October 2025 - Linux-stable-mirror

Re: Patch "binfmt_elf: preserve original ELF e_flags for core dumps" has been added to the 6.12-stable tree

by Kees Cook

On Thu, Oct 23, 2025 at 11:25:53AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > binfmt_elf: preserve original ELF e_flags for core dumps > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > binfmt_elf-preserve-original-elf-e_flags-for-core-du.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. No, please don't. I already asked that this not be auto-backported: https://lore.kernel.org/all/202510020856.736F028D@keescook/ -- Kees Cook

2 weeks, 3 days

1
0
0 0

[PATCH net v4] virtio-net: fix received length check in big packets

by Bui Quang Minh

Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on negotiated MTU. The number of allocated frags for big packets is stored in vi->big_packets_num_skbfrags. Because the host announced buffer length can be malicious (e.g. the host vhost_net driver's get_rx_bufs is modified to announce incorrect length), we need a check in virtio_net receive path. Currently, the check is not adapted to the new change which can lead to NULL page pointer dereference in the below while loop when receiving length that is larger than the allocated one. This commit fixes the received length check corresponding to the new change. Fixes: 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets") Cc: stable(a)vger.kernel.org Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- Changes in v4: - Remove unrelated changes, add more comments Changes in v3: - Convert BUG_ON to WARN_ON_ONCE Changes in v2: - Remove incorrect give_pages call --- drivers/net/virtio_net.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index a757cbcab87f..0ffe78b3fd8d 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -852,7 +852,7 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, { struct sk_buff *skb; struct virtio_net_common_hdr *hdr; - unsigned int copy, hdr_len, hdr_padded_len; + unsigned int copy, hdr_len, hdr_padded_len, max_remaining_len; struct page *page_to_free = NULL; int tailroom, shinfo_size; char *p, *hdr_p, *buf; @@ -915,13 +915,23 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, * This is here to handle cases when the device erroneously * tries to receive more than is possible. This is usually * the case of a broken device. + * + * The number of allocated pages for big packet is + * vi->big_packets_num_skbfrags + 1, the start of first page is + * for virtio header, the remaining is for data. We need to ensure + * the remaining len does not go out of the allocated pages. + * Please refer to add_recvbuf_big for more details on big packet + * buffer allocation. */ - if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) { + BUG_ON(offset >= PAGE_SIZE); + max_remaining_len = (unsigned int)PAGE_SIZE - offset; + max_remaining_len += vi->big_packets_num_skbfrags * PAGE_SIZE; + if (unlikely(len > max_remaining_len)) { net_dbg_ratelimited("%s: too much data\n", skb->dev->name); dev_kfree_skb(skb); return NULL; } - BUG_ON(offset >= PAGE_SIZE); + while (len) { unsigned int frag_size = min((unsigned)PAGE_SIZE - offset, len); skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page, offset, -- 2.43.0

2 weeks, 3 days

3
4
0 0

Linux 6.17.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.5 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Documentation/sphinx/kernel_feat.py | 4 Documentation/sphinx/kernel_include.py | 6 Documentation/sphinx/maintainers_include.py | 4 Makefile | 2 arch/Kconfig | 1 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/sysreg.h | 11 arch/arm64/kernel/cpu_errata.c | 1 arch/arm64/kernel/entry-common.c | 8 arch/arm64/kvm/arm.c | 6 arch/powerpc/kernel/fadump.c | 3 arch/riscv/kernel/probes/kprobes.c | 13 arch/x86/kernel/cpu/amd.c | 16 arch/x86/kernel/cpu/resctrl/monitor.c | 44 + arch/x86/mm/tlb.c | 24 - block/blk-cgroup.c | 13 block/blk-mq-sched.c | 2 block/blk-mq-tag.c | 5 block/blk-mq.c | 2 block/blk-mq.h | 3 drivers/accel/qaic/qaic.h | 2 drivers/accel/qaic/qaic_control.c | 2 drivers/accel/qaic/qaic_data.c | 12 drivers/accel/qaic/qaic_debugfs.c | 5 drivers/accel/qaic/qaic_drv.c | 3 drivers/ata/libata-core.c | 11 drivers/cxl/acpi.c | 2 drivers/cxl/core/features.c | 3 drivers/cxl/core/region.c | 7 drivers/cxl/core/trace.h | 2 drivers/dpll/zl3073x/core.c | 228 ++++++---- drivers/dpll/zl3073x/core.h | 3 drivers/dpll/zl3073x/devlink.c | 18 drivers/dpll/zl3073x/regs.h | 3 drivers/gpu/drm/amd/amdgpu/Makefile | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 54 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 2 drivers/gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 ++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 drivers/gpu/drm/amd/amdgpu/nv.h | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/drm_draw.c | 2 drivers/gpu/drm/drm_draw_internal.h | 2 drivers/gpu/drm/i915/display/intel_fb.c | 38 - drivers/gpu/drm/i915/display/intel_frontbuffer.c | 10 drivers/gpu/drm/i915/gem/i915_gem_object_frontbuffer.h | 2 drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/panthor/panthor_fw.c | 1 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 drivers/gpu/drm/xe/display/xe_plane_initial.c | 3 drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 drivers/gpu/drm/xe/xe_assert.h | 4 drivers/gpu/drm/xe/xe_bo.c | 1 drivers/gpu/drm/xe/xe_bo.h | 4 drivers/gpu/drm/xe/xe_bo_evict.c | 8 drivers/gpu/drm/xe/xe_bo_types.h | 1 drivers/gpu/drm/xe/xe_device.c | 22 drivers/gpu/drm/xe/xe_device_types.h | 62 -- drivers/gpu/drm/xe/xe_gt_idle.c | 8 drivers/gpu/drm/xe/xe_gt_pagefault.c | 13 drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 3 drivers/gpu/drm/xe/xe_guc_submit.c | 13 drivers/gpu/drm/xe/xe_migrate.c | 25 - drivers/gpu/drm/xe/xe_pci.c | 8 drivers/gpu/drm/xe/xe_query.c | 5 drivers/gpu/drm/xe/xe_svm.c | 63 +- drivers/gpu/drm/xe/xe_tile.c | 58 +- drivers/gpu/drm/xe/xe_tile.h | 14 drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 10 drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 22 drivers/gpu/drm/xe/xe_ttm_vram_mgr.h | 3 drivers/gpu/drm/xe/xe_vm.c | 32 + drivers/gpu/drm/xe/xe_vm_types.h | 2 drivers/gpu/drm/xe/xe_vram.c | 243 +++++++---- drivers/gpu/drm/xe/xe_vram.h | 12 drivers/gpu/drm/xe/xe_vram_types.h | 85 +++ drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 - drivers/hid/intel-thc-hid/intel-quickspi/quickspi-protocol.c | 3 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 226 ++++------ drivers/net/can/m_can/m_can.c | 62 +- drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/airoha/airoha_eth.c | 16 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 - drivers/net/ethernet/google/gve/gve.h | 2 drivers/net/ethernet/google/gve/gve_desc_dqo.h | 3 drivers/net/ethernet/google/gve/gve_rx_dqo.c | 18 drivers/net/ethernet/intel/idpf/idpf_ptp.c | 3 drivers/net/ethernet/intel/idpf/idpf_virtchnl_ptp.c | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 drivers/net/ethernet/intel/ixgbevf/defines.h | 1 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 + drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 182 ++++++-- drivers/net/ethernet/intel/ixgbevf/vf.h | 1 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 1 drivers/net/ethernet/mediatek/mtk_wed.c | 8 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/netdevsim/netdev.c | 7 drivers/net/phy/broadcom.c | 20 drivers/net/phy/realtek/realtek_main.c | 23 - drivers/net/usb/lan78xx.c | 19 drivers/net/usb/r8152.c | 7 drivers/net/usb/usbnet.c | 2 drivers/nvme/host/auth.c | 6 drivers/nvme/host/multipath.c | 6 drivers/nvme/host/tcp.c | 3 drivers/pci/controller/vmd.c | 13 drivers/phy/cadence/cdns-dphy.c | 131 ++++- drivers/usb/gadget/function/f_acm.c | 42 - drivers/usb/gadget/function/f_ecm.c | 48 -- drivers/usb/gadget/function/f_ncm.c | 78 +-- drivers/usb/gadget/function/f_rndis.c | 85 +-- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 fs/btrfs/ioctl.c | 2 fs/btrfs/relocation.c | 13 fs/btrfs/super.c | 3 fs/btrfs/zoned.c | 2 fs/coredump.c | 2 fs/dax.c | 2 fs/dcache.c | 2 fs/exec.c | 2 fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/f2fs/data.c | 2 fs/file_attr.c | 12 fs/fuse/ioctl.c | 4 fs/hfsplus/unicode.c | 24 + fs/jbd2/transaction.c | 13 fs/nfsd/blocklayout.c | 25 - fs/nfsd/blocklayoutxdr.c | 86 ++- fs/nfsd/blocklayoutxdr.h | 4 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 36 - fs/nfsd/nfs4xdr.c | 25 - fs/nfsd/pnfs.h | 1 fs/nfsd/xdr4.h | 39 + fs/overlayfs/copy_up.c | 2 fs/overlayfs/inode.c | 5 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 fs/smb/client/smb2ops.c | 8 fs/smb/server/mgmt/user_session.c | 7 fs/smb/server/smb2pdu.c | 9 fs/smb/server/transport_ipc.c | 12 fs/xfs/libxfs/xfs_log_format.h | 30 + fs/xfs/libxfs/xfs_ondisk.h | 2 fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 + include/linux/brcmphy.h | 1 include/linux/libata.h | 6 include/linux/suspend.h | 6 include/linux/usb/gadget.h | 25 + include/net/ip_tunnels.h | 15 include/uapi/drm/amdgpu_drm.h | 21 io_uring/register.c | 1 io_uring/rw.c | 2 kernel/events/core.c | 8 kernel/power/hibernate.c | 11 kernel/sched/core.c | 2 kernel/sched/deadline.c | 3 kernel/sched/fair.c | 26 - mm/slub.c | 9 net/can/j1939/main.c | 2 net/core/dev.c | 40 + net/ipv4/ip_tunnel.c | 14 net/ipv4/tcp_output.c | 19 net/ipv6/ip6_tunnel.c | 3 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 31 + rust/kernel/cpufreq.rs | 3 sound/firewire/amdtp-stream.h | 2 sound/hda/codecs/realtek/alc269.c | 1 sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 sound/hda/codecs/side-codecs/hda_component.c | 4 sound/hda/controllers/intel.c | 1 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/codecs/idt821034.c | 12 sound/soc/codecs/nau8821.c | 111 +++-- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 tools/testing/selftests/net/rtnetlink.sh | 2 tools/testing/selftests/net/vlan_bridge_binding.sh | 2 209 files changed, 2368 insertions(+), 1221 deletions(-) Ada Couprie Diaz (1): arm64: debug: always unmask interrupts in el0_softstp() Adrian Hunter (3): perf/core: Fix address filter match with backing files perf/core: Fix MMAP event path names with backing files perf/core: Fix MMAP2 event device with backing files Alex Deucher (6): drm/amdgpu: add ip offset support for cyan skillfish drm/amdgpu: add support for cyan skillfish without IP discovery drm/amdgpu: fix handling of harvesting for ip_discovery firmware drm/amdgpu: handle wrap around in reemit handling drm/amdgpu: set an error on all fences from a bad context drm/amdgpu: drop unused structures in amdgpu_drm.h Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alison Schofield (1): cxl/trace: Subtract to find an hpa_alias0 in cxl_poison events Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrey Albershteyn (1): Revert "fs: make vfs_fileattr_[get|set] return -EOPNOTSUPP" Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Babu Moger (2): x86/resctrl: Refactor resctrl_arch_rmid_read() x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Bhanu Seshu Kumar Valluri (1): net: usb: lan78xx: Fix lost EEPROM write timeout error(-ETIMEDOUT) in lan78xx_write_raw_eeprom Boris Burkov (1): btrfs: fix incorrect readahead expansion length Breno Leitao (1): netdevsim: set the carrier when the device goes up Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christian Brauner (1): coredump: fix core_pattern input validation Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Conor Dooley (1): rust: cfi: only 64-bit arm and x86 support CFI_CLANG Cristian Ciocaltea (4): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Consistently clear interrupts before unmasking ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Damien Le Moal (1): ata: libata-core: relax checks in ata_read_log_directory() Dan Carpenter (1): drm/xe: Fix an IS_ERR() vs NULL bug in xe_tile_alloc_vram() Dave Jiang (3): cxl/acpi: Fix setup of memory resource in cxl_acpi_set_cache_size() cxl/features: Add check for no entries in cxl_feature_info cxl: Fix match_region_by_range() to use region_res_match_cxl_range() Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Denis Arefev (2): ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() ALSA: hda: Fix missing pointer check in hda_component_manager_init function Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Even Xu (1): HID: intel-thc-hid: Intel-quickspi: switch first interrupt from level to edge detection Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Florian Westphal (1): net: core: fix lockdep splat on device unregister Francesco Valla (1): drm/draw: fix color truncation in drm_draw_fill24 Greg Kroah-Hartman (1): Linux 6.17.5 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Hao Ge (1): slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL Harshit Mogalapalli (1): Octeontx2-af: Fix missing error code in cgx_probe() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): x86/mm: Fix SMP ordering in switch_mm_irqs_off() Inochi Amaoto (1): PCI: vmd: Override irq_startup()/irq_shutdown() in vmd_init_dev_msi_info() Ivan Vecera (2): dpll: zl3073x: Refactor DPLL initialization dpll: zl3073x: Handle missing or corrupted flash configuration Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jeff Hugo (1): accel/qaic: Fix bootlog initialization ordering Jens Axboe (1): Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Jonathan Corbet (1): docs: kdoc: handle the obsolescensce of docutils.ErrorString() Jonathan Kim (1): drm/amdgpu: fix gfx12 mes packet status return check Kamil Horák - 2N (1): net: phy: bcm54811: Fix GMII/MII/MII-Lite selection Kenneth Graunke (1): drm/xe: Increase global invalidation timeout to 1000us Ketil Johnsen (1): drm/panthor: Ensure MCU is disabled on suspend Koichiro Den (1): ixgbe: fix too early devlink_free() in ixgbe_remove() Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_rndis: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_ncm: Refactor bind path to use __free() Li Qiang (1): ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Lorenzo Bianconi (1): net: airoha: Take into account out-of-order tx completions in airoha_dev_xmit() Lorenzo Pieralisi (1): arm64/sysreg: Fix GIC CDEOI instruction encoding Lucas De Marchi (1): drm/xe: Move rebar to be done earlier Marc Kleine-Budde (4): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active can: m_can: m_can_chip_config(): bring up interface in correct state can: m_can: fix CAN state in system PM Marek Vasut (2): net: phy: realtek: Avoid PHYCR2 access if PHYCR2 not present drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Mario Limonciello (AMD) (2): PM: hibernate: Add pm_hibernation_mode_is_suspend() drm/amd: Fix hybrid sleep Marios Makassikis (1): ksmbd: fix recursive locking in RPC handle list access Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Martin George (1): nvme-auth: update sc_c in host response Matthew Auld (1): drm/xe/evict: drop bogus assert Matthew Brost (1): drm/xe: Don't allow evicting of BOs in same VM in array of VM binds Matthew Schwartz (1): Revert "drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume" Miguel Ojeda (1): rust: cpufreq: fix formatting Milena Olech (1): idpf: cleanup remaining SKBs in PTP flows Ming Lei (1): block: Remove elevator_lock usage from blkg_conf frozen operations Miquel Sabaté Solà (2): btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Nicolas Dichtel (1): doc: fix seg6_flowlabel path Oliver Upton (1): KVM: arm64: Prevent access to vCPU events before init Pavel Begunkov (1): io_uring: protect mem region deregistration Peter Zijlstra (Intel) (1): sched/deadline: Stop dl_server before CPU goes offline Piotr Piórkowski (4): drm/xe: Use devm_ioremap_wc for VRAM mapping and drop manual unmap drm/xe: Use dynamic allocation for tile and device VRAM region structures drm/xe: Move struct xe_vram_region to a dedicated header drm/xe: Unify the initialization of VRAM regions Pranjal Ramajor Asha Kanojiya (1): accel/qaic: Synchronize access to DBC request queue head & tail pointer Qu Wenruo (1): btrfs: only set the device specific options after devices are opened Rafael J. Wysocki (1): PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Rex Lu (1): net: mtk: wed: add dma mask limitation and GFP_DMA32 for device with more than 4GB DRAM Rong Zhang (1): x86/CPU/AMD: Prevent reset reasons from being retained across reboot Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sergey Bashirov (4): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Implement large extent array support in pNFS NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Shuicheng Lin (1): drm/xe/guc: Check GuC running state before deregistering exec queue Sourabh Jain (1): powerpc/fadump: skip parameter area allocation when fadump is disabled Stuart Hayhurst (1): ALSA: hda/intel: Add MSI X870E Tomahawk to denylist Takashi Iwai (1): ALSA: hda/realtek: Add quirk entry for HP ZBook 17 G6 Tetsuo Handa (1): can: j1939: add missing calls in NETDEV_UNREGISTER notification handler Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Tim Hostetler (1): gve: Check valid ts bit on RX descriptor before hw timestamping Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Ville Syrjälä (2): drm/i915/frontbuffer: Move bo refcounting intel_frontbuffer_{get,release}() drm/i915/fb: Fix the set_tiling vs. addfb race, again Vinay Belgaumkar (1): drm/xe: Enable media sampler power gating Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Wang Liang (1): selftests: net: check jq command is supported Wilfred Mallawa (1): nvme/tcp: handle tls partially sent records in write_space() Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yu Kuai (1): blk-mq: fix stale tag depth for shared sched tags in blk_mq_update_nr_requests() Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress Zqiang (1): usbnet: Fix using smp_processor_id() in preemptible code warnings

2 weeks, 3 days

1
1
0 0

Linux 6.12.55

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.55 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/Kconfig | 1 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/kernel/cpu_errata.c | 1 arch/riscv/kernel/probes/kprobes.c | 13 - arch/x86/kernel/cpu/resctrl/monitor.c | 44 ++- drivers/accel/qaic/qaic.h | 2 drivers/accel/qaic/qaic_control.c | 2 drivers/accel/qaic/qaic_data.c | 12 - drivers/accel/qaic/qaic_debugfs.c | 5 drivers/accel/qaic/qaic_drv.c | 3 drivers/base/power/runtime.c | 44 +++ drivers/cdx/cdx_msi.c | 5 drivers/cpufreq/cppc_cpufreq.c | 14 + drivers/dma/idxd/init.c | 2 drivers/gpu/drm/amd/amdgpu/Makefile | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 48 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/cyan_skillfish_reg_init.c | 56 ++++ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 7 drivers/gpu/drm/amd/amdgpu/nv.h | 1 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/drm_draw.c | 2 drivers/gpu/drm/drm_draw_internal.h | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++------ drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 28 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 drivers/gpu/drm/panthor/panthor_fw.c | 1 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 - drivers/gpu/drm/xe/xe_guc_submit.c | 13 + drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +- drivers/md/md-linear.c | 1 drivers/md/raid0.c | 16 + drivers/md/raid1.c | 37 ++- drivers/md/raid10.c | 55 ++++ drivers/md/raid5.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++------------ drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 drivers/net/can/m_can/m_can.c | 84 ++++--- drivers/net/can/m_can/m_can.h | 1 drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 + drivers/net/ethernet/intel/ixgbevf/defines.h | 6 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 +++ drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/netdevsim/netdev.c | 7 drivers/net/usb/lan78xx.c | 38 ++- drivers/net/usb/r8152.c | 7 drivers/net/wireless/realtek/rtw89/core.c | 39 +-- drivers/net/wireless/realtek/rtw89/core.h | 6 drivers/net/wireless/realtek/rtw89/mac80211.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 2 drivers/nvme/host/multipath.c | 6 drivers/nvme/host/tcp.c | 3 drivers/phy/cadence/cdns-dphy.c | 131 ++++++++--- drivers/usb/gadget/function/f_acm.c | 42 +-- drivers/usb/gadget/function/f_ecm.c | 48 +--- drivers/usb/gadget/function/f_ncm.c | 78 ++---- drivers/usb/gadget/function/f_rndis.c | 85 ++----- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 - fs/btrfs/ioctl.c | 2 fs/btrfs/relocation.c | 13 - fs/btrfs/zoned.c | 2 fs/dax.c | 2 fs/dcache.c | 12 - fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/f2fs/data.c | 2 fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 - fs/nfsd/blocklayout.c | 33 +- fs/nfsd/blocklayoutxdr.c | 171 ++++++++------ fs/nfsd/blocklayoutxdr.h | 8 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 36 +-- fs/nfsd/nfs4xdr.c | 25 -- fs/nfsd/nfsd.h | 1 fs/nfsd/pnfs.h | 1 fs/nfsd/xdr4.h | 39 +++ fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 + fs/smb/client/smb2ops.c | 8 fs/smb/server/mgmt/user_session.c | 7 fs/smb/server/smb2pdu.c | 9 fs/smb/server/transport_ipc.c | 12 + fs/xfs/libxfs/xfs_log_format.h | 30 ++ fs/xfs/libxfs/xfs_ondisk.h | 2 fs/xfs/scrub/reap.c | 9 fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 ++ include/linux/mm.h | 2 include/linux/pci.h | 14 + include/linux/pm_runtime.h | 4 include/linux/usb/gadget.h | 25 ++ include/net/dst.h | 32 ++ include/net/inet6_hashtables.h | 2 include/net/inet_connection_sock.h | 3 include/net/inet_hashtables.h | 2 include/net/ip.h | 11 include/net/ip_tunnels.h | 15 + include/net/route.h | 2 io_uring/rw.c | 2 kernel/events/core.c | 8 kernel/padata.c | 6 kernel/sched/fair.c | 26 +- mm/slub.c | 9 net/core/dst.c | 4 net/core/sock.c | 14 - net/ipv4/icmp.c | 24 +- net/ipv4/igmp.c | 2 net/ipv4/ip_fragment.c | 2 net/ipv4/ip_output.c | 19 + net/ipv4/ip_tunnel.c | 14 - net/ipv4/ip_vti.c | 4 net/ipv4/netfilter.c | 4 net/ipv4/route.c | 8 net/ipv4/tcp_fastopen.c | 4 net/ipv4/tcp_input.c | 3 net/ipv4/tcp_ipv4.c | 12 - net/ipv4/tcp_metrics.c | 8 net/ipv4/tcp_output.c | 19 + net/ipv4/xfrm4_output.c | 2 net/ipv6/ip6_tunnel.c | 3 net/ipv6/tcp_ipv6.c | 22 - net/mptcp/ctrl.c | 9 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 31 ++ rust/bindings/bindings_helper.h | 1 sound/firewire/amdtp-stream.h | 2 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/codecs/idt821034.c | 12 - sound/soc/codecs/nau8821.c | 53 +++- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 - 161 files changed, 1901 insertions(+), 955 deletions(-) Adrian Hunter (3): perf/core: Fix address filter match with backing files perf/core: Fix MMAP event path names with backing files perf/core: Fix MMAP2 event device with backing files Akhil P Oommen (1): drm/msm/a6xx: Fix PDC sleep sequence Al Viro (1): d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier Alex Deucher (3): drm/amdgpu: add ip offset support for cyan skillfish drm/amdgpu: add support for cyan skillfish without IP discovery drm/amdgpu: fix handling of harvesting for ip_discovery firmware Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Babu Moger (2): x86/resctrl: Refactor resctrl_arch_rmid_read() x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Boris Burkov (1): btrfs: fix incorrect readahead expansion length Breno Leitao (1): netdevsim: set the carrier when the device goes up Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Conor Dooley (1): rust: cfi: only 64-bit arm and x86 support CFI_CLANG Cristian Ciocaltea (3): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Darrick J. Wong (1): xfs: use deferred intent items for reaping crosslinked blocks Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (5): tcp: fix tcp_tso_should_defer() vs large RTT tcp: convert to dev_net_rcu() tcp: cache RTAX_QUICKACK metric in a hot cache line net: dst: add four helpers to annotate data-races around dst->dev ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Fabian Vogt (1): riscv: kprobes: Fix probe address validation Fedor Pchelkin (1): wifi: rtw89: avoid possible TX wait initialization race Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Francesco Valla (1): drm/draw: fix color truncation in drm_draw_fill24 Greg Kroah-Hartman (1): Linux 6.12.55 Guenter Roeck (1): dmaengine: Add missing cleanup on module unload Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Hao Ge (1): slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jeffrey Hugo (1): accel/qaic: Fix bootlog initialization ordering Jens Axboe (1): Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Jiri Slaby (SUSE) (1): irqdomain: cdx: Switch to of_fwnode_handle() John Garry (3): md/raid0: Handle bio_split() errors md/raid1: Handle bio_split() errors md/raid10: Handle bio_split() errors Jonathan Kim (1): drm/amdgpu: fix gfx12 mes packet status return check Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Ketil Johnsen (1): drm/panthor: Ensure MCU is disabled on suspend Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_rndis: Refactor bind path to use __free() Kuniyuki Iwashima (2): mptcp: Call dst_release() in mptcp_active_enable(). mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). Laurent Pinchart (1): media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Li Qiang (1): ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Marc Kleine-Budde (4): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active can: m_can: m_can_chip_config(): bring up interface in correct state can: m_can: fix CAN state in system PM Marek Vasut (1): drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Marios Makassikis (1): ksmbd: fix recursive locking in RPC handle list access Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Matthieu Baerts (NGI0) (1): mptcp: reset blackhole on success with non-loopback ifaces Miaoqian Lin (1): cdx: Fix device node reference leak in cdx_msi_domain_init Miquel Sabaté Solà (2): btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST Nicolas Dichtel (1): doc: fix seg6_flowlabel path Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Piotr Kwapulinski (2): PCI: Add PCI_VDEVICE_SUB helper macro ixgbevf: Add support for Intel(R) E610 device Pranjal Ramajor Asha Kanojiya (1): accel/qaic: Synchronize access to DBC request queue head & tail pointer Rafael J. Wysocki (1): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sean Nyekjaer (4): can: m_can: add deinit callback can: m_can: call deinit/init callback when going into suspend/resume iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sergey Bashirov (6): nfsd: Use correct error code when decoding extents nfsd: Drop dprintk in blocklayout xdr functions NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Implement large extent array support in pNFS NFSD: Fix last write offset handling in layoutcommit Sharath Chandra Vurukala (1): net: Add locking to protect skb->dev access in ip_output Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Shuicheng Lin (1): drm/xe/guc: Check GuC running state before deregistering exec queue Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Wilfred Mallawa (1): nvme/tcp: handle tls partially sent records in write_space() Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yu Kuai (1): md: fix mssing blktrace bio split events Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress

2 weeks, 3 days

1
1
0 0

Linux 6.6.114

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.114 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/kernel/cpu_errata.c | 1 arch/riscv/kernel/probes/kprobes.c | 13 - block/bdev.c | 17 + block/blk-zoned.c | 5 block/fops.c | 16 + block/ioctl.c | 6 drivers/accel/qaic/qaic_control.c | 2 drivers/base/power/runtime.c | 44 +++ drivers/bluetooth/btusb.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++------ drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 9 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 38 +-- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 10 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 - drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-core.h | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c | 2 drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 225 +++++++------------ drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c | 2 drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 + drivers/net/ethernet/intel/ixgbevf/defines.h | 6 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 +++ drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 194 +++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/usb/lan78xx.c | 38 ++- drivers/net/usb/r8152.c | 7 drivers/nvme/host/multipath.c | 6 drivers/pci/controller/cadence/pci-j721e.c | 64 +++++ drivers/pci/controller/dwc/pcie-tegra194.c | 10 drivers/pci/pci-sysfs.c | 10 drivers/phy/cadence/cdns-dphy.c | 131 ++++++++--- drivers/usb/gadget/function/f_acm.c | 42 +-- drivers/usb/gadget/function/f_ecm.c | 48 +--- drivers/usb/gadget/function/f_ncm.c | 78 ++---- drivers/usb/gadget/function/f_rndis.c | 85 ++----- drivers/usb/gadget/udc/core.c | 3 fs/btrfs/extent_io.c | 2 fs/btrfs/free-space-tree.c | 15 - fs/btrfs/relocation.c | 13 - fs/dax.c | 2 fs/dcache.c | 2 fs/eventpoll.c | 145 ++---------- fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/ext4/super.c | 17 - fs/f2fs/data.c | 2 fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 - fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 fs/nfsd/export.c | 60 ++++- fs/nfsd/export.h | 2 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 +- fs/nfsd/nfs4xdr.c | 14 - fs/nfsd/nfsfh.c | 12 - fs/nfsd/xdr4.h | 36 ++- fs/nilfs2/the_nilfs.c | 3 fs/ocfs2/super.c | 6 fs/quota/dquot.c | 13 - fs/quota/quota_v1.c | 3 fs/quota/quota_v2.c | 9 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 + fs/smb/client/smb2ops.c | 8 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/server.h | 1 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_ipc.c | 1 fs/smb/server/transport_tcp.c | 69 ++--- fs/smb/server/transport_tcp.h | 1 fs/xfs/libxfs/xfs_log_format.h | 30 ++ fs/xfs/scrub/reap.c | 19 + fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 ++ fs/xfs/xfs_ondisk.h | 2 include/linux/cpufreq.h | 3 include/linux/mm.h | 2 include/linux/pci.h | 14 + include/linux/pm_runtime.h | 4 include/linux/quota.h | 2 include/linux/usb/gadget.h | 25 ++ include/net/ip_tunnels.h | 15 + kernel/padata.c | 6 kernel/sched/fair.c | 38 +-- mm/shmem.c | 7 net/ipv4/ip_tunnel.c | 14 - net/ipv4/tcp_output.c | 19 + net/ipv6/ip6_tunnel.c | 3 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 33 ++ rust/bindings/bindings_helper.h | 2 rust/bindings/lib.rs | 1 sound/firewire/amdtp-stream.h | 2 sound/soc/codecs/idt821034.c | 12 - sound/soc/codecs/nau8821.c | 53 +++- sound/usb/card.c | 10 tools/testing/selftests/bpf/prog_tests/arg_parsing.c | 12 - 127 files changed, 1542 insertions(+), 923 deletions(-) Akhil P Oommen (1): drm/msm/a6xx: Fix PDC sleep sequence Alexey Simakov (1): tg3: prevent use of uninitialized remote_adv and local_adv variables Alok Tiwari (1): drm/rockchip: vop2: use correct destination rectangle height check Amit Chaudhary (1): nvme-multipath: Skip nr_active increments in RETRY disposition Andrii Nakryiko (1): selftests/bpf: make arg_parsing.c more robust to crashes Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Boris Burkov (1): btrfs: fix incorrect readahead expansion length Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Celeste Liu (2): can: gs_usb: gs_make_candev(): populate net_device->dev_port can: gs_usb: increase max interface to U8_MAX Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Christophe Leroy (1): ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Cristian Ciocaltea (3): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Darrick J. Wong (2): block: fix race between set_blocksize and read paths xfs: use deferred intent items for reaping crosslinked blocks Deepanshu Kartikey (1): ext4: detect invalid INLINE_DATA + EXTENTS flag combination Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Greg Kroah-Hartman (1): Linux 6.6.114 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Guoniu Zhou (1): media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Huang Xiaojia (1): epoll: Remove ep_scan_ready_list() in comments I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: reorganize DMA aligned buffers in structure Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kemeng Shi (1): quota: remove unneeded return value of register_quota_format Konrad Dybcio (1): drm/msm/adreno: De-spaghettify the use of memory barriers Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_rndis: Refactor bind path to use __free() Laurent Pinchart (1): media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Marc Kleine-Budde (1): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Marek Vasut (1): drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Nam Cao (1): eventpoll: Replace rwlock with spinlock Namjae Jeon (1): ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Piotr Kwapulinski (2): PCI: Add PCI_VDEVICE_SUB helper macro ixgbevf: Add support for Intel(R) E610 device Rafael J. Wysocki (1): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Ryusuke Konishi (1): nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Sabrina Dubroca (5): tls: trim encrypted message to match the plaintext on short splice tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Scott Mayhew (1): nfsd: decouple the xprtsec policy check from check_nfsd_access() Sean Nyekjaer (2): iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shashank A P (1): fs: quota: create dedicated workqueue for quota_release_work Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (1): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xing Guo (1): selftests: arg_parsing: Ensure data is flushed to disk before reading. Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Youssef Samir (1): accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zenm Chen (1): Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks Zhanjun Dong (1): drm/i915/guc: Skip communication warning on reset in progress

2 weeks, 3 days

1
1
0 0

[PATCH net V2] virtio-net: zero unused hash fields

by Jason Wang

When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may leak information to another side. Fixing this by zeroing the unused hash fields. Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Fixes: a2fb4bc4e2a6a ("net: implement virtio helpers to handle UDP GSO tunneling") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- include/linux/virtio_net.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 20e0584db1dd..4d1780848d0e 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -401,6 +401,10 @@ virtio_net_hdr_tnl_from_skb(const struct sk_buff *skb, if (!tnl_hdr_negotiated) return -EINVAL; + vhdr->hash_hdr.hash_value = 0; + vhdr->hash_hdr.hash_report = 0; + vhdr->hash_hdr.padding = 0; + /* Let the basic parsing deal with plain GSO features. */ skb_shinfo(skb)->gso_type &= ~tnl_gso_type; ret = virtio_net_hdr_from_skb(skb, hdr, true, false, vlan_hlen); -- 2.42.0

2 weeks, 3 days

3
2
0 0

[PATCH v4] media: videobuf2: forbid remove_bufs when legacy fileio is active

by Marek Szyprowski

vb2_ioctl_remove_bufs() call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Forbid that ioctl when fileio is active to protect internal queue state between subsequent read/write calls. CC: stable(a)vger.kernel.org Fixes: a3293a85381e ("media: v4l2: Add REMOVE_BUFS ioctl") Reported-by: Shuangpeng Bai <SJB7183(a)psu.edu> Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v4: - got back to simple vb2_fileio_is_active() check as in v1, as relying on vb2_verify_memory_type() misses some corner cases important to v4l2 compliance v3: https://lore.kernel.org/all/20251023113052.1303082-1-m.szyprowski@samsung.c… - moved vb2_verify_memory_type() check after (d->count == 0) check to pass v4l2 compliance v2: https://lore.kernel.org/all/20251020160121.1985354-1-m.szyprowski@samsung.c… - dropped a change to vb2_ioctl_create_bufs(), as it is already handled by the vb2_verify_memory_type() call - replaced queue->type check in vb2_ioctl_remove_bufs() by a call to vb2_verify_memory_type() which covers all cases v1: https://lore.kernel.org/all/20251016111154.993949-1-m.szyprowski@samsung.co… --- drivers/media/common/videobuf2/videobuf2-v4l2.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c index d911021c1bb0..83862d57b126 100644 --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c @@ -1010,6 +1010,11 @@ int vb2_ioctl_remove_bufs(struct file *file, void *priv, if (vb2_queue_is_busy(vdev->queue, file)) return -EBUSY; + if (vb2_fileio_is_active(vdev->queue)) { + dprintk(vdev->queue, 1, "file io in progress\n"); + return -EBUSY; + } + return vb2_core_remove_bufs(vdev->queue, d->index, d->count); } EXPORT_SYMBOL_GPL(vb2_ioctl_remove_bufs); -- 2.34.1

2 weeks, 3 days

1
0
0 0

[PATCH net] vsock: fix lock inversion in vsock_assign_transport()

by Stefano Garzarella

From: Stefano Garzarella <sgarzare(a)redhat.com> Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduced by commit 687aa0c5581b ("vsock: Fix transport_* TOCTOU") which added vsock_register_mutex locking in vsock_assign_transport() around the transport->release() call, that can call vsock_linger(). vsock_assign_transport() can be called with sk_lock held. vsock_linger() calls sk_wait_event() that temporarily releases and re-acquires sk_lock. During this window, if another thread hold vsock_register_mutex while trying to acquire sk_lock, a circular dependency is created. Fix this by releasing vsock_register_mutex before calling transport->release() and vsock_deassign_transport(). This is safe because we don't need to hold vsock_register_mutex while releasing the old transport, and we ensure the new transport won't disappear by obtaining a module reference first via try_module_get(). Reported-by: syzbot+10e35716f8e4929681fa(a)syzkaller.appspotmail.com Tested-by: syzbot+10e35716f8e4929681fa(a)syzkaller.appspotmail.com Fixes: 687aa0c5581b ("vsock: Fix transport_* TOCTOU") Cc: mhal(a)rbox.co Cc: stable(a)vger.kernel.org Signed-off-by: Stefano Garzarella <sgarzare(a)redhat.com> --- net/vmw_vsock/af_vsock.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 4c2db6cca557..76763247a377 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -487,12 +487,26 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) goto err; } - if (vsk->transport) { - if (vsk->transport == new_transport) { - ret = 0; - goto err; - } + if (vsk->transport && vsk->transport == new_transport) { + ret = 0; + goto err; + } + /* We increase the module refcnt to prevent the transport unloading + * while there are open sockets assigned to it. + */ + if (!new_transport || !try_module_get(new_transport->module)) { + ret = -ENODEV; + goto err; + } + + /* It's safe to release the mutex after a successful try_module_get(). + * Whichever transport `new_transport` points at, it won't go away until + * the last module_put() below or in vsock_deassign_transport(). + */ + mutex_unlock(&vsock_register_mutex); + + if (vsk->transport) { /* transport->release() must be called with sock lock acquired. * This path can only be taken during vsock_connect(), where we * have already held the sock lock. In the other cases, this @@ -512,20 +526,6 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) vsk->peer_shutdown = 0; } - /* We increase the module refcnt to prevent the transport unloading - * while there are open sockets assigned to it. - */ - if (!new_transport || !try_module_get(new_transport->module)) { - ret = -ENODEV; - goto err; - } - - /* It's safe to release the mutex after a successful try_module_get(). - * Whichever transport `new_transport` points at, it won't go away until - * the last module_put() below or in vsock_deassign_transport(). - */ - mutex_unlock(&vsock_register_mutex); - if (sk->sk_type == SOCK_SEQPACKET) { if (!new_transport->seqpacket_allow || !new_transport->seqpacket_allow(remote_cid)) { -- 2.51.0

2 weeks, 3 days

2
1
0 0

[PATCH 6.1.y] wifi: iwlwifi: fix debug actions order

by Vasiliy Kovalev

From: Johannes Berg <johannes.berg(a)intel.com> commit eb29b4ffafb20281624dcd2cbb768d6f30edf600 upstream. The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order. Fixes: 1a5daead217c ("iwlwifi: yoyo: support for ROM usniffer") Fixes: f21baf244112 ("iwlwifi: yoyo: fw debug config from context info and preset") Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> Link: https://patch.msgid.link/20250308231427.6de7fa8e63ed.I40632c48e2a67a8aca05d… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> [ kovalev: bp to fix CVE-2025-38045; added Fixes tags ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c index ab80c79e35bc..d6d9f60839db 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause /* - * Copyright (C) 2018-2022 Intel Corporation + * Copyright (C) 2018-2025 Intel Corporation */ #include <linux/firmware.h> #include "iwl-drv.h" @@ -1363,15 +1363,15 @@ void _iwl_dbg_tlv_time_point(struct iwl_fw_runtime *fwrt, switch (tp_id) { case IWL_FW_INI_TIME_POINT_EARLY: iwl_dbg_tlv_init_cfg(fwrt); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_update_drams(fwrt); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; case IWL_FW_INI_TIME_POINT_AFTER_ALIVE: iwl_dbg_tlv_apply_buffers(fwrt); iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; case IWL_FW_INI_TIME_POINT_PERIODIC: iwl_dbg_tlv_set_periodic_trigs(fwrt); @@ -1381,14 +1381,14 @@ void _iwl_dbg_tlv_time_point(struct iwl_fw_runtime *fwrt, case IWL_FW_INI_TIME_POINT_MISSED_BEACONS: case IWL_FW_INI_TIME_POINT_FW_DHC_NOTIFICATION: iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, iwl_dbg_tlv_check_fw_pkt); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; default: iwl_dbg_tlv_send_hcmds(fwrt, hcmd_list); - iwl_dbg_tlv_apply_config(fwrt, conf_list); iwl_dbg_tlv_tp_trigger(fwrt, sync, trig_list, tp_data, NULL); + iwl_dbg_tlv_apply_config(fwrt, conf_list); break; } } -- 2.50.1

2 weeks, 3 days

1
0
0 0

[PATCH 1/2] dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups

by Krzysztof Kozlowski

The "groups" property can hold multiple entries (e.g. toshiba/tmpv7708-rm-mbrc.dts file), so allow that by dropping incorrect type (pinmux-node.yaml schema already defines that as string-array) and adding constraints for items. This fixes dtbs_check warnings like: toshiba/tmpv7708-rm-mbrc.dtb: pinctrl@24190000 (toshiba,tmpv7708-pinctrl): pwm-pins:groups: ['pwm0_gpio16_grp', 'pwm1_gpio17_grp', 'pwm2_gpio18_grp', 'pwm3_gpio19_grp'] is too long Fixes: 1825c1fe0057 ("pinctrl: Add DT bindings for Toshiba Visconti TMPV7700 SoC") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- .../pinctrl/toshiba,visconti-pinctrl.yaml | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml b/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml index 19d47fd414bc..ce04d2eadec9 100644 --- a/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml +++ b/Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml @@ -50,18 +50,20 @@ patternProperties: groups: description: Name of the pin group to use for the functions. - $ref: /schemas/types.yaml#/definitions/string - enum: [i2c0_grp, i2c1_grp, i2c2_grp, i2c3_grp, i2c4_grp, - i2c5_grp, i2c6_grp, i2c7_grp, i2c8_grp, - spi0_grp, spi0_cs0_grp, spi0_cs1_grp, spi0_cs2_grp, - spi1_grp, spi2_grp, spi3_grp, spi4_grp, spi5_grp, spi6_grp, - uart0_grp, uart1_grp, uart2_grp, uart3_grp, - pwm0_gpio4_grp, pwm0_gpio8_grp, pwm0_gpio12_grp, - pwm0_gpio16_grp, pwm1_gpio5_grp, pwm1_gpio9_grp, - pwm1_gpio13_grp, pwm1_gpio17_grp, pwm2_gpio6_grp, - pwm2_gpio10_grp, pwm2_gpio14_grp, pwm2_gpio18_grp, - pwm3_gpio7_grp, pwm3_gpio11_grp, pwm3_gpio15_grp, - pwm3_gpio19_grp, pcmif_out_grp, pcmif_in_grp] + items: + enum: [i2c0_grp, i2c1_grp, i2c2_grp, i2c3_grp, i2c4_grp, + i2c5_grp, i2c6_grp, i2c7_grp, i2c8_grp, + spi0_grp, spi0_cs0_grp, spi0_cs1_grp, spi0_cs2_grp, + spi1_grp, spi2_grp, spi3_grp, spi4_grp, spi5_grp, spi6_grp, + uart0_grp, uart1_grp, uart2_grp, uart3_grp, + pwm0_gpio4_grp, pwm0_gpio8_grp, pwm0_gpio12_grp, + pwm0_gpio16_grp, pwm1_gpio5_grp, pwm1_gpio9_grp, + pwm1_gpio13_grp, pwm1_gpio17_grp, pwm2_gpio6_grp, + pwm2_gpio10_grp, pwm2_gpio14_grp, pwm2_gpio18_grp, + pwm3_gpio7_grp, pwm3_gpio11_grp, pwm3_gpio15_grp, + pwm3_gpio19_grp, pcmif_out_grp, pcmif_in_grp] + minItems: 1 + maxItems: 8 drive-strength: enum: [2, 4, 6, 8, 16, 24, 32] -- 2.48.1

2 weeks, 3 days

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2025