48 8d af 10 fd
ff ff 3c 01 74 12 be
[ 148.474291] RSP: 0018:ffffa7fd80b53e90 EFLAGS: 00010286
[ 148.474295] RAX: 00000000fffe728b RBX: ffff8959c46ab180 RCX: ffff8959c3b70028
[ 148.474297] RDX: 0000000000000001 RSI: ffff8959c86ce0b0 RDI: ffff895a105aeaf0
[ 148.474299] RBP: ffff895a105aeaf0 R08: ffff8959c86ce0b0 R09: ffff8959c46ab1f4
[ 148.474301] R10: 0000000000000005 R11: 0000000000000005 R12: ffff8959c3b70000
[ 148.474302] R13: ffff8959ec495400 R14: 0000000000000000 R15: ffff8959ec495405
[ 148.474305] FS: 0000000000000000(0000) GS:ffff895a3dc00000(0000)
knlGS:0000000000000000
[ 148.474308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 148.474310] CR2: 00007f2a1b7baa48 CR3: 0000000034b98000 CR4: 0000000000750ef0
[ 148.474317] PKRU: 55555554
[ 148.474319] Call Trace:
[ 148.474323] <TASK>
[ 148.474327] ? __warn+0x79/0xc0
[ 148.474343] ? hci_conn_timeout+0x16/0x60 [bluetooth]
[ 148.474364] ? report_bug+0xff/0x150
[ 148.474375] ? handle_bug+0x49/0xa0
[ 148.474398] ? exc_invalid_op+0x14/0x70
[ 148.474402] ? asm_exc_invalid_op+0x16/0x20
[ 148.474408] ? hci_conn_timeout+0x16/0x60 [bluetooth]
[ 148.474441] process_one_work+0x217/0x3e0
[ 148.474467] worker_thread+0x4d/0x3c0
[ 148.474473] ? process_one_work+0x3e0/0x3e0
[ 148.474478] kthread+0xd6/0x100
[ 148.474482] ? kthread_complete_and_exit+0x20/0x20
[ 148.474486] ret_from_fork+0x1f/0x30
[ 148.474500] </TASK>
[ 148.474502] ---[ end trace 0000000000000000 ]---
Fixes: 0fe29fd1cd77 ("Bluetooth: Read LE remote features during connection establishment")
Fixes: 769be974d0c7 ("[Bluetooth] Use ACL config stage to retrieve remote features")
Fixes: f8558555f31e ("[Bluetooth] Initiate authentication during connection establishment")
Cc: stable(a)vger.kernel.org
Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org>
---
net/bluetooth/hci_event.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index a8b8cfebe0180c..64477e1bde7cec 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3529,7 +3529,6 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, void *data,
} else {
conn->state = BT_CONNECTED;
hci_connect_cfm(conn, ev->status);
- hci_conn_drop(conn);
}
} else {
hci_auth_cfm(conn, ev->status);
@@ -3776,7 +3775,6 @@ static void hci_remote_features_evt(struct hci_dev *hdev, void *data,
if (!hci_outgoing_auth_needed(hdev, conn)) {
conn->state = BT_CONNECTED;
hci_connect_cfm(conn, ev->status);
- hci_conn_drop(conn);
}
unlock:
@@ -5030,7 +5028,6 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, void *data,
if (!hci_outgoing_auth_needed(hdev, conn)) {
conn->state = BT_CONNECTED;
hci_connect_cfm(conn, ev->status);
- hci_conn_drop(conn);
}
unlock:
@@ -6561,7 +6558,6 @@ static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev, void *data,
conn->state = BT_CONNECTED;
hci_connect_cfm(conn, status);
- hci_conn_drop(conn);
}
}
--
2.33.8
1 year, 1 month
- 2
- 2
[git:media_tree/master] media: rc: bpf attach/detach requires write permission
by Mauro Carvalho Chehab
This is an automatic generated email to let you know that the following patch were queued:
Subject: media: rc: bpf attach/detach requires write permission
Author: Sean Young <sean(a)mess.org>
Date: Thu Apr 13 10:50:32 2023 +0200
Note that bpf attach/detach also requires CAP_NET_ADMIN.
Cc: stable(a)vger.kernel.org
Signed-off-by: Sean Young <sean(a)mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org>
drivers/media/rc/bpf-lirc.c | 6 +++---
drivers/media/rc/lirc_dev.c | 5 ++++-
drivers/media/rc/rc-core-priv.h | 2 +-
3 files changed, 8 insertions(+), 5 deletions(-)
---
diff --git a/drivers/media/rc/bpf-lirc.c b/drivers/media/rc/bpf-lirc.c
index fe17c7f98e81..52d82cbe7685 100644
--- a/drivers/media/rc/bpf-lirc.c
+++ b/drivers/media/rc/bpf-lirc.c
@@ -253,7 +253,7 @@ int lirc_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog)
if (attr->attach_flags)
return -EINVAL;
- rcdev = rc_dev_get_from_fd(attr->target_fd);
+ rcdev = rc_dev_get_from_fd(attr->target_fd, true);
if (IS_ERR(rcdev))
return PTR_ERR(rcdev);
@@ -278,7 +278,7 @@ int lirc_prog_detach(const union bpf_attr *attr)
if (IS_ERR(prog))
return PTR_ERR(prog);
- rcdev = rc_dev_get_from_fd(attr->target_fd);
+ rcdev = rc_dev_get_from_fd(attr->target_fd, true);
if (IS_ERR(rcdev)) {
bpf_prog_put(prog);
return PTR_ERR(rcdev);
@@ -303,7 +303,7 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr)
if (attr->query.query_flags)
return -EINVAL;
- rcdev = rc_dev_get_from_fd(attr->query.target_fd);
+ rcdev = rc_dev_get_from_fd(attr->query.target_fd, false);
if (IS_ERR(rcdev))
return PTR_ERR(rcdev);
diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c
index a537734832c5..caad59f76793 100644
--- a/drivers/media/rc/lirc_dev.c
+++ b/drivers/media/rc/lirc_dev.c
@@ -814,7 +814,7 @@ void __exit lirc_dev_exit(void)
unregister_chrdev_region(lirc_base_dev, RC_DEV_MAX);
}
-struct rc_dev *rc_dev_get_from_fd(int fd)
+struct rc_dev *rc_dev_get_from_fd(int fd, bool write)
{
struct fd f = fdget(fd);
struct lirc_fh *fh;
@@ -828,6 +828,9 @@ struct rc_dev *rc_dev_get_from_fd(int fd)
return ERR_PTR(-EINVAL);
}
+ if (write && !(f.file->f_mode & FMODE_WRITE))
+ return ERR_PTR(-EPERM);
+
fh = f.file->private_data;
dev = fh->rc;
diff --git a/drivers/media/rc/rc-core-priv.h b/drivers/media/rc/rc-core-priv.h
index ef1e95e1af7f..7df949fc65e2 100644
--- a/drivers/media/rc/rc-core-priv.h
+++ b/drivers/media/rc/rc-core-priv.h
@@ -325,7 +325,7 @@ void lirc_raw_event(struct rc_dev *dev, struct ir_raw_event ev);
void lirc_scancode_event(struct rc_dev *dev, struct lirc_scancode *lsc);
int lirc_register(struct rc_dev *dev);
void lirc_unregister(struct rc_dev *dev);
-struct rc_dev *rc_dev_get_from_fd(int fd);
+struct rc_dev *rc_dev_get_from_fd(int fd, bool write);
#else
static inline int lirc_dev_init(void) { return 0; }
static inline void lirc_dev_exit(void) {}
1 year, 1 month
- 1
- 0