February 2025 - Linux-stable-mirror

[PATCH] s390/vfio-ap: lock mdev object when handling mdev remove request

by Anthony Krowiak

The vfio_ap_mdev_request function in drivers/s390/crypto/vfio_ap_ops.c accesses fields of an ap_matrix_mdev object without ensuring that the object is accessed by only one thread at a time. This patch adds the lock necessary to secure access to the ap_matrix_mdev object. Fixes: 2e3d8d71e285 ("s390/vfio-ap: wire in the vfio_device_ops request callback") Signed-off-by: Anthony Krowiak <akrowiak(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index a52c2690933f..a2784d3357d9 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -2045,6 +2045,7 @@ static void vfio_ap_mdev_request(struct vfio_device *vdev, unsigned int count) struct ap_matrix_mdev *matrix_mdev; matrix_mdev = container_of(vdev, struct ap_matrix_mdev, vdev); + mutex_lock(&matrix_dev->mdevs_lock); if (matrix_mdev->req_trigger) { if (!(count % 10)) @@ -2057,6 +2058,8 @@ static void vfio_ap_mdev_request(struct vfio_device *vdev, unsigned int count) dev_notice(dev, "No device request registered, blocked until released by user\n"); } + + mutex_unlock(&matrix_dev->mdevs_lock); } static int vfio_ap_mdev_get_device_info(unsigned long arg) -- 2.47.1

7 months, 2 weeks

2
3
0 0

[PATCH v5 01/16] x86/stackprotector: Work around strict Clang TLS symbol requirements

by Brian Gerst

From: Ard Biesheuvel <ardb(a)kernel.org> GCC and Clang both implement stack protector support based on Thread Local Storage (TLS) variables, and this is used in the kernel to implement per-task stack cookies, by copying a task's stack cookie into a per-CPU variable every time it is scheduled in. Both now also implement -mstack-protector-guard-symbol=, which permits the TLS variable to be specified directly. This is useful because it will allow us to move away from using a fixed offset of 40 bytes into the per-CPU area on x86_64, which requires a lot of special handling in the per-CPU code and the runtime relocation code. However, while GCC is rather lax in its implementation of this command line option, Clang actually requires that the provided symbol name refers to a TLS variable (i.e., one declared with __thread), although it also permits the variable to be undeclared entirely, in which case it will use an implicit declaration of the right type. The upshot of this is that Clang will emit the correct references to the stack cookie variable in most cases, e.g., 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax 10f: R_386_32 __stack_chk_guard However, if a non-TLS definition of the symbol in question is visible in the same compilation unit (which amounts to the whole of vmlinux if LTO is enabled), it will drop the per-CPU prefix and emit a load from a bogus address. Work around this by using a symbol name that never occurs in C code, and emit it as an alias in the linker script. Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable") Cc: <stable(a)vger.kernel.org> Cc: Fangrui Song <i(a)maskray.me> Cc: Uros Bizjak <ubizjak(a)gmail.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Andy Lutomirski <luto(a)kernel.org> Link: https://github.com/ClangBuiltLinux/linux/issues/1854 Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Brian Gerst <brgerst(a)gmail.com> --- arch/x86/Makefile | 5 +++-- arch/x86/entry/entry.S | 16 ++++++++++++++++ arch/x86/include/asm/asm-prototypes.h | 3 +++ arch/x86/kernel/cpu/common.c | 2 ++ arch/x86/kernel/vmlinux.lds.S | 3 +++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index cd75e78a06c1..5b773b34768d 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -142,9 +142,10 @@ ifeq ($(CONFIG_X86_32),y) ifeq ($(CONFIG_STACKPROTECTOR),y) ifeq ($(CONFIG_SMP),y) - KBUILD_CFLAGS += -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard + KBUILD_CFLAGS += -mstack-protector-guard-reg=fs \ + -mstack-protector-guard-symbol=__ref_stack_chk_guard else - KBUILD_CFLAGS += -mstack-protector-guard=global + KBUILD_CFLAGS += -mstack-protector-guard=global endif endif else diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S index 324686bca368..b7ea3e8e9ecc 100644 --- a/arch/x86/entry/entry.S +++ b/arch/x86/entry/entry.S @@ -51,3 +51,19 @@ EXPORT_SYMBOL_GPL(mds_verw_sel); .popsection THUNK warn_thunk_thunk, __warn_thunk + +#ifndef CONFIG_X86_64 +/* + * Clang's implementation of TLS stack cookies requires the variable in + * question to be a TLS variable. If the variable happens to be defined as an + * ordinary variable with external linkage in the same compilation unit (which + * amounts to the whole of vmlinux with LTO enabled), Clang will drop the + * segment register prefix from the references, resulting in broken code. Work + * around this by avoiding the symbol used in -mstack-protector-guard-symbol= + * entirely in the C code, and use an alias emitted by the linker script + * instead. + */ +#ifdef CONFIG_STACKPROTECTOR +EXPORT_SYMBOL(__ref_stack_chk_guard); +#endif +#endif diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 25466c4d2134..3674006e3974 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -20,3 +20,6 @@ extern void cmpxchg8b_emu(void); #endif +#if defined(__GENKSYMS__) && defined(CONFIG_STACKPROTECTOR) +extern unsigned long __ref_stack_chk_guard; +#endif diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8f41ab219cf1..9d42bd15e06c 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2091,8 +2091,10 @@ void syscall_init(void) #ifdef CONFIG_STACKPROTECTOR DEFINE_PER_CPU(unsigned long, __stack_chk_guard); +#ifndef CONFIG_SMP EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); #endif +#endif #endif /* CONFIG_X86_64 */ diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 410546bacc0f..d61c3584f3e6 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -468,6 +468,9 @@ SECTIONS . = ASSERT((_end - LOAD_OFFSET <= KERNEL_IMAGE_SIZE), "kernel image bigger than KERNEL_IMAGE_SIZE"); +/* needed for Clang - see arch/x86/entry/entry.S */ +PROVIDE(__ref_stack_chk_guard = __stack_chk_guard); + #ifdef CONFIG_X86_64 /* * Per-cpu symbols which need to be offset from __per_cpu_load -- 2.47.0

7 months, 2 weeks

6
26
0 0

[PATCH 6.13 000/443] 6.13.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.3 release. There are 443 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Feb 2025 14:23:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.3-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.3-rc1 Miklos Szeredi <mszeredi(a)redhat.com> fs: fix adding security options to statmount.mnt_opt Jeff Layton <jlayton(a)kernel.org> fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Revert "drm/amd/display: Fix green screen issue after suspend" Bart Van Assche <bvanassche(a)acm.org> md: Fix linear_set_limits() Dan Carpenter <dan.carpenter(a)linaro.org> md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Peter Zijlstra <peterz(a)infradead.org> x86/mm: Convert unreachable() to BUG() Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Heiko Carstens <hca(a)linux.ibm.com> s390/fpu: Add fpc exception handler / remove fixup section again Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix off-by-one root mis-connection Miklos Szeredi <mszeredi(a)redhat.com> statmount: let unset strings be empty Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Uros Bizjak <ubizjak(a)gmail.com> mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Chuck Lever <chuck.lever(a)oracle.com> NFSD: Encode COMPOUND operation status on page boundaries Dragan Simic <dsimic(a)manjaro.org> nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Antoine Viallon <antoine(a)lesviallon.fr> ceph: fix memory leak in ceph_mds_auth_match() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Stefan Eichenberger <eichest(a)gmail.com> irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Daniel Baumann <daniel(a)debian.org> ata: libata-core: Add ATA_QUIRK_NOLPM for Samsung SSD 870 QVO drives Liu Shixin <liushixin2(a)huawei.com> mm/compaction: fix UBSAN shift-out-of-bounds warning Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> mm/hugetlb: fix hugepage allocation for interleaved memory nodes Li Zhijian <lizhijian(a)fujitsu.com> mm/vmscan: accumulate nr_demoted for accurate demotion statistics Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: destroy hfi session after m2m_ctx release Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: remove cpu latency qos request on error Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Zhen Lei <thunder.leizhen(a)huawei.com> media: nuvoton: Fix an error check in npcm_video_ece_init() Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Sakari Ailus <sakari.ailus(a)linux.intel.com> media: Documentation: tx-rx: Fix formatting Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Use a separate spinlock to protect fault->deliver list Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-hs: clear reset status flag Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-common: fix ad3541/2r ranges Dan Carpenter <dan.carpenter(a)linaro.org> iio: chemical: bme680: Fix uninitialized variable in __bme680_read_raw() Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix struct iommu_hwpt_pgfault init and padding Easwar Hariharan <eahariha(a)linux.microsoft.com> jiffies: Cast to unsigned long in secs_to_jiffies() conversion Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in recovery/reset Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in ivpu_boot() Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Christoph Hellwig <hch(a)lst.de> xfs: don't call remap_verify_area with sb write protection held Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Helge Deller <deller(a)kernel.org> parisc: Temporarily disable jump label support Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdx75: Fix MPSS memory length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DPI display output by default Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Zhang Rui <rui.zhang(a)intel.com> x86/acpi: Fix LAPIC/x2APIC parsing order Alice Ryhl <aliceryhl(a)google.com> x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Christian Brauner <brauner(a)kernel.org> pidfs: improve ioctl handling Christian Brauner <brauner(a)kernel.org> pidfs: check for valid ioctl commands Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload André Draszik <andre.draszik(a)linaro.org> scsi: ufs: core: Fix use-after free in init error and remove paths Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix SR-IOV for PFs initially in standby Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Xi Ruoyao <xry111(a)xry111.site> Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: pci-legacy: Override pci_address_to_pio Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Terminate all the DMA transactions Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-dell-xps13-9345: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Vasily Khoruzhick <anarsoul(a)gmail.com> wifi: rtw88: 8703b: Fix RX/TX issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Steven Rostedt <rostedt(a)goodmis.org> atomic64: Use arch_spin_locks instead of raw_spin_locks Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Peng Fan <peng.fan(a)nxp.com> Input: bbnsm_pwrkey - add remove hook Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Warn for missing static reserved memory regions Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Fix empty resource handling in __of_address_resource_bounds() Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Dave Young <dyoung(a)redhat.com> x86/efi: skip memattr table on kexec boot Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Eyal Birger <eyal.birger(a)gmail.com> seccomp: passthrough uretprobe systemcall without filtering Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Binbin Zhou <zhoubinbin(a)loongson.cn> clk: clk-loongson2: Fix the number count of clk provider Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Lubomir Rintel <lkundrak(a)v3.sk> clk: mmp2: call pm_genpd_init() only after genpd.name is set Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - fix crash when enabling pass-through port David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix and re-enable xe_print_blob_ascii85() Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix seamless boot sequence Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Jani Nikula <jani.nikula(a)intel.com> drm/i915/dp: Iterate DSC BPP from high to low on all platforms Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/devcoredump: Move exec queue snapshot to Contexts section Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: astdp: Fix timeout for enabling video signal Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/amdgpu: change the config of cgcg on gfx12 Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Optimize cursor position updates Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Keith Busch <kbusch(a)kernel.org> kvm: defer huge page recovery vhost task to later Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Robin Murphy <robin.murphy(a)arm.com> remoteproc: omap: Handle ARM dma_iommu_mapping Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Mark Brown <broonie(a)kernel.org> arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Override PARange for !LPA2 and use it consistently Ard Biesheuvel <ardb(a)kernel.org> arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix Qemu crash when running in passthrough Xu Yang <xu.yang_2(a)nxp.com> perf: imx9_perf: Introduce AXI filter version to refactor the driver and better extension Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Ming Lei <tom.leiming(a)gmail.com> block: mark GFP_NOIO around sysfs ->store() Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Marc Zyngier <maz(a)kernel.org> arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Yu Kuai <yukuai3(a)huawei.com> md: reintroduce md-linear Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/client: Handle tiled displays better Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create SFU call Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module Robin Murphy <robin.murphy(a)arm.com> PCI/TPH: Restore TPH Requester Enable correctly David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Geert Uytterhoeven <geert+renesas(a)glider.be> gpio: GPIO_GRGPIO should depend on OF Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: sim: lock hog configfs items if present Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Jakub Kicinski <kuba(a)kernel.org> selftests: drv-net: rss_ctx: add missing cleanup in queue reconfigure Jakub Kicinski <kuba(a)kernel.org> ethtool: ntuple: fix rss + ring_cookie check Jakub Kicinski <kuba(a)kernel.org> ethtool: rss: fix hiding unsupported fields in dumps Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Fix migration initialization Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Preserve oa_ctrl unused bits Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: fix the Adaptive sync Operation mode for SDP Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/hdcp: Fix Repeater authentication during topology change Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Keith Busch <kbusch(a)kernel.org> nvme: make nvme_tls_attrs_group static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a memory leak in controller identify Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Hans de Goede <hdegoede(a)redhat.com> platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Günther Noack <gnoack(a)google.com> tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Hridesh MG <hridesh699(a)gmail.com> platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer Predator PH16-72 Kees Bakker <kees(a)ijzerbout.nl> iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer PH14-51 Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Improve verifier log for resource leak on exit Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: update tx/rx stats locally for persistence Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: update tx/rx stats locally for persistence Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Luke D. Jones <luke(a)ljones.dev> HID: hid-asus: Disable OOBE mode on the ProArt P16 Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Andrew Halaney <ajhalaney(a)gmail.com> Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 Mark Dietzer <git(a)doridian.net> Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Somashekhar(Som) <somashekhar.puttagangaiah(a)intel.com> wifi: iwlwifi: pcie: Add support for new device ids Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Andre Przywara <andre.przywara(a)arm.com> Revert "mfd: axp20x: Allow multiple regulators" Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Youwan Wang <youwan(a)nfschina.com> HID: multitouch: Add quirk for Hantick 5288 touchpad Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, num_of_rules counter on matcher should be atomic Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, change error flow on matcher disconnect Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: add __packed attribute to efuse layout struct Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Kalle Valo <quic_kvalo(a)quicinc.com> wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol 'ret' Karol Przybylski <karprzy7(a)gmail.com> wifi: ath12k: Fix for out-of bound access error Jeongjun Park <aha310510(a)gmail.com> ring-buffer: Make reading page consistent with the code logic Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Limit Scaling Ratio on DCN3.01 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Queue interrupt work to different CPU Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: filter out too wide modes if no 3dmux is present Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Overwriting dualDPP UBF values before usage Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Populate chroma prefetch parameters, DET buffer fix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: return meaningful value from set_connector_edid() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: handle empty modes in find_preferred_mode() Zhi Wang <zhiw(a)nvidia.com> nvkm: correctly calculate the available space of the GSP cmdq buffer Zhi Wang <zhiw(a)nvidia.com> nvkm/gsp: correctly advance the read pointer of GSP message queue Dustin L. Howett <dustin(a)howett.net> drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Thomas Weißschuh <linux(a)weissschuh.net> drm: panel-backlight-quirks: Add Framework 13 matte panel Thomas Weißschuh <linux(a)weissschuh.net> drm/amd/display: Add support for minimum backlight quirk Thomas Weißschuh <linux(a)weissschuh.net> drm: Add panel backlight quirks Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Thorsten Blum <thorsten.blum(a)linux.dev> locking/ww_mutex/test: Use swap() macro Peter Zijlstra <peterz(a)infradead.org> x86: Convert unreachable() to BUG() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Check bandwidth overflow earlier for hotplug Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Correctly account for allocated bandwidth during hotplug Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: do not output error message if a qgroup has been already cleaned up Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort Filipe Manana <fdmanana(a)suse.com> btrfs: fix lockdep splat while merging a relocation root Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI ------------- Diffstat: Documentation/arch/arm64/elf_hwcaps.rst | 39 +- Documentation/driver-api/media/tx-rx.rst | 2 +- Documentation/gpu/drm-kms-helpers.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 - arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 4 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 2 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++++----- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++++++------ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- .../boot/dts/qcom/x1e80100-dell-xps13-9345.dts | 4 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++++++------ arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 7 + arch/arm64/include/asm/sparsemem.h | 5 +- arch/arm64/kernel/cpufeature.c | 55 +-- arch/arm64/kernel/cpuinfo.c | 10 + arch/arm64/kernel/pi/idreg-override.c | 9 + arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/kvm/arm.c | 8 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/arm64/mm/init.c | 7 +- arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/Kconfig | 1 - arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/pci/pci-legacy.c | 8 + arch/parisc/Kconfig | 4 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/asm-extable.h | 4 + arch/s390/include/asm/fpu-insn.h | 17 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kernel/vmlinux.lds.S | 1 - arch/s390/kvm/vsie.c | 25 +- arch/s390/mm/extable.c | 9 + arch/s390/pci/pci_bus.c | 1 - arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 50 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/lapic.c | 11 + arch/x86/kvm/lapic.h | 1 + arch/x86/kvm/mmu/mmu.c | 45 +- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/vmx/nested.c | 5 + arch/x86/kvm/vmx/vmx.c | 21 + arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 7 +- arch/x86/mm/fault.c | 2 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/platform/efi/quirks.c | 5 + arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/blk-sysfs.c | 3 + block/fops.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 86 ++-- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-core.c | 4 + drivers/ata/libata-sff.c | 18 +- drivers/bluetooth/btusb.c | 6 + drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/clk-loongson2.c | 5 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mmp/pwr-island.c | 2 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/qcom/gcc-sm8650.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 - drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/qcom/qcom_scm.c | 10 +- drivers/gpio/Kconfig | 1 + drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-sim.c | 13 +- drivers/gpu/drm/Kconfig | 4 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/Kconfig | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 - drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 + .../drm/amd/display/dc/dml2/display_mode_core.c | 35 +- .../display/dc/dml2/display_mode_core_structs.h | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/resource/dcn301/dcn301_resource.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/ast/ast_dp.c | 2 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_client_modeset.c | 9 + drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 ++++ drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 10 +- drivers/gpu/drm/i915/display/intel_hdcp.c | 13 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 13 + drivers/gpu/drm/msm/dp/dp_audio.c | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/gpu/drm/xe/regs/xe_oa_regs.h | 6 + drivers/gpu/drm/xe/xe_devcoredump.c | 42 +- drivers/gpu/drm/xe/xe_devcoredump.h | 2 +- drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 14 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.h | 6 + drivers/gpu/drm/xe/xe_guc_ct.c | 3 +- drivers/gpu/drm/xe/xe_guc_log.c | 4 +- drivers/gpu/drm/xe/xe_oa.c | 12 +- drivers/hid/hid-asus.c | 26 ++ drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/chemical/bme680_core.c | 4 +- drivers/iio/dac/ad3552r-common.c | 5 +- drivers/iio/dac/ad3552r-hs.c | 6 + drivers/iio/dac/ad3552r.h | 8 +- drivers/iio/light/as73211.c | 24 +- drivers/infiniband/hw/mlx5/mr.c | 17 +- drivers/infiniband/hw/mlx5/odp.c | 2 + drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 + drivers/input/mouse/synaptics.c | 56 ++- drivers/input/mouse/synaptics.h | 1 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 7 +- drivers/iommu/iommufd/fault.c | 44 +- drivers/iommu/iommufd/iommufd_private.h | 29 +- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/irqchip/irq-mvebu-icu.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/Kconfig | 13 + drivers/md/Makefile | 2 + drivers/md/dm-crypt.c | 27 +- drivers/md/md-autodetect.c | 8 +- drivers/md/md-linear.c | 352 +++++++++++++++ drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/platform/nuvoton/npcm-video.c | 4 +- drivers/media/platform/qcom/venus/core.c | 8 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 +++- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/axp20x.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-esdhc-imx.c | 1 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 150 +++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 - drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 -- .../net/ethernet/marvell/octeon_ep/octep_ethtool.c | 39 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.h | 6 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 +- .../marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 + .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 17 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 2 +- .../mellanox/mlx5/core/steering/hws/matcher.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../net/wireless/ath/ath12k/debugfs_htt_stats.c | 5 +- drivers/net/wireless/ath/ath12k/mac.c | 59 +-- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++++++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/main.h | 4 +- drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 +- drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 +- drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/pci.c | 16 +- drivers/net/wireless/realtek/rtw89/pci.h | 9 + drivers/net/wireless/realtek/rtw89/pci_be.c | 1 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/host/sysfs.c | 2 +- drivers/nvme/target/admin-cmd.c | 1 + drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 38 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 12 +- drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 9 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 48 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pci/tph.c | 2 +- drivers/perf/fsl_imx9_ddr_perf.c | 33 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 45 ++ drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/serdev_helpers.h | 4 +- drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/remoteproc/omap_remoteproc.c | 17 + drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/scsi_lib.c | 9 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 1 + drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/soc/samsung/exynos-pmu.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 8 +- drivers/tty/vt/selection.c | 14 + drivers/tty/vt/vt.c | 2 - drivers/ufs/core/ufshcd.c | 31 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/ufs/host/ufshcd-pci.c | 2 - drivers/ufs/host/ufshcd-pltfrm.c | 28 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/ctree.c | 2 + fs/btrfs/file.c | 2 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/qgroup.c | 5 +- fs/btrfs/raid-stripe-tree.c | 26 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/ceph/mds_client.c | 16 +- fs/exec.c | 29 +- fs/namespace.c | 54 ++- fs/nfs/Kconfig | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nfsd/nfs4xdr.c | 20 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/pidfs.c | 34 ++ fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 41 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_exchrange.c | 71 ++- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- include/drm/drm_connector.h | 5 +- include/drm/drm_utils.h | 4 + include/linux/binfmts.h | 4 +- include/linux/call_once.h | 45 ++ include/linux/hrtimer_defs.h | 1 + include/linux/jiffies.h | 2 +- include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/linux/platform_data/x86/asus-wmi.h | 5 + include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/drm/amdgpu_drm.h | 9 +- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/iommufd.h | 4 +- include/uapi/linux/raid/md_p.h | 2 +- include/uapi/linux/raid/md_u.h | 2 + include/ufs/ufs.h | 4 +- include/ufs/ufshcd.h | 1 - io_uring/net.c | 5 + io_uring/poll.c | 4 + kernel/bpf/verifier.c | 2 +- kernel/locking/test-ww_mutex.c | 9 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 28 +- kernel/sched/deadline.c | 56 ++- kernel/sched/fair.c | 19 + kernel/sched/sched.h | 2 +- kernel/seccomp.c | 12 + kernel/time/hrtimer.c | 103 ++++- kernel/time/timer_migration.c | 10 +- kernel/trace/ring_buffer.c | 13 +- kernel/trace/trace_functions_graph.c | 2 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/atomic64.c | 78 ++-- lib/maple_tree.c | 23 +- mm/compaction.c | 3 +- mm/gup.c | 14 +- mm/hugetlb.c | 24 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- mm/vmscan.c | 7 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ethtool/ioctl.c | 2 +- net/ethtool/rss.c | 3 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- scripts/generate_rust_target.rs | 18 + security/keys/trusted-keys/trusted_dcp.c | 22 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/intel/boards/sof_sdw.c | 5 +- sound/soc/renesas/rz-ssi.c | 10 +- sound/soc/soc-pcm.c | 32 +- sound/soc/sof/intel/hda-dai.c | 12 + sound/soc/sof/intel/hda.c | 5 + tools/perf/bench/epoll-wait.c | 7 +- .../testing/selftests/bpf/progs/exceptions_fail.c | 4 +- tools/testing/selftests/bpf/progs/preempt_lock.c | 14 +- .../selftests/bpf/progs/verifier_spin_lock.c | 2 +- tools/testing/selftests/drivers/net/hw/rss_ctx.py | 2 + tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 479 files changed, 5359 insertions(+), 2651 deletions(-)

7 months, 2 weeks

17
473
0 0

[PATCH] jfs: add index corruption check to DT_GETPAGE()

by Roman Smirnov

If the file system is corrupted, the header.stblindex variable may become greater than 127. Because of this, an array access out of bounds may occur: ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3096:10 index 237 is out of range for type 'struct dtslot[128]' CPU: 0 UID: 0 PID: 5822 Comm: syz-executor740 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429 dtReadFirst+0x622/0xc50 fs/jfs/jfs_dtree.c:3096 dtReadNext fs/jfs/jfs_dtree.c:3147 [inline] jfs_readdir+0x9aa/0x3c50 fs/jfs/jfs_dtree.c:2862 wrap_directory_iterator+0x91/0xd0 fs/readdir.c:65 iterate_dir+0x571/0x800 fs/readdir.c:108 __do_sys_getdents64 fs/readdir.c:403 [inline] __se_sys_getdents64+0x1e2/0x4b0 fs/readdir.c:389 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> ---[ end trace ]--- Add a stblindex check for corruption. Reported-by: syzbot <syzbot+9120834fc227768625ba(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=9120834fc227768625ba Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- fs/jfs/jfs_dtree.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/jfs/jfs_dtree.c b/fs/jfs/jfs_dtree.c index 8f85177f284b..93db6eec4465 100644 --- a/fs/jfs/jfs_dtree.c +++ b/fs/jfs/jfs_dtree.c @@ -117,7 +117,8 @@ do { \ if (!(RC)) { \ if (((P)->header.nextindex > \ (((BN) == 0) ? DTROOTMAXSLOT : (P)->header.maxslot)) || \ - ((BN) && ((P)->header.maxslot > DTPAGEMAXSLOT))) { \ + ((BN) && (((P)->header.maxslot > DTPAGEMAXSLOT) || \ + ((P)->header.stblindex >= DTPAGEMAXSLOT)))) { \ BT_PUTPAGE(MP); \ jfs_error((IP)->i_sb, \ "DT_GETPAGE: dtree page corrupt\n"); \ -- 2.34.1

7 months, 2 weeks

2
1
0 0

queue-5.10: Panic on shutdown at platform_shutdown+0x9

by Chuck Lever

Hi - For the past 3-4 days, NFSD CI runs on queue-5.10.y have been failing. I looked into it today, and the test guest fails to reboot because it panics during a reboot shutdown: [ 146.793087] BUG: unable to handle page fault for address: ffffffffffffffe8 [ 146.793918] #PF: supervisor read access in kernel mode [ 146.794544] #PF: error_code(0x0000) - not-present page [ 146.795172] PGD 3d5c14067 P4D 3d5c15067 PUD 3d5c17067 PMD 0 [ 146.795865] Oops: 0000 [#1] SMP NOPTI [ 146.796326] CPU: 3 PID: 1 Comm: systemd-shutdow Not tainted 5.10.234-g99349f441fe1 #1 [ 146.797256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 146.798267] RIP: 0010:platform_shutdown+0x9/0x20 [ 146.798838] Code: b7 46 08 c3 cc cc cc cc 31 c0 83 bf a8 02 00 00 ff 75 ec c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 47 68 <48> 8b 40 e8 48 85 c0 74 09 48 83 ef 10 ff e0 0f 1f 00 c3 cc cc cc [ 146.801012] RSP: 0018:ff7f86f440013de0 EFLAGS: 00010246 [ 146.801651] RAX: 0000000000000000 RBX: ff4f0637469df418 RCX: 0000000000000000 [ 146.802500] RDX: 0000000000000001 RSI: ff4f0637469df418 RDI: ff4f0637469df410 [ 146.803350] RBP: ffffffffb2e79220 R08: ff4f0637469dd808 R09: ffffffffb2c5c698 [ 146.804203] R10: 0000000000000000 R11: 0000000000000000 R12: ff4f0637469df410 [ 146.805059] R13: ff4f0637469df490 R14: 00000000fee1dead R15: 0000000000000000 [ 146.805909] FS: 00007f4e7ecc6b80(0000) GS:ff4f063aafd80000(0000) knlGS:0000000000000000 [ 146.806866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.807558] CR2: ffffffffffffffe8 CR3: 000000010ecb2001 CR4: 0000000000771ee0 [ 146.808412] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 146.809262] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 146.810109] PKRU: 55555554 [ 146.810460] Call Trace: [ 146.810791] ? __die_body.cold+0x1a/0x1f [ 146.811282] ? no_context.constprop.0+0xf8/0x2f0 [ 146.811854] ? exc_page_fault+0xc5/0x150 [ 146.812342] ? asm_exc_page_fault+0x1e/0x30 [ 146.812862] ? platform_shutdown+0x9/0x20 [ 146.813362] device_shutdown+0x158/0x1c0 [ 146.813853] __do_sys_reboot.cold+0x2f/0x5b [ 146.814370] ? vfs_writev+0x9b/0x110 [ 146.814824] ? do_writev+0x57/0xf0 [ 146.815254] do_syscall_64+0x30/0x40 [ 146.815708] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Let me know how to further assist. -- Chuck Lever

7 months, 2 weeks

3
8
0 0

[PATCH v6.13 v2] fs/netfs/read_collect: fix crash due to uninitialized `prev` variable

by Max Kellermann

When checking whether the edges of adjacent subrequests touch, the `prev` variable is deferenced, but it might not have been initialized. This causes crashes like this one: BUG: unable to handle page fault for address: 0000000181343843 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000001c66db0067 P4D 8000001c66db0067 PUD 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 1 UID: 33333 PID: 24424 Comm: php-cgi8.2 Kdump: loaded Not tainted 6.13.2-cm4all0-hp+ #427 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 11/23/2021 RIP: 0010:netfs_consume_read_data.isra.0+0x5ef/0xb00 Code: fe ff ff 48 8b 83 88 00 00 00 48 8b 4c 24 30 4c 8b 43 78 48 85 c0 48 8d 51 70 75 20 48 8b 73 30 48 39 d6 74 17 48 8b 7c 24 40 <48> 8b 4f 78 48 03 4f 68 48 39 4b 68 0f 84 ab 02 00 00 49 29 c0 48 RSP: 0000:ffffc90037adbd00 EFLAGS: 00010283 RAX: 0000000000000000 RBX: ffff88811bda0600 RCX: ffff888620e7b980 RDX: ffff888620e7b9f0 RSI: ffff88811bda0428 RDI: 00000001813437cb RBP: 0000000000000000 R08: 0000000000004000 R09: 0000000000000000 R10: ffffffff82e070c0 R11: 0000000007ffffff R12: 0000000000004000 R13: ffff888620e7bb68 R14: 0000000000008000 R15: ffff888620e7bb68 FS: 00007ff2e0e7ddc0(0000) GS:ffff88981f840000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000181343843 CR3: 0000001bc10ba006 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x15c/0x450 ? search_extable+0x22/0x30 ? netfs_consume_read_data.isra.0+0x5ef/0xb00 ? search_module_extables+0xe/0x40 ? exc_page_fault+0x5e/0x100 ? asm_exc_page_fault+0x22/0x30 ? netfs_consume_read_data.isra.0+0x5ef/0xb00 ? intel_iommu_unmap_pages+0xaa/0x190 ? __pfx_cachefiles_read_complete+0x10/0x10 netfs_read_subreq_terminated+0x24f/0x390 cachefiles_read_complete+0x48/0xf0 iomap_dio_bio_end_io+0x125/0x160 blk_update_request+0xea/0x3e0 scsi_end_request+0x27/0x190 scsi_io_completion+0x43/0x6c0 blk_complete_reqs+0x40/0x50 handle_softirqs+0xd1/0x280 irq_exit_rcu+0x91/0xb0 common_interrupt+0x3b/0xa0 asm_common_interrupt+0x22/0x40 RIP: 0033:0x55fe8470d2ab Code: 00 00 3c 7e 74 3b 3c b6 0f 84 dd 03 00 00 3c 1e 74 2f 83 c1 01 48 83 c2 38 48 83 c7 30 44 39 d1 74 3e 48 63 42 08 85 c0 79 a3 <49> 8b 46 48 8b 04 38 f6 c4 04 75 0b 0f b6 42 30 83 e0 0c 3c 04 75 RSP: 002b:00007ffca5ef2720 EFLAGS: 00000216 RAX: 0000000000000023 RBX: 0000000000000008 RCX: 000000000000001b RDX: 00007ff2e0cdb6f8 RSI: 0000000000000006 RDI: 0000000000000510 RBP: 00007ffca5ef27a0 R08: 00007ffca5ef2720 R09: 0000000000000001 R10: 000000000000001e R11: 00007ff2e0c10d08 R12: 0000000000000001 R13: 0000000000000120 R14: 00007ff2e0cb1ed0 R15: 00000000000000b0 </TASK> Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- David/Greg: just like the other two netfs patches I sent yesterday, this one doesn't apply to v6.14 as it was obsoleted by commit e2d46f2ec332 ("netfs: Change the read result collector to only use one work item"). v1->v2: duplicate "prev" assigment removed. Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/netfs/read_collect.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/fs/netfs/read_collect.c b/fs/netfs/read_collect.c index e8624f5c7fcc..8878b46589ff 100644 --- a/fs/netfs/read_collect.c +++ b/fs/netfs/read_collect.c @@ -258,17 +258,18 @@ static bool netfs_consume_read_data(struct netfs_io_subrequest *subreq, bool was */ if (!subreq->consumed && !prev_donated && - !list_is_first(&subreq->rreq_link, &rreq->subrequests) && - subreq->start == prev->start + prev->len) { + !list_is_first(&subreq->rreq_link, &rreq->subrequests)) { prev = list_prev_entry(subreq, rreq_link); - WRITE_ONCE(prev->next_donated, prev->next_donated + subreq->len); - subreq->start += subreq->len; - subreq->len = 0; - subreq->transferred = 0; - trace_netfs_donate(rreq, subreq, prev, subreq->len, - netfs_trace_donate_to_prev); - trace_netfs_sreq(subreq, netfs_sreq_trace_donate_to_prev); - goto remove_subreq_locked; + if (subreq->start == prev->start + prev->len) { + WRITE_ONCE(prev->next_donated, prev->next_donated + subreq->len); + subreq->start += subreq->len; + subreq->len = 0; + subreq->transferred = 0; + trace_netfs_donate(rreq, subreq, prev, subreq->len, + netfs_trace_donate_to_prev); + trace_netfs_sreq(subreq, netfs_sreq_trace_donate_to_prev); + goto remove_subreq_locked; + } } /* If we can't donate down the chain, donate up the chain instead. */ -- 2.47.2

7 months, 2 weeks

5
4
0 0

[PATCH v2 0/2] R-Car CANFD fixes

by Biju Das

This patch series addresses 2 issues 1) Fix typo in pattern properties for R-Car V4M. 2) Fix page entries in the AFL list. v1->v2: * Split fixes patches as separate series. * Added Rb tag from Geert for binding patch. * Added the tag Cc:stable@vger.kernel.org Biju Das (2): dt-bindings: can: renesas,rcar-canfd: Fix typo in pattern properties for R-Car V4M can: rcar_canfd: Fix page entries in the AFL list .../bindings/net/can/renesas,rcar-canfd.yaml | 2 +- drivers/net/can/rcar/rcar_canfd.c | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) -- 2.43.0

7 months, 2 weeks

4
15
0 0

[PATCH V3] drm/sched: Fix fence reference count leak

by Qianyi Liu

From: qianyi liu <liuqianyi125(a)gmail.com> The last_scheduled fence leaked when an entity was being killed and adding its callback failed. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. Cc: stable(a)vger.kernel.org Fixes: 2fdb8a8f07c2 ("drm/scheduler: rework entity flush, kill and fini") Signed-off-by: qianyi liu <liuqianyi125(a)gmail.com> --- v2 -> v3: Rework commit message (Markus) v1 -> v2: Added 'Fixes:' tag and clarified commit message (Philipp and Matthew) --- drivers/gpu/drm/scheduler/sched_entity.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 69bcf0e99d57..1c0c14bcf726 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -259,9 +259,12 @@ static void drm_sched_entity_kill(struct drm_sched_entity *entity) struct drm_sched_fence *s_fence = job->s_fence; dma_fence_get(&s_fence->finished); - if (!prev || dma_fence_add_callback(prev, &job->finish_cb, - drm_sched_entity_kill_jobs_cb)) + if (!prev || + dma_fence_add_callback(prev, &job->finish_cb, + drm_sched_entity_kill_jobs_cb)) { + dma_fence_put(prev); drm_sched_entity_kill_jobs_cb(NULL, &job->finish_cb); + } prev = &s_fence->finished; } -- 2.25.1

7 months, 2 weeks

2
4
0 0

Re: [PATCH 1/2] arm64: efi: Execute runtime services from a dedicated stack

by Lee Jones

On Mon, 05 Dec 2022, Ard Biesheuvel wrote: > With the introduction of PRMT in the ACPI subsystem, the EFI rts > workqueue is no longer the only caller of efi_call_virt_pointer() in the > kernel. This means the EFI runtime services lock is no longer sufficient > to manage concurrent calls into firmware, but also that firmware calls > may occur that are not marshalled via the workqueue mechanism, but > originate directly from the caller context. > > For added robustness, and to ensure that the runtime services have 8 KiB > of stack space available as per the EFI spec, introduce a spinlock > protected EFI runtime stack of 8 KiB, where the spinlock also ensures > serialization between the EFI rts workqueue (which itself serializes EFI > runtime calls) and other callers of efi_call_virt_pointer(). > > While at it, use the stack pivot to avoid reloading the shadow call > stack pointer from the ordinary stack, as doing so could produce a > gadget to defeat it. > > Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> > --- > arch/arm64/include/asm/efi.h | 3 +++ > arch/arm64/kernel/efi-rt-wrapper.S | 13 +++++++++- > arch/arm64/kernel/efi.c | 25 ++++++++++++++++++++ > 3 files changed, 40 insertions(+), 1 deletion(-) Could we have this in Stable please? Upstream commit: ff7a167961d1b ("arm64: efi: Execute runtime services from a dedicated stack") Ard, do we need Patch 2 as well, or can this be applied on its own? > diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h > index 7c12e01c2b312e7b..1c408ec3c8b3a883 100644 > --- a/arch/arm64/include/asm/efi.h > +++ b/arch/arm64/include/asm/efi.h > @@ -25,6 +25,7 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); > ({ \ > efi_virtmap_load(); \ > __efi_fpsimd_begin(); \ > + spin_lock(&efi_rt_lock); \ > }) > > #undef arch_efi_call_virt > @@ -33,10 +34,12 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); > > #define arch_efi_call_virt_teardown() \ > ({ \ > + spin_unlock(&efi_rt_lock); \ > __efi_fpsimd_end(); \ > efi_virtmap_unload(); \ > }) > > +extern spinlock_t efi_rt_lock; > efi_status_t __efi_rt_asm_wrapper(void *, const char *, ...); > > #define ARCH_EFI_IRQ_FLAGS_MASK (PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT) > diff --git a/arch/arm64/kernel/efi-rt-wrapper.S b/arch/arm64/kernel/efi-rt-wrapper.S > index 75691a2641c1c0f8..b2786b968fee68dd 100644 > --- a/arch/arm64/kernel/efi-rt-wrapper.S > +++ b/arch/arm64/kernel/efi-rt-wrapper.S > @@ -16,6 +16,12 @@ SYM_FUNC_START(__efi_rt_asm_wrapper) > */ > stp x1, x18, [sp, #16] > > + ldr_l x16, efi_rt_stack_top > + mov sp, x16 > +#ifdef CONFIG_SHADOW_CALL_STACK > + str x18, [sp, #-16]! > +#endif > + > /* > * We are lucky enough that no EFI runtime services take more than > * 5 arguments, so all are passed in registers rather than via the > @@ -29,6 +35,7 @@ SYM_FUNC_START(__efi_rt_asm_wrapper) > mov x4, x6 > blr x8 > > + mov sp, x29 > ldp x1, x2, [sp, #16] > cmp x2, x18 > ldp x29, x30, [sp], #32 > @@ -42,6 +49,10 @@ SYM_FUNC_START(__efi_rt_asm_wrapper) > * called with preemption disabled and a separate shadow stack is used > * for interrupts. > */ > - mov x18, x2 > +#ifdef CONFIG_SHADOW_CALL_STACK > + ldr_l x18, efi_rt_stack_top > + ldr x18, [x18, #-16] > +#endif > + > b efi_handle_corrupted_x18 // tail call > SYM_FUNC_END(__efi_rt_asm_wrapper) > diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c > index a908a37f03678b6b..8cb2e005f8aca589 100644 > --- a/arch/arm64/kernel/efi.c > +++ b/arch/arm64/kernel/efi.c > @@ -144,3 +144,28 @@ asmlinkage efi_status_t efi_handle_corrupted_x18(efi_status_t s, const char *f) > pr_err_ratelimited(FW_BUG "register x18 corrupted by EFI %s\n", f); > return s; > } > + > +DEFINE_SPINLOCK(efi_rt_lock); > + > +asmlinkage u64 *efi_rt_stack_top __ro_after_init; > + > +/* required by the EFI spec */ > +static_assert(THREAD_SIZE >= SZ_8K); > + > +int __init arm64_efi_rt_init(void) > +{ > + void *p = __vmalloc_node_range(THREAD_SIZE, THREAD_ALIGN, > + VMALLOC_START, VMALLOC_END, GFP_KERNEL, > + PAGE_KERNEL, 0, NUMA_NO_NODE, > + __builtin_return_address(0)); > + > + if (!p) { > + pr_warn("Failed to allocate EFI runtime stack\n"); > + clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); > + return -ENOMEM; > + } > + > + efi_rt_stack_top = p + THREAD_SIZE; > + return 0; > +} > +core_initcall(arm64_efi_rt_init); > -- > 2.35.1 > > -- Lee Jones [李琼斯]

7 months, 2 weeks

6
13
0 0

[PATCH v6 4/8] crypto: ccp: Fix uapi definitions of PSP errors

by Dionna Glaze

From: Alexey Kardashevskiy <aik(a)amd.com> Additions to the error enum after the explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: Sean Christopherson <seanjc(a)google.com> CC: Paolo Bonzini <pbonzini(a)redhat.com> CC: Thomas Gleixner <tglx(a)linutronix.de> CC: Ingo Molnar <mingo(a)redhat.com> CC: Borislav Petkov <bp(a)alien8.de> CC: Dave Hansen <dave.hansen(a)linux.intel.com> CC: Ashish Kalra <ashish.kalra(a)amd.com> CC: Tom Lendacky <thomas.lendacky(a)amd.com> CC: John Allen <john.allen(a)amd.com> CC: Herbert Xu <herbert(a)gondor.apana.org.au> CC: "David S. Miller" <davem(a)davemloft.net> CC: Michael Roth <michael.roth(a)amd.com> CC: Luis Chamberlain <mcgrof(a)kernel.org> CC: Russ Weight <russ.weight(a)linux.dev> CC: Danilo Krummrich <dakr(a)redhat.com> CC: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CC: "Rafael J. Wysocki" <rafael(a)kernel.org> CC: Tianfei zhang <tianfei.zhang(a)intel.com> CC: Alexey Kardashevskiy <aik(a)amd.com> CC: stable(a)vger.kernel.org Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> Signed-off-by: Dionna Glaze <dionnaglaze(a)google.com> --- include/uapi/linux/psp-sev.h | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155bd..eeb20dfb1fdaa 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -73,13 +73,20 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, - SEV_RET_INVALID_KEY = 0x27, - SEV_RET_INVALID_PAGE_SIZE, - SEV_RET_INVALID_PAGE_STATE, - SEV_RET_INVALID_MDATA_ENTRY, - SEV_RET_INVALID_PAGE_OWNER, - SEV_RET_INVALID_PAGE_AEAD_OFLOW, - SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_INVALID_PAGE_SIZE = 0x0019, + SEV_RET_INVALID_PAGE_STATE = 0x001A, + SEV_RET_INVALID_MDATA_ENTRY = 0x001B, + SEV_RET_INVALID_PAGE_OWNER = 0x001C, + SEV_RET_AEAD_OFLOW = 0x001D, + SEV_RET_EXIT_RING_BUFFER = 0x001F, + SEV_RET_RMP_INIT_REQUIRED = 0x0020, + SEV_RET_BAD_SVN = 0x0021, + SEV_RET_BAD_VERSION = 0x0022, + SEV_RET_SHUTDOWN_REQUIRED = 0x0023, + SEV_RET_UPDATE_FAILED = 0x0024, + SEV_RET_RESTORE_REQUIRED = 0x0025, + SEV_RET_RMP_INITIALIZATION_FAILED = 0x0026, + SEV_RET_INVALID_KEY = 0x0027, SEV_RET_MAX, } sev_ret_code; -- 2.47.0.277.g8800431eea-goog

7 months, 3 weeks

4
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2025