June 2024 - Linux-stable-mirror

Re: Patch "netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type" has been added to the 6.9-stable tree

by Pablo Neira Ayuso

Hi Sasha, This fix requires a follow up to silence a RCU suspicious usage warning. Please, hold on until end of the week with this. I will get back to you with a reminder if it helps. Thanks. On Mon, Jun 17, 2024 at 07:33:41AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type > > to the 6.9-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > netfilter-ipset-fix-race-between-namespace-cleanup-a.patch > and it can be found in the queue-6.9 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit c93a9ac4a5e09f694873b3abca7eb42c93f34220 > Author: Jozsef Kadlecsik <kadlec(a)netfilter.org> > Date: Tue Jun 4 15:58:03 2024 +0200 > > netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type > > [ Upstream commit 4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10 ] > > Lion Ackermann reported that there is a race condition between namespace cleanup > in ipset and the garbage collection of the list:set type. The namespace > cleanup can destroy the list:set type of sets while the gc of the set type is > waiting to run in rcu cleanup. The latter uses data from the destroyed set which > thus leads use after free. The patch contains the following parts: > > - When destroying all sets, first remove the garbage collectors, then wait > if needed and then destroy the sets. > - Fix the badly ordered "wait then remove gc" for the destroy a single set > case. > - Fix the missing rcu locking in the list:set type in the userspace test > case. > - Use proper RCU list handlings in the list:set type. > > The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc). > > Fixes: 97f7cf1cd80e (netfilter: ipset: fix performance regression in swap operation) > Reported-by: Lion Ackermann <nnamrec(a)gmail.com> > Tested-by: Lion Ackermann <nnamrec(a)gmail.com> > Signed-off-by: Jozsef Kadlecsik <kadlec(a)netfilter.org> > Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > index 3184cc6be4c9d..c7ae4d9bf3d24 100644 > --- a/net/netfilter/ipset/ip_set_core.c > +++ b/net/netfilter/ipset/ip_set_core.c > @@ -1172,23 +1172,50 @@ ip_set_setname_policy[IPSET_ATTR_CMD_MAX + 1] = { > .len = IPSET_MAXNAMELEN - 1 }, > }; > > +/* In order to return quickly when destroying a single set, it is split > + * into two stages: > + * - Cancel garbage collector > + * - Destroy the set itself via call_rcu() > + */ > + > static void > -ip_set_destroy_set(struct ip_set *set) > +ip_set_destroy_set_rcu(struct rcu_head *head) > { > - pr_debug("set: %s\n", set->name); > + struct ip_set *set = container_of(head, struct ip_set, rcu); > > - /* Must call it without holding any lock */ > set->variant->destroy(set); > module_put(set->type->me); > kfree(set); > } > > static void > -ip_set_destroy_set_rcu(struct rcu_head *head) > +_destroy_all_sets(struct ip_set_net *inst) > { > - struct ip_set *set = container_of(head, struct ip_set, rcu); > + struct ip_set *set; > + ip_set_id_t i; > + bool need_wait = false; > > - ip_set_destroy_set(set); > + /* First cancel gc's: set:list sets are flushed as well */ > + for (i = 0; i < inst->ip_set_max; i++) { > + set = ip_set(inst, i); > + if (set) { > + set->variant->cancel_gc(set); > + if (set->type->features & IPSET_TYPE_NAME) > + need_wait = true; > + } > + } > + /* Must wait for flush to be really finished */ > + if (need_wait) > + rcu_barrier(); > + for (i = 0; i < inst->ip_set_max; i++) { > + set = ip_set(inst, i); > + if (set) { > + ip_set(inst, i) = NULL; > + set->variant->destroy(set); > + module_put(set->type->me); > + kfree(set); > + } > + } > } > > static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, > @@ -1202,11 +1229,10 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, > if (unlikely(protocol_min_failed(attr))) > return -IPSET_ERR_PROTOCOL; > > - > /* Commands are serialized and references are > * protected by the ip_set_ref_lock. > * External systems (i.e. xt_set) must call > - * ip_set_put|get_nfnl_* functions, that way we > + * ip_set_nfnl_get_* functions, that way we > * can safely check references here. > * > * list:set timer can only decrement the reference > @@ -1214,8 +1240,6 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, > * without holding the lock. > */ > if (!attr[IPSET_ATTR_SETNAME]) { > - /* Must wait for flush to be really finished in list:set */ > - rcu_barrier(); > read_lock_bh(&ip_set_ref_lock); > for (i = 0; i < inst->ip_set_max; i++) { > s = ip_set(inst, i); > @@ -1226,15 +1250,7 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, > } > inst->is_destroyed = true; > read_unlock_bh(&ip_set_ref_lock); > - for (i = 0; i < inst->ip_set_max; i++) { > - s = ip_set(inst, i); > - if (s) { > - ip_set(inst, i) = NULL; > - /* Must cancel garbage collectors */ > - s->variant->cancel_gc(s); > - ip_set_destroy_set(s); > - } > - } > + _destroy_all_sets(inst); > /* Modified by ip_set_destroy() only, which is serialized */ > inst->is_destroyed = false; > } else { > @@ -1255,12 +1271,12 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, > features = s->type->features; > ip_set(inst, i) = NULL; > read_unlock_bh(&ip_set_ref_lock); > + /* Must cancel garbage collectors */ > + s->variant->cancel_gc(s); > if (features & IPSET_TYPE_NAME) { > /* Must wait for flush to be really finished */ > rcu_barrier(); > } > - /* Must cancel garbage collectors */ > - s->variant->cancel_gc(s); > call_rcu(&s->rcu, ip_set_destroy_set_rcu); > } > return 0; > @@ -2365,30 +2381,25 @@ ip_set_net_init(struct net *net) > } > > static void __net_exit > -ip_set_net_exit(struct net *net) > +ip_set_net_pre_exit(struct net *net) > { > struct ip_set_net *inst = ip_set_pernet(net); > > - struct ip_set *set = NULL; > - ip_set_id_t i; > - > inst->is_deleted = true; /* flag for ip_set_nfnl_put */ > +} > > - nfnl_lock(NFNL_SUBSYS_IPSET); > - for (i = 0; i < inst->ip_set_max; i++) { > - set = ip_set(inst, i); > - if (set) { > - ip_set(inst, i) = NULL; > - set->variant->cancel_gc(set); > - ip_set_destroy_set(set); > - } > - } > - nfnl_unlock(NFNL_SUBSYS_IPSET); > +static void __net_exit > +ip_set_net_exit(struct net *net) > +{ > + struct ip_set_net *inst = ip_set_pernet(net); > + > + _destroy_all_sets(inst); > kvfree(rcu_dereference_protected(inst->ip_set_list, 1)); > } > > static struct pernet_operations ip_set_net_ops = { > .init = ip_set_net_init, > + .pre_exit = ip_set_net_pre_exit, > .exit = ip_set_net_exit, > .id = &ip_set_net_id, > .size = sizeof(struct ip_set_net), > diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c > index 54e2a1dd7f5f5..bfae7066936bb 100644 > --- a/net/netfilter/ipset/ip_set_list_set.c > +++ b/net/netfilter/ipset/ip_set_list_set.c > @@ -79,7 +79,7 @@ list_set_kadd(struct ip_set *set, const struct sk_buff *skb, > struct set_elem *e; > int ret; > > - list_for_each_entry(e, &map->members, list) { > + list_for_each_entry_rcu(e, &map->members, list) { > if (SET_WITH_TIMEOUT(set) && > ip_set_timeout_expired(ext_timeout(e, set))) > continue; > @@ -99,7 +99,7 @@ list_set_kdel(struct ip_set *set, const struct sk_buff *skb, > struct set_elem *e; > int ret; > > - list_for_each_entry(e, &map->members, list) { > + list_for_each_entry_rcu(e, &map->members, list) { > if (SET_WITH_TIMEOUT(set) && > ip_set_timeout_expired(ext_timeout(e, set))) > continue; > @@ -188,9 +188,10 @@ list_set_utest(struct ip_set *set, void *value, const struct ip_set_ext *ext, > struct list_set *map = set->data; > struct set_adt_elem *d = value; > struct set_elem *e, *next, *prev = NULL; > - int ret; > + int ret = 0; > > - list_for_each_entry(e, &map->members, list) { > + rcu_read_lock(); > + list_for_each_entry_rcu(e, &map->members, list) { > if (SET_WITH_TIMEOUT(set) && > ip_set_timeout_expired(ext_timeout(e, set))) > continue; > @@ -201,6 +202,7 @@ list_set_utest(struct ip_set *set, void *value, const struct ip_set_ext *ext, > > if (d->before == 0) { > ret = 1; > + goto out; > } else if (d->before > 0) { > next = list_next_entry(e, list); > ret = !list_is_last(&e->list, &map->members) && > @@ -208,9 +210,11 @@ list_set_utest(struct ip_set *set, void *value, const struct ip_set_ext *ext, > } else { > ret = prev && prev->id == d->refid; > } > - return ret; > + goto out; > } > - return 0; > +out: > + rcu_read_unlock(); > + return ret; > } > > static void > @@ -239,7 +243,7 @@ list_set_uadd(struct ip_set *set, void *value, const struct ip_set_ext *ext, > > /* Find where to add the new entry */ > n = prev = next = NULL; > - list_for_each_entry(e, &map->members, list) { > + list_for_each_entry_rcu(e, &map->members, list) { > if (SET_WITH_TIMEOUT(set) && > ip_set_timeout_expired(ext_timeout(e, set))) > continue; > @@ -316,9 +320,9 @@ list_set_udel(struct ip_set *set, void *value, const struct ip_set_ext *ext, > { > struct list_set *map = set->data; > struct set_adt_elem *d = value; > - struct set_elem *e, *next, *prev = NULL; > + struct set_elem *e, *n, *next, *prev = NULL; > > - list_for_each_entry(e, &map->members, list) { > + list_for_each_entry_safe(e, n, &map->members, list) { > if (SET_WITH_TIMEOUT(set) && > ip_set_timeout_expired(ext_timeout(e, set))) > continue; > @@ -424,14 +428,8 @@ static void > list_set_destroy(struct ip_set *set) > { > struct list_set *map = set->data; > - struct set_elem *e, *n; > > - list_for_each_entry_safe(e, n, &map->members, list) { > - list_del(&e->list); > - ip_set_put_byindex(map->net, e->id); > - ip_set_ext_destroy(set, e); > - kfree(e); > - } > + WARN_ON_ONCE(!list_empty(&map->members)); > kfree(map); > > set->data = NULL;

1 year

2
2
0 0

Re: Patch "netfilter: ipset: Fix suspicious rcu_dereference_protected()" has been added to the 6.9-stable tree

by Pablo Neira Ayuso

Hi Side note: This fix requires 4e7aaa6b82d6 ("netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type" in first place, as a dependency. Thanks On Sat, Jun 22, 2024 at 07:41:24PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > netfilter: ipset: Fix suspicious rcu_dereference_protected() > > to the 6.9-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > netfilter-ipset-fix-suspicious-rcu_dereference_prote.patch > and it can be found in the queue-6.9 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 0226dfa53edc90463c1b0d50167da948c88025ef > Author: Jozsef Kadlecsik <kadlec(a)netfilter.org> > Date: Mon Jun 17 11:18:15 2024 +0200 > > netfilter: ipset: Fix suspicious rcu_dereference_protected() > > [ Upstream commit 8ecd06277a7664f4ef018abae3abd3451d64e7a6 ] > > When destroying all sets, we are either in pernet exit phase or > are executing a "destroy all sets command" from userspace. The latter > was taken into account in ip_set_dereference() (nfnetlink mutex is held), > but the former was not. The patch adds the required check to > rcu_dereference_protected() in ip_set_dereference(). > > Fixes: 4e7aaa6b82d6 ("netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type") > Reported-by: syzbot+b62c37cdd58103293a5a(a)syzkaller.appspotmail.com > Reported-by: syzbot+cfbe1da5fdfc39efc293(a)syzkaller.appspotmail.com > Reported-by: kernel test robot <oliver.sang(a)intel.com> > Closes: https://lore.kernel.org/oe-lkp/202406141556.e0b6f17e-lkp@intel.com > Signed-off-by: Jozsef Kadlecsik <kadlec(a)netfilter.org> > Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > index c7ae4d9bf3d24..61431690cbd5f 100644 > --- a/net/netfilter/ipset/ip_set_core.c > +++ b/net/netfilter/ipset/ip_set_core.c > @@ -53,12 +53,13 @@ MODULE_DESCRIPTION("core IP set support"); > MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_IPSET); > > /* When the nfnl mutex or ip_set_ref_lock is held: */ > -#define ip_set_dereference(p) \ > - rcu_dereference_protected(p, \ > +#define ip_set_dereference(inst) \ > + rcu_dereference_protected((inst)->ip_set_list, \ > lockdep_nfnl_is_held(NFNL_SUBSYS_IPSET) || \ > - lockdep_is_held(&ip_set_ref_lock)) > + lockdep_is_held(&ip_set_ref_lock) || \ > + (inst)->is_deleted) > #define ip_set(inst, id) \ > - ip_set_dereference((inst)->ip_set_list)[id] > + ip_set_dereference(inst)[id] > #define ip_set_ref_netlink(inst,id) \ > rcu_dereference_raw((inst)->ip_set_list)[id] > #define ip_set_dereference_nfnl(p) \ > @@ -1133,7 +1134,7 @@ static int ip_set_create(struct sk_buff *skb, const struct nfnl_info *info, > if (!list) > goto cleanup; > /* nfnl mutex is held, both lists are valid */ > - tmp = ip_set_dereference(inst->ip_set_list); > + tmp = ip_set_dereference(inst); > memcpy(list, tmp, sizeof(struct ip_set *) * inst->ip_set_max); > rcu_assign_pointer(inst->ip_set_list, list); > /* Make sure all current packets have passed through */

1 year

1
0
0 0

[tip: smp/urgent] cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked()

by tip-bot2 for Yuntao Wang

The following commit has been merged into the smp/urgent branch of tip: Commit-ID: 932d8476399f622aa0767a4a0a9e78e5341dc0e1 Gitweb: https://git.kernel.org/tip/932d8476399f622aa0767a4a0a9e78e5341dc0e1 Author: Yuntao Wang <ytcoode(a)gmail.com> AuthorDate: Wed, 15 May 2024 21:45:54 +08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 17 Jun 2024 15:08:04 +02:00 cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Commit 4205e4786d0b ("cpu/hotplug: Provide dynamic range for prepare stage") added a dynamic range for the prepare states, but did not handle the assignment of the dynstate variable in __cpuhp_setup_state_cpuslocked(). This causes the corresponding startup callback not to be invoked when calling __cpuhp_setup_state_cpuslocked() with the CPUHP_BP_PREPARE_DYN parameter, even though it should be. Currently, the users of __cpuhp_setup_state_cpuslocked(), for one reason or another, have not triggered this bug. Fixes: 4205e4786d0b ("cpu/hotplug: Provide dynamic range for prepare stage") Signed-off-by: Yuntao Wang <ytcoode(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240515134554.427071-1-ytcoode@gmail.com --- kernel/cpu.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/cpu.c b/kernel/cpu.c index 563877d..74cfdb6 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -2446,7 +2446,7 @@ EXPORT_SYMBOL_GPL(__cpuhp_state_add_instance); * The caller needs to hold cpus read locked while calling this function. * Return: * On success: - * Positive state number if @state is CPUHP_AP_ONLINE_DYN; + * Positive state number if @state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN; * 0 for all other states * On failure: proper (negative) error code */ @@ -2469,7 +2469,7 @@ int __cpuhp_setup_state_cpuslocked(enum cpuhp_state state, ret = cpuhp_store_callbacks(state, name, startup, teardown, multi_instance); - dynstate = state == CPUHP_AP_ONLINE_DYN; + dynstate = state == CPUHP_AP_ONLINE_DYN || state == CPUHP_BP_PREPARE_DYN; if (ret > 0 && dynstate) { state = ret; ret = 0; @@ -2500,8 +2500,8 @@ int __cpuhp_setup_state_cpuslocked(enum cpuhp_state state, out: mutex_unlock(&cpuhp_state_mutex); /* - * If the requested state is CPUHP_AP_ONLINE_DYN, return the - * dynamically allocated state in case of success. + * If the requested state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN, + * return the dynamically allocated state in case of success. */ if (!ret && dynstate) return state;

1 year

1
0
0 0

[PATCH] cpu: Fix broken cmdline "nosmp" and "maxcpus=0"

by Huacai Chen

After the reworking of "Parallel CPU bringup", the cmdline "nosmp" and "maxcpus=0" is broken. Because these parameters make setup_max_cpus be zero, and setup_max_cpus is the "max_cpus" of bringup_nonboot_cpus(). In this case, "if (!--ncpus)" will not be true in cpuhp_bringup_mask(), and the result is all the possible cpus are brought up. We can fix it by changing "if (!--ncpus)" to "if (!ncpus--)". But to make logic more clear and save some cpu cycles, it is better to check "max_cpus" in bringup_nonboot_cpus(), return early if it is zero. Cc: stable(a)vger.kernel.org Fixes: 18415f33e2ac4ab382 ("cpu/hotplug: Allow "parallel" bringup up to CPUHP_BP_KICK_AP_STATE") Fixes: 06c6796e0304234da6 ("cpu/hotplug: Fix off by one in cpuhp_bringup_mask()") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- kernel/cpu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/cpu.c b/kernel/cpu.c index 563877d6c28b..200974a31de8 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -1859,6 +1859,9 @@ static inline bool cpuhp_bringup_cpus_parallel(unsigned int ncpus) { return fals void __init bringup_nonboot_cpus(unsigned int max_cpus) { + if (!max_cpus) + return; + /* Try parallel bringup optimization if enabled */ if (cpuhp_bringup_cpus_parallel(max_cpus)) return; -- 2.43.0

1 year

2
1
0 0

[PATCH 1/4] x86/of: Return consistent error type from x86_of_pci_irq_enable()

by Ilpo Järvinen

x86_of_pci_irq_enable() returns PCIBIOS_* code received from pci_read_config_byte() directly and also -EINVAL which are not compatible error types. x86_of_pci_irq_enable() is used as (*pcibios_enable_irq) function which should not return PCIBIOS_* codes. Convert the PCIBIOS_* return code from pci_read_config_byte() into normal errno using pcibios_err_to_errno(). Fixes: 96e0a0797eba ("x86: dtb: Add support for PCI devices backed by dtb nodes") Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/kernel/devicetree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/devicetree.c b/arch/x86/kernel/devicetree.c index 8e3c53b4d070..64280879c68c 100644 --- a/arch/x86/kernel/devicetree.c +++ b/arch/x86/kernel/devicetree.c @@ -83,7 +83,7 @@ static int x86_of_pci_irq_enable(struct pci_dev *dev) ret = pci_read_config_byte(dev, PCI_INTERRUPT_PIN, &pin); if (ret) - return ret; + return pcibios_err_to_errno(ret); if (!pin) return 0; -- 2.39.2

1 year

4
7
0 0

[PATCH 10/15] csky, hexagon: fix broken sys_sync_file_range

by Arnd Bergmann

From: Arnd Bergmann <arnd(a)arndb.de> Both of these architectures require u64 function arguments to be passed in even/odd pairs of registers or stack slots, which in case of sync_file_range would result in a seven-argument system call that is not currently possible. The system call is therefore incompatible with all existing binaries. While it would be possible to implement support for seven arguments like on mips, it seems better to use a six-argument version, either with the normal argument order but misaligned as on most architectures or with the reordered sync_file_range2() calling conventions as on arm and powerpc. Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/uapi/asm/unistd.h | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/csky/include/uapi/asm/unistd.h b/arch/csky/include/uapi/asm/unistd.h index 7ff6a2466af1..e0594b6370a6 100644 --- a/arch/csky/include/uapi/asm/unistd.h +++ b/arch/csky/include/uapi/asm/unistd.h @@ -6,6 +6,7 @@ #define __ARCH_WANT_SYS_CLONE3 #define __ARCH_WANT_SET_GET_RLIMIT #define __ARCH_WANT_TIME32_SYSCALLS +#define __ARCH_WANT_SYNC_FILE_RANGE2 #include <asm-generic/unistd.h> #define __NR_set_thread_area (__NR_arch_specific_syscall + 0) diff --git a/arch/hexagon/include/uapi/asm/unistd.h b/arch/hexagon/include/uapi/asm/unistd.h index 432c4db1b623..21ae22306b5d 100644 --- a/arch/hexagon/include/uapi/asm/unistd.h +++ b/arch/hexagon/include/uapi/asm/unistd.h @@ -36,5 +36,6 @@ #define __ARCH_WANT_SYS_VFORK #define __ARCH_WANT_SYS_FORK #define __ARCH_WANT_TIME32_SYSCALLS +#define __ARCH_WANT_SYNC_FILE_RANGE2 #include <asm-generic/unistd.h> -- 2.39.2

1 year

2
1
0 0

Linux 6.9.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.6 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .editorconfig | 3 Documentation/devicetree/bindings/usb/realtek,rts5411.yaml | 1 MAINTAINERS | 1 Makefile | 2 arch/parisc/include/asm/cacheflush.h | 15 arch/parisc/include/asm/pgtable.h | 27 arch/parisc/kernel/cache.c | 413 ++++++---- arch/powerpc/include/asm/uaccess.h | 16 arch/powerpc/platforms/85xx/smp.c | 9 arch/riscv/kvm/aia_device.c | 7 arch/riscv/kvm/vcpu_onereg.c | 4 arch/riscv/mm/init.c | 24 arch/riscv/mm/pageattr.c | 28 arch/x86/boot/compressed/Makefile | 4 arch/x86/boot/main.c | 4 arch/x86/include/asm/alternative.h | 22 arch/x86/include/asm/atomic64_32.h | 2 arch/x86/include/asm/cpufeature.h | 2 arch/x86/include/asm/irq_stack.h | 2 arch/x86/include/asm/uaccess.h | 6 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/common.c | 21 arch/x86/kernel/machine_kexec_64.c | 11 arch/x86/kvm/svm/sev.c | 19 arch/x86/kvm/svm/svm.c | 24 arch/x86/kvm/svm/svm.h | 4 arch/x86/lib/getuser.S | 6 arch/x86/mm/numa.c | 6 block/blk-flush.c | 3 block/sed-opal.c | 2 drivers/acpi/thermal.c | 8 drivers/acpi/x86/utils.c | 24 drivers/ata/ahci.c | 1 drivers/ata/libata-core.c | 9 drivers/ata/libata-scsi.c | 8 drivers/base/core.c | 3 drivers/block/null_blk/zoned.c | 2 drivers/clk/sifive/sifive-prci.c | 8 drivers/cpufreq/amd-pstate-ut.c | 3 drivers/cpufreq/amd-pstate.c | 209 +++-- drivers/cpufreq/amd-pstate.h | 100 ++ drivers/cxl/core/region.c | 18 drivers/dma-buf/st-dma-fence.c | 6 drivers/dma/dma-axi-dmac.c | 2 drivers/gpio/Kconfig | 2 drivers/gpio/gpio-tqmx86.c | 110 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 2 drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c | 2 drivers/gpu/drm/bridge/panel.c | 7 drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 drivers/gpu/drm/drm_gem_shmem_helper.c | 3 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 drivers/gpu/drm/exynos/exynos_hdmi.c | 7 drivers/gpu/drm/i915/display/intel_audio.c | 32 drivers/gpu/drm/i915/display/intel_audio.h | 1 drivers/gpu/drm/i915/display/intel_display_driver.c | 2 drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 drivers/gpu/drm/i915/gem/i915_gem_object.h | 4 drivers/gpu/drm/i915/gt/intel_breadcrumbs.c | 15 drivers/gpu/drm/nouveau/dispnv04/disp.c | 2 drivers/gpu/drm/nouveau/dispnv50/disp.c | 4 drivers/gpu/drm/nouveau/nouveau_display.c | 6 drivers/gpu/drm/nouveau/nouveau_drv.h | 1 drivers/gpu/drm/panel/panel-sitronix-st7789v.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 28 drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 45 + drivers/gpu/drm/xe/xe_gt_idle.c | 9 drivers/gpu/drm/xe/xe_guc_pc.c | 70 - drivers/gpu/drm/xe/xe_guc_submit.c | 1 drivers/gpu/drm/xe/xe_ring_ops.c | 18 drivers/greybus/interface.c | 1 drivers/hid/hid-core.c | 1 drivers/hid/hid-logitech-dj.c | 4 drivers/hid/hid-nvidia-shield.c | 4 drivers/hwtracing/intel_th/pci.c | 25 drivers/i2c/busses/i2c-at91-slave.c | 3 drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/iio/adc/ad9467.c | 4 drivers/iio/adc/adi-axi-adc.c | 5 drivers/iio/common/inv_sensors/inv_sensors_timestamp.c | 15 drivers/iio/dac/ad5592r-base.c | 2 drivers/iio/imu/bmi323/bmi323_core.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 drivers/iio/pressure/bmp280-core.c | 10 drivers/iio/temperature/mcp9600.c | 3 drivers/iio/temperature/mlx90635.c | 6 drivers/iommu/amd/init.c | 9 drivers/irqchip/irq-gic-v3-its.c | 44 - drivers/irqchip/irq-sifive-plic.c | 34 drivers/leds/led-class.c | 6 drivers/md/dm-integrity.c | 1 drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c | 9 drivers/misc/mei/pci-me.c | 4 drivers/misc/mei/platform-vsc.c | 39 drivers/misc/mei/vsc-fw-loader.c | 2 drivers/misc/vmw_vmci/vmci_event.c | 6 drivers/net/dsa/qca/qca8k-leds.c | 12 drivers/net/ethernet/broadcom/bnxt/bnxt.h | 51 + drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 12 drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 drivers/net/ethernet/google/gve/gve_rx_dqo.c | 8 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 20 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 21 drivers/net/ethernet/intel/ice/ice.h | 44 - drivers/net/ethernet/intel/ice/ice_base.c | 3 drivers/net/ethernet/intel/ice/ice_lib.c | 27 drivers/net/ethernet/intel/ice/ice_main.c | 118 +- drivers/net/ethernet/intel/ice/ice_nvm.c | 116 ++ drivers/net/ethernet/intel/ice/ice_type.h | 14 drivers/net/ethernet/intel/ice/ice_xsk.c | 13 drivers/net/ethernet/intel/igc/igc_ethtool.c | 9 drivers/net/ethernet/intel/igc/igc_main.c | 4 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 33 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 104 +- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 9 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/mellanox/mlx5/core/fw.c | 4 drivers/net/ethernet/mellanox/mlx5/core/health.c | 8 drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c | 8 drivers/net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 3 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 25 drivers/net/geneve.c | 10 drivers/net/netdevsim/netdev.c | 3 drivers/net/phy/micrel.c | 104 ++ drivers/net/phy/sfp.c | 3 drivers/net/virtio_net.c | 2 drivers/net/vmxnet3/vmxnet3_drv.c | 2 drivers/net/wireless/ath/ath11k/core.c | 2 drivers/net/wireless/ath/ath11k/mac.c | 38 drivers/net/wireless/intel/iwlwifi/fw/api/power.h | 30 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 18 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 4 drivers/net/wireless/mediatek/mt76/mt7615/main.c | 4 drivers/net/wireless/realtek/rtlwifi/core.c | 15 drivers/net/wwan/iosm/iosm_ipc_devlink.c | 2 drivers/nvme/host/pr.c | 2 drivers/nvme/target/passthru.c | 6 drivers/pci/controller/pcie-rockchip-ep.c | 6 drivers/platform/x86/dell/dell-smbios-base.c | 92 -- drivers/pmdomain/ti/ti_sci_pm_domains.c | 20 drivers/ptp/ptp_chardev.c | 3 drivers/ras/amd/atl/internal.h | 2 drivers/ras/amd/atl/system.c | 2 drivers/ras/amd/atl/umc.c | 160 ++- drivers/remoteproc/ti_k3_r5_remoteproc.c | 58 + drivers/scsi/mpi3mr/mpi3mr_app.c | 62 + drivers/scsi/mpt3sas/mpt3sas_base.c | 19 drivers/scsi/mpt3sas/mpt3sas_base.h | 3 drivers/scsi/mpt3sas/mpt3sas_ctl.c | 4 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 23 drivers/scsi/scsi.c | 7 drivers/scsi/scsi_transport_sas.c | 23 drivers/scsi/sd.c | 17 drivers/spmi/hisi-spmi-controller.c | 1 drivers/thermal/thermal_core.c | 13 drivers/thunderbolt/debugfs.c | 5 drivers/tty/n_tty.c | 22 drivers/tty/serial/8250/8250_dw.c | 9 drivers/tty/serial/8250/8250_dwlib.c | 3 drivers/tty/serial/8250/8250_dwlib.h | 3 drivers/tty/serial/8250/8250_pxa.c | 1 drivers/tty/serial/serial_port.c | 7 drivers/ufs/core/ufs-mcq.c | 17 drivers/ufs/core/ufshcd.c | 6 drivers/usb/Makefile | 1 drivers/usb/class/cdc-wdm.c | 4 drivers/usb/core/hcd.c | 12 drivers/usb/host/xhci-pci.c | 7 drivers/usb/host/xhci-ring.c | 59 + drivers/usb/host/xhci.h | 1 drivers/usb/storage/alauda.c | 9 drivers/usb/typec/tcpm/tcpm.c | 5 fs/btrfs/zoned.c | 13 fs/cachefiles/daemon.c | 3 fs/cachefiles/internal.h | 5 fs/cachefiles/ondemand.c | 165 ++- fs/jfs/xattr.c | 4 fs/nfs/dir.c | 47 - fs/nfs/nfs4proc.c | 23 fs/nfsd/nfsfh.c | 4 fs/ocfs2/file.c | 2 fs/ocfs2/namei.c | 4 fs/proc/vmcore.c | 2 fs/smb/server/smb2pdu.c | 22 fs/smb/server/vfs.c | 17 fs/smb/server/vfs.h | 3 fs/smb/server/vfs_cache.c | 3 fs/tracefs/event_inode.c | 51 - include/drm/bridge/aux-bridge.h | 2 include/drm/display/drm_dp_mst_helper.h | 1 include/linux/amd-pstate.h | 127 --- include/linux/atomic/atomic-arch-fallback.h | 6 include/linux/atomic/atomic-instrumented.h | 8 include/linux/atomic/atomic-long.h | 4 include/linux/io_uring_types.h | 3 include/linux/iommu.h | 2 include/linux/kcov.h | 47 - include/linux/kexec.h | 6 include/linux/pse-pd/pse.h | 4 include/net/bluetooth/hci_core.h | 36 include/net/ip_tunnels.h | 5 include/net/rtnetlink.h | 1 include/scsi/scsi_transport_sas.h | 2 include/trace/events/cachefiles.h | 8 io_uring/cancel.h | 4 io_uring/io-wq.c | 57 - io_uring/io_uring.c | 1 io_uring/rsrc.c | 1 kernel/bpf/syscall.c | 11 kernel/events/core.c | 13 kernel/gen_kheaders.sh | 2 kernel/pid_namespace.c | 1 kernel/time/tick-common.c | 42 - mm/memblock.c | 4 mm/memory-failure.c | 7 net/ax25/af_ax25.c | 6 net/ax25/ax25_dev.c | 2 net/bluetooth/hci_sync.c | 2 net/bluetooth/l2cap_core.c | 12 net/bpf/test_run.c | 6 net/bridge/br_mst.c | 13 net/core/rtnetlink.c | 44 + net/core/sock_map.c | 16 net/ethtool/ioctl.c | 2 net/ipv4/devinet.c | 2 net/ipv4/fib_frontend.c | 7 net/ipv4/tcp.c | 9 net/ipv4/tcp_timer.c | 6 net/ipv6/ioam6_iptunnel.c | 8 net/ipv6/ip6_fib.c | 6 net/ipv6/route.c | 5 net/ipv6/seg6_iptunnel.c | 14 net/ipv6/tcp_ipv6.c | 3 net/mac80211/cfg.c | 4 net/mac80211/he.c | 10 net/mac80211/mesh_pathtbl.c | 13 net/mac80211/parse.c | 2 net/mac80211/sta_info.c | 4 net/mptcp/pm_netlink.c | 21 net/mptcp/protocol.c | 10 net/ncsi/internal.h | 2 net/ncsi/ncsi-manage.c | 73 - net/ncsi/ncsi-rsp.c | 4 net/netfilter/ipset/ip_set_core.c | 81 + net/netfilter/ipset/ip_set_list_set.c | 30 net/netfilter/nft_meta.c | 3 net/netfilter/nft_payload.c | 4 net/sched/sch_generic.c | 1 net/sched/sch_multiq.c | 2 net/sched/sch_taprio.c | 15 net/smc/af_smc.c | 22 net/sunrpc/auth_gss/auth_gss.c | 4 net/unix/af_unix.c | 108 +- net/unix/diag.c | 12 net/wireless/core.c | 2 net/wireless/pmsr.c | 8 net/wireless/scan.c | 3 net/wireless/sysfs.c | 4 net/wireless/util.c | 7 scripts/atomic/kerneldoc/sub_and_test | 2 scripts/mod/modpost.c | 5 security/integrity/ima/ima_api.c | 16 security/integrity/ima/ima_template_lib.c | 17 security/landlock/fs.c | 13 tools/perf/builtin-script.c | 2 tools/perf/util/auxtrace.c | 4 tools/testing/cxl/test/mem.c | 1 tools/testing/selftests/alsa/Makefile | 2 tools/testing/selftests/ftrace/test.d/dynevent/test_duplicates.tc | 2 tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 20 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_eventname.tc | 3 tools/testing/selftests/futex/functional/futex_requeue_pi.c | 2 tools/testing/selftests/mm/compaction_test.c | 77 + tools/testing/selftests/mm/cow.c | 2 tools/testing/selftests/mm/gup_longterm.c | 2 tools/testing/selftests/mm/gup_test.c | 4 tools/testing/selftests/mm/ksm_functional_tests.c | 2 tools/testing/selftests/mm/madv_populate.c | 2 tools/testing/selftests/mm/mkdirty.c | 2 tools/testing/selftests/mm/pagemap_ioctl.c | 4 tools/testing/selftests/mm/soft-dirty.c | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 tools/tracing/rtla/src/timerlat_aa.c | 109 +- tools/tracing/rtla/src/timerlat_top.c | 17 299 files changed, 3274 insertions(+), 1830 deletions(-) Aapo Vienamo (1): thunderbolt: debugfs: Fix margin debugfs node creation condition Adam Miotk (1): drm/bridge/panel: Fix runtime warning on panel bridge release Adam Rizkalla (1): iio: pressure: bmp280: Fix BMP580 temperature reading Aditya Kumar Singh (1): wifi: mac80211: pass proper link id for channel switch started notification Adrian Hunter (2): perf auxtrace: Fix multiple use of --itrace option perf script: Show also errors for --insn-trace option Alan Stern (1): USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Aleksandr Mishin (4): net/mlx5: Fix tainted pointer delete is case of flow rules creation fail net: wwan: iosm: Fix tainted pointer delete is case of region creation fail liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() Alexander Shishkin (5): intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support Amit Sunil Dhamne (1): usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps Amjad Ouled-Ameur (1): drm/komeda: check for error-valued pointer Andrey Konovalov (1): kcov, usb: disable interrupts in kcov_remote_start_usb_softirq Andrzej Hajda (1): drm/xe: flush engine buffers before signalling user fence on all engines Andy Shevchenko (2): net dsa: qca8k: fix usages of device_get_named_child_node() serial: 8250_dw: Don't use struct dw8250_data outside of 8250_dw Apurva Nandan (1): remoteproc: k3-r5: Wait for core0 power-up before powering up core1 Armin Wolf (1): platform/x86: dell-smbios: Fix wrong token data in sysfs Arnd Bergmann (1): cpufreq: amd-pstate: remove global header file Baochen Qiang (1): wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP Baokun Li (9): cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd cachefiles: remove requests from xarray during flushing requests cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() cachefiles: add spin_lock for cachefiles_ondemand_info cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() cachefiles: never get a new anonymous fd if ondemand_id is valid cachefiles: defer exposing anon_fd until after copy_to_user() succeeds cachefiles: flush all requests after setting CACHEFILES_DEAD Baoquan He (1): kexec: fix the unexpected kexec_dprintk() macro Beleswar Padhi (2): remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs remoteproc: k3-r5: Jump to error handling labels in start/stop errors Benjamin Segall (1): x86/boot: Don't add the EFI stub to targets, again Bitterblue Smith (1): wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS Borislav Petkov (AMD) (1): x86/cpu: Get rid of an unnecessary local variable in get_cpu_address_sizes() Breno Leitao (2): scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory io_uring/io-wq: Use set_bit() and test_bit() at worker->flags Carl Huang (1): wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs Carlos Llamas (1): locking/atomic: scripts: fix ${atomic}_sub_and_test() kerneldoc Chanwoo Lee (1): scsi: ufs: mcq: Fix error output and clean up ufshcd_mcq_abort() Chen Hanxiao (1): SUNRPC: return proper error from gss_wrap_req_priv Chen Ni (2): HID: nvidia-shield: Add missing check for input_ff_create_memless drm/panel: sitronix-st7789v: Add check for of_drm_get_panel_orientation Chengming Zhou (1): block: fix request.queuelist usage in flush Chris Wilson (1): drm/i915/gt: Disarm breadcrumbs if engines are already idle Cong Wang (1): bpf: Fix a potential use-after-free in bpf_link_free() Csókás, Bence (1): net: sfp: Always call `sfp_sm_mod_remove()` on remove Damien Le Moal (4): ata: libata-scsi: Set the RMB bit only for removable media devices scsi: core: Disable CDL by default scsi: mpi3mr: Fix ATA NCQ priority support null_blk: Print correct max open zones limit in null_init_zoned_dev() Daniel Bristot de Oliveira (2): rtla/timerlat: Simplify "no value" printing on top rtla/auto-analysis: Replace \t with spaces Daniel Wagner (1): nvmet-passthru: propagate status from id override functions Dave Hansen (1): x86/cpu: Provide default cache line size if not enumerated Dave Jiang (1): cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c David Kaplan (1): x86/kexec: Fix bug with call depth tracking David Lechner (1): iio: adc: ad9467: fix scan type sign David Wei (1): netdevsim: fix backwards compatibility in nsim_get_iflink() Davide Ornaghi (1): netfilter: nft_inner: validate mandatory meta and payload DelphineCCChiu (1): net/ncsi: Fix the multi thread manner of NCSI driver Dev Jain (1): selftests/mm: compaction_test: fix bogus test success and reduce probability of OOM-killer invocation Dimitri Fedrau (1): iio: temperature: mcp9600: Fix temperature reading for negative values Dirk Behme (1): drivers: core: synchronize really_probe() and dev_uevent() Dmitry Baryshkov (1): drm/bridge: aux-hpd-bridge: correct devm_drm_dp_hpd_bridge_add() stub Doug Brown (1): serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level Douglas Anderson (1): serial: port: Don't block system suspend even if bytes are left to xmit Duoming Zhou (1): ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() Emmanuel Grumbach (3): wifi: iwlwifi: mvm: don't read past the mfuart notifcation wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 wifi: iwlwifi: mvm: fix a crash on 7265 Eric Dumazet (6): ipv6: ioam: block BH from ioam6_output() ipv6: sr: block BH in seg6_output_core() and seg6_input_core() net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP ipv6: fix possible race in __fib6_drop_pcpu_from() tcp: fix race in tcp_v6_syn_recv_sock() tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Fedor Pchelkin (1): dma-buf: handle testing kthreads creation failure Filipe Manana (1): btrfs: zoned: fix use-after-free due to race with dev replace Frank Wunderlich (1): net: ethernet: mtk_eth_soc: handle dma buffer size soc specific Gal Pressman (2): geneve: Fix incorrect inner network header offset when innerprotoinherit is set net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Greg Kroah-Hartman (3): .editorconfig: remove trim_trailing_whitespace option jfs: xattr: fix buffer overflow for invalid xattr Linux 6.9.6 Gregor Herburger (1): gpio: tqmx86: fix typo in Kconfig label Hagar Gamal Halim Hemdan (1): vmci: prevent speculation leaks by sanitizing event in event_deliver() Hagar Hemdan (1): irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update() Haifeng Xu (1): perf/core: Fix missing wakeup when waiting for context reference Hangyu Hua (1): net: sched: sch_multiq: fix possible OOB write in multiq_tune() Hans de Goede (2): leds: class: Revert: "If no default trigger is given, make hw_control trigger the default trigger" mei: vsc: Fix wrong invocation of ACPI SID method Hari Bathini (1): powerpc/85xx: fix compile error without CONFIG_CRASH_DUMP Harshit Mogalapalli (1): iio: temperature: mlx90635: Fix ERR_PTR dereference in mlx90635_probe() Hector Martin (1): xhci: Handle TD clearing for multiple streams case Heng Qi (1): virtio_net: fix possible dim status unrecoverable Ian Forbes (4): drm/vmwgfx: Filter modes which exceed graphics memory drm/vmwgfx: 3D disabled should not effect STDU memory limits drm/vmwgfx: Remove STDU logic from generic mode_valid function drm/vmwgfx: Don't memcmp equivalent pointers Ilpo Järvinen (1): tty: n_tty: Fix buffer offsets when lookahead is used Imre Deak (1): drm/i915: Fix audio component initialization Jacob Keller (2): ice: fix iteration of TLVs in Preserved Fields Area ice: fix reads from NVM Shadow RAM on E830 and E825-C devices Jakub Kicinski (2): net: tls: fix marking packets as decrypted rtnetlink: make the "split" NLM_DONE handling generic Jan Beulich (2): x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() memblock: make memblock_set_node() also warn about use of MAX_NUMNODES Jani Nikula (1): drm/exynos/vidi: fix memory leak in .get_modes() Jason Nader (1): ata: ahci: Do not apply Intel PCS quirk on Intel Alder Lake Jason Xing (2): tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB mptcp: count CLOSE-WAIT sockets for MPTCP_MIB_CURRESTAB Jean Delvare (2): i2c: at91: Fix the functionality flags of the slave-only interface i2c: designware: Fix the functionality flags of the slave-only interface Jean-Baptiste Maneyrol (3): iio: invensense: fix odr switching to same value iio: imu: inv_icm42600: delete unneeded update watermark call iio: invensense: fix interrupt timestamp alignment Jie Wang (1): net: hns3: add cond_resched() to hns3 ring buffer init process Jiri Olsa (1): bpf: Set run context for rawtp test_run callback Johannes Berg (5): wifi: cfg80211: fully move wiphy work to unbound workqueue wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 net/sched: initialize noop_qdisc owner wifi: cfg80211: validate HE operation element parsing wifi: mt76: mt7615: add missing chanctx ops John David Anglin (1): parisc: Try to fix random segmentation faults in package builds John Ernberg (1): USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected John Hubbard (1): selftests/futex: don't pass a const char* to asprintf(3) Joshua Washington (1): gve: ignore nonrelevant GSO type bits when processing TSO headers José Expósito (1): HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Jozsef Kadlecsik (1): netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Karol Kolacinski (1): ptp: Fix error message on failed pin verification Kees Cook (1): x86/uaccess: Fix missed zeroing of ia32 u64 get_user() range checking Kory Maincent (1): net: pse-pd: Use EOPNOTSUPP error code instead of ENOTSUPP Kuangyi Chiang (2): xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kun(llfl) (1): iommu/amd: Fix sysfs leak in iommu init Kuniyuki Iwashima (15): af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. af_unix: Annodate data-races around sk->sk_state for writers. af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-races around sk->sk_sndbuf. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). af_unix: Annotate data-race of sk->sk_state in unix_accept(). Kyle Tso (1): usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state Lars Kellogg-Stedman (1): ax25: Fix refcount imbalance on inbound connections Larysa Zaremba (3): ice: remove af_xdp_zc_qps bitmap ice: add flag to distinguish reset from .ndo_bpf in XDP rings config ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() Li Zhijian (1): cxl/region: Fix memregion leaks in devm_cxl_add_region() Lin Ma (1): wifi: cfg80211: pmsr: use correct nla_get_uX functions Lingbo Kong (2): wifi: mac80211: fix Spatial Reuse element size check wifi: mac80211: correctly parse Spatial Reuse Parameter Set element Lu Baolu (1): iommu: Return right value in iommu_sva_bind_device() Luiz Augusto von Dentz (2): Bluetooth: hci_sync: Fix not using correct handle Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Marc Ferland (1): iio: dac: ad5592r: fix temperature channel scaling value Marek Szyprowski (1): drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Mario Limonciello (1): ACPI: x86: Force StorageD3Enable on more products Mark Brown (1): kselftest/alsa: Ensure _GNU_SOURCE is defined Martin K. Petersen (1): scsi: sd: Use READ(16) when reading block zero on large capacity disks Masahiro Yamada (1): modpost: do not warn about missing MODULE_DESCRIPTION() for vmlinux.o Masami Hiramatsu (Google) (2): selftests/ftrace: Fix to check required event file selftests/tracing: Fix event filter test to retry up to 10 times Mathias Nyman (1): xhci: Set correct transferred length for cancelled bulk transfers Matthias Maennich (1): kheaders: explicitly define file modes for archived headers Matthias Schiffer (3): gpio: tqmx86: introduce shadow register for GPIO output value gpio: tqmx86: store IRQ trigger type and unmask status separately gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type Matthias Stocker (1): vmxnet3: disable rx data ring on dma allocation failure Miaohe Lin (1): mm/huge_memory: don't unpoison huge_zero_folio Michael Chan (1): bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response Michael Ellerman (1): powerpc/uaccess: Fix build errors seen with GCC 13/14 Mickaël Salaün (1): landlock: Fix d_parent walk Mikulas Patocka (1): dm-integrity: set discard_granularity to logical block size Miri Korenblit (2): wifi: iwlwifi: mvm: don't initialize csa_work twice wifi: iwlwifi: mvm: check n_ssids before accessing the ssids Mordechay Goodstein (1): wifi: iwlwifi: mvm: set properly mac header Moshe Shemesh (1): net/mlx5: Stop waiting for PCI if pci channel is offline Nam Cao (3): riscv: fix overlap of allocated page and PTR_ERR riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context riscv: force PAGE_SIZE linear mapping if debug_pagealloc is enabled Namjae Jeon (2): ksmbd: move leading slash check to smb2_get_name() ksmbd: fix missing use of get_write in in smb2_set_ea() Nathan Chancellor (1): selftests/mm: ksft_exit functions do not return NeilBrown (1): NFS: add barriers when testing for NFS_FSDATA_BLOCKED Nicolas Escande (1): wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects Nikita Zhandarovich (1): HID: core: remove unnecessary WARN_ON() in implement() Niklas Cassel (3): ata: libata-core: Add ATA_HORKAGE_NOLPM for Apacer AS340 ata: libata-core: Add ATA_HORKAGE_NOLPM for Crucial CT240BX500SSD1 ata: libata-core: Add ATA_HORKAGE_NOLPM for AMD Radeon S3 SSD Nikolay Aleksandrov (2): net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state net: bridge: mst: fix suspicious rcu usage in br_mst_set_state Niranjana Vishwanathapura (1): drm/xe: Properly handle alloc_guc_id() failure Nuno Sa (2): dmaengine: axi-dmac: fix possible race in remove() iio: adc: axi-adc: make sure AXI clock is enabled Oleg Nesterov (2): tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Olga Kornievskaia (1): NFSv4.1 enforce rootpath check in fs_location query Paolo Abeni (1): mptcp: ensure snd_una is properly initialized on connect Pauli Virtanen (1): Bluetooth: fix connection setup in l2cap_connect Pavel Begunkov (2): io_uring/rsrc: don't lock while !TASK_RUNNING io_uring: fix cancellation overwriting req->flags Perry Yuan (2): cpufreq: amd-pstate: Unify computation of {max,min,nominal,lowest_nonlinear}_freq cpufreq: amd-pstate: Add quirk for the pstate CPPC capabilities missing Petr Pavlu (1): net/ipv6: Fix the RT cache flush via sysctl using a previous delay Quan Zhou (1): RISC-V: KVM: Fix incorrect reg_subtype labels in kvm_riscv_vcpu_set_reg_isa_ext function Rafael J. Wysocki (2): thermal: core: Do not fail cdev registration because of invalid initial state thermal: ACPI: Invalidate trip points with temperature of 0 or below Rao Shoaib (1): af_unix: Read with MSG_PEEK loops if the first unread byte is OOB Ravi Bangoria (2): KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent KVM: SEV-ES: Delegate LBR virtualization to the processor Remi Pommarel (2): wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() wifi: cfg80211: Lock wiphy in cfg80211_get_station Riana Tauro (2): drm/xe/xe_gt_idle: use GT forcewake domain assertion drm/xe: move disable_c6 call Rick Wertenbroek (1): PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore Rob Herring (Arm) (1): dt-bindings: usb: realtek,rts5411: Add missing "additionalProperties" on child nodes Rodrigo Vivi (1): drm/xe: Remove mem_access from guc_pc calls Sagar Cheluvegowda (1): net: stmmac: dwmac-qcom-ethqos: Configure host DMA width Samuel Holland (2): clk: sifive: Do not register clkdevs for PRCI clocks irqchip/sifive-plic: Chain to parent IRQ after handlers are ready Sasha Neftin (1): igc: Fix Energy Efficient Ethernet support declaration Shahar S Matityahu (1): wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Shay Drory (1): net/mlx5: Always stop health timer during driver removal Shichao Lai (1): usb-storage: alauda: Check whether the media is initialized Sicong Huang (1): greybus: Fix use-after-free bug in gb_interface_release due to race condition. Stefan Berger (1): ima: Fix use-after-free on a dentry's dname.name Steven Rostedt (Google) (2): eventfs: Update all the eventfs_inodes from the events descriptor tracing/selftests: Fix kprobe event name test for .isra. functions Su Hui (3): net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() io_uring/io-wq: avoid garbage value of 'match' in io_wq_enqueue() block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() Su Yue (3): ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO Subbaraya Sundeep (1): octeontx2-af: Always allocate PF entries from low prioriy zone Taehee Yoo (2): ionic: fix kernel panic in XDP_TX action ionic: fix use after netif_napi_del() Thadeu Lima de Souza Cascardo (1): sock_map: avoid race between sock_map_close and sk_psock_put Tomas Winkler (1): mei: me: release irq in mei_me_pci_resume error path Tomi Valkeinen (1): pmdomain: ti-sci: Fix duplicate PD referrals Tristram Ha (2): net: phy: micrel: fix KSZ9477 PHY issues after suspend/resume net: phy: Micrel KSZ8061: fix errata solution not taking effect problem Trond Myklebust (1): knfsd: LOOKUP can return an illegal error value Uros Bizjak (1): x86/asm: Use %c/%n instead of %P operand modifier in asm templates Vamshi Gajjela (1): spmi: hisi-spmi-controller: Do not override device identifier Vasileios Amoiridis (1): iio: imu: bmi323: Fix trigger notification in case of error Vasily Khoruzhick (1): drm/nouveau: don't attempt to schedule hpd_work on headless cards Vidya Srinivas (1): drm/i915/dpt: Make DPT object unshrinkable Wachowski, Karol (1): drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) Wayne Lin (1): drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 Weiwen Hu (1): nvme: fix nvme_pr_* status code parsing Wen Gu (1): net/smc: avoid overwriting when adjusting sock bufsizes Wentong Wu (1): mei: vsc: Don't stop/restart mei device during system suspend/resume Xiaolei Wang (1): net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters Yazen Ghannam (3): RAS/AMD/ATL: Fix MI300 bank hash RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation x86/amd_nb: Check for invalid SMN reads Yong-Xuan Wang (1): RISC-V: KVM: No need to use mask when hart-index-bit is 0 Yonglong Liu (1): net: hns3: fix kernel crash problem in concurrent scenario YonglongLi (2): mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID mptcp: pm: update add_addr counters after connect Yongzhi Liu (2): misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() misc: microchip: pci1xxxx: Fix a memory leak in the error handling of gp_aux_bus_probe() Ziqi Chen (1): scsi: ufs: core: Quiesce request queues before checking pending cmds Ziwei Xiao (1): gve: Clear napi->skb before dev_kfree_skb_any()

1 year

4
5
0 0

[tip: irq/urgent] irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node()

by tip-bot2 for Huacai Chen

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 2d64eaeeeda5659d52da1af79d237269ba3c2d2c Gitweb: https://git.kernel.org/tip/2d64eaeeeda5659d52da1af79d237269ba3c2d2c Author: Huacai Chen <chenhuacai(a)loongson.cn> AuthorDate: Sun, 23 Jun 2024 11:41:13 +08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Sun, 23 Jun 2024 17:09:26 +02:00 irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node() Multi-bridge machines required that all eiointc controllers in the system are initialized, otherwise the system does not boot. The initialization happens on the boot CPU during early boot and relies on cpu_to_node() for identifying the individual nodes. That works when the number of possible CPUs is large enough, but with a command line limit, e.g. "nr_cpus=$N" for kdump, but fails when the CPUs of the secondary nodes are not covered. During early ACPI enumeration all CPU to node mappings are recorded up to CONFIG_NR_CPUS. These are accessible via early_cpu_to_node() even in the case that "nr_cpus=N" truncates the number of possible CPUs and only provides the possible CPUs via cpu_to_node() translation. Change the node lookup in the driver to use early_cpu_to_node() so that even with a limitation on the number of possible CPUs all eointc instances are initialized. This can't obviously cure the case where CONFIG_NR_CPUS is too small. [ tglx: Massaged changelog ] Fixes: 64cc451e45e1 ("irqchip/loongson-eiointc: Fix incorrect use of acpi_get_vec_parent") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240623034113.1808727-1-chenhuacai@loongson.cn --- drivers/irqchip/irq-loongson-eiointc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/irqchip/irq-loongson-eiointc.c b/drivers/irqchip/irq-loongson-eiointc.c index c7ddebf..b1f2080 100644 --- a/drivers/irqchip/irq-loongson-eiointc.c +++ b/drivers/irqchip/irq-loongson-eiointc.c @@ -15,6 +15,7 @@ #include <linux/irqchip/chained_irq.h> #include <linux/kernel.h> #include <linux/syscore_ops.h> +#include <asm/numa.h> #define EIOINTC_REG_NODEMAP 0x14a0 #define EIOINTC_REG_IPMAP 0x14c0 @@ -339,7 +340,7 @@ static int __init pch_msi_parse_madt(union acpi_subtable_headers *header, int node; if (cpu_has_flatmode) - node = cpu_to_node(eiointc_priv[nr_pics - 1]->node * CORES_PER_EIO_NODE); + node = early_cpu_to_node(eiointc_priv[nr_pics - 1]->node * CORES_PER_EIO_NODE); else node = eiointc_priv[nr_pics - 1]->node; @@ -431,7 +432,7 @@ int __init eiointc_acpi_init(struct irq_domain *parent, goto out_free_handle; if (cpu_has_flatmode) - node = cpu_to_node(acpi_eiointc->node * CORES_PER_EIO_NODE); + node = early_cpu_to_node(acpi_eiointc->node * CORES_PER_EIO_NODE); else node = acpi_eiointc->node; acpi_set_vec_parent(node, priv->eiointc_domain, pch_group);

1 year

1
0
0 0

[PATCH V2] irqchip/loongson-liointc: Set different ISRs for different cores

by Huacai Chen

In the liointc hardware, there are different ISRs (i.e. Interrupt Status Registers) for different cores. We always use core#0's ISR before but it has no problem, this is because the interrupts are routed to core#0 by default. If we change the routing (which can be done by changing firmware configuration) then we will lose interrupts while CPU hotplugging, so we should set correct ISRs for different cores. Cc: <stable(a)vger.kernel.org> Co-developed-by: Tianli Xiong <xiongtianli(a)loongson.cn> Signed-off-by: Tianli Xiong <xiongtianli(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- V2: Update commit messages. drivers/irqchip/irq-loongson-liointc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/irqchip/irq-loongson-liointc.c b/drivers/irqchip/irq-loongson-liointc.c index e4b33aed1c97..7c4fe7ab4b83 100644 --- a/drivers/irqchip/irq-loongson-liointc.c +++ b/drivers/irqchip/irq-loongson-liointc.c @@ -28,7 +28,7 @@ #define LIOINTC_INTC_CHIP_START 0x20 -#define LIOINTC_REG_INTC_STATUS (LIOINTC_INTC_CHIP_START + 0x20) +#define LIOINTC_REG_INTC_STATUS(core) (LIOINTC_INTC_CHIP_START + 0x20 + (core) * 8) #define LIOINTC_REG_INTC_EN_STATUS (LIOINTC_INTC_CHIP_START + 0x04) #define LIOINTC_REG_INTC_ENABLE (LIOINTC_INTC_CHIP_START + 0x08) #define LIOINTC_REG_INTC_DISABLE (LIOINTC_INTC_CHIP_START + 0x0c) @@ -217,7 +217,7 @@ static int liointc_init(phys_addr_t addr, unsigned long size, int revision, goto out_free_priv; for (i = 0; i < LIOINTC_NUM_CORES; i++) - priv->core_isr[i] = base + LIOINTC_REG_INTC_STATUS; + priv->core_isr[i] = base + LIOINTC_REG_INTC_STATUS(i); for (i = 0; i < LIOINTC_NUM_PARENT; i++) priv->handler[i].parent_int_map = parent_int_map[i]; -- 2.43.0

1 year

2
1
0 0

[PATCH 6.1 000/217] 6.1.95-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.95 release. There are 217 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 21 Jun 2024 12:55:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.95-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.95-rc1 Oleg Nesterov <oleg(a)redhat.com> zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Jean Delvare <jdelvare(a)suse.de> i2c: designware: Fix the functionality flags of the slave-only interface Jean Delvare <jdelvare(a)suse.de> i2c: at91: Fix the functionality flags of the slave-only interface Yongzhi Liu <hyperlyzcs(a)gmail.com> misc: microchip: pci1xxxx: Fix a memory leak in the error handling of gp_aux_bus_probe() Shichao Lai <shichaorai(a)gmail.com> usb-storage: alauda: Check whether the media is initialized Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: core: Add UPIO_UNKNOWN constant for unknown port type Jisheng Zhang <jszhang(a)kernel.org> serial: 8250_dw: fall back to poll if there's no interrupt Sicong Huang <congei42(a)163.com> greybus: Fix use-after-free bug in gb_interface_release due to race condition. Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check David Howells <dhowells(a)redhat.com> cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Jump to error handling labels in start/stop errors Sam James <sam(a)gentoo.org> Revert "fork: defer linking file vma until vma is fully initialized" YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: update add_addr counters after connect Doug Brown <doug(a)schmorgal.com> serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix handling of dissolved but not taken off from buddy pages Miaohe Lin <linmiaohe(a)huawei.com> mm/huge_memory: don't unpoison huge_zero_folio Oleg Nesterov <oleg(a)redhat.com> tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Filipe Manana <fdmanana(a)suse.com> btrfs: zoned: fix use-after-free due to race with dev replace Christoph Hellwig <hch(a)lst.de> btrfs: zoned: factor out DUP bg handling from btrfs_load_block_group_zone_info Christoph Hellwig <hch(a)lst.de> btrfs: zoned: factor out single bg handling from btrfs_load_block_group_zone_info Christoph Hellwig <hch(a)lst.de> btrfs: zoned: factor out per-zone logic from btrfs_load_block_group_zone_info Christoph Hellwig <hch(a)lst.de> btrfs: zoned: introduce a zone_info struct in btrfs_load_block_group_zone_info Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Lunar Lake support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Sapphire Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids support Vidya Srinivas <vidya.srinivas(a)intel.com> drm/i915/dpt: Make DPT object unshrinkable Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Disarm breadcrumbs if engines are already idle Nam Cao <namcao(a)linutronix.de> riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs Apurva Nandan <a-nandan(a)ti.com> remoteproc: k3-r5: Wait for core0 power-up before powering up core1 Nuno Sa <nuno.sa(a)analog.com> dmaengine: axi-dmac: fix possible race in remove() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Su Yue <glass.su(a)suse.com> ocfs2: fix races between hole punching and AIO+DIO Su Yue <glass.su(a)suse.com> ocfs2: use coarse time for new created files Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore Trond Myklebust <trond.myklebust(a)hammerspace.com> knfsd: LOOKUP can return an illegal error value Vamshi Gajjela <vamshigajjela(a)google.com> spmi: hisi-spmi-controller: Do not override device identifier Hagar Gamal Halim Hemdan <hagarhem(a)amazon.com> vmci: prevent speculation leaks by sanitizing event in event_deliver() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> sock_map: avoid race between sock_map_close and sk_psock_put Damien Le Moal <dlemoal(a)kernel.org> null_blk: Print correct max open zones limit in null_init_zoned_dev() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/selftests: Fix kprobe event name test for .isra. functions Nam Cao <namcao(a)linutronix.de> riscv: fix overlap of allocated page and PTR_ERR Haifeng Xu <haifeng.xu(a)shopee.com> perf/core: Fix missing wakeup when waiting for context reference Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Check for invalid SMN reads Hagar Hemdan <hagarhem(a)amazon.com> irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update() YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_una is properly initialized on connect Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Jani Nikula <jani.nikula(a)intel.com> drm/exynos/vidi: fix memory leak in .get_modes() Dirk Behme <dirk.behme(a)de.bosch.com> drivers: core: synchronize really_probe() and dev_uevent() Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: delete unneeded update watermark call Marc Ferland <marc.ferland(a)sonatest.com> iio: dac: ad5592r: fix temperature channel scaling value David Lechner <dlechner(a)baylibre.com> iio: adc: ad9467: fix scan type sign Benjamin Segall <bsegall(a)google.com> x86/boot: Don't add the EFI stub to targets, again Yongzhi Liu <hyperlyzcs(a)gmail.com> misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() Aleksandr Mishin <amishin(a)t-argos.ru> bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() Rao Shoaib <Rao.Shoaib(a)oracle.com> af_unix: Read with MSG_PEEK loops if the first unread byte is OOB Taehee Yoo <ap420073(a)gmail.com> ionic: fix use after netif_napi_del() Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: mst: fix suspicious rcu usage in br_mst_set_state Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Petr Pavlu <petr.pavlu(a)suse.com> net/ipv6: Fix the RT cache flush via sysctl using a previous delay Daniel Wagner <dwagner(a)suse.de> nvmet-passthru: propagate status from id override functions Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters Joshua Washington <joshwash(a)google.com> gve: ignore nonrelevant GSO type bits when processing TSO headers Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Use EOPNOTSUPP error code instead of ENOTSUPP Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Gal Pressman <gal(a)nvidia.com> geneve: Fix incorrect inner network header offset when innerprotoinherit is set Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_v6_syn_recv_sock() Adam Miotk <adam.miotk(a)arm.com> drm/bridge/panel: Fix runtime warning on panel bridge release Amjad Ouled-Ameur <amjad.ouled-ameur(a)arm.com> drm/komeda: check for error-valued pointer Aleksandr Mishin <amishin(a)t-argos.ru> liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet Jie Wang <wangjie125(a)huawei.com> net: hns3: add cond_resched() to hns3 ring buffer init process Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash problem in concurrent scenario Csókás, Bence <csokas.bence(a)prolan.hu> net: sfp: Always call `sfp_sm_mod_remove()` on remove Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Remove STDU logic from generic mode_valid function Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: 3D disabled should not effect STDU memory limits Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Filter modes which exceed graphics memory Martin Krastev <martin.krastev(a)broadcom.com> drm/vmwgfx: Refactor drm connector probing for display modes Zack Rusin <zackr(a)vmware.com> drm/vmwgfx: Port the framebuffer code to drm fb helpers José Expósito <jose.exposito89(a)gmail.com> HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Kun(llfl) <llfl(a)linux.alibaba.com> iommu/amd: Fix sysfs leak in iommu init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: core: remove unnecessary WARN_ON() in implement() Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> gpio: tqmx86: store IRQ trigger type and unmask status separately Linus Walleij <linus.walleij(a)linaro.org> gpio: tqmx86: Convert to immutable irq_chip Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> gpio: tqmx86: introduce shadow register for GPIO output value Andrei Coardos <aboutphysycs(a)gmail.com> gpio: tqmx86: remove unneeded call to platform_set_drvdata() Gregor Herburger <gregor.herburger(a)tq-group.com> gpio: tqmx86: fix typo in Kconfig label Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-smbios: Fix wrong token data in sysfs NeilBrown <neilb(a)suse.de> NFS: add barriers when testing for NFS_FSDATA_BLOCKED Chen Hanxiao <chenhx.fnst(a)fujitsu.com> SUNRPC: return proper error from gss_wrap_req_priv Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1 enforce rootpath check in fs_location query Samuel Holland <samuel.holland(a)sifive.com> clk: sifive: Do not register clkdevs for PRCI clocks Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix to check required event file Baokun Li <libaokun1(a)huawei.com> cachefiles: flush all requests after setting CACHEFILES_DEAD Baokun Li <libaokun1(a)huawei.com> cachefiles: defer exposing anon_fd until after copy_to_user() succeeds Baokun Li <libaokun1(a)huawei.com> cachefiles: never get a new anonymous fd if ondemand_id is valid Baokun Li <libaokun1(a)huawei.com> cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() Baokun Li <libaokun1(a)huawei.com> cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() Baokun Li <libaokun1(a)huawei.com> cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() Jia Zhu <zhujia.zj(a)bytedance.com> cachefiles: add restore command to recover inflight ondemand read requests Baokun Li <libaokun1(a)huawei.com> cachefiles: add spin_lock for cachefiles_ondemand_info Jia Zhu <zhujia.zj(a)bytedance.com> cachefiles: resend an open request if the read request's object is closed Jia Zhu <zhujia.zj(a)bytedance.com> cachefiles: extract ondemand info field from cachefiles_object Jia Zhu <zhujia.zj(a)bytedance.com> cachefiles: introduce object ondemand state Baokun Li <libaokun1(a)huawei.com> cachefiles: remove requests from xarray during flushing requests Baokun Li <libaokun1(a)huawei.com> cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd Dave Jiang <dave.jiang(a)intel.com> cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Michael Ellerman <mpe(a)ellerman.id.au> powerpc/uaccess: Fix build errors seen with GCC 13/14 Ziwei Xiao <ziweixiao(a)google.com> gve: Clear napi->skb before dev_kfree_skb_any() Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: Use READ(16) when reading block zero on large capacity disks Breno Leitao <leitao(a)debian.org> scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Fix ATA NCQ priority support Aapo Vienamo <aapo.vienamo(a)linux.intel.com> thunderbolt: debugfs: Fix margin debugfs node creation condition Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply broken streams quirk to Etron EJ188 xHCI host Hector Martin <marcan(a)marcan.st> xhci: Handle TD clearing for multiple streams case Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply reset resume quirk to Etron EJ188 xHCI host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set correct transferred length for cancelled bulk transfers Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> jfs: xattr: fix buffer overflow for invalid xattr Mickaël Salaün <mic(a)digikod.net> landlock: Fix d_parent walk Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> tty: n_tty: Fix buffer offsets when lookahead is used Tomas Winkler <tomas.winkler(a)intel.com> mei: me: release irq in mei_me_pci_resume error path Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps John Ernberg <john.ernberg(a)actia.se> USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected Alan Stern <stern(a)rowland.harvard.edu> USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Jens Axboe <axboe(a)kernel.dk> io_uring: check for non-NULL file pointer in io_file_can_poll() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: return the mapped address from nilfs_get_page() Filipe Manana <fdmanana(a)suse.com> btrfs: fix leak of qgroup extent records after transaction abort Filipe Manana <fdmanana(a)suse.com> btrfs: make btrfs_destroy_delayed_refs() return void Filipe Manana <fdmanana(a)suse.com> btrfs: remove unnecessary prototype declarations at disk-io.c Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: fix QCOM_RPROC_COMMON dependency Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Mark Brown <broonie(a)kernel.org> selftests/mm: log a consistent test name for check_compaction Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: conform test to TAP format output Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Hailong.Liu <hailong.liu(a)oppo.com> mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL Michal Hocko <mhocko(a)suse.com> mm, vmalloc: fix high order __GFP_NOFAIL allocations Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> i2c: acpi: Unbind mux adapters before delete Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> i2c: add fwnode APIs Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid: elan: fix reset suspend current leakage Cong Yang <yangcong5(a)huaqin.corp-partner.google.com> HID: i2c-hid: elan: Add ili9882t timing Gabor Juhos <j4g8y7(a)gmail.com> firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mmc: davinci: Don't strip remove function when driver is builtin Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: replace hardcoded divisor value with BIT() macro Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic-pci: register attributes via pci_driver Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic: deduplicate common code Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8150: align TLMM pin configuration with DT schema Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> drm/amd/display: drop unnecessary NULL checks in debugfs Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Randy Dunlap <rdunlap(a)infradead.org> xtensa: stacktrace: include <asm/ftrace.h> for prototype Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Reset chip on probe() and resume() Luca Ceresoli <luca.ceresoli(a)bootlin.com> iio: accel: mxc4005: allow module autoloading via OF compatible Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete John Keeping <john(a)metanate.com> usb: gadget: f_fs: use io_data->status consistently Qu Wenruo <wqu(a)suse.com> btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Eric Dumazet <edumazet(a)google.com> ipv6: fix possible race in __fib6_drop_pcpu_from() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). Eric Dumazet <edumazet(a)google.com> af_unix: annotate lockless accesses to sk->sk_err Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annodate data-races around sk->sk_state for writers. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. Aleksandr Mishin <amishin(a)t-argos.ru> net: wwan: iosm: Fix tainted pointer delete is case of region creation fail Larysa Zaremba <larysa.zaremba(a)intel.com> ice: remove af_xdp_zc_qps bitmap Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: remove null checks before devm_kfree() calls Michal Wilczynski <michal.wilczynski(a)intel.com> ice: Introduce new parameters in ice_sched_node Jacob Keller <jacob.e.keller(a)intel.com> ice: fix iteration of TLVs in Preserved Fields Area Karol Kolacinski <karol.kolacinski(a)intel.com> ptp: Fix error message on failed pin verification Eric Dumazet <edumazet(a)google.com> net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP Aleksandr Mishin <amishin(a)t-argos.ru> net/mlx5: Fix tainted pointer delete is case of flow rules creation fail Shay Drory <shayd(a)nvidia.com> net/mlx5: Always stop health timer during driver removal Shay Drory <shayd(a)nvidia.com> net/mlx5: Split function_setup() to enable and open functions Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Stop waiting for PCI if pci channel is offline Moshe Shemesh <moshe(a)mellanox.com> net/mlx5: Stop waiting for PCI up if teardown was triggered Jason Xing <kernelxing(a)tencent.com> tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Hangyu Hua <hbh25y(a)gmail.com> net: sched: sch_multiq: fix possible OOB write in multiq_tune() Wen Gu <guwen(a)linux.alibaba.com> net/smc: avoid overwriting when adjusting sock bufsizes Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Always allocate PF entries from low prioriy zone Jiri Olsa <jolsa(a)kernel.org> bpf: Set run context for rawtp test_run callback Eric Dumazet <edumazet(a)google.com> ipv6: sr: block BH in seg6_output_core() and seg6_input_core() Eric Dumazet <edumazet(a)google.com> ipv6: ioam: block BH from ioam6_output() DelphineCCChiu <delphine_cc_chiu(a)wiwynn.com> net/ncsi: Fix the multi thread manner of NCSI driver Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Simplify Kconfig/dts control flow Duoming Zhou <duoming(a)zju.edu.cn> ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() Lars Kellogg-Stedman <lars(a)oddbit.com> ax25: Fix refcount imbalance on inbound connections Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: mac80211: correctly parse Spatial Reuse Parameter Set element Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't read past the mfuart notifcation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: check n_ssids before accessing the ssids Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Lin Ma <linma(a)zju.edu.cn> wifi: cfg80211: pmsr: use correct nla_get_uX functions Remi Pommarel <repk(a)triplefau.lt> wifi: cfg80211: Lock wiphy in cfg80211_get_station Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fully move wiphy work to unbound workqueue Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 86 +-- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 2 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 376 ++++------ arch/powerpc/include/asm/uaccess.h | 15 +- arch/riscv/mm/init.c | 21 +- arch/riscv/mm/pageattr.c | 28 +- arch/x86/boot/compressed/Makefile | 4 +- arch/x86/kernel/amd_nb.c | 9 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 4 +- drivers/base/core.c | 3 + drivers/block/null_blk/zoned.c | 2 +- drivers/bluetooth/btqca.c | 46 +- drivers/bluetooth/btqca.h | 2 + drivers/bluetooth/hci_qca.c | 2 - drivers/clk/sifive/sifive-prci.c | 8 - drivers/dma/dma-axi-dmac.c | 2 +- drivers/firmware/qcom_scm.c | 18 +- drivers/gpio/Kconfig | 2 +- drivers/gpio/gpio-tqmx86.c | 136 +++- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 120 ++- .../drm/arm/display/komeda/komeda_pipeline_state.c | 2 +- drivers/gpu/drm/bridge/panel.c | 7 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +- drivers/gpu/drm/i915/gem/i915_gem_object.h | 4 +- drivers/gpu/drm/i915/gt/intel_breadcrumbs.c | 15 +- drivers/gpu/drm/vmwgfx/Kconfig | 7 - drivers/gpu/drm/vmwgfx/Makefile | 2 - drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 65 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 38 +- drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 831 --------------------- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 353 +++------ drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 13 +- drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c | 5 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 5 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 47 +- drivers/greybus/interface.c | 1 + drivers/hid/hid-core.c | 1 - drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 103 ++- drivers/hwtracing/intel_th/pci.c | 25 + drivers/i2c/busses/i2c-at91-slave.c | 3 +- drivers/i2c/busses/i2c-designware-slave.c | 2 +- drivers/i2c/i2c-core-acpi.c | 30 +- drivers/i2c/i2c-core-base.c | 98 +++ drivers/i2c/i2c-core-of.c | 66 -- drivers/iio/accel/mxc4005.c | 76 ++ drivers/iio/adc/ad9467.c | 4 +- drivers/iio/dac/ad5592r-base.c | 2 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 - drivers/input/input.c | 104 ++- drivers/iommu/amd/init.c | 9 + drivers/irqchip/irq-gic-v3-its.c | 44 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c | 9 +- drivers/misc/mei/pci-me.c | 4 +- drivers/misc/pvpanic/pvpanic-mmio.c | 58 +- drivers/misc/pvpanic/pvpanic-pci.c | 60 +- drivers/misc/pvpanic/pvpanic.c | 76 +- drivers/misc/pvpanic/pvpanic.h | 10 +- drivers/misc/vmw_vmci/vmci_event.c | 6 +- drivers/mmc/host/davinci_mmc.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c | 2 +- drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 8 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 20 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 21 +- drivers/net/ethernet/intel/ice/ice.h | 32 +- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 4 +- drivers/net/ethernet/intel/ice/ice_common.c | 9 +- drivers/net/ethernet/intel/ice/ice_controlq.c | 3 +- drivers/net/ethernet/intel/ice/ice_flow.c | 23 +- drivers/net/ethernet/intel/ice/ice_lib.c | 46 +- drivers/net/ethernet/intel/ice/ice_nvm.c | 28 +- drivers/net/ethernet/intel/ice/ice_sched.c | 90 ++- drivers/net/ethernet/intel/ice/ice_sched.h | 27 + drivers/net/ethernet/intel/ice/ice_switch.c | 19 +- drivers/net/ethernet/intel/ice/ice_type.h | 8 + drivers/net/ethernet/intel/ice/ice_xsk.c | 13 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 33 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/fw.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/health.c | 12 + .../net/ethernet/mellanox/mlx5/core/lag/port_sel.c | 8 +- .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 116 ++- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 25 +- drivers/net/geneve.c | 10 +- drivers/net/phy/sfp.c | 3 +- drivers/net/vxlan/vxlan_core.c | 4 + drivers/net/wireless/ath/ath10k/Kconfig | 1 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 - drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 4 +- drivers/net/wwan/iosm/iosm_ipc_devlink.c | 2 +- drivers/nvme/target/passthru.c | 6 +- drivers/pci/controller/pcie-rockchip-ep.c | 6 +- drivers/platform/x86/dell/dell-smbios-base.c | 92 +-- drivers/ptp/ptp_chardev.c | 3 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 58 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 62 ++ drivers/scsi/mpt3sas/mpt3sas_base.c | 19 + drivers/scsi/mpt3sas/mpt3sas_base.h | 3 - drivers/scsi/mpt3sas/mpt3sas_ctl.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 23 - drivers/scsi/scsi_transport_sas.c | 23 + drivers/scsi/sd.c | 17 +- drivers/spmi/hisi-spmi-controller.c | 1 - drivers/thunderbolt/debugfs.c | 5 +- drivers/tty/n_tty.c | 22 +- drivers/tty/serial/8250/8250_dw.c | 5 +- drivers/tty/serial/8250/8250_pxa.c | 1 + drivers/tty/serial/sc16is7xx.c | 25 +- drivers/usb/Makefile | 1 + drivers/usb/class/cdc-wdm.c | 4 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/host/xhci-pci.c | 7 + drivers/usb/host/xhci-ring.c | 59 +- drivers/usb/host/xhci.h | 1 + drivers/usb/storage/alauda.c | 9 +- drivers/usb/typec/tcpm/tcpm.c | 5 +- fs/btrfs/disk-io.c | 26 +- fs/btrfs/extent_map.c | 2 +- fs/btrfs/zoned.c | 330 ++++---- fs/cachefiles/daemon.c | 4 +- fs/cachefiles/interface.c | 7 +- fs/cachefiles/internal.h | 52 +- fs/cachefiles/ondemand.c | 324 ++++++-- fs/jfs/xattr.c | 4 +- fs/nfs/dir.c | 47 +- fs/nfs/nfs4proc.c | 23 +- fs/nfsd/nfsfh.c | 4 +- fs/nilfs2/dir.c | 59 +- fs/nilfs2/segment.c | 3 + fs/ocfs2/file.c | 2 + fs/ocfs2/namei.c | 2 +- fs/proc/vmcore.c | 2 + include/linux/i2c.h | 26 +- include/linux/pse-pd/pse.h | 4 +- include/linux/serial_core.h | 1 + include/net/bluetooth/hci_core.h | 36 +- include/net/ip_tunnels.h | 5 +- include/scsi/scsi_transport_sas.h | 2 + include/trace/events/cachefiles.h | 8 +- io_uring/kbuf.c | 3 +- kernel/events/core.c | 13 + kernel/fork.c | 18 +- kernel/pid_namespace.c | 1 + kernel/time/tick-common.c | 42 +- mm/memory-failure.c | 11 +- mm/vmalloc.c | 29 +- net/ax25/af_ax25.c | 6 + net/ax25/ax25_dev.c | 2 +- net/bluetooth/l2cap_core.c | 8 +- net/bpf/test_run.c | 6 + net/bridge/br_mst.c | 13 +- net/core/sock_map.c | 16 +- net/ipv4/tcp.c | 6 +- net/ipv6/ioam6_iptunnel.c | 8 +- net/ipv6/ip6_fib.c | 6 +- net/ipv6/route.c | 5 +- net/ipv6/seg6_iptunnel.c | 14 +- net/ipv6/tcp_ipv6.c | 3 +- net/mac80211/he.c | 10 +- net/mac80211/mesh_pathtbl.c | 13 + net/mac80211/sta_info.c | 4 +- net/mptcp/pm_netlink.c | 21 +- net/mptcp/protocol.c | 1 + net/ncsi/internal.h | 2 + net/ncsi/ncsi-manage.c | 95 +-- net/ncsi/ncsi-rsp.c | 4 +- net/netfilter/ipset/ip_set_core.c | 93 ++- net/netfilter/ipset/ip_set_list_set.c | 30 +- net/sched/sch_multiq.c | 2 +- net/sched/sch_taprio.c | 15 +- net/smc/af_smc.c | 22 +- net/sunrpc/auth_gss/auth_gss.c | 4 +- net/unix/af_unix.c | 109 ++- net/unix/diag.c | 12 +- net/wireless/core.c | 2 +- net/wireless/pmsr.c | 8 +- net/wireless/sysfs.c | 4 +- net/wireless/util.c | 7 +- security/landlock/fs.c | 13 +- tools/testing/cxl/test/mem.c | 1 + .../ftrace/test.d/dynevent/test_duplicates.tc | 2 +- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 +- tools/testing/selftests/vm/compaction_test.c | 108 +-- 197 files changed, 2950 insertions(+), 3037 deletions(-)

1 year

15
236
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2024