September 2024 - Linux-stable-mirror

[PATCH v2 1/4] drm/xe/client: fix deadlock in show_meminfo()

by Matthew Auld

There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the list, making it difficult to navigate to the next list entry. Fixes: 0845233388f8 ("drm/xe: Implement fdinfo memory stats printing") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2727 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Tejas Upadhyay <tejas.upadhyay(a)intel.com> Cc: "Thomas Hellström" <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Tejas Upadhyay <tejas.upadhyay(a)intel.com> --- drivers/gpu/drm/xe/xe_drm_client.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_drm_client.c b/drivers/gpu/drm/xe/xe_drm_client.c index e64f4b645e2e..badfa045ead8 100644 --- a/drivers/gpu/drm/xe/xe_drm_client.c +++ b/drivers/gpu/drm/xe/xe_drm_client.c @@ -196,6 +196,7 @@ static void show_meminfo(struct drm_printer *p, struct drm_file *file) struct xe_drm_client *client; struct drm_gem_object *obj; struct xe_bo *bo; + LLIST_HEAD(deferred); unsigned int id; u32 mem_type; @@ -215,11 +216,14 @@ static void show_meminfo(struct drm_printer *p, struct drm_file *file) list_for_each_entry(bo, &client->bos_list, client_link) { if (!kref_get_unless_zero(&bo->ttm.base.refcount)) continue; + bo_meminfo(bo, stats); - xe_bo_put(bo); + xe_bo_put_deferred(bo, &deferred); } spin_unlock(&client->bos_lock); + xe_bo_put_commit(&deferred); + for (mem_type = XE_PL_SYSTEM; mem_type < TTM_NUM_MEM_TYPES; ++mem_type) { if (!xe_mem_type_to_name[mem_type]) continue; -- 2.46.0

1 year

1
1
0 0

[PATCH 5.4 000/121] 5.4.284-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.284 release. There are 121 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.284-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.284-rc1 Zhang Changzhong <zhangchangzhong(a)huawei.com> cx82310_eth: fix error return code in cx82310_bind() Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_external_learn to use bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_user to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_sticky to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_static to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_local to bitops Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Ondrej Zary <linux(a)zary.sk> cx82310_eth: re-enable ethernet mode after router reboot Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Peter Griffin <peter.griffin(a)linaro.org> clk: hi6220: use CLK_OF_DECLARE_DRIVER Peter Griffin <peter.griffin(a)linaro.org> reset: hi6220: Add support for AO reset controller Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Stanislav Fomichev <sdf(a)google.com> net: set SOCK_RCU_FREE before inserting socket into hashtable Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 +++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/um/drivers/line.c | 2 + block/bio-integrity.c | 11 +- drivers/acpi/acpi_processor.c | 15 +-- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/hisilicon/clk-hi6220.c | 3 +- drivers/clk/qcom/clk-alpha-pll.c | 6 +- drivers/clocksource/timer-imx-tpm.c | 16 ++- drivers/clocksource/timer-of.c | 17 +-- drivers/clocksource/timer-of.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 ++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++ drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/iio/adc/ad7606.c | 28 +---- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 +++++++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 +++ drivers/iommu/dmar.c | 2 +- drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/usb/uvc/uvc_driver.c | 18 +++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 56 ++++++++-- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 ++-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 ++- drivers/pci/controller/dwc/pci-keystone.c | 44 +++++++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++--- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/reset/hisilicon/hi6220_reset.c | 69 +++++++++++- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++++++----- fs/btrfs/extent-tree.c | 32 ++++-- fs/btrfs/inode.c | 2 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 +++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 ++++++++++++--------- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++++- include/linux/i2c.h | 2 +- include/linux/ring_buffer.h | 3 +- kernel/cgroup/cgroup.c | 2 +- kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/smp.c | 1 + kernel/trace/ring_buffer.c | 23 ++-- kernel/trace/trace.c | 6 +- kernel/trace/trace_functions_graph.c | 2 +- lib/generic-radix-tree.c | 2 + net/bridge/br_fdb.c | 116 ++++++++++---------- net/bridge/br_input.c | 2 +- net/bridge/br_private.h | 17 +-- net/bridge/br_switchdev.c | 6 +- net/can/bcm.c | 4 + net/ipv4/inet_hashtables.c | 2 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 ++ net/ipv6/ila/ila_xlat.c | 13 ++- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 ++ net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 +++++--- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 ++- sound/hda/hdmi_chmap.c | 18 ++++ sound/pci/hda/patch_conexant.c | 11 ++ sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + tools/lib/bpf/libbpf.c | 4 +- 122 files changed, 946 insertions(+), 423 deletions(-)

1 year

6
127
0 0

[PATCH v6 1/6] x86/tdx: Fix "in-kernel MMIO" check

by Alexey Gladkov

From: "Alexey Gladkov (Intel)" <legion(a)kernel.org> TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. Cc: stable(a)vger.kernel.org Signed-off-by: Alexey Gladkov (Intel) <legion(a)kernel.org> --- arch/x86/coco/tdx/tdx.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 078e2bac2553..c90d2fdb5fc4 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -405,6 +405,11 @@ static bool mmio_write(int size, unsigned long addr, unsigned long val) EPT_WRITE, addr, val); } +static inline bool is_kernel_addr(unsigned long addr) +{ + return (long)addr < 0; +} + static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) { unsigned long *reg, val, vaddr; @@ -434,6 +439,11 @@ static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) return -EINVAL; } + if (!user_mode(regs) && !is_kernel_addr(ve->gla)) { + WARN_ONCE(1, "Access to userspace address is not supported"); + return -EINVAL; + } + /* * Reject EPT violation #VEs that split pages. * -- 2.46.0

1 year

3
4
0 0

[PATCH 5.4 000/134] 5.4.283-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.283 release. There are 134 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.283-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.283-rc1 Ben Hutchings <benh(a)debian.org> scsi: aacraid: Fix double-free on probe failure Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv8e6xxx: Fix stub function parameters Zijun Hu <quic_zijuhu(a)quicinc.com> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: omap: add missing depopulate in probe error path ZHANG Yuntian <yt(a)radxa.com> USB: serial: option: add MeiG Smart SRM825L Ian Ray <ian.ray(a)gehealthcare.com> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> soc: qcom: cmd-db: Map shared memory as WC, not WB Aleksandr Mishin <amishin(a)t-argos.ru> nfc: pn533: Add poll mod list filling check Lars Poeschel <poeschel(a)lemonage.de> nfc: pn533: Add autopoll capability Lars Poeschel <poeschel(a)lemonage.de> nfc: pn533: Add dev_up/dev_down hooks to phy_ops Eric Dumazet <edumazet(a)google.com> net: busy-poll: use ktime_get_ns() instead of local_clock() Cong Wang <cong.wang(a)bytedance.com> gtp: fix a potential NULL pointer dereference Jamie Bainbridge <jamie.bainbridge(a)gmail.com> ethtool: check device is present when getting link settings Prashant Malani <pmalani(a)chromium.org> r8152: Factor out OOB link list waits Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix programming slave ports for non-continous port maps Allison Henderson <allison.henderson(a)oracle.com> net:rds: Fix possible deadlock in rds_message_put Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Long Li <leo.lilong(a)huawei.com> filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Rafael Aquini <aquini(a)redhat.com> ipc: replace costly bailout check in sysvipc_find_ipc() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: duplicate static structs used in driver instances Ma Ke <make24(a)iscas.ac.cn> pinctrl: single: fix potential NULL dereference in pcs_get_function() Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Alexander Lobakin <aleksander.lobakin(a)intel.com> tools: move alignment-related macros to new <linux/align.h> Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Input: MT - limit max slots Lee, Chun-Yi <joeyli.kernel(a)gmail.com> Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Relax start tick time check for slave timer elements Ben Whitten <ben.whitten(a)gmail.com> mmc: dw_mmc: allow biu and ciu clocks to defer Nikolay Kuratov <kniv(a)yandex-team.ru> cxgb4: add forgotten u64 ivlan cast before shift Siarhei Vishniakou <svv(a)google.com> HID: microsoft: Add rumble support to latest xbox controllers Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Defer calculation of resolution until resolution_code is known Griffin Kroah-Hartman <griffin(a)kroah.com> Bluetooth: MGMT: Add error handling to pair_device() Dan Carpenter <dan.carpenter(a)linaro.org> mmc: mmc_test: Fix NULL dereference on allocation failure Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't play tricks with debug macros Jani Nikula <jani.nikula(a)intel.com> drm/msm: use drm_debug_enabled() to check for debug categories Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix dangling multicast addresses Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Always disable promiscuous mode Eric Dumazet <edumazet(a)google.com> ipv6: prevent UAF in ip6_send_skb() Stephen Hemminger <stephen(a)networkplumber.org> netem: fix return value if duplicate enqueue fails Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Fix out-of-bound access Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: replace ATU violation prints with trace points Hans J. Schultz <netdev(a)kapio-technology.com> net: dsa: mv88e6xxx: read FID when handling ATU violations Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: global1_atu: Add helper for get next Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: global2: Expose ATU stats register Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Serialise kcm_sendmsg() for the same socket. Simon Horman <horms(a)kernel.org> tc-testing: don't access non-existent variable on exception Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix LE quote calculation Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling link timeouts propertly Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Make use of __check_timeout on hci_sched_le Mikulas Patocka <mpatocka(a)redhat.com> dm suspend: return -ERESTARTSYS instead of -EINTR Ming Lei <ming.lei(a)redhat.com> dm: do not use waitqueue for request-based DM Gabriel Krisman Bertazi <krisman(a)collabora.com> dm mpath: pass IO start time to path selector Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> block: use "unsigned long" for blk_validate_block_size(). Eric Dumazet <edumazet(a)google.com> gtp: pull network headers in gtp_dev_xmit() Phil Chang <phil.chang(a)mediatek.com> hrtimer: Prevent queuing of hrtimer without a function callback Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bad dereference when freeing rsps Baokun Li <libaokun1(a)huawei.com> ext4: set the type of max_zeroout to unsigned int to avoid overflow Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> fbdev: offb: replace of_node_put with __free(device_node) Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: dwc3: core: Skip setting event buffers for host only controllers Alexander Gordeev <agordeev(a)linux.ibm.com> s390/iucv: fix receive buffer virtual vs physical address confusion Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> openrisc: Call setup_memory() earlier in the init sequence NeilBrown <neilb(a)suse.de> NFS: avoid infinite loop in pnfs_update_layout. Hannes Reinecke <hare(a)suse.de> nvmet-tcp: do not continue for invalid icreq Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: bnep: Fix out-of-bound access Keith Busch <kbusch(a)kernel.org> nvme: clear caller pointer on identify failure Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: gadget: fsl: Increase size of name buffer for endpoints Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to do sanity check in update_sit_entry David Sterba <dsterba(a)suse.com> btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba <dsterba(a)suse.com> btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba <dsterba(a)suse.com> btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion when checking for delayed_node root Michael Ellerman <mpe(a)ellerman.id.au> powerpc/boot: Only free if realloc() succeeds Li zeming <zeming(a)nfschina.com> powerpc/boot: Handle allocation failure in simple_realloc() Helge Deller <deller(a)gmx.de> parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Kees Cook <keescook(a)chromium.org> x86: Increase brk randomness entropy for 64-bit systems Li Nan <linan122(a)huawei.com> md: clean up invalid BUG_ON in md_ioctl Stefan Hajnoczi <stefanha(a)redhat.com> virtiofs: forbid newlines in tags Erico Nunes <nunes.erico(a)gmail.com> drm/lima: set gp bus_stop bit before hard reset Kees Cook <keescook(a)chromium.org> net/sun3_82586: Avoid reading past buffer in debug output Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Max Filippov <jcmvbkbc(a)gmail.com> fs: binfmt_elf_efpic: don't use missing interpreter's properties Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: check cx23885_vdev_init() return Jan Kara <jack(a)suse.cz> quota: Remove BUG_ON from dqget() Baokun Li <libaokun1(a)huawei.com> ext4: do not trim the group with corrupted block bitmap Daniel Wagner <dwagner(a)suse.de> nvmet-trace: avoid dereferencing pointer too early Kunwu Chan <chentao(a)kylinos.cn> powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Chengfeng Ye <dg573847474(a)gmail.com> IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: abort scan when rfkill on but device enabled Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: setattr_chown: Add missing initialization Mike Christie <michael.christie(a)oracle.com> scsi: spi: Fix sshdr use Christian Brauner <christian.brauner(a)ubuntu.com> binfmt_misc: cleanup on filesystem umount Chengfeng Ye <dg573847474(a)gmail.com> staging: ks7010: disable bh on tx_dev_lock Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: radio-isa: use dev_name to fill in bus_info Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: riic: avoid potential division by zero Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: cw1200: Avoid processing an invalid TIM IE Rand Deeb <rand.sec96(a)gmail.com> ssb: Fix division by zero issue in ssb_calc_clock_rate Parsa Poorshikhian <parsa.poorsh(a)gmail.com> ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Jie Wang <wangjie125(a)huawei.com> net: hns3: fix a deadlock problem when config TC during resetting Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: pass value in phy_write operation Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> net: axienet: Fix register defines comment description Andre Przywara <andre.przywara(a)arm.com> net: axienet: Autodetect 64-bit DMA capability Andre Przywara <andre.przywara(a)arm.com> net: axienet: Upgrade descriptors to hold 64-bit addresses Andre Przywara <andre.przywara(a)arm.com> net: axienet: Wrap DMA pointer writes to prepare for 64 bit Andre Przywara <andre.przywara(a)arm.com> net: axienet: Drop MDIO interrupt registers from ethtools dump Andre Przywara <andre.przywara(a)arm.com> net: axienet: Check for DMA mapping errors Andre Przywara <andre.przywara(a)arm.com> net: axienet: Factor out TX descriptor chain cleanup Andre Przywara <andre.przywara(a)arm.com> net: axienet: Improve DMA error handling Andre Przywara <andre.przywara(a)arm.com> net: axienet: Fix DMA descriptor cleanup path Dan Carpenter <dan.carpenter(a)linaro.org> atm: idt77252: prevent use after free in dequeue_rx() Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Correctly report errors for ethtool rx flows Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/uv: Panic for set and remove shared access UVC errors Alexander Lobakin <aleksander.lobakin(a)intel.com> btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Alexander Lobakin <aleksander.lobakin(a)intel.com> s390/cio: rename bitmap_size() -> idset_bitmap_size() Al Viro <viro(a)zeniv.linux.org.uk> memcg_write_event_control(): fix a user-triggerable oops Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu: Actually check flags for all context ops. Zhen Lei <thunder.leizhen(a)huawei.com> selinux: fix potential counting error in avc_add_xperms_decision() Al Viro <viro(a)zeniv.linux.org.uk> fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Alexander Lobakin <aleksander.lobakin(a)intel.com> bitmap: introduce generic optimized bitmap_size() Zhihao Cheng <chengzhihao1(a)huawei.com> vfs: Don't evict inode under the inode lru traversing context Mikulas Patocka <mpatocka(a)redhat.com> dm persistent data: fix memory allocation failure Khazhismel Kumykov <khazhy(a)google.com> dm resume: don't return EINVAL when signalled Haibo Xu <haibo1.xu(a)intel.com> arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix error recovery leading to data corruption on ESE devices Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Juan José Arboleda <soyjuanarbol(a)gmail.com> ALSA: usb-audio: Support Yamaha P-125 quirk entry Jann Horn <jannh(a)google.com> fuse: Initialize beyond-EOF page contents before setting uptodate ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/acpi_numa.c | 2 +- arch/openrisc/kernel/setup.c | 6 +- arch/parisc/kernel/irq.c | 4 +- arch/powerpc/boot/simple_alloc.c | 7 +- arch/powerpc/sysdev/xics/icp-native.c | 2 + arch/s390/include/asm/uv.h | 5 +- arch/x86/kernel/process.c | 5 +- drivers/ata/libata-core.c | 3 + drivers/atm/idt77252.c | 9 +- drivers/bluetooth/hci_ldisc.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 5 +- drivers/gpu/drm/lima/lima_gp.c | 12 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 +- drivers/hid/hid-ids.h | 10 +- drivers/hid/hid-microsoft.c | 11 +- drivers/hid/wacom_wac.c | 4 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/infiniband/hw/hfi1/chip.c | 5 +- drivers/input/input-mt.c | 3 + drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/md/dm-clone-metadata.c | 5 - drivers/md/dm-ioctl.c | 22 +- drivers/md/dm-mpath.c | 9 +- drivers/md/dm-path-selector.h | 2 +- drivers/md/dm-queue-length.c | 2 +- drivers/md/dm-rq.c | 4 - drivers/md/dm-service-time.c | 2 +- drivers/md/dm.c | 67 ++-- drivers/md/md.c | 5 - drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- drivers/media/pci/cx23885/cx23885-video.c | 8 + drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/media/radio/radio-isa.c | 2 +- drivers/media/usb/uvc/uvc_video.c | 10 +- drivers/mmc/core/mmc_test.c | 9 +- drivers/mmc/host/dw_mmc.c | 8 + drivers/net/dsa/mv88e6xxx/Makefile | 4 + drivers/net/dsa/mv88e6xxx/global1.h | 1 + drivers/net/dsa/mv88e6xxx/global1_atu.c | 87 +++++- drivers/net/dsa/mv88e6xxx/global2.c | 13 + drivers/net/dsa/mv88e6xxx/global2.h | 25 +- drivers/net/dsa/mv88e6xxx/trace.c | 6 + drivers/net/dsa/mv88e6xxx/trace.h | 66 ++++ drivers/net/dsa/vitesse-vsc73xx-core.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 + drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- drivers/net/ethernet/xilinx/xilinx_axienet.h | 34 +-- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 337 +++++++++++++++------ drivers/net/gtp.c | 5 +- drivers/net/usb/r8152.c | 73 ++--- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 +- drivers/net/wireless/st/cw1200/txrx.c | 2 +- drivers/nfc/pn533/pn533.c | 210 ++++++++++++- drivers/nfc/pn533/pn533.h | 19 +- drivers/nvme/host/core.c | 5 +- drivers/nvme/target/rdma.c | 16 +- drivers/nvme/target/tcp.c | 1 + drivers/nvme/target/trace.c | 6 +- drivers/nvme/target/trace.h | 28 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/s390/block/dasd.c | 36 ++- drivers/s390/block/dasd_3990_erp.c | 10 +- drivers/s390/block/dasd_eckd.c | 57 ++-- drivers/s390/block/dasd_int.h | 2 +- drivers/s390/cio/idset.c | 12 +- drivers/scsi/aacraid/comminit.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/scsi_transport_spi.c | 4 +- drivers/soc/qcom/cmd-db.c | 2 +- drivers/soundwire/stream.c | 8 +- drivers/ssb/main.c | 2 +- drivers/staging/ks7010/ks7010_sdio.c | 4 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 21 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 16 +- drivers/usb/gadget/udc/fsl_udc_core.c | 2 +- drivers/usb/host/xhci.c | 8 +- drivers/usb/serial/option.c | 5 + drivers/video/fbdev/offb.c | 3 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_misc.c | 216 ++++++++++--- fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/free-space-cache.c | 8 +- fs/btrfs/inode.c | 9 +- fs/btrfs/qgroup.c | 2 - fs/btrfs/send.c | 7 +- fs/ext4/extents.c | 3 +- fs/ext4/mballoc.c | 3 + fs/f2fs/segment.c | 5 +- fs/file.c | 28 +- fs/fuse/dev.c | 6 +- fs/fuse/virtio_fs.c | 10 + fs/gfs2/inode.c | 2 +- fs/inode.c | 39 ++- fs/locks.c | 4 +- fs/nfs/pnfs.c | 8 + fs/quota/dquot.c | 5 +- include/linux/bitmap.h | 20 +- include/linux/blkdev.h | 2 +- include/linux/cpumask.h | 2 +- include/linux/device-mapper.h | 2 + include/linux/fs.h | 5 + include/net/busy_poll.h | 2 +- include/net/kcm.h | 1 + ipc/util.c | 16 +- kernel/cgroup/cpuset.c | 13 +- kernel/time/hrtimer.c | 2 + lib/math/prime_numbers.c | 2 - mm/memcontrol.c | 7 +- net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_core.c | 58 ++-- net/bluetooth/mgmt.c | 4 + net/core/ethtool.c | 3 + net/core/net-sysfs.c | 2 +- net/ipv6/ip6_output.c | 2 + net/iucv/iucv.c | 3 +- net/kcm/kcmsock.c | 4 + net/netfilter/nft_counter.c | 5 + net/rds/recv.c | 13 +- net/sched/sch_netem.c | 47 +-- security/selinux/avc.c | 2 +- sound/core/timer.c | 2 +- sound/pci/hda/patch_realtek.c | 1 - sound/usb/quirks-table.h | 1 + tools/include/linux/align.h | 12 + tools/include/linux/bitmap.h | 8 +- tools/testing/selftests/tc-testing/tdc.py | 1 - 135 files changed, 1506 insertions(+), 586 deletions(-)

1 year

6
141
0 0

[PATCH 5.15 000/214] 5.15.167-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.167 release. There are 214 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.167-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.167-rc1 Felix Fietkau <nbd(a)nbd.name> udp: fix receiving fraglist GSO packets Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between direct IO write and fsync when using same fd Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Willem de Bruijn <willemb(a)google.com> net: drop bad gso csum_start and offset in virtio_net_hdr Yan Zhai <yan(a)cloudflare.com> gso: fix dodgy bit handling for GSO_UDP_L4 Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Willem de Bruijn <willemb(a)google.com> net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: rockchip: fix OF node leak in probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Matteo Martelli <matteomartelli3(a)gmail.com> ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Nicholas Piggin <npiggin(a)gmail.com> workqueue: Improve scalability of workqueue watchdog touch Nicholas Piggin <npiggin(a)gmail.com> workqueue: wq_watchdog_touch is always called with valid CPU Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: unset the binding mark of a reused connection Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Faisal Hassan <quic_faisalh(a)quicinc.com> usb: dwc3: core: update LC timer as per USB Spec V3.2 Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix config comparison Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: Check the lease context if we actually got a lease Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Olivier Sobrie <olivier(a)sobrie.be> HID: amd_sfh: free driver_data after destroying hid device Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() yang.zhang <yang.zhang(a)hexintek.com> riscv: set trap vector earlier Filipe Manana <fdmanana(a)suse.com> btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Check more cases when directory is corrupted Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Yicong Yang <yangyicong(a)hisilicon.com> dma-mapping: benchmark: Don't starve others when doing the test Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix possible tid_t sequence overflows Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Set no_hw_access when VF request full GPU fails Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Larysa Zaremba <larysa.zaremba(a)intel.com> ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Simon Horman <horms(a)kernel.org> can: m_can: Release irq on error in m_can_open Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check HDCP returned status Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: send ACK on an active subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: skip connecting to already established sf Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove already closed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ADD_ADDR 0 is not a new address Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: close subflow when receiving TCP+FIN Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid duplicated SUB_CLOSED events Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: avoid possible UaF when selecting endp Paolo Abeni <pabeni(a)redhat.com> mptcp: constify a bunch of of helpers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fullmesh: select the right ID later Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only decrement add_addr_accepted for MPJ req Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused flushed subflows Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add sleep quirk for Samsung 990 Evo Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Ravi Bangoria <ravi.bangoria(a)amd.com> KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Maxim Levitsky <mlevitsk(a)redhat.com> KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> ext4: handle redirtying in ext4_bio_write_page() Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Eric Biggers <ebiggers(a)google.com> ext4: reject casefold inode flag without casefold feature Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Bob Zhou <bob.zhou(a)amd.com> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Marek Vasut <marex(a)denx.de> drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Remove buggy bypass lock contention mitigation Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Properly handle unexpected AQ completions Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Jagadeesh Kona <quic_jkona(a)quicinc.com> cpufreq: scmi: Avoid overflow of target_freq in fast switch Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update type of buf size to u32 for eeprom functions Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for aldebaran Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the waring dereferencing hive Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Asad Kamal <asad.kamal(a)amd.com> drm/amd/amdgpu: Check tbo resource pointer Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Assign linear_pitch_alignment even for VM Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 ++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/mips/kernel/cevt-r4k.c | 15 +- arch/riscv/kernel/head.S | 3 + arch/s390/kernel/vmlinux.lds.S | 9 ++ arch/um/drivers/line.c | 2 + arch/x86/kvm/svm/svm.c | 15 ++ arch/x86/mm/pti.c | 45 ++++-- block/blk-integrity.c | 2 - drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 25 ++- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/gpio/gpio-rockchip.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 8 +- drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 +- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 +++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 +++- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 90 ++++++++--- .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 ++- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 +++- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 +- drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/gpu/drm/meson/meson_plane.c | 17 +- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/hwspinlock/hwspinlock_core.c | 28 ++++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/iio/adc/ad7124.c | 27 ++-- drivers/iio/adc/ad7606.c | 28 +--- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 +++++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/infiniband/hw/efa/efa_com.c | 30 ++-- drivers/input/misc/uinput.c | 14 ++ drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/cqhci-core.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +-- drivers/net/can/m_can/m_can.c | 5 +- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 ++- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/ice/ice_lib.c | 12 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/geneve.c | 8 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 5 +- drivers/net/usb/ipheth.c | 2 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 15 +- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/host/pci.c | 11 ++ drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 +++++- drivers/pci/controller/dwc/pcie-al.c | 16 +- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++-- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell/dell-smbios-base.c | 5 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/core.c | 15 ++ drivers/usb/dwc3/core.h | 2 + drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++---- fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 1 - fs/btrfs/extent-tree.c | 32 +++- fs/btrfs/file.c | 25 ++- fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.h | 6 + fs/cifs/smb2ops.c | 24 ++- fs/ext4/fast_commit.c | 8 +- fs/ext4/inode.c | 5 +- fs/ext4/page-io.c | 14 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/ksmbd/smb2pdu.c | 4 + fs/ksmbd/transport_tcp.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 ++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 ++++++++------ fs/notify/fsnotify.c | 31 ++-- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 +++- fs/ntfs3/dir.c | 52 +++--- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/udp.h | 2 +- include/linux/virtio_net.h | 35 +++-- include/net/bluetooth/hci_core.h | 5 - kernel/cgroup/cgroup.c | 2 +- kernel/dma/debug.c | 5 +- kernel/dma/map_benchmark.c | 16 ++ kernel/events/core.c | 18 ++- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 9 +- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree.h | 1 - kernel/rcu/tree_nocb.h | 32 +--- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + kernel/workqueue.c | 14 +- lib/generic-radix-tree.c | 2 + mm/memcontrol.c | 23 ++- net/8021q/vlan_core.c | 7 +- net/bluetooth/mgmt.c | 60 +++---- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/ethernet/eth.c | 7 +- net/ipv4/af_inet.c | 19 +-- net/ipv4/fou.c | 54 ++++--- net/ipv4/gre_offload.c | 12 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/tcp_offload.c | 3 + net/ipv4/udp_offload.c | 22 ++- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/ipv6/ip6_offload.c | 14 +- net/ipv6/udp_offload.c | 2 - net/mptcp/options.c | 44 +++--- net/mptcp/pm.c | 36 +++-- net/mptcp/pm_netlink.c | 174 +++++++++++++-------- net/mptcp/protocol.c | 61 +++++--- net/mptcp/protocol.h | 28 ++-- net/mptcp/sockopt.c | 4 +- net/mptcp/subflow.c | 56 ++++--- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 + net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 ++++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 +- sound/hda/hdmi_chmap.c | 18 +++ sound/pci/hda/hda_generic.c | 63 ++++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 13 ++ sound/pci/hda/patch_realtek.c | 10 ++ sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + sound/soc/sunxi/sun4i-i2s.c | 143 ++++++++--------- tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- tools/testing/selftests/net/udpgso.c | 2 +- 224 files changed, 1994 insertions(+), 1016 deletions(-)

1 year

7
222
0 0

[PATCH 6.1 000/192] 6.1.110-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.110 release. There are 192 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.110-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.110-rc1 Miklos Szeredi <mszeredi(a)redhat.com> fuse: add feature flag for expire-only Peng Wu <wupeng58(a)huawei.com> regulator: of: fix a NULL vs IS_ERR() check in of_regulator_bulk_get_all() Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Yonghong Song <yhs(a)fb.com> bpf: Silence a warning in btf_type_id_size() Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between direct IO write and fsync when using same fd Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Li Nan <linan122(a)huawei.com> ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Liao Chen <liaochen4(a)huawei.com> gpio: modepin: Enable module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: rockchip: fix OF node leak in probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Matteo Martelli <matteomartelli3(a)gmail.com> ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Chen-Yu Tsai <wenst(a)chromium.org> ASoc: SOF: topology: Clear SOF link platform name upon unload Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Mohan Kumar <mkumard(a)nvidia.com> ASoC: tegra: Fix CBB error during probe() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64e: Define mmu_pte_psize static Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: split out nohash Book3E 64-bit code Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: remove unused IBM HTW code Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd: Add gfx12 swizzle mode defs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: clarify the meaning of timestamp Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Nicholas Piggin <npiggin(a)gmail.com> workqueue: Improve scalability of workqueue watchdog touch Nicholas Piggin <npiggin(a)gmail.com> workqueue: wq_watchdog_touch is always called with valid CPU Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Jann Horn <jannh(a)google.com> userfaultfd: fix checks for huge PMDs Peter Zijlstra <peterz(a)infradead.org> mm: Rename pmd_read_atomic() Peter Zijlstra <peterz(a)infradead.org> mm: Fix pmd_read_atomic() Peter Zijlstra <peterz(a)infradead.org> x86/mm/pae: Make pmd_t similar to pte_t yangyun <yangyun50(a)huawei.com> fuse: fix memory leak in fuse_create_open Miklos Szeredi <mszeredi(a)redhat.com> fuse: add request extension Dharmendra Singh <dsingh(a)ddn.com> fuse: allow non-extending parallel direct writes on the same file Miklos Szeredi <mszeredi(a)redhat.com> fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY Boqun Feng <boqun.feng(a)gmail.com> rust: macros: provide correct provenance when constructing THIS_MODULE Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Faisal Hassan <quic_faisalh(a)quicinc.com> usb: dwc3: core: update LC timer as per USB Spec V3.2 Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix config comparison Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Matthieu Baerts (NGI0) <matttbe(a)kernel.org> tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Michal Koutný <mkoutny(a)suse.com> io_uring/sqpoll: Do not set PF_NO_SETAFFINITY on sqpoll threads Jens Axboe <axboe(a)kernel.dk> io_uring/io-wq: stop setting PF_NO_SETAFFINITY on io-wq workers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 signal Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate event numbers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: fix backport issues Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Olivier Sobrie <olivier(a)sobrie.be> HID: amd_sfh: free driver_data after destroying hid device Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Don't drop SYN+ACK for simultaneous connect(). Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() yang.zhang <yang.zhang(a)hexintek.com> riscv: set trap vector earlier Filipe Manana <fdmanana(a)suse.com> btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Check more cases when directory is corrupted Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Yicong Yang <yangyicong(a)hisilicon.com> dma-mapping: benchmark: Don't starve others when doing the test Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix possible tid_t sequence overflows Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Set no_hw_access when VF request full GPU fails Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Hareshx Sankar Raj <hareshx.sankar.raj(a)intel.com> crypto: qat - fix unintentional re-enabling of error interrupts Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Take the phy mutex in xlate Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Don't allow writes to read-only controls Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Larysa Zaremba <larysa.zaremba(a)intel.com> ice: do not bring the VSI up, if it was down before the XDP setup Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: allow hot-swapping XDP programs Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Use ice_max_xdp_frame_size() in ice_xdp_setup_prog() Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Douglas Anderson <dianders(a)chromium.org> regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Corentin Labbe <clabbe(a)baylibre.com> regulator: Add of_regulator_bulk_get_all Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> ice: Add netif_device_attach/detach into PF reset flow Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 David Howells <dhowells(a)redhat.com> cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region Andreas Hindborg <a.hindborg(a)samsung.com> rust: kbuild: fix export of bss symbols Matthew Maurer <mmaurer(a)google.com> rust: Use awk instead of recent xargs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode Simon Horman <horms(a)kernel.org> can: m_can: Release irq on error in m_can_open Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check denominator pbn_div before used Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: ili210x - use kvmalloc() to allocate buffer for firmware update Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Danijel Slivka <danijel.slivka(a)amd.com> drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: Fix smatch static checker warning Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check HDCP returned status Ma Ke <make24(a)iscas.ac.cn> usb: gadget: aspeed_udc: validate endpoint index for ast udc Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: One more reason to mark inode bad Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> x86/kmsan: Fix hook for unaligned accesses Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Alexey Dobriyan <adobriyan(a)gmail.com> ELF: fix kernel.randomize_va_space double read Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Takashi Iwai <tiwai(a)suse.de> ALSA: control: Apply sanity check of input values for user elements Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" Mitchell Levy <levymitchell0(a)gmail.com> x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Matt Johnston <matt(a)codeconstruct.com.au> net: mctp-serial: Fix missing escapes on transmit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Brian Norris <briannorris(a)chromium.org> spi: rockchip: Resolve unbalanced runtime PM / system PM handling Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Jonathan Bell <jonathan(a)raspberrypi.com> mmc: core: apply SD quirks earlier during probe Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add sleep quirk for Samsung 990 Evo Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Thomas Gleixner <tglx(a)linutronix.de> x86/kaslr: Expose and use the end of the physical memory address space Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Limit the period on Haswell Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Fix data leak in mmio_read() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: unset the binding mark of a reused connection Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Ravi Bangoria <ravi.bangoria(a)amd.com> KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Maxim Levitsky <mlevitsk(a)redhat.com> KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 + arch/arm64/kernel/acpi_numa.c | 11 - arch/mips/kernel/cevt-r4k.c | 15 +- arch/powerpc/include/asm/nohash/mmu-e500.h | 3 +- arch/powerpc/mm/nohash/Makefile | 2 +- arch/powerpc/mm/nohash/tlb.c | 398 +-------------------- arch/powerpc/mm/nohash/tlb_64e.c | 361 +++++++++++++++++++ arch/powerpc/mm/nohash/tlb_low_64e.S | 195 ---------- arch/riscv/kernel/head.S | 3 + arch/s390/kernel/vmlinux.lds.S | 9 + arch/um/drivers/line.c | 2 + arch/x86/coco/tdx/tdx.c | 1 - arch/x86/events/intel/core.c | 23 +- arch/x86/include/asm/fpu/types.h | 7 + arch/x86/include/asm/page_64.h | 1 + arch/x86/include/asm/pgtable-3level.h | 96 +---- arch/x86/include/asm/pgtable-3level_types.h | 7 + arch/x86/include/asm/pgtable_64_types.h | 5 + arch/x86/include/asm/pgtable_types.h | 4 +- arch/x86/kernel/fpu/xstate.c | 3 + arch/x86/kernel/fpu/xstate.h | 4 +- arch/x86/kvm/svm/svm.c | 15 + arch/x86/kvm/x86.c | 2 + arch/x86/lib/iomem.c | 5 +- arch/x86/mm/init_64.c | 4 + arch/x86/mm/kaslr.c | 34 +- arch/x86/mm/pti.c | 45 ++- drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/block/ublk_drv.c | 2 + drivers/clk/qcom/clk-alpha-pll.c | 25 +- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/crypto/qat/qat_common/adf_gen2_pfvf.c | 4 +- .../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 8 +- drivers/firmware/cirrus/cs_dsp.c | 3 + drivers/gpio/gpio-rockchip.c | 1 + drivers/gpio/gpio-zynqmp-modepin.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 28 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 +- drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775-core.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/iio/adc/ad7124.c | 27 +- drivers/iio/adc/ad7606.c | 28 +- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 ++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 + drivers/input/touchscreen/ili210x.c | 6 +- drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/core/quirks.h | 22 +- drivers/mmc/core/sd.c | 4 + drivers/mmc/host/cqhci-core.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +- drivers/net/can/m_can/m_can.c | 5 +- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 28 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ram.c | 11 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 23 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-rx.c | 165 ++++++--- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 22 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 42 ++- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/ice/ice_main.c | 61 ++-- drivers/net/ethernet/intel/igb/igb_main.c | 10 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/microsoft/mana/mana.h | 2 + drivers/net/ethernet/microsoft/mana/mana_en.c | 22 +- drivers/net/mctp/mctp-serial.c | 4 +- drivers/net/usb/ipheth.c | 2 +- drivers/net/usb/usbnet.c | 11 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/host/pci.c | 11 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 ++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +- drivers/pcmcia/yenta_socket.c | 6 +- drivers/phy/xilinx/phy-zynqmp.c | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 5 +- drivers/regulator/of_regulator.c | 92 +++++ drivers/spi/spi-rockchip.c | 23 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/core.c | 15 + drivers/usb/dwc3/core.h | 2 + drivers/usb/gadget/udc/aspeed_udc.c | 2 + drivers/usb/storage/uas.c | 1 + fs/binfmt_elf.c | 5 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 1 - fs/btrfs/extent-tree.c | 32 +- fs/btrfs/file.c | 25 +- fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.h | 6 + fs/ext4/fast_commit.c | 8 +- fs/fuse/dev.c | 6 +- fs/fuse/dir.c | 72 ++-- fs/fuse/file.c | 51 ++- fs/fuse/fuse_i.h | 8 +- fs/fuse/inode.c | 3 +- fs/fuse/xattr.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 +- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 43 ++- fs/ntfs3/dir.c | 52 +-- fs/ntfs3/frecord.c | 4 +- fs/smb/client/smb2ops.c | 16 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/transport_tcp.c | 4 +- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 15 + include/linux/mm.h | 4 + include/linux/pgtable.h | 54 ++- include/linux/regulator/consumer.h | 16 + include/net/bluetooth/hci_core.h | 5 - include/uapi/drm/drm_fourcc.h | 18 + include/uapi/linux/fuse.h | 46 ++- io_uring/io-wq.c | 16 +- io_uring/sqpoll.c | 1 - kernel/bpf/btf.c | 13 +- kernel/cgroup/cgroup.c | 2 +- kernel/dma/map_benchmark.c | 16 + kernel/events/core.c | 18 +- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 9 +- kernel/resource.c | 6 +- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + kernel/workqueue.c | 14 +- lib/generic-radix-tree.c | 2 + mm/hmm.c | 2 +- mm/khugepaged.c | 2 +- mm/mapping_dirty_helpers.c | 2 +- mm/memcontrol.c | 22 +- mm/memory_hotplug.c | 2 +- mm/mprotect.c | 2 +- mm/sparse.c | 2 +- mm/userfaultfd.c | 24 +- mm/vmscan.c | 4 +- net/bluetooth/mgmt.c | 60 ++-- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/ipv4/fou.c | 29 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/tcp_input.c | 6 + net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/unix/af_unix.c | 9 +- rust/Makefile | 4 +- rust/macros/module.rs | 6 +- security/smack/smack_lsm.c | 12 +- sound/core/control.c | 6 +- sound/hda/hdmi_chmap.c | 18 + sound/pci/hda/patch_conexant.c | 11 + sound/pci/hda/patch_realtek.c | 10 + sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + sound/soc/sof/topology.c | 2 + sound/soc/sunxi/sun4i-i2s.c | 143 ++++---- sound/soc/tegra/tegra210_ahub.c | 12 +- tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 234 ++++++++---- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 + 208 files changed, 2369 insertions(+), 1522 deletions(-)

1 year

8
204
0 0

[PATCH 5.10 000/186] 5.10.226-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.226 release. There are 186 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.226-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.226-rc1 Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers Eric Dumazet <edumazet(a)google.com> fou: remove sparse errors Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Catch another Reply chunk overflow case Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Josef Bacik <josef(a)toxicpanda.com> nfsd: make svc_stat per-network namespace instead of global Josef Bacik <josef(a)toxicpanda.com> nfsd: remove nfsd_stats, make th_cnt a global counter Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Josef Bacik <josef(a)toxicpanda.com> sunrpc: use the struct net as the svc proc private Josef Bacik <josef(a)toxicpanda.com> sunrpc: remove ->pg_stats from svc_program Josef Bacik <josef(a)toxicpanda.com> sunrpc: pass in the sv_stats struct through svc_create_pooled Josef Bacik <josef(a)toxicpanda.com> nfsd: stop setting ->pg_stats for unused stats Josef Bacik <josef(a)toxicpanda.com> sunrpc: don't change ->sv_stats if it doesn't exist Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix frame size warning in svc_export_parse() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NeilBrown <neilb(a)suse.de> NFSD: simplify error paths in nfsd_svc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor the duplicate reply cache shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace nfsd_prune_bucket() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename nfsd_reply_cache_alloc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_reply_cache_free_locked() Jeff Layton <jlayton(a)kernel.org> nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Jeff Layton <jlayton(a)kernel.org> nfsd: move reply cache initialization into nfsd startup Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: avoid possible UaF when selecting endp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free after failure to create a snapshot Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Connor O'Brien <connor.obrien(a)crowdstrike.com> bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> ext4: handle redirtying in ext4_bio_write_page() Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Stanislav Fomichev <sdf(a)google.com> net: set SOCK_RCU_FREE before inserting socket into hashtable Connor O'Brien <connor.obrien(a)crowdstrike.com> bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode Bob Zhou <bob.zhou(a)amd.com> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 ++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/mips/kernel/cevt-r4k.c | 15 +- arch/s390/kernel/vmlinux.lds.S | 9 + arch/um/drivers/line.c | 2 + arch/x86/mm/pti.c | 45 +++-- block/bio-integrity.c | 11 +- block/blk-integrity.c | 2 - drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 6 +- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 +- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 ++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 90 +++++++-- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 8 +- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/gpu/drm/meson/meson_plane.c | 17 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/hwspinlock/hwspinlock_core.c | 28 +++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/iio/adc/ad7124.c | 1 + drivers/iio/adc/ad7606.c | 28 +-- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 ++++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 ++ drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/media/usb/uvc/uvc_driver.c | 18 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/cqhci.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +-- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/geneve.c | 8 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 5 +- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 +-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 ++++- drivers/pci/controller/dwc/pcie-al.c | 16 +- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 ++-- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++--- fs/btrfs/extent-tree.c | 32 +++- fs/btrfs/inode.c | 2 +- fs/btrfs/ioctl.c | 5 +- fs/btrfs/transaction.c | 24 +++ fs/btrfs/transaction.h | 2 + fs/ext4/page-io.c | 14 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfs/super.c | 2 + fs/nfsd/export.c | 32 +++- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfscache.c | 202 ++++++++++++--------- fs/nfsd/nfsctl.c | 24 ++- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 38 ++-- fs/nfsd/stats.c | 52 +++--- fs/nfsd/stats.h | 83 ++++----- fs/nfsd/trace.h | 22 +++ fs/nfsd/vfs.c | 6 +- fs/nilfs2/recovery.c | 35 +++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 +++++++----- fs/notify/fsnotify.c | 31 +++- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 +++- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++- include/linux/cgroup-defs.h | 107 +++-------- include/linux/cgroup.h | 22 +-- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/sunrpc/svc.h | 5 +- include/net/bluetooth/hci_core.h | 5 - kernel/cgroup/cgroup.c | 65 +++---- kernel/dma/debug.c | 5 +- kernel/events/core.c | 18 +- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/rcu/tasks.h | 2 +- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + lib/generic-radix-tree.c | 2 + mm/memcontrol.c | 23 ++- net/8021q/vlan_core.c | 7 +- net/bluetooth/mgmt.c | 60 +++--- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/core/netclassid_cgroup.c | 7 +- net/core/netprio_cgroup.c | 10 +- net/ethernet/eth.c | 7 +- net/ipv4/af_inet.c | 19 +- net/ipv4/fou.c | 62 ++++--- net/ipv4/gre_offload.c | 12 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/udp_offload.c | 6 +- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/ipv6/ip6_offload.c | 14 +- net/ipv6/udp_offload.c | 2 - net/mptcp/options.c | 34 ++-- net/mptcp/pm.c | 24 +-- net/mptcp/pm_netlink.c | 59 +++--- net/mptcp/protocol.c | 54 +++--- net/mptcp/protocol.h | 4 +- net/mptcp/subflow.c | 50 ++--- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 36 ++-- net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 + net/sunrpc/xprtsock.c | 7 + net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 +++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 +- sound/hda/hdmi_chmap.c | 18 ++ sound/pci/hda/hda_generic.c | 63 +++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 13 ++ sound/pci/hda/patch_realtek.c | 10 + sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- 209 files changed, 1848 insertions(+), 1126 deletions(-)

1 year

6
193
0 0

[PATCH 3/4] phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend

by Johan Hovold

Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. This bug was later reproduced when the driver was copied to create the qmp-usbc driver. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with these drivers. Fixes: 19281571a4d5 ("phy: qcom: qmp-usb: split USB-C PHY driver") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c index 5cbc5fd529eb..dea3456f88b1 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c @@ -1049,6 +1049,7 @@ static int qmp_usbc_probe(struct platform_device *pdev) return -ENOMEM; qmp->dev = dev; + dev_set_drvdata(dev, qmp); qmp->orientation = TYPEC_ORIENTATION_NORMAL; -- 2.44.2

1 year

1
0
0 0

[PATCH 2/4] phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend

by Johan Hovold

Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. This bug was later reproduced when the driver was copied to create the qmp-usb-legacy driver. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with these drivers. Fixes: e464a3180a43 ("phy: qcom-qmp-usb: split off the legacy USB+dp_com support") Cc: stable(a)vger.kernel.org # 6.6 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c b/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c index 6d0ba39c1943..8bf951b0490c 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c @@ -1248,6 +1248,7 @@ static int qmp_usb_legacy_probe(struct platform_device *pdev) return -ENOMEM; qmp->dev = dev; + dev_set_drvdata(dev, qmp); qmp->cfg = of_device_get_match_data(dev); if (!qmp->cfg) -- 2.44.2

1 year

1
0
0 0

[PATCH 1/4] phy: qcom: qmp-usb: fix NULL-deref on runtime suspend

by Johan Hovold

Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with this driver. Fixes: 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") Cc: stable(a)vger.kernel.org # 6.2 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c index 49f4a53f9b2c..76068393e4ba 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c @@ -2191,6 +2191,7 @@ static int qmp_usb_probe(struct platform_device *pdev) return -ENOMEM; qmp->dev = dev; + dev_set_drvdata(dev, qmp); qmp->cfg = of_device_get_match_data(dev); if (!qmp->cfg) -- 2.44.2

1 year

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2024