February 2025 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.16 release. There are 225 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 22 Feb 2025 10:44:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.16-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.16-rc2 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vfio/platform: check the bounds of read/write syscalls" Michal Luczaj <mhal(a)rbox.co> vsock: Orphan socket after transport release Michal Luczaj <mhal(a)rbox.co> vsock: Keep the binding until socket destruction Pavel Begunkov <asml.silence(a)gmail.com> io_uring/kbuf: reallocate buf lists on upgrade Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Ensure clk_gating.lock is used only after initialization Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Jiri Olsa <jolsa(a)kernel.org> selftests/bpf: Fix uprobe consumer test Jason Xing <kernelxing(a)tencent.com> bpf: handle implicit declaration of function gettid in bpf_iter.c Andrew Cooper <andrew.cooper3(a)citrix.com> x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Hangbin Liu <liuhangbin(a)gmail.com> selftests: rtnetlink: update netdevsim ipsec output format Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: print human readable IP address Chris Brandt <chris.brandt(a)renesas.com> drm: renesas: rz-du: Increase supported resolutions Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/tracing: Fix a potential TP_printk UAF Christian Gmeiner <cgmeiner(a)igalia.com> drm/v3d: Stop active perfmon if it is being destroyed Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu1: don't choke on disabling the writeback connector Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Clear the interrupt status for interrupts being disabled Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix issue in irq handling causing irq-flood issue Eric Dumazet <edumazet(a)google.com> ipv6: mcast: add RCU protection to mld_newpack() Filipe Manana <fdmanana(a)suse.com> btrfs: fix stale page cache after race between readahead and direct IO write David Sterba <dsterba(a)suse.com> btrfs: rename __get_extent_map() and pass btrfs_inode Eric Dumazet <edumazet(a)google.com> ipv6: mcast: extend RCU protection in igmp6_send() Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Move hidraw input (un)registering to work Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Make sure rumble work is canceled on removal Eric Dumazet <edumazet(a)google.com> ipv6: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> flow_dissector: use RCU protection to fetch dev_net() Eric Dumazet <edumazet(a)google.com> ipv4: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in __ip_rt_update_pmtu() Vladimir Vdovin <deliran(a)verdict.gg> net: ipv4: Cache pmtu for all packet paths if multipath enabled Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ipv4_default_advmss() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ip_dst_mtu_maybe_forward() Eric Dumazet <edumazet(a)google.com> ipv4: add RCU protection to ip4_dst_hoplimit() Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Fix cpufreq_policy ref counting Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: convert mutex use to guard() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Align offline flow of shared memory and MSR based systems Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Call cppc_set_epp_perf in the reenable function Justin M. Forbes <jforbes(a)fedoraproject.org> rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Prepare to introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce ufshcd_has_pending_tasks() Waiman Long <longman(a)redhat.com> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Waiman Long <longman(a)redhat.com> clocksource: Use pr_info() for "Checking clocksource synchronization" message Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Filipe Manana <fdmanana(a)suse.com> btrfs: fix hole expansion when writing at an offset beyond EOF Wentao Liang <vulab(a)iscas.ac.cn> mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Shyam Prasad N <sprasad(a)microsoft.com> cifs: pick channels for individual subrequests Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Set buffer type for empty frames in igc_init_empty_frame Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix register settings for hs400(es) mode Nathan Chancellor <nathan(a)kernel.org> arm64: Handle .ARM.attributes section in linker scripts Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Fix potential memory leak in iopf_queue_remove_device() Varadarajan Narayanan <quic_varada(a)quicinc.com> regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect autogroup migration detection Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix handling of isolated VFs Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Always update ->iotype in __uart_read_properties() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Assign ->iotype correctly when ->iobase is set Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: fix race between fork and cgroup.kill Miguel Ojeda <ojeda(a)kernel.org> rust: rbtree: fix overindented list item Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function Miguel Ojeda <ojeda(a)kernel.org> arm64: rust: clean Rust 1.85.0 warning using softfloat target Ard Biesheuvel <ardb(a)kernel.org> efi: Avoid cold plugged memory for placing the kernel Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: fix bitsize and target detection on clang Bjorn Helgaas <bhelgaas(a)google.com> PCI: Avoid FLR for Mediatek MT7922 WiFi Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: fix handling of 6 GHz rules Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: etas_es58x: fix potential NULL pointer dereference on udev->serial Robin van der Gracht <robin(a)protonic.nl> can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Fedor Pchelkin <pchelkin(a)ispras.ru> can: ctucanfd: handle skb allocation failure Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Stefan Eichenberger <stefan.eichenberger(a)toradex.com> usb: core: fix pipe creation for get_bMaxPacketSize0 Huacai Chen <chenhuacai(a)kernel.org> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Restore xhci_pci support for Renesas HCs Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)kernel.org> usb: gadget: udc: renesas_usb3: Fix compiler warning Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Update pages_touched to reflect persistent buffer content Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Validate the persistent meta data subbuf array Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not allow mmap() of persistent ring buffer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Unlock resize on mmap error Sean Christopherson <seanjc(a)google.com> perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Enter guest mode before initializing nested NPT MMU Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Kees Cook <kees(a)kernel.org> kbuild: Use -fzero-init-padding-bits=all Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Masahiro Yamada <masahiroy(a)kernel.org> kbuild: suppress stdout from merge_config for silent builds Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Rik van Riel <riel(a)fb.com> x86/mm/tlb: Only trim the mm_cpumask once a second Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V Koichiro Den <koichiro.den(a)canonical.com> selftests: gpio: gpio-sim: Fix missing chip disablements Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode() Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem Zichen Xie <zichenxie0106(a)gmail.com> NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Brian Norris <briannorris(a)chromium.org> kunit: platform: Resolve 'struct completion' warning Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add workaround for RTS bit toggle Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Share WCH IDs with parport_serial driver Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Resolve WCH vendor ID ambiguity Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Abort event processing on second signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Abort event processing on second signal Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Rakesh Babu Saladi <Saladi.Rakeshbabu(a)microchip.com> PCI: switchtec: Add Microchip PCI100X device IDs Takashi Iwai <tiwai(a)suse.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add Kurokesu C1 PRO camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Implement dual stream quirk to fix loss of usb packets Naushir Patuck <naush(a)raspberrypi.com> media: bcm2835-unicam: Disable trigger mode operation Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub953: Add error handling for i2c reads/writes Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub913: Add error handling to ub913_hw_init() Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming Kartik Rajput <kkartik(a)nvidia.com> soc/tegra: fuse: Update Tegra234 nvmem keepout list Aaro Koskinen <aaro.koskinen(a)iki.fi> fbdev: omap: use threaded IRQ for LCD DMA Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: smc: Handle missing SCM device Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Reset device on probe failure Masahiro Yamada <masahiroy(a)kernel.org> tools: fix annoying "mkdir -p ..." logs when building tools in parallel Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix crash on error in gpiochip_get_ngpios() Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h. Jens Axboe <axboe(a)kernel.dk> block: cleanup and fix batch completion adding conditions Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Imre Deak <imre.deak(a)intel.com> drm: Fix DSC BPP increment decoding Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() Zhu Lingshan <lingshan.zhu(a)amd.com> amdkfd: properly free gang_ctx_bo when failed to init user queue Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: remove dead req_has_async_data() check Pavel Begunkov <asml.silence(a)gmail.com> io_uring/waitid: don't abuse io_tw_state Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/selftests: avoid using uninitialized context Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/client: bo->client does not need bos_lock Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Clean up PEBS-via-PT on hybrid Muhammad Adeel <Muhammad.Adeel(a)ibm.com> cgroup: Remove steal time from usage_usec Rupinderjit Singh <rusingh(a)redhat.com> gpu: host1x: Fix a use of uninitialized mutex Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Maxime Ripard <mripard(a)kernel.org> drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures Andrea Righi <arighi(a)nvidia.com> sched_ext: Fix lock imbalance in dispatch_to_local_dsq() Lai Jiangshan <jiangshan.ljs(a)antgroup.com> workqueue: Put the pwq after detaching the rescuer from the pool Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix a potential race condition Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix typo issue about GCFG feature detection Yuli Wang <wangyuli(a)uniontech.com> LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Marco Crivellari <marco.crivellari(a)suse.com> LoongArch: Fix idle VS timer enqueue Eric Dumazet <edumazet(a)google.com> vxlan: check vxlan_vnigroup_init() return value Zdenek Bouska <zdenek.bouska(a)siemens.com> igc: Fix HW RX timestamp when passed by ZC XDP Joshua Hay <joshua.a.hay(a)intel.com> idpf: call set_real_num_queues in idpf_open Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: record rx queue in skb for RSC packets Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: fix handling rsc packet with a single segment Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Reyders Morales <reyders1(a)gmail.com> Documentation/networking: fix basic node example document ISO 15765-2 Eric Dumazet <edumazet(a)google.com> net: fib_rules: annotate data-races around rule->[io]ifindex Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> spi: sn-f-ospi: Fix division by zero Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context Tulio Fernandes <tuliomf09(a)gmail.com> HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: pinconf-generic: Print unsigned value if a format is registered Nathan Chancellor <nathan(a)kernel.org> scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1 Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Charles Han <hanchunchao(a)inspur.com> HID: winwing: Add NULL check in winwing_init_led() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Rename PWMSEL to SELPWM Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Enable regmap locking for debug Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Avoid accessing reserved registers Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Jeff Layton <jlayton(a)kernel.org> nfsd: validate the nfsd_serv pointer before calling svc_wake_up Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix hang in nfsd4_shutdown_callback Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: clear acl_access/acl_default after releasing them ------------- Diffstat: .../bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 +- Documentation/networking/iso15765-2.rst | 4 +- Makefile | 17 +-- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 4 + arch/alpha/kernel/entry.S | 24 ++-- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm64/Makefile | 4 + arch/arm64/kernel/cacheinfo.c | 12 +- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/loongarch/kernel/genex.S | 28 ++-- arch/loongarch/kernel/idle.c | 3 +- arch/loongarch/kernel/reset.c | 6 +- arch/loongarch/kvm/main.c | 4 +- arch/loongarch/lib/csum.c | 2 +- arch/s390/pci/pci_bus.c | 20 +++ arch/s390/pci/pci_iov.c | 56 ++++++-- arch/s390/pci/pci_iov.h | 7 + arch/x86/Kconfig | 3 +- arch/x86/events/intel/core.c | 33 ++--- arch/x86/events/intel/ds.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mmu.h | 2 + arch/x86/include/asm/mmu_context.h | 1 + arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/perf_event.h | 28 +++- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/kernel/cpu/bugs.c | 21 ++- arch/x86/kernel/static_call.c | 1 - arch/x86/kvm/hyperv.c | 6 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/svm/nested.c | 10 +- arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/main.c | 1 + arch/x86/kvm/vmx/vmx.c | 10 +- arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 3 + arch/x86/mm/tlb.c | 35 ++++- arch/x86/xen/mmu_pv.c | 75 +++++++++-- block/partitions/mac.c | 18 ++- drivers/acpi/x86/utils.c | 13 ++ drivers/base/regmap/regmap-irq.c | 2 + drivers/bluetooth/btintel_pcie.c | 5 +- drivers/cpufreq/amd-pstate.c | 104 +++++---------- drivers/firmware/efi/efi.c | 6 +- drivers/firmware/efi/libstub/randomalloc.c | 3 + drivers/firmware/efi/libstub/relocate.c | 3 + drivers/firmware/qcom/qcom_scm-smc.c | 3 + drivers/gpio/gpio-bcm-kona.c | 71 ++++++++-- drivers/gpio/gpio-stmpe.c | 15 ++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpio/gpiolib.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +- .../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 - drivers/gpu/drm/msm/msm_gem_submit.c | 3 +- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 2 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/renesas/rz-du/rzg2l_du_kms.c | 6 +- drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 7 + drivers/gpu/drm/tidss/tidss_dispc.c | 26 ++-- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/gpu/drm/v3d/v3d_perfmon.c | 5 + drivers/gpu/drm/xe/xe_drm_client.c | 2 +- drivers/gpu/drm/xe/xe_trace_bo.h | 12 +- drivers/gpu/host1x/dev.c | 2 + drivers/gpu/host1x/intr.c | 2 - drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-steam.c | 41 ++++-- drivers/hid/hid-thrustmaster.c | 2 +- drivers/hid/hid-winwing.c | 2 + drivers/i3c/master/Kconfig | 11 ++ drivers/i3c/master/mipi-i3c-hci/Makefile | 1 + drivers/i3c/master/mipi-i3c-hci/dma.c | 17 +++ drivers/i3c/master/mipi-i3c-hci/mipi-i3c-hci-pci.c | 148 +++++++++++++++++++++ drivers/infiniband/hw/efa/efa_main.c | 9 +- drivers/iommu/amd/amd_iommu_types.h | 1 + drivers/iommu/amd/init.c | 4 + drivers/iommu/io-pgfault.c | 1 + drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ds90ub913.c | 25 +++- drivers/media/i2c/ds90ub953.c | 46 +++++-- drivers/media/platform/broadcom/bcm2835-unicam.c | 8 +- drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +- drivers/media/usb/uvc/uvc_driver.c | 18 +++ drivers/media/usb/uvc/uvc_video.c | 27 +++- drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/mmc/host/mtk-sd.c | 31 +++-- drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/can/ctucanfd/ctucanfd_base.c | 10 +- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 5 +- drivers/net/ethernet/intel/igc/igc_main.c | 22 +-- .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 40 +++--- drivers/net/netdevsim/ipsec.c | 12 +- drivers/net/team/team_core.c | 4 +- drivers/net/vxlan/vxlan_core.c | 7 +- drivers/net/wireless/ath/ath12k/wmi.c | 61 ++++++--- drivers/net/wireless/ath/ath12k/wmi.h | 1 - drivers/net/wireless/realtek/rtw89/pci.c | 17 ++- drivers/net/wireless/realtek/rtw89/pci.h | 11 ++ drivers/net/wireless/realtek/rtw89/pci_be.c | 2 + drivers/parport/parport_serial.c | 12 +- drivers/pci/quirks.c | 15 ++- drivers/pci/switch/switchtec.c | 26 ++++ drivers/pinctrl/pinconf-generic.c | 8 +- drivers/pinctrl/pinctrl-cy8c95x0.c | 36 +++-- drivers/soc/tegra/fuse/fuse-tegra30.c | 17 ++- drivers/spi/spi-sn-f-ospi.c | 3 + drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 +++ drivers/tty/serial/8250/8250_pci.c | 76 +++++------ drivers/tty/serial/8250/8250_pci1xxxx.c | 60 ++++++++- drivers/tty/serial/8250/8250_port.c | 9 ++ drivers/tty/serial/serial_port.c | 5 +- drivers/ufs/core/ufs_bsg.c | 1 + drivers/ufs/core/ufshcd.c | 127 +++++++++--------- drivers/usb/class/cdc-acm.c | 28 +++- drivers/usb/core/hub.c | 14 +- drivers/usb/core/quirks.c | 6 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/gadget.c | 34 +++++ drivers/usb/gadget/function/f_midi.c | 17 ++- drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 ++ drivers/usb/host/xhci-pci.c | 7 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 ++++--- drivers/vfio/pci/nvgrace-gpu/main.c | 95 ++++++++++--- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 -- drivers/video/fbdev/omap/lcd_dma.c | 4 +- drivers/xen/swiotlb-xen.c | 20 +-- fs/btrfs/extent_io.c | 29 ++-- fs/btrfs/file.c | 4 +- fs/nfs/sysfs.c | 6 +- fs/nfsd/filecache.c | 11 +- fs/nfsd/nfs2acl.c | 2 + fs/nfsd/nfs3acl.c | 2 + fs/nfsd/nfs4callback.c | 7 +- fs/ntfs3/attrib.c | 4 +- fs/ntfs3/dir.c | 2 +- fs/ntfs3/frecord.c | 12 +- fs/ntfs3/fsntfs.c | 6 +- fs/ntfs3/index.c | 6 +- fs/ntfs3/inode.c | 3 + fs/orangefs/orangefs-debugfs.c | 4 +- fs/smb/client/cifsglob.h | 1 - fs/smb/client/file.c | 7 +- include/drm/display/drm_dp.h | 1 + include/kunit/platform_device.h | 1 + include/linux/blk-mq.h | 18 ++- include/linux/cgroup-defs.h | 6 +- include/linux/efi.h | 1 + include/linux/netdevice.h | 6 + include/linux/pci_ids.h | 11 ++ include/linux/sched/task.h | 1 + include/net/dst.h | 9 ++ include/net/ip.h | 13 +- include/net/l3mdev.h | 2 + include/net/net_namespace.h | 2 +- include/net/route.h | 9 +- include/ufs/ufshcd.h | 9 +- io_uring/kbuf.c | 15 ++- io_uring/uring_cmd.c | 3 - io_uring/waitid.c | 4 +- kernel/cgroup/cgroup.c | 20 +-- kernel/cgroup/rstat.c | 1 - kernel/sched/autogroup.c | 4 +- kernel/sched/core.c | 7 +- kernel/sched/ext.c | 35 ++--- kernel/sched/ext.h | 4 +- kernel/sched/sched.h | 2 +- kernel/time/clocksource.c | 9 +- kernel/trace/ring_buffer.c | 28 +++- kernel/trace/trace.c | 4 + kernel/workqueue.c | 12 +- net/ax25/af_ax25.c | 11 ++ net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 122 ++++++++++++----- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/types.h | 3 - net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/fib_rules.c | 24 ++-- net/core/flow_dissector.c | 21 +-- net/core/neighbour.c | 8 +- net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/icmp.c | 31 +++-- net/ipv4/route.c | 39 +++++- net/ipv6/icmp.c | 42 +++--- net/ipv6/ioam6_iptunnel.c | 73 +++++----- net/ipv6/mcast.c | 45 ++++--- net/ipv6/ndisc.c | 28 ++-- net/ipv6/route.c | 7 +- net/ipv6/rpl_iptunnel.c | 59 ++++---- net/ipv6/seg6_iptunnel.c | 98 ++++++++------ net/openvswitch/datapath.c | 12 +- net/vmw_vsock/af_vsock.c | 12 +- rust/Makefile | 1 + rust/kernel/rbtree.rs | 2 +- scripts/Makefile.defconf | 13 +- scripts/Makefile.extrawarn | 13 +- scripts/kconfig/Makefile | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 ++- tools/objtool/check.c | 1 + tools/sched_ext/include/scx/common.bpf.h | 12 +- tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 +- .../selftests/bpf/prog_tests/uprobe_multi_test.c | 9 +- tools/testing/selftests/gpio/gpio-sim.sh | 31 ++++- tools/testing/selftests/net/pmtu.sh | 112 +++++++++++++--- tools/testing/selftests/net/rtnetlink.sh | 4 +- tools/tracing/rtla/src/timerlat_hist.c | 8 ++ tools/tracing/rtla/src/timerlat_top.c | 8 ++ 226 files changed, 2389 insertions(+), 1015 deletions(-)

4 months, 1 week

10
9
0 0

[PATCH] agp: Fix a potential memory leak bug in agp_amdk7_probe()

by Haoxiang Li

Variable "bridge" is allocated by agp_alloc_bridge() and have to be released by agp_put_bridge() if something goes wrong. In this patch, add the missing call of agp_put_bridge() in agp_amdk7_probe() to prevent potential memory leak bug. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/char/agp/amd-k7-agp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/agp/amd-k7-agp.c b/drivers/char/agp/amd-k7-agp.c index 795c8c9ff680..40e1fc462dca 100644 --- a/drivers/char/agp/amd-k7-agp.c +++ b/drivers/char/agp/amd-k7-agp.c @@ -441,6 +441,7 @@ static int agp_amdk7_probe(struct pci_dev *pdev, gfxcard = pci_get_class(PCI_CLASS_DISPLAY_VGA<<8, gfxcard); if (!gfxcard) { dev_info(&pdev->dev, "no AGP VGA controller\n"); + agp_put_bridge(bridge); return -ENODEV; } cap_ptr = pci_find_capability(gfxcard, PCI_CAP_ID_AGP); -- 2.25.1

4 months, 1 week

1
0
0 0

[PATCH v2 0/2] media: nuvoton: Fix some reference handling issues

by Ricardo Ribalda

When trying out 6.13 cocci, some bugs were found. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v2: - Squash fixes and port to cleanup.h. - Link to v1: https://lore.kernel.org/r/20250121-nuvoton-v1-0-1ea4f0cdbda2@chromium.org --- Ricardo Ribalda (2): media: nuvoton: Fix reference handling of ece_node media: nuvoton: Fix reference handling of ece_pdev drivers/media/platform/nuvoton/npcm-video.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- base-commit: c2b96a6818159fba8a3bcc38262da9e77f9b3ec7 change-id: 20250121-nuvoton-fe870cbeffb6 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

4 months, 1 week

1
2
0 0

[PATCH 0/4] media: nuvoton: Fix some reference handling issues

by Ricardo Ribalda

When trying out 6.13 cocci, some bugs were found. The fixes without using cleanup.h should be backported. The last two patches make use of cleanup.h to avoid this kind of errors in the future. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Ricardo Ribalda (4): media: nuvoton: Fix reference handling of ece_pdev media: nuvoton: Fix reference handling of ece_node media: nuvoton: Use cleanup.h macros for device_node media: nuvoton: Use cleanup.h macros for put_device drivers/media/platform/nuvoton/npcm-video.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- base-commit: c4b7779abc6633677e6edb79e2809f4f61fde157 change-id: 20250121-nuvoton-fe870cbeffb6 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

4 months, 1 week

4
8
0 0

Re: REGRESSION amdgpu 20241108 firmware breaks screen updating

by mail＠tteles.dev

I can confirm amdgpu.dcdebugmask=0x200 fixes it, no more stutters. It would be very beneficial to include the patch making this behavior default (https://lore.kernel.org/amd-gfx/20250221160145.1730752-3-zaeem.mohamed@amd.…) in the relevant linux-stable trees, as this is a major issue for affected systems. I CC'd stable(a)vger.kernel.org and ask for the patch to be included in linux-stable, even though it does not have a "Fixes:" tag, if the maintainers are okay with it. Thank you for the quick response! Tiago Feb 23, 2025, 17:26 by mario.limonciello(a)amd.com: > Hello, > > This sounds like to me a problem with PSR-SU. There have been a variety of these being reported the past few months. Enough so that the policy to enable it by default is being rolled back for now. > > https://lore.kernel.org/amd-gfx/20250221160145.1730752-3-zaeem.mohamed@amd.… > > To confirm that's the root cause you can disable it with amdgpu.dcdebugmask=0x200. > > Thanks, > > On 2/23/2025 10:08, mail(a)tteles.dev wrote: > >> Greetings, >> >> I wish to report a regression in amdgpu firmware introduced in commit c99eeb4d0e13f5831ae77f7ec521162594385d5f, the problem persists until git HEAD, and reverting to the previous commit fixes the issues with no further changes to the environment. >> >> The issue appears on a Lenovo IdeaPad Pro 5, with a Ryzen 8845HS processor, using the 780M iGPU (1002:1900 I believe). The screen on this laptop is 120Hz 2800x1800, supporting HDR. >> This was tested on Archlinux 6.13.3.arch1-1, with amdgpu drivers, on both Wayland (Gnome and Hyprland) and Xorg (i3wm). I'm using amd-pstate-epp scaling driver, tested with both performance and powersave governers, to the same effect. >> >> I will list the symptoms and attempt to guess at what the issue may be. >> >> - The screen stops updating if no mouse input is given while watching low resolution video (wherever it is, Brave and mpv, regardless of software or hw decoding). >> Low resolution matters here, I can play 4k video fine, 1080p with mild stutters, but lower becomes very bad. >> Here is an example using mpv with 360p sample video, recorded on my phone as to not disturb the environment its running in. (https://youtu.be/kYHqBjPxM2s You can tell it is very choppy, the original video https://www.youtube.com/watch?v=1HrXwe6s4W8 is not choppy) >> mpv did not report any dropped frames despite there obviously being a huge amount. >> >> - In some programs, text does not get displayed instantly from when typing it, having to type 5 or 6 characters for the previous to finally show. >> All these new characters show up at the same time. This was extremely noticeable with gnome's default "Console", it also happened in Brave Browser's search bar, and Signal, it does not seem to happen with Ghostty. >> >> Constantly waving my cursor fixes all these issues. Connecting a secondary display seems to fix the issue on all displays. >> >> From my limited knowledge this seems like a bug in damage detection for eDP + power management, where low enough power levels don't trigger redraws. >> >> I am confident the issue was introduced in that commit since I bisected linux-firmware commits affecting amdgpu until the issue was no longer found. >> >> >> Extra info: >> # dmesg | grep amd >> [ 0.414396] perf/amd_iommu: Detected AMD IOMMU #0 (2 banks, 4 counters/bank). >> [ 1.875492] [drm] amdgpu kernel modesetting enabled. >> [ 1.878563] amdgpu: Virtual CRAT table created for CPU >> [ 1.878573] amdgpu: Topology: Add CPU node >> [ 1.882607] amdgpu 0000:63:00.0: amdgpu: Fetched VBIOS from VFCT >> [ 1.882610] amdgpu: ATOM BIOS: 113-PHXGENERIC-001 >> [ 1.909536] amdgpu 0000:63:00.0: vgaarb: deactivate vga console >> [ 1.909542] amdgpu 0000:63:00.0: amdgpu: Trusted Memory Zone (TMZ) feature enabled >> [ 1.909612] amdgpu 0000:63:00.0: amdgpu: VRAM: 4096M 0x0000008000000000 - 0x00000080FFFFFFFF (4096M used) >> [ 1.909614] amdgpu 0000:63:00.0: amdgpu: GART: 512M 0x00007FFF00000000 - 0x00007FFF1FFFFFFF >> [ 1.909829] [drm] amdgpu: 4096M of VRAM memory ready >> [ 1.909832] [drm] amdgpu: 13932M of GTT memory ready. >> [ 1.935030] amdgpu 0000:63:00.0: amdgpu: reserve 0x4000000 from 0x80f8000000 for PSP TMR >> [ 2.482626] amdgpu 0000:63:00.0: amdgpu: RAS: optional ras ta ucode is not available >> [ 2.491068] amdgpu 0000:63:00.0: amdgpu: RAP: optional rap ta ucode is not available >> [ 2.491071] amdgpu 0000:63:00.0: amdgpu: SECUREDISPLAY: securedisplay ta ucode is not available >> [ 2.521960] amdgpu 0000:63:00.0: amdgpu: SMU is initialized successfully! >> [ 2.601611] kfd kfd: amdgpu: Allocated 3969056 bytes on gart >> [ 2.601628] kfd kfd: amdgpu: Total number of KFD nodes to be created: 1 >> [ 2.602048] amdgpu: Virtual CRAT table created for GPU >> [ 2.602191] amdgpu: Topology: Add dGPU node [0x1900:0x1002] >> [ 2.602193] kfd kfd: amdgpu: added device 1002:1900 >> [ 2.602206] amdgpu 0000:63:00.0: amdgpu: SE 1, SH per SE 2, CU per SH 6, active_cu_number 12 >> [ 2.602212] amdgpu 0000:63:00.0: amdgpu: ring gfx_0.0.0 uses VM inv eng 0 on hub 0 >> [ 2.602215] amdgpu 0000:63:00.0: amdgpu: ring comp_1.0.0 uses VM inv eng 1 on hub 0 >> [ 2.602216] amdgpu 0000:63:00.0: amdgpu: ring comp_1.1.0 uses VM inv eng 4 on hub 0 >> [ 2.602217] amdgpu 0000:63:00.0: amdgpu: ring comp_1.2.0 uses VM inv eng 6 on hub 0 >> [ 2.602219] amdgpu 0000:63:00.0: amdgpu: ring comp_1.3.0 uses VM inv eng 7 on hub 0 >> [ 2.602220] amdgpu 0000:63:00.0: amdgpu: ring comp_1.0.1 uses VM inv eng 8 on hub 0 >> [ 2.602221] amdgpu 0000:63:00.0: amdgpu: ring comp_1.1.1 uses VM inv eng 9 on hub 0 >> [ 2.602222] amdgpu 0000:63:00.0: amdgpu: ring comp_1.2.1 uses VM inv eng 10 on hub 0 >> [ 2.602223] amdgpu 0000:63:00.0: amdgpu: ring comp_1.3.1 uses VM inv eng 11 on hub 0 >> [ 2.602224] amdgpu 0000:63:00.0: amdgpu: ring sdma0 uses VM inv eng 12 on hub 0 >> [ 2.602225] amdgpu 0000:63:00.0: amdgpu: ring vcn_unified_0 uses VM inv eng 0 on hub 8 >> [ 2.602226] amdgpu 0000:63:00.0: amdgpu: ring jpeg_dec uses VM inv eng 1 on hub 8 >> [ 2.602227] amdgpu 0000:63:00.0: amdgpu: ring mes_kiq_3.1.0 uses VM inv eng 13 on hub 0 >> [ 2.609481] amdgpu 0000:63:00.0: amdgpu: Runtime PM not available >> [ 2.610787] [drm] Initialized amdgpu 3.60.0 for 0000:63:00.0 on minor 1 >> [ 2.617618] fbcon: amdgpudrmfb (fb0) is primary device >> [ 3.788332] amdgpu 0000:63:00.0: [drm] fb0: amdgpudrmfb frame buffer device >> [ 5.120419] kvm_amd: TSC scaling supported >> [ 5.120426] kvm_amd: Nested Virtualization enabled >> [ 5.120428] kvm_amd: Nested Paging enabled >> [ 5.120430] kvm_amd: LBR virtualization supported >> [ 5.120443] kvm_amd: Virtual GIF supported >> [ 5.120444] kvm_amd: Virtual NMI enabled >> [ 5.170720] snd_hda_intel 0000:63:00.1: bound 0000:63:00.0 (ops amdgpu_dm_audio_component_bind_ops [amdgpu]) >> [ 5.191443] amd_atl: AMD Address Translation Library initialized >> >> >> Thank you for your time, >> Tiago Teles >>

4 months, 1 week

2
1
0 0

[PATCH v2 net 0/9] net: enetc: fix some known issues

by Wei Fang

There are some issues with the enetc driver, some of which are specific to the LS1028A platform, and some of which were introduced recently when i.MX95 ENETC support was added, so this patch set aims to clean up those issues. --- v1 link: https://lore.kernel.org/imx/20250217093906.506214-1-wei.fang@nxp.com/ v2 changes: 1. Remove the unneeded semicolon from patch 1 2. Modify the commit message of patch 1 3. Add new patch 9 to fix another off-by-one issue --- Wei Fang (9): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: correct the tx_swbd statistics net: enetc: correct the xdp_tx statistics net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC net: enetc: update UDP checksum when updating originTimestamp field net: enetc: add missing enetc4_link_deinit() net: enetc: remove the mm_lock from the ENETC v4 driver net: enetc: correct the EMDIO base offset for ENETC v4 net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() drivers/net/ethernet/freescale/enetc/enetc.c | 59 ++++++++++++++----- .../net/ethernet/freescale/enetc/enetc4_hw.h | 3 + .../net/ethernet/freescale/enetc/enetc4_pf.c | 2 +- .../ethernet/freescale/enetc/enetc_ethtool.c | 7 ++- .../freescale/enetc/enetc_pf_common.c | 10 +++- 5 files changed, 63 insertions(+), 18 deletions(-) -- 2.34.1

4 months, 1 week

6
38
0 0

[PATCH v2] usb: gadget: Set self-powered based on MaxPower and bmAttributes

by Prashanth K

Currently the USB gadget will be set as bus-powered based solely on whether its bMaxPower is greater than 100mA, but this may miss devices that may legitimately draw less than 100mA but still want to report as bus-powered. Similarly during suspend & resume, USB gadget is incorrectly marked as bus/self powered without checking the bmAttributes field. Fix these by configuring the USB gadget as self or bus powered based on bmAttributes, and explicitly set it as bus-powered if it draws more than 100mA. Cc: stable(a)vger.kernel.org Fixes: 5e5caf4fa8d3 ("usb: gadget: composite: Inform controller driver of self-powered") Signed-off-by: Prashanth K <prashanth.k(a)oss.qualcomm.com> --- Changes in v2: - Didn't change anything from RFC. - Link to RFC: https://lore.kernel.org/all/20250204105908.2255686-1-prashanth.k@oss.qualco… drivers/usb/gadget/composite.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index bdda8c74602d..1fb28bbf6c45 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -1050,10 +1050,11 @@ static int set_config(struct usb_composite_dev *cdev, else usb_gadget_set_remote_wakeup(gadget, 0); done: - if (power <= USB_SELF_POWER_VBUS_MAX_DRAW) - usb_gadget_set_selfpowered(gadget); - else + if (power > USB_SELF_POWER_VBUS_MAX_DRAW || + !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) usb_gadget_clear_selfpowered(gadget); + else + usb_gadget_set_selfpowered(gadget); usb_gadget_vbus_draw(gadget, power); if (result >= 0 && cdev->delayed_status) @@ -2615,7 +2616,9 @@ void composite_suspend(struct usb_gadget *gadget) cdev->suspended = 1; - usb_gadget_set_selfpowered(gadget); + if (cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER) + usb_gadget_set_selfpowered(gadget); + usb_gadget_vbus_draw(gadget, 2); } @@ -2649,8 +2652,11 @@ void composite_resume(struct usb_gadget *gadget) else maxpower = min(maxpower, 900U); - if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW) + if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW || + !(cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) usb_gadget_clear_selfpowered(gadget); + else + usb_gadget_set_selfpowered(gadget); usb_gadget_vbus_draw(gadget, maxpower); } else { -- 2.25.1

4 months, 1 week

5
5
0 0

[PATCH] USB: Skip resume if pm_runtime_set_active() fails

by Ma Ke

A race condition occurs during system suspend if interrupted between usb_suspend() and the parent device’s PM suspend (e.g., a power domain). This triggers PM resume workflows (via usb_resume()), but if parent device is already runtime-suspended, pm_runtime_set_active() fails. Subsequent operations like pm_runtime_enable() and interface unbinding may leave the USB device in an inconsistent state or trigger unintended behavior. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 98d9a82e5f75 ("USB: cleanup the handling of the PM complete call") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/usb/core/driver.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c index 460d4dde5994..7478fcc11fd4 100644 --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -1624,11 +1624,17 @@ int usb_resume(struct device *dev, pm_message_t msg) status = usb_resume_both(udev, msg); if (status == 0) { pm_runtime_disable(dev); - pm_runtime_set_active(dev); + status = pm_runtime_set_active(dev); + if (status) { + pm_runtime_enable(dev); + goto out; + } + pm_runtime_enable(dev); unbind_marked_interfaces(udev); } +out: /* Avoid PM error messages for devices disconnected while suspended * as we'll display regular disconnect messages just a bit later. */ -- 2.25.1

4 months, 1 week

2
1
0 0

[PATCH] mm: abort vma_modify() on merge out of memory failure

by Lorenzo Stoakes

The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in vmg->start, end being modified, and thus the proceeding attempts to split the VMA will be done with invalid start/end values. Thankfully, it is likely practically impossible for us to hit this in reality, as it would require a maple tree node pre-allocation failure that would likely never happen due to it being 'too small to fail', i.e. the kernel would simply keep retrying reclaim until it succeeded. However, this scenario remains theoretically possible, and what we are doing here is wrong so we must correct it. The safest option is, when this scenario occurs, to simply give up the operation. If we cannot allocate memory to merge, then we cannot allocate memory to split either (perhaps moreso!). Any scenario where this would be happening would be under very extreme (likely fatal) memory pressure, so it's best we give up early. So there is no doubt it is appropriate to simply bail out in this scenario. However, in general we must if at all possible never assume VMG state is stable after a merge attempt, since merge operations update VMG fields. As a result, additionally also make this clear by storing start, end in local variables. The issue was reported originally by syzkaller, and by Brad Spengler (via an off-list discussion), and in both instances it manifested as a triggering of the assert: VM_WARN_ON_VMG(start >= end, vmg); In vma_merge_existing_range(). It seems at least one scenario in which this is occurring is one in which the merge being attempted is due to an madvise() across multiple VMAs which looks like this: start end |<------>| |----------|------| | vma | next | |----------|------| When madvise_walk_vmas() is invoked, we first find vma in the above (determining prev to be equal to vma as we are offset into vma), and then enter the loop. We determine the end of vma that forms part of the range we are madvise()'ing by setting 'tmp' to this value: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; We then invoke the madvise() operation via visit(), letting prev get updated to point to vma as part of the operation: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where the visit() function pointer in this instance is madvise_vma_behavior(). As observed in syzkaller reports, it is ultimately madvise_update_vma() that is invoked, calling vma_modify_flags_name() and vma_modify() in turn. Then, in vma_modify(), we attempt the merge: merged = vma_merge_existing_range(vmg); if (merged) return merged; We invoke this with vmg->start, end set to start, tmp as such: start tmp |<--->| |----------|------| | vma | next | |----------|------| We find ourselves in the merge right scenario, but the one in which we cannot remove the middle (we are offset into vma). Here we have a special case where vmg->start, end get set to perhaps unintuitive values - we intended to shrink the middle VMA and expand the next. This means vmg->start, end are set to... vma->vm_start, start. Now the commit_merge() fails, and vmg->start, end are left like this. This means we return to the rest of vma_modify() with vmg->start, end (here denoted as start', end') set as: start' end' |<-->| |----------|------| | vma | next | |----------|------| So we now erroneously try to split accordingly. This is where the unfortunate stuff begins. We start with: /* Split any preceding portion of the VMA. */ if (vma->vm_start < vmg->start) { ... } This doesn't trigger as we are no longer offset into vma at the start. But then we invoke: /* Split any trailing portion of the VMA. */ if (vma->vm_end > vmg->end) { ... } Which does get invoked. This leaves us with: start' end' |<-->| |----|-----|------| | vma| new | next | |----|-----|------| We then return ultimately to madvise_walk_vmas(). Here 'new' is unknown, and putting back the values known in this function we are faced with: start tmp end | | | |----|-----|------| | vma| new | next | |----|-----|------| prev Then: start = tmp; So: start end | | |----|-----|------| | vma| new | next | |----|-----|------| prev The following code does not cause anything to happen: if (prev && start < prev->vm_end) start = prev->vm_end; if (start >= end) break; And then we invoke: if (prev) vma = find_vma(mm, prev->vm_end); Which is where a problem occurs - we don't know about 'new' so we essentially look for the vma after prev, which is new, whereas we actually intended to discover next! So we end up with: start end | | |----|-----|------| |prev| vma | next | |----|-----|------| And we have successfully bypassed all of the checks madvise_walk_vmas() has to ensure early exit should we end up moving out of range. We loop around, and hit: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; Oh dear. Now we have: tmp start end | | |----|-----|------| |prev| vma | next | |----|-----|------| We then invoke: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where start == tmp. That is, a zero range. This is not good. We invoke visit() which is madvise_vma_behavior() which does not check the range (for good reason, it assumes all checks have been done before it was called), which in turn finally calls madvise_update_vma(). The madvise_update_vma() function calls vma_modify_flags_name() in turn, which ultimately invokes vma_modify() with... start == end. vma_modify() calls vma_merge_existing_range() and finally we hit: VM_WARN_ON_VMG(start >= end, vmg); Which triggers, as start == end. While it might be useful to add some CONFIG_DEBUG_VM asserts in these instances to catch this kind of error, since we have just eliminated any possibility of that happening, we will add such asserts separately as to reduce churn and aid backporting. Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Tested-by: Brad Spengler <brad.spengler(a)opensrcsec.com> Fixes: 2f1c6611b0a8 ("mm: introduce vma_merge_struct and abstract vma_merge(),vma_modify()") Reported-by: Brad Spengler <brad.spengler(a)opensrcsec.com> Reported-by: syzbot+46423ed8fa1f1148c6e4(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/6774c98f.050a0220.25abdd.0991.GAE@google.c… Cc: stable(a)vger.kernel.org --- mm/vma.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/mm/vma.c b/mm/vma.c index c7abef5177cc..76bec07e30b7 100644 --- a/mm/vma.c +++ b/mm/vma.c @@ -1523,24 +1523,28 @@ int do_vmi_munmap(struct vma_iterator *vmi, struct mm_struct *mm, static struct vm_area_struct *vma_modify(struct vma_merge_struct *vmg) { struct vm_area_struct *vma = vmg->middle; + unsigned long start = vmg->start; + unsigned long end = vmg->end; struct vm_area_struct *merged; /* First, try to merge. */ merged = vma_merge_existing_range(vmg); if (merged) return merged; + if (vmg_nomem(vmg)) + return ERR_PTR(-ENOMEM); /* Split any preceding portion of the VMA. */ - if (vma->vm_start < vmg->start) { - int err = split_vma(vmg->vmi, vma, vmg->start, 1); + if (vma->vm_start < start) { + int err = split_vma(vmg->vmi, vma, start, 1); if (err) return ERR_PTR(err); } /* Split any trailing portion of the VMA. */ - if (vma->vm_end > vmg->end) { - int err = split_vma(vmg->vmi, vma, vmg->end, 0); + if (vma->vm_end > end) { + int err = split_vma(vmg->vmi, vma, end, 0); if (err) return ERR_PTR(err); -- 2.48.1

4 months, 1 week

2
2
0 0

[PATCH AUTOSEL 6.10 01/27] wifi: nl80211: disallow setting special AP channel widths

by Sasha Levin

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 23daf1b4c91db9b26f8425cc7039cf96d22ccbfe ] Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. Reported-by: syzbot+bc0f5b92cc7091f45fb6(a)syzkaller.appspotmail.com Link: https://msgid.link/20240515141600.d4a9590bfe32.I19a32d60097e81b527eafe6b092… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/nl80211.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 72c7bf5585816..81d5bf186180f 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3419,6 +3419,33 @@ static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, if (chandef.chan != cur_chan) return -EBUSY; + /* only allow this for regular channel widths */ + switch (wdev->links[link_id].ap.chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: + case NL80211_CHAN_WIDTH_20: + case NL80211_CHAN_WIDTH_40: + case NL80211_CHAN_WIDTH_80: + case NL80211_CHAN_WIDTH_80P80: + case NL80211_CHAN_WIDTH_160: + case NL80211_CHAN_WIDTH_320: + break; + default: + return -EINVAL; + } + + switch (chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: + case NL80211_CHAN_WIDTH_20: + case NL80211_CHAN_WIDTH_40: + case NL80211_CHAN_WIDTH_80: + case NL80211_CHAN_WIDTH_80P80: + case NL80211_CHAN_WIDTH_160: + case NL80211_CHAN_WIDTH_320: + break; + default: + return -EINVAL; + } + result = rdev_set_ap_chanwidth(rdev, dev, link_id, &chandef); if (result) -- 2.43.0

4 months, 1 week

4
35
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2025