January 2025 - Linux-stable-mirror

[PATCH] drm: Remove redundant statement in drm_crtc_helper_set_mode()

by Huacai Chen

Commit dbbfaf5f2641a ("drm: Remove bridge support from legacy helpers") removes the drm_bridge_mode_fixup() call in drm_crtc_helper_set_mode(), which makes the subsequent "encoder_funcs = encoder->helper_private" be redundant, so remove it. Cc: stable(a)vger.kernel.org Fixes: dbbfaf5f2641a ("drm: Remove bridge support from legacy helpers") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/gpu/drm/drm_crtc_helper.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c index 0955f1c385dd..39497493f74c 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c @@ -334,7 +334,6 @@ bool drm_crtc_helper_set_mode(struct drm_crtc *crtc, if (!encoder_funcs) continue; - encoder_funcs = encoder->helper_private; if (encoder_funcs->mode_fixup) { if (!(ret = encoder_funcs->mode_fixup(encoder, mode, adjusted_mode))) { -- 2.43.5

1 month

3
3
0 0

FAILED: patch "[PATCH] io_uring/eventfd: ensure io_eventfd_signal() defers another" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c9a40292a44e78f71258b8522655bffaf5753bdb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025011246-appealing-angler-4f22@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c9a40292a44e78f71258b8522655bffaf5753bdb Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Wed, 8 Jan 2025 10:28:05 -0700 Subject: [PATCH] io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period. Fixes: 21a091b970cd ("io_uring: signal registered eventfd to process deferred task work") Reported-by: Jann Horn <jannh(a)google.com> Cc: stable(a)vger.kernel.org Tested-by: Li Zetao <lizetao1(a)huawei.com> Reviewed-by: Li Zetao<lizetao1(a)huawei.com> Reviewed-by: Prasanna Kumar T S M <ptsm(a)linux.microsoft.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/eventfd.c b/io_uring/eventfd.c index fab936d31ba8..100d5da94cb9 100644 --- a/io_uring/eventfd.c +++ b/io_uring/eventfd.c @@ -33,20 +33,18 @@ static void io_eventfd_free(struct rcu_head *rcu) kfree(ev_fd); } +static void io_eventfd_put(struct io_ev_fd *ev_fd) +{ + if (refcount_dec_and_test(&ev_fd->refs)) + call_rcu(&ev_fd->rcu, io_eventfd_free); +} + static void io_eventfd_do_signal(struct rcu_head *rcu) { struct io_ev_fd *ev_fd = container_of(rcu, struct io_ev_fd, rcu); eventfd_signal_mask(ev_fd->cq_ev_fd, EPOLL_URING_WAKE); - - if (refcount_dec_and_test(&ev_fd->refs)) - io_eventfd_free(rcu); -} - -static void io_eventfd_put(struct io_ev_fd *ev_fd) -{ - if (refcount_dec_and_test(&ev_fd->refs)) - call_rcu(&ev_fd->rcu, io_eventfd_free); + io_eventfd_put(ev_fd); } static void io_eventfd_release(struct io_ev_fd *ev_fd, bool put_ref)

1 month

3
3
0 0

[PATCH v2] Bluetooth: qca: Support downloading board ID specific NVM for WCN6855

by Zijun Hu

For WCN6855, board ID specific NVM needs to be downloaded once board ID is available, but the default NVM is always downloaded currently, and the wrong NVM causes poor RF performance which effects user experience. Fix by downloading board ID specific NVM if board ID is available. Cc: Bjorn Andersson <bjorande(a)quicinc.com> Cc: Aiqun Yu (Maria) <quic_aiquny(a)quicinc.com> Cc: Cheng Jiang <quic_chejiang(a)quicinc.com> Cc: Johan Hovold <johan(a)kernel.org> Cc: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Cc: Steev Klimaszewski <steev(a)kali.org> Cc: Paul Menzel <pmenzel(a)molgen.mpg.de> Fixes: 095327fede00 ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855") Cc: stable(a)vger.kernel.org # 6.4 Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Steev Klimaszewski <steev(a)kali.org> Tested-by: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Thank you Paul, Jens, Steev, Johan, Luiz for code review, various verification, comments and suggestions. these comments and suggestions are very good, and all of them are taken by this v2 patch. Regarding the variant 'g', sorry for that i can say nothing due to confidential information (CCI), but fortunately, we don't need to care about its difference against one without 'g' from BT host perspective, qca_get_hsp_nvm_name_generic() shows how to map BT chip to firmware. I will help to backport it to LTS kernels ASAP once this commit is mainlined. --- Changes in v2: - Correct subject and commit message - Temporarily add nvm fallback logic to speed up backport. — Add fix/stable tags as suggested by Luiz and Johan - Link to v1: https://lore.kernel.org/r/20241113-x13s_wcn6855_fix-v1-1-15af0aa2549c@quici… --- drivers/bluetooth/btqca.c | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index dfbbac92242a..ddfe7e3c9b50 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -717,6 +717,29 @@ static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, snprintf(fwname, max_size, "qca/hpnv%02x%s.%x", rom_ver, variant, bid); } +static void qca_get_hsp_nvm_name_generic(struct qca_fw_config *cfg, + struct qca_btsoc_version ver, + u8 rom_ver, u16 bid) +{ + const char *variant; + + /* hsp gf chip */ + if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID) + variant = "g"; + else + variant = ""; + + if (bid == 0x0) + snprintf(cfg->fwname, sizeof(cfg->fwname), "qca/hpnv%02x%s.bin", + rom_ver, variant); + else if (bid & 0xff00) + snprintf(cfg->fwname, sizeof(cfg->fwname), "qca/hpnv%02x%s.b%x", + rom_ver, variant, bid); + else + snprintf(cfg->fwname, sizeof(cfg->fwname), "qca/hpnv%02x%s.b%02x", + rom_ver, variant, bid); +} + static inline void qca_get_nvm_name_generic(struct qca_fw_config *cfg, const char *stem, u8 rom_ver, u16 bid) { @@ -810,8 +833,15 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, /* Give the controller some time to get ready to receive the NVM */ msleep(10); - if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850) + switch (soc_type) { + case QCA_QCA2066: + case QCA_WCN6855: + case QCA_WCN7850: qca_read_fw_board_id(hdev, &boardid); + break; + default: + break; + } /* Download NVM configuration */ config.type = TLV_TYPE_NVM; @@ -848,8 +878,7 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, "qca/msnv%02x.bin", rom_ver); break; case QCA_WCN6855: - snprintf(config.fwname, sizeof(config.fwname), - "qca/hpnv%02x.bin", rom_ver); + qca_get_hsp_nvm_name_generic(&config, ver, rom_ver, boardid); break; case QCA_WCN7850: qca_get_nvm_name_generic(&config, "hmt", rom_ver, boardid); @@ -861,9 +890,18 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, } } +download_nvm: err = qca_download_firmware(hdev, &config, soc_type, rom_ver); if (err < 0) { bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err); + if (err == -ENOENT && boardid != 0 && + soc_type == QCA_WCN6855) { + boardid = 0; + qca_get_hsp_nvm_name_generic(&config, ver, + rom_ver, boardid); + bt_dev_warn(hdev, "QCA fallback to default NVM"); + goto download_nvm; + } return err; } --- base-commit: e88b020190bf5bc3e7ce5bd8003fc39b23cc95fe change-id: 20241113-x13s_wcn6855_fix-53c573ff7878 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

1 month

5
8
0 0

[PATCH] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported

by Arulpandiyan Vadivel

Commit c7ff693fa2094ba0a9d0a20feb4ab1658eff9c33 ("module: Split modules_install compression and in-kernel decompression") removed the MODULE_COMPRESS_NONE, but left it loadpin's Kconfig, and removing it Signed-off-by: Arulpandiyan Vadivel <arulpandiyan.vadivel(a)siemens.com> --- security/loadpin/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig index 848f8b4a60190..94348e2831db9 100644 --- a/security/loadpin/Kconfig +++ b/security/loadpin/Kconfig @@ -16,7 +16,7 @@ config SECURITY_LOADPIN_ENFORCE depends on SECURITY_LOADPIN # Module compression breaks LoadPin unless modules are decompressed in # the kernel. - depends on !MODULES || (MODULE_COMPRESS_NONE || MODULE_DECOMPRESS) + depends on !MODULES || MODULE_DECOMPRESS help If selected, LoadPin will enforce pinning at boot. If not selected, it can be enabled at boot with the kernel parameter -- 2.39.5

1 month

3
2
0 0

Re: [PATCH v3] usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs

by 潘俊中

Hi Maciej, On 2025/1/13 1:49, Maciej Żenczykowski Wrote: > (a) I think this looks like a bug on the sending Win10 side, rather > than a parsing bug in Linux, > with there being no ZLP, and no short (<512) frame, there's simply no > way for the receiver to split at the right spot. > > Indeed, fixing this on the Linux/parsing side seems non-trivial... > I guess we could try to treat the connection as simply a serial > connection (ie. ignore frame boundaries), but then we might have > issues with other senders... > > I guess the most likely 'correct' hack/fix would be to hold on to the > extra 'N*512' bytes (it doesn't even have to be 1, though likely the N > is odd), if it starts with a NTH header... Make sence, it seems we only need to save the rest data beside dwBlockLength for next unwrap if a hack is acceptable, otherwise I may need to check if a custom host driver for Windows10 user feasible. I didn't look carefully into the 1byte and padding stuff with Windows11 host yet, I will take a look then. > (b) I notice the '512' not '1024', I think this implies a USB2 > connection instead of USB3 > -- could you try replicating this with a USB3 capable data cable (and > USB3 ports), this should result in 1024 block size instead of 512. > > I'm wondering if the win10 stack is avoiding generating N*1024, but > then hitting N*512 with odd N... Yes, I am using USB2.0 connection to better capture the crime scene. Normally the OUT transfer on USB3.0 SuperSpeed connection comes with a bunch of 1024B Data Pakcet along with a Short Packet less than 1024B in the end from the Lecroy trace. It's also reproducible on USB3.0 SuperSpeed connection using dwc3 controller, but it will cost more time and make it difficult to capture the online data (limited tracer HW buffer), I can try using software tracing or custom logs later: [ 5] 26.00-27.00 sec 183 MBytes 1.54 Gbits/sec [ 5] 27.00-28.00 sec 182 MBytes 1.53 Gbits/sec [ 206.123935] configfs.gadget.2: Wrong NDP SIGN [ 206.129785] configfs.gadget.2: Wrong NTH SIGN, skblen 12208 [ 206.136802] HEAD:0000000004f66a88: 80 06 bc f9 c0 a8 24 66 c0 a8 24 65 f7 24 14 51 aa 1a 30 d5 01 f8 01 26 50 10 20 14 27 3d 00 00 [ 5] 28.00-29.00 sec 128 MBytes 1.07 Gbits/sec [ 5] 29.00-30.00 sec 191 MBytes 1.61 Gbits/sec > > Presumably '512' would be '64' with USB1.0/1.1, but I guess finding a > USB1.x port/host to test against is likely to be near impossible... > > I'll try to see if I can find the source of the bug in the Win > driver's sources (though based on it being Win10 only, may need to > search history) > It's great if you can analyze from the host driver. I didn't know if the NCM driver open-sourced on github by M$ is the correspond version. They said that only Win 11 officially support NCM in the issue on github yet they do have a built-in driver in Win10 and 2004 tag there in the repo.

1 month

1
0
0 0

[PATCH v4] [ARM] fix reference leak in locomo_init_one_child()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. device_register() includes device_add(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v4: - deleted the redundant initialization; Changes in v3: - modified the patch as suggestions; Changes in v2: - modified the patch as suggestions. --- arch/arm/common/locomo.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/arm/common/locomo.c b/arch/arm/common/locomo.c index cb6ef449b987..45106066a17f 100644 --- a/arch/arm/common/locomo.c +++ b/arch/arm/common/locomo.c @@ -223,10 +223,8 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) int ret; dev = kzalloc(sizeof(struct locomo_dev), GFP_KERNEL); - if (!dev) { - ret = -ENOMEM; - goto out; - } + if (!dev) + return -ENOMEM; /* * If the parent device has a DMA mask associated with it, @@ -254,10 +252,9 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) NO_IRQ : lchip->irq_base + info->irq[0]; ret = device_register(&dev->dev); - if (ret) { - out: - kfree(dev); - } + if (ret) + put_device(&dev->dev); + return ret; } -- 2.25.1

1 month

3
2
0 0

[PATCH v2 1/7] mm/hugetlb: Fix avoid_reserve to allow taking folio from subpool

by Peter Xu

Since commit 04f2cbe35699 ("hugetlb: guarantee that COW faults for a process that called mmap(MAP_PRIVATE) on hugetlbfs will succeed"), avoid_reserve was introduced for a special case of CoW on hugetlb private mappings, and only if the owner VMA is trying to allocate yet another hugetlb folio that is not reserved within the private vma reserved map. Later on, in commit d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate"), alloc_huge_page() enforced to not consume any global reservation as long as avoid_reserve=true. This operation doesn't look correct, because even if it will enforce the allocation to not use global reservation at all, it will still try to take one reservation from the spool (if the subpool existed). Then since the spool reserved pages take from global reservation, it'll also take one reservation globally. Logically it can cause global reservation to go wrong. I wrote a reproducer below, trigger this special path, and every run of such program will cause global reservation count to increment by one, until it hits the number of free pages: #define _GNU_SOURCE /* See feature_test_macros(7) */ #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <unistd.h> #include <stdlib.h> #include <sys/mman.h> #define MSIZE (2UL << 20) int main(int argc, char *argv[]) { const char *path; int *buf; int fd, ret; pid_t child; if (argc < 2) { printf("usage: %s <hugetlb_file>\n", argv[0]); return -1; } path = argv[1]; fd = open(path, O_RDWR | O_CREAT, 0666); if (fd < 0) { perror("open failed"); return -1; } ret = fallocate(fd, 0, 0, MSIZE); if (ret != 0) { perror("fallocate"); return -1; } buf = mmap(NULL, MSIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); if (buf == MAP_FAILED) { perror("mmap() failed"); return -1; } /* Allocate a page */ *buf = 1; child = fork(); if (child == 0) { /* child doesn't need to do anything */ exit(0); } /* Trigger CoW from owner */ *buf = 2; munmap(buf, MSIZE); close(fd); unlink(path); return 0; } It can only reproduce with a sub-mount when there're reserved pages on the spool, like: # sysctl vm.nr_hugepages=128 # mkdir ./hugetlb-pool # mount -t hugetlbfs -o min_size=8M,pagesize=2M none ./hugetlb-pool Then run the reproducer on the mountpoint: # ./reproducer ./hugetlb-pool/test Fix it by taking the reservation from spool if available. In general, avoid_reserve is IMHO more about "avoid vma resv map", not spool's. I copied stable, however I have no intention for backporting if it's not a clean cherry-pick, because private hugetlb mapping, and then fork() on top is too rare to hit. Cc: linux-stable <stable(a)vger.kernel.org> Fixes: d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate") Reviewed-by: Ackerley Tng <ackerleytng(a)google.com> Tested-by: Ackerley Tng <ackerleytng(a)google.com> Signed-off-by: Peter Xu <peterx(a)redhat.com> --- mm/hugetlb.c | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 354eec6f7e84..2bf971f77553 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1394,8 +1394,7 @@ static unsigned long available_huge_pages(struct hstate *h) static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, struct vm_area_struct *vma, - unsigned long address, int avoid_reserve, - long chg) + unsigned long address, long chg) { struct folio *folio = NULL; struct mempolicy *mpol; @@ -1411,10 +1410,6 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, if (!vma_has_reserves(vma, chg) && !available_huge_pages(h)) goto err; - /* If reserves cannot be used, ensure enough pages are in the pool */ - if (avoid_reserve && !available_huge_pages(h)) - goto err; - gfp_mask = htlb_alloc_mask(h); nid = huge_node(vma, address, gfp_mask, &mpol, &nodemask); @@ -1430,7 +1425,7 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, nid, nodemask); - if (folio && !avoid_reserve && vma_has_reserves(vma, chg)) { + if (folio && vma_has_reserves(vma, chg)) { folio_set_hugetlb_restore_reserve(folio); h->resv_huge_pages--; } @@ -3047,17 +3042,6 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, gbl_chg = hugepage_subpool_get_pages(spool, 1); if (gbl_chg < 0) goto out_end_reservation; - - /* - * Even though there was no reservation in the region/reserve - * map, there could be reservations associated with the - * subpool that can be used. This would be indicated if the - * return value of hugepage_subpool_get_pages() is zero. - * However, if avoid_reserve is specified we still avoid even - * the subpool reservations. - */ - if (avoid_reserve) - gbl_chg = 1; } /* If this allocation is not consuming a reservation, charge it now. @@ -3080,7 +3064,7 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, * from the global free pool (global change). gbl_chg == 0 indicates * a reservation exists for the allocation. */ - folio = dequeue_hugetlb_folio_vma(h, vma, addr, avoid_reserve, gbl_chg); + folio = dequeue_hugetlb_folio_vma(h, vma, addr, gbl_chg); if (!folio) { spin_unlock_irq(&hugetlb_lock); folio = alloc_buddy_hugetlb_folio_with_mpol(h, vma, addr); -- 2.47.0

1 month

2
1
0 0

[PATCH 6.12 000/172] 6.12.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.6 release. There are 172 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Dec 2024 17:05:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.6-rc1 Juergen Gross <jgross(a)suse.com> x86/xen: remove hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: use new hypercall functions instead of hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: add central hypercall functions Juergen Gross <jgross(a)suse.com> x86/xen: don't do PV iret hypercall through hypercall page Juergen Gross <jgross(a)suse.com> x86/static-call: provide a way to do very early static-call updates Juergen Gross <jgross(a)suse.com> objtool/x86: allow syscall instruction Juergen Gross <jgross(a)suse.com> x86: make get_cpu_vendor() accessible from Xen code Juergen Gross <jgross(a)suse.com> xen/netfront: fix crash when removing device James Morse <james.morse(a)arm.com> KVM: arm64: Disable MPAM visibility by default and ignore VMM writes Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: set `bindgen`'s Rust target version Nilay Shroff <nilay(a)linux.ibm.com> block: Fix potential deadlock while freezing queue and acquiring sysfs_lock Ming Lei <ming.lei(a)redhat.com> blk-mq: move cpuhp callback registering out of q->sysfs_lock Weizhao Ouyang <o451686892(a)gmail.com> kselftest/arm64: abi: fix SVCR detection Nathan Chancellor <nathan(a)kernel.org> blk-iocost: Avoid using clamp() on inuse in __propagate_weights() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/reg_sr: Remove register pool Mirsad Todorovac <mtodorovac69(a)gmail.com> drm/xe: fix the ERR_PTR() returned on failure to allocate tiny pt Robert Hodaszi <robert.hodaszi(a)digi.com> net: dsa: tag_ocelot_8021q: fix broken reception Jesse Van Gavere <jesseevg(a)gmail.com> net: dsa: microchip: KSZ9896 register regmap alignment to 32 bit boundaries Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix initial MPIC register setting Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Bluetooth: btmtk: avoid UAF in btmtk_process_coredump Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix circular lock in iso_conn_big_sync Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix circular lock in iso_listen_bis Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: SCO: Add support for 16 bits transparent voice setting Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix recursive locking warning Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Always release hdev at the end of iso_listen_bis Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array Daniel Borkmann <daniel(a)iogearbox.net> team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> team: Fix initial vlan_feature set in __team_compute_features Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features Daniel Borkmann <daniel(a)iogearbox.net> net, team, bonding: Add netdev_base_features helper Martin Ottens <martin.ottens(a)fau.de> net/sched: netem: account for backlog updates from child qdisc Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix stuck CPU-injected packets with short taprio windows Maxim Levitsky <mlevitsk(a)redhat.com> net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs Maxim Levitsky <mlevitsk(a)redhat.com> net: mana: Fix memory leak in mana_gd_setup_irqs Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: do not defer rule destruction via call_rcu Phil Sutter <phil(a)nwl.cc> netfilter: IDLETIMER: Fix for possible ABBA deadlock Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Stabilize rpath.sh Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_spdif: change IFACE_PCM to IFACE_MIXER Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: change IFACE_PCM to IFACE_MIXER James Clark <james.clark(a)linaro.org> libperf: evlist: Fix --cpu argument on hybrid platform Michal Luczaj <mhal(a)rbox.co> Bluetooth: Improve setsockopt() handling of malformed user input Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2781: Fix calibration issue in stress test Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: handle stop vs interrupt race Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: avoid use-after-put for a device tree node Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix leaked pointer on error path Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix race window between tx start and complete Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix possible early skb release David Howells <dhowells(a)redhat.com> cifs: Fix rmdir failure due to ongoing I/O on deleted file Petr Machata <petrm(a)nvidia.com> Documentation: networking: Add a caveat to nexthop_compat_mode sysctl Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips LongPing Wei <weilongping(a)oppo.com> block: get wp_offset by bdev_offset_from_zone_start Paul Barker <paul.barker.ct(a)bp.renesas.com> Documentation: PM: Clarify pm_runtime_resume_and_get() return value Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: yc: Fix the wrong return value Takashi Iwai <tiwai(a)suse.de> ALSA: control: Avoid WARN() for symlink errors Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make driver probing reliable Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix clock speed for multiple QCA7000 Anumula Murali Mohan Reddy <anumula(a)chelsio.com> cxgb4: use port number to set mac addr Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> ACPI: resource: Fix memory resource type union access Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix the maximum frame length register Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix FDMA performance issue Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() Philippe Simons <simons.philippe(a)gmail.com> regulator: axp20x: AXP717: set ramp_delay Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: be resilient to loss of PTP packets during transmission Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: ocelot->ts_id_lock and ocelot_port->tx_skbs.lock are IRQ-safe Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: improve handling of TX timestamp for unknown skb Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix memory leak on ocelot_port_add_txtstamp_skb() Eric Dumazet <edumazet(a)google.com> net: defer final 'struct net' free in netns dismantle Eric Dumazet <edumazet(a)google.com> net: lapb: increase LAPB_HEADER_LEN Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix GSO type for HW GRO packets on 5750X chips Thomas Weißschuh <linux(a)weissschuh.net> ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init() Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Ensure no extra packets are counted Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove duplicate test cases Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove h1 ingress test case Haoyu Li <lihaoyu499(a)gmail.com> wifi: cfg80211: sme: init n_channels before channels[] access Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx5: DR, prevent potential error pointer dereference Eric Dumazet <edumazet(a)google.com> tipc: fix NULL deref in cleanup_bearer() Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not let TT changes list grows indefinitely Remi Pommarel <repk(a)triplefau.lt> batman-adv: Remove uninitialized data in full table TT response Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not send uninitialized TT changes David (Ming Qiang) Wu <David.Wu3(a)amd.com> amdgpu/uvd: get ring reference from rq scheduler Suraj Sonawane <surajsonawane0215(a)gmail.com> acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Arnaldo Carvalho de Melo <acme(a)kernel.org> perf machine: Initialize machine->env to address a segfault Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mac80211: fix station NSS capability initialization order Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: fix a queue stall in certain cases of CSA Haoyu Li <lihaoyu499(a)gmail.com> wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon Lin Ma <linma(a)zju.edu.cn> wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix build-id event recording Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Augment raw_tp arguments with PTR_MAYBE_NULL Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix update element with same Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix race between element replace and close() Jiri Olsa <jolsa(a)kernel.org> bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Jann Horn <jannh(a)google.com> bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Check size for BTF-based ctx access of pointer members Darrick J. Wong <djwong(a)kernel.org> xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Darrick J. Wong <djwong(a)kernel.org> xfs: only run precommits once per transaction object Darrick J. Wong <djwong(a)kernel.org> xfs: fix scrub tracepoints when inode-rooted btrees are involved Darrick J. Wong <djwong(a)kernel.org> xfs: return from xfs_symlink_verify early on V4 filesystems Darrick J. Wong <djwong(a)kernel.org> xfs: fix null bno_hint handling in xfs_rtallocate_rtg Darrick J. Wong <djwong(a)kernel.org> xfs: return a 64-bit block count from xfs_btree_count_blocks Darrick J. Wong <djwong(a)kernel.org> xfs: don't drop errno values when we fail to ficlone the entire range Darrick J. Wong <djwong(a)kernel.org> xfs: update btree keys correctly when _insrec splits an inode root block Darrick J. Wong <djwong(a)kernel.org> xfs: set XFS_SICK_INO_SYMLINK_ZAPPED explicitly when zapping a symlink Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: hard-code MALL cacheline size for gfx11, gfx12 Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: hard-code cacheline size for gfx11 Andrew Martin <Andrew.Martin(a)amd.com> drm/amdkfd: Dereference null return value Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix when the cleaner shader is emitted Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: Set SMU v13.0.7 default workload type Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix UVD contiguous CS mapping problem Eugene Kobyak <eugene.kobyak(a)intel.com> drm/i915: Fix NULL pointer dereference in capture_engine Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/color: Stop using non-posted DSB writes for legacy LUT Jiasheng Jiang <jiashengjiangcool(a)outlook.com> drm/i915: Fix memory leak by correcting cache object name in error handler Jesse.zhang(a)amd.com <Jesse.zhang(a)amd.com> drm/amdkfd: pause autosuspend when creating pdd Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe: Call invalidation_fence_fini for PT inval fences in error state Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Remove cache tags before disabling ATS Luis Claudio R. Goncalves <lgoncalv(a)redhat.com> iommu/tegra241-cmdqv: do not use smp_processor_id in preemptible context Neal Frager <neal.frager(a)amd.com> usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode Łukasz Bartosik <ukaszb(a)chromium.org> usb: typec: ucsi: Fix completion notifications Lianqin Hu <hulianqin(a)vivo.com> usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() Xu Yang <xu.yang_2(a)nxp.com> usb: dwc3: imx8mp: fix software node kernel dump Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: typec: anx7411: fix fwnode_handle reference leak Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-hcd: fix call balance of clocks handling routines Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix interpretation of is_midi1 bits liuderong <liuderong(a)oppo.com> scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD port connection race Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD resume Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL" Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: only check primary hcd skip_phy_initialization Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Check if GPIO line can be used for IRQs Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Determine if GPIO pad can be used by driver Shankar Bandal <shankar.bandal(a)intel.com> gpio: graniterapids: Fix invalid RXEVCFG register bitmask Shankar Bandal <shankar.bandal(a)intel.com> gpio: graniterapids: Fix invalid GPI_IS register offset Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix incorrect BAR assignment Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix vGPIO driver crash Damien Le Moal <dlemoal(a)kernel.org> block: Ignore REQ_NOWAIT for zone reset and zone finish operations Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> usb: host: max3421-hcd: Correctly abort a USB request. Miguel Ojeda <ojeda(a)kernel.org> drm/panic: remove spurious empty line to clean warning Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/debugfs - fix the struct pointer incorrectly offset problem Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix IPIs usage in kfence_protect_page() Hridesh MG <hridesh699(a)gmail.com> ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 Jaakko Salo <jaakkos(a)gmail.com> ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 Haoyu Li <lihaoyu499(a)gmail.com> gpio: ljca: Initialize num before accessing item in ljca_gpio_config Christian Loehle <christian.loehle(a)arm.com> spi: rockchip: Fix PM runtime count on no-op cs Shakeel Butt <shakeel.butt(a)linux.dev> memcg: slub: fix SUnreclaim for post charged objects Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix GPIO Ack functionality Damien Le Moal <dlemoal(a)kernel.org> block: Prevent potential deadlocks in zone write plug error recovery Damien Le Moal <dlemoal(a)kernel.org> dm: Fix dm-zoned-reclaim zone write pointer alignment Damien Le Moal <dlemoal(a)kernel.org> block: Use a zone write plug BIO work for REQ_NOWAIT BIOs Damien Le Moal <dlemoal(a)kernel.org> block: Switch to using refcount_t for zone write plugs Tejun Heo <tj(a)kernel.org> blk-cgroup: Fix UAF in blkcg_unpin_online() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix wrong usage of __pa() on a fixmap address Björn Töpel <bjorn(a)rivosinc.com> riscv: mm: Do not call pmd dtor on vmemmap page table teardown Koichiro Den <koichiro.den(a)canonical.com> virtio_net: ensure netdev_tx_reset_queue is called on tx ring resize Koichiro Den <koichiro.den(a)canonical.com> virtio_ring: add a func argument 'recycle_done' to virtqueue_resize() Koichiro Den <koichiro.den(a)canonical.com> virtio_net: correct netdev_tx_reset_queue() invocation point Kuan-Wei Chiu <visitorckw(a)gmail.com> perf ftrace: Fix undefined behavior in cmp_profile_data() MoYuanhao <moyuanhao3676(a)163.com> tcp: check space before adding MPTCP SYN options Frederik Deweerdt <deweerdt.lkml(a)gmail.com> splice: do not checksum AF_UNIX sockets Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue from session lookup and expire Christian Marangi <ansuelsmth(a)gmail.com> clk: en7523: Fix wrong BUS clock for EN7581 Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix replenish_dl_new_period dl_server condition Jann Horn <jannh(a)google.com> bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check if TX data was written to device in .tx_empty() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> usb: misc: onboard_usb_dev: skip suspend/resume sequence for USB5744 SMBus support ------------- Diffstat: Documentation/networking/ip-sysctl.rst | 6 + Documentation/power/runtime_pm.rst | 4 +- Makefile | 4 +- arch/arm64/kvm/sys_regs.c | 55 ++- arch/riscv/include/asm/kfence.h | 4 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/mm/init.c | 7 +- arch/x86/events/intel/ds.c | 2 +- arch/x86/include/asm/processor.h | 2 + arch/x86/include/asm/static_call.h | 15 + arch/x86/include/asm/sync_core.h | 6 +- arch/x86/include/asm/xen/hypercall.h | 36 +- arch/x86/kernel/callthunks.c | 5 - arch/x86/kernel/cpu/common.c | 38 +- arch/x86/kernel/static_call.c | 9 + arch/x86/xen/enlighten.c | 64 ++- arch/x86/xen/enlighten_hvm.c | 13 +- arch/x86/xen/enlighten_pv.c | 4 +- arch/x86/xen/enlighten_pvh.c | 7 - arch/x86/xen/xen-asm.S | 50 +- arch/x86/xen/xen-head.S | 106 ++++- arch/x86/xen/xen-ops.h | 9 + block/blk-cgroup.c | 6 +- block/blk-iocost.c | 9 +- block/blk-mq-sysfs.c | 16 +- block/blk-mq.c | 127 ++++- block/blk-sysfs.c | 4 +- block/blk-zoned.c | 526 +++++++++------------ drivers/acpi/acpica/evxfregn.c | 2 - drivers/acpi/nfit/core.c | 7 +- drivers/acpi/resource.c | 6 +- drivers/ata/sata_highbank.c | 1 + drivers/bluetooth/btmtk.c | 20 +- drivers/clk/clk-en7523.c | 5 +- drivers/crypto/hisilicon/debugfs.c | 4 +- drivers/gpio/gpio-graniterapids.c | 52 +- drivers/gpio/gpio-ljca.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 13 +- drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 24 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 23 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 12 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 1 + drivers/gpu/drm/drm_panic_qr.rs | 1 - drivers/gpu/drm/i915/display/intel_color.c | 30 +- drivers/gpu/drm/i915/i915_gpu_error.c | 18 +- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- drivers/gpu/drm/xe/tests/xe_migrate.c | 4 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 + drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h | 1 + drivers/gpu/drm/xe/xe_pt.c | 3 +- drivers/gpu/drm/xe/xe_reg_sr.c | 31 +- drivers/gpu/drm/xe/xe_reg_sr_types.h | 6 - drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 2 +- drivers/iommu/intel/cache.c | 34 +- drivers/iommu/intel/iommu.c | 4 +- drivers/md/dm-zoned-reclaim.c | 6 +- drivers/net/bonding/bond_main.c | 10 +- drivers/net/dsa/microchip/ksz_common.c | 42 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 17 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 14 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 9 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 5 +- .../mellanox/mlx5/core/steering/dr_domain.c | 4 +- .../net/ethernet/microchip/sparx5/sparx5_main.c | 11 +- .../net/ethernet/microchip/sparx5/sparx5_port.c | 2 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 6 +- drivers/net/ethernet/mscc/ocelot_ptp.c | 207 ++++---- drivers/net/ethernet/qualcomm/qca_spi.c | 26 +- drivers/net/ethernet/qualcomm/qca_spi.h | 1 - drivers/net/ethernet/renesas/rswitch.c | 95 ++-- drivers/net/ethernet/renesas/rswitch.h | 14 +- drivers/net/team/team_core.c | 11 +- drivers/net/virtio_net.c | 24 +- drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +- drivers/net/xen-netfront.c | 5 +- drivers/ptp/ptp_kvm_x86.c | 6 +- drivers/regulator/axp20x-regulator.c | 36 +- drivers/spi/spi-aspeed-smc.c | 10 +- drivers/spi/spi-rockchip.c | 14 + drivers/tty/serial/sh-sci.c | 29 ++ drivers/ufs/core/ufshcd.c | 1 + drivers/usb/core/hcd.c | 8 +- drivers/usb/dwc2/hcd.c | 19 +- drivers/usb/dwc3/dwc3-imx8mp.c | 30 +- drivers/usb/dwc3/dwc3-xilinx.c | 5 +- drivers/usb/gadget/function/f_midi2.c | 6 +- drivers/usb/gadget/function/u_serial.c | 9 +- drivers/usb/host/ehci-sh.c | 9 +- drivers/usb/host/max3421-hcd.c | 16 +- drivers/usb/misc/onboard_usb_dev.c | 4 +- drivers/usb/typec/anx7411.c | 66 ++- drivers/usb/typec/ucsi/ucsi.c | 6 +- drivers/virtio/virtio_ring.c | 6 +- fs/smb/client/inode.c | 5 +- fs/smb/server/auth.c | 2 + fs/smb/server/mgmt/user_session.c | 6 +- fs/smb/server/server.c | 4 +- fs/smb/server/smb2pdu.c | 27 +- fs/xfs/libxfs/xfs_btree.c | 33 +- fs/xfs/libxfs/xfs_btree.h | 2 +- fs/xfs/libxfs/xfs_ialloc_btree.c | 4 +- fs/xfs/libxfs/xfs_symlink_remote.c | 4 +- fs/xfs/scrub/agheader.c | 6 +- fs/xfs/scrub/agheader_repair.c | 6 +- fs/xfs/scrub/fscounters.c | 2 +- fs/xfs/scrub/ialloc.c | 4 +- fs/xfs/scrub/refcount.c | 2 +- fs/xfs/scrub/symlink_repair.c | 3 +- fs/xfs/scrub/trace.h | 2 +- fs/xfs/xfs_bmap_util.c | 2 +- fs/xfs/xfs_file.c | 8 + fs/xfs/xfs_rtalloc.c | 2 +- fs/xfs/xfs_trans.c | 19 +- include/linux/blkdev.h | 5 +- include/linux/bpf.h | 19 +- include/linux/compiler.h | 39 +- include/linux/dsa/ocelot.h | 1 + include/linux/netdev_features.h | 7 + include/linux/static_call.h | 1 + include/linux/virtio.h | 3 +- include/net/bluetooth/bluetooth.h | 10 +- include/net/lapb.h | 2 +- include/net/mac80211.h | 4 +- include/net/net_namespace.h | 1 + include/net/netfilter/nf_tables.h | 4 - include/soc/mscc/ocelot.h | 2 - kernel/bpf/btf.c | 149 +++++- kernel/bpf/verifier.c | 79 +--- kernel/sched/deadline.c | 2 +- kernel/static_call_inline.c | 2 +- kernel/trace/bpf_trace.c | 11 + kernel/trace/trace_uprobe.c | 6 +- mm/slub.c | 21 +- net/batman-adv/translation-table.c | 58 ++- net/bluetooth/hci_event.c | 33 +- net/bluetooth/hci_sock.c | 14 +- net/bluetooth/iso.c | 71 ++- net/bluetooth/l2cap_sock.c | 20 +- net/bluetooth/rfcomm/sock.c | 9 +- net/bluetooth/sco.c | 40 +- net/core/net_namespace.c | 20 +- net/core/sock_map.c | 6 +- net/dsa/tag_ocelot_8021q.c | 2 +- net/ipv4/tcp_output.c | 6 +- net/mac80211/cfg.c | 9 +- net/mac80211/ieee80211_i.h | 49 +- net/mac80211/iface.c | 12 +- net/mac80211/mlme.c | 2 - net/mac80211/util.c | 23 +- net/netfilter/nf_tables_api.c | 32 +- net/netfilter/xt_IDLETIMER.c | 52 +- net/sched/sch_netem.c | 22 +- net/tipc/udp_media.c | 7 +- net/unix/af_unix.c | 1 + net/wireless/nl80211.c | 2 +- net/wireless/sme.c | 1 + rust/Makefile | 15 +- sound/core/control_led.c | 14 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 13 +- sound/soc/codecs/tas2781-i2c.c | 2 +- sound/soc/fsl/fsl_spdif.c | 2 +- sound/soc/fsl/fsl_xcvr.c | 2 +- sound/soc/intel/boards/sof_sdw.c | 8 +- sound/usb/quirks.c | 2 + tools/lib/perf/evlist.c | 18 +- tools/objtool/check.c | 9 +- tools/perf/builtin-ftrace.c | 3 +- tools/perf/util/build-id.c | 4 +- tools/perf/util/machine.c | 2 + .../testing/selftests/arm64/abi/syscall-abi-asm.S | 32 +- .../selftests/bpf/progs/test_tp_btf_nullable.c | 6 +- .../selftests/bpf/progs/verifier_btf_ctx_access.c | 4 +- .../testing/selftests/bpf/progs/verifier_d_path.c | 4 +- .../selftests/drivers/net/mlxsw/sharedbuffer.sh | 55 ++- tools/testing/selftests/net/netfilter/rpath.sh | 18 +- 182 files changed, 2200 insertions(+), 1299 deletions(-)

1 month

18
194
0 0

[PATCH 1/2] media: streamzap: fix race between device disconnection and urb callback

by Murad Masimov

Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish. If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 8e9e60640067 ("V4L/DVB: staging/lirc: port lirc_streamzap to ir-core") Cc: stable(a)vger.kernel.org Reported-by: syzbot+34008406ee9a31b13c73(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=34008406ee9a31b13c73 Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> --- drivers/media/rc/streamzap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/rc/streamzap.c b/drivers/media/rc/streamzap.c index 9b209e687f25..2ce62fe5d60f 100644 --- a/drivers/media/rc/streamzap.c +++ b/drivers/media/rc/streamzap.c @@ -385,8 +385,8 @@ static void streamzap_disconnect(struct usb_interface *interface) if (!sz) return; - rc_unregister_device(sz->rdev); usb_kill_urb(sz->urb_in); + rc_unregister_device(sz->rdev); usb_free_urb(sz->urb_in); usb_free_coherent(usbdev, sz->buf_in_len, sz->buf_in, sz->dma_in); -- 2.39.2

1 month

1
0
0 0

FAILED: patch "[PATCH] tty: serial: 8250: Fix another runtime PM usage counter" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ed2761958ad77e54791802b07095786150eab844 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025011340-empirical-actress-7e43@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed2761958ad77e54791802b07095786150eab844 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= <ilpo.jarvinen(a)linux.intel.com> Date: Tue, 10 Dec 2024 19:01:20 +0200 Subject: [PATCH] tty: serial: 8250: Fix another runtime PM usage counter underflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The commit f9b11229b79c ("serial: 8250: Fix PM usage_count for console handover") fixed one runtime PM usage counter balance problem that occurs because .dev is not set during univ8250 setup preventing call to pm_runtime_get_sync(). Later, univ8250_console_exit() will trigger the runtime PM usage counter underflow as .dev is already set at that time. Call pm_runtime_get_sync() to balance the RPM usage counter also in serial8250_register_8250_port() before trying to add the port. Reported-by: Borislav Petkov (AMD) <bp(a)alien8.de> Fixes: bedb404e91bb ("serial: 8250_port: Don't use power management for kernel console") Cc: stable <stable(a)kernel.org> Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Link: https://lore.kernel.org/r/20241210170120.2231-1-ilpo.jarvinen@linux.intel.c… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c index 5f9f06911795..68baf75bdadc 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -812,6 +812,9 @@ int serial8250_register_8250_port(const struct uart_8250_port *up) uart->dl_write = up->dl_write; if (uart->port.type != PORT_8250_CIR) { + if (uart_console_registered(&uart->port)) + pm_runtime_get_sync(uart->port.dev); + if (serial8250_isa_config != NULL) serial8250_isa_config(0, &uart->port, &uart->capabilities);

1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2025