April 2025 - Linux-stable-mirror

[PATCH] x86/boot/sev: Support memory acceptance in the EFI stub under SVSM

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> Commit d54d610243a4 ("x86/boot/sev: Avoid shared GHCB page for early memory acceptance") provided a fix for SEV-SNP memory acceptance from the EFI stub when running at VMPL #0. However, that fix was insufficient for SVSM SEV-SNP guests running at VMPL >0, as those rely on a SVSM calling area, which is a shared buffer whose address is programmed into a SEV-SNP MSR, and the SEV init code that sets up this calling area executes much later during the boot. Given that booting via the EFI stub at VMPL >0 implies that the firmware has configured this calling area already, reuse it for performing memory acceptance in the EFI stub. Cc: Borislav Petkov <bp(a)alien8.de> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Dionna Amalie Glaze <dionnaglaze(a)google.com> Cc: Kevin Loughlin <kevinloughlin(a)google.com> Cc: <stable(a)vger.kernel.org> Fixes: fcd042e86422 ("x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0") Co-developed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- Tom, Please confirm that this works as you intended. Thanks, arch/x86/boot/compressed/mem.c | 5 +-- arch/x86/boot/compressed/sev.c | 40 ++++++++++++++++++++ arch/x86/boot/compressed/sev.h | 2 + 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c index f676156d9f3d..0e9f84ab4bdc 100644 --- a/arch/x86/boot/compressed/mem.c +++ b/arch/x86/boot/compressed/mem.c @@ -34,14 +34,11 @@ static bool early_is_tdx_guest(void) void arch_accept_memory(phys_addr_t start, phys_addr_t end) { - static bool sevsnp; - /* Platform-specific memory-acceptance call goes here */ if (early_is_tdx_guest()) { if (!tdx_accept_memory(start, end)) panic("TDX: Failed to accept memory\n"); - } else if (sevsnp || (sev_get_status() & MSR_AMD64_SEV_SNP_ENABLED)) { - sevsnp = true; + } else if (early_is_sevsnp_guest()) { snp_accept_memory(start, end); } else { error("Cannot accept memory: unknown platform\n"); diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 89ba168f4f0f..0003e4416efd 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -645,3 +645,43 @@ void sev_prep_identity_maps(unsigned long top_level_pgt) sev_verify_cbit(top_level_pgt); } + +bool early_is_sevsnp_guest(void) +{ + static bool sevsnp; + + if (sevsnp) + return true; + + if (!(sev_get_status() & MSR_AMD64_SEV_SNP_ENABLED)) + return false; + + sevsnp = true; + + if (!snp_vmpl) { + unsigned int eax, ebx, ecx, edx; + + /* + * CPUID Fn8000_001F_EAX[28] - SVSM support + */ + eax = 0x8000001f; + ecx = 0; + native_cpuid(&eax, &ebx, &ecx, &edx); + if (eax & BIT(28)) { + struct msr m; + + /* Obtain the address of the calling area to use */ + boot_rdmsr(MSR_SVSM_CAA, &m); + boot_svsm_caa = (void *)m.q; + boot_svsm_caa_pa = m.q; + + /* + * The real VMPL level cannot be discovered, but the + * memory acceptance routines make no use of that so + * any non-zero value suffices here. + */ + snp_vmpl = U8_MAX; + } + } + return true; +} diff --git a/arch/x86/boot/compressed/sev.h b/arch/x86/boot/compressed/sev.h index 4e463f33186d..d3900384b8ab 100644 --- a/arch/x86/boot/compressed/sev.h +++ b/arch/x86/boot/compressed/sev.h @@ -13,12 +13,14 @@ bool sev_snp_enabled(void); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 sev_get_status(void); +bool early_is_sevsnp_guest(void); #else static inline bool sev_snp_enabled(void) { return false; } static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 sev_get_status(void) { return 0; } +static inline bool early_is_sevsnp_guest(void) { return false; } #endif base-commit: b4432656b36e5cc1d50a1f2dc15357543add530e -- 2.49.0.906.g1f30a19c02-goog

5 months, 3 weeks

5
5
0 0

[PATCH v3] powerpc/bpf: fix JIT code size calculation of bpf trampoline

by Hari Bathini

arch_bpf_trampoline_size() provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. The total number of instructions emitted for BPF trampoline JIT code depends on where the final image is located. So, the size arrived at with the dummy pass in arch_bpf_trampoline_size() can vary from the actual size needed in arch_prepare_bpf_trampoline(). When the instructions accounted in arch_bpf_trampoline_size() is less than the number of instructions emitted during the actual JIT compile of the trampoline, the below warning is produced: WARNING: CPU: 8 PID: 204190 at arch/powerpc/net/bpf_jit_comp.c:981 __arch_prepare_bpf_trampoline.isra.0+0xd2c/0xdcc which is: /* Make sure the trampoline generation logic doesn't overflow */ if (image && WARN_ON_ONCE(&image[ctx->idx] > (u32 *)rw_image_end - BPF_INSN_SAFETY)) { So, during the dummy pass, instead of providing some arbitrary image location, account for maximum possible instructions if and when there is a dependency with image location for JIT'ing. Fixes: d243b62b7bd3 ("powerpc64/bpf: Add support for bpf trampolines") Reported-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Closes: https://lore.kernel.org/all/6168bfc8-659f-4b5a-a6fb-90a916dde3b3@linux.ibm.… Cc: stable(a)vger.kernel.org # v6.13+ Acked-by: Naveen N Rao (AMD) <naveen(a)kernel.org> Tested-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- Changes since v2: - Address review comments from Naveen: - Remove additional padding for 'case BPF_LD | BPF_IMM | BPF_DW:' in arch/powerpc/net/bpf_jit_comp*.c - Merge the if sequence in bpf_jit_emit_func_call_rel() with the other conditionals - Naveen, carried your Acked-by tag as the additional changes are minimal and in line with your suggestion. Feel free to update if you look at it differently. - Venkat, carried your Tested-by tag from v2 as the changes in v3 should not alter the test result. Feel free to update if you look at it differently. Changes since v1: - Pass NULL for image during intial pass and account for max. possible instruction during this pass as Naveen suggested. arch/powerpc/net/bpf_jit.h | 20 ++++++++++++++++--- arch/powerpc/net/bpf_jit_comp.c | 33 ++++++++++--------------------- arch/powerpc/net/bpf_jit_comp32.c | 6 ------ arch/powerpc/net/bpf_jit_comp64.c | 15 +++++++------- 4 files changed, 35 insertions(+), 39 deletions(-) diff --git a/arch/powerpc/net/bpf_jit.h b/arch/powerpc/net/bpf_jit.h index 6beacaec63d3..4c26912c2e3c 100644 --- a/arch/powerpc/net/bpf_jit.h +++ b/arch/powerpc/net/bpf_jit.h @@ -51,8 +51,16 @@ EMIT(PPC_INST_BRANCH_COND | (((cond) & 0x3ff) << 16) | (offset & 0xfffc)); \ } while (0) -/* Sign-extended 32-bit immediate load */ +/* + * Sign-extended 32-bit immediate load + * + * If this is a dummy pass (!image), account for + * maximum possible instructions. + */ #define PPC_LI32(d, i) do { \ + if (!image) \ + ctx->idx += 2; \ + else { \ if ((int)(uintptr_t)(i) >= -32768 && \ (int)(uintptr_t)(i) < 32768) \ EMIT(PPC_RAW_LI(d, i)); \ @@ -60,10 +68,15 @@ EMIT(PPC_RAW_LIS(d, IMM_H(i))); \ if (IMM_L(i)) \ EMIT(PPC_RAW_ORI(d, d, IMM_L(i))); \ - } } while(0) + } \ + } } while (0) #ifdef CONFIG_PPC64 +/* If dummy pass (!image), account for maximum possible instructions */ #define PPC_LI64(d, i) do { \ + if (!image) \ + ctx->idx += 5; \ + else { \ if ((long)(i) >= -2147483648 && \ (long)(i) < 2147483648) \ PPC_LI32(d, i); \ @@ -84,7 +97,8 @@ if ((uintptr_t)(i) & 0x000000000000ffffULL) \ EMIT(PPC_RAW_ORI(d, d, (uintptr_t)(i) & \ 0xffff)); \ - } } while (0) + } \ + } } while (0) #define PPC_LI_ADDR PPC_LI64 #ifndef CONFIG_PPC_KERNEL_PCREL diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c index 2991bb171a9b..c0684733e9d6 100644 --- a/arch/powerpc/net/bpf_jit_comp.c +++ b/arch/powerpc/net/bpf_jit_comp.c @@ -504,10 +504,11 @@ static int invoke_bpf_prog(u32 *image, u32 *ro_image, struct codegen_context *ct EMIT(PPC_RAW_ADDI(_R3, _R1, regs_off)); if (!p->jited) PPC_LI_ADDR(_R4, (unsigned long)p->insnsi); - if (!create_branch(&branch_insn, (u32 *)&ro_image[ctx->idx], (unsigned long)p->bpf_func, - BRANCH_SET_LINK)) { - if (image) - image[ctx->idx] = ppc_inst_val(branch_insn); + /* Account for max possible instructions during dummy pass for size calculation */ + if (image && !create_branch(&branch_insn, (u32 *)&ro_image[ctx->idx], + (unsigned long)p->bpf_func, + BRANCH_SET_LINK)) { + image[ctx->idx] = ppc_inst_val(branch_insn); ctx->idx++; } else { EMIT(PPC_RAW_LL(_R12, _R25, offsetof(struct bpf_prog, bpf_func))); @@ -889,7 +890,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *rw_im bpf_trampoline_restore_tail_call_cnt(image, ctx, func_frame_offset, r4_off); /* Reserve space to patch branch instruction to skip fexit progs */ - im->ip_after_call = &((u32 *)ro_image)[ctx->idx]; + if (ro_image) /* image is NULL for dummy pass */ + im->ip_after_call = &((u32 *)ro_image)[ctx->idx]; EMIT(PPC_RAW_NOP()); } @@ -912,7 +914,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *rw_im } if (flags & BPF_TRAMP_F_CALL_ORIG) { - im->ip_epilogue = &((u32 *)ro_image)[ctx->idx]; + if (ro_image) /* image is NULL for dummy pass */ + im->ip_epilogue = &((u32 *)ro_image)[ctx->idx]; PPC_LI_ADDR(_R3, im); ret = bpf_jit_emit_func_call_rel(image, ro_image, ctx, (unsigned long)__bpf_tramp_exit); @@ -973,25 +976,9 @@ int arch_bpf_trampoline_size(const struct btf_func_model *m, u32 flags, struct bpf_tramp_links *tlinks, void *func_addr) { struct bpf_tramp_image im; - void *image; int ret; - /* - * Allocate a temporary buffer for __arch_prepare_bpf_trampoline(). - * This will NOT cause fragmentation in direct map, as we do not - * call set_memory_*() on this buffer. - * - * We cannot use kvmalloc here, because we need image to be in - * module memory range. - */ - image = bpf_jit_alloc_exec(PAGE_SIZE); - if (!image) - return -ENOMEM; - - ret = __arch_prepare_bpf_trampoline(&im, image, image + PAGE_SIZE, image, - m, flags, tlinks, func_addr); - bpf_jit_free_exec(image); - + ret = __arch_prepare_bpf_trampoline(&im, NULL, NULL, NULL, m, flags, tlinks, func_addr); return ret; } diff --git a/arch/powerpc/net/bpf_jit_comp32.c b/arch/powerpc/net/bpf_jit_comp32.c index c4db278dae36..0aace304dfe1 100644 --- a/arch/powerpc/net/bpf_jit_comp32.c +++ b/arch/powerpc/net/bpf_jit_comp32.c @@ -313,7 +313,6 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code u64 func_addr; u32 true_cond; u32 tmp_idx; - int j; if (i && (BPF_CLASS(code) == BPF_ALU64 || BPF_CLASS(code) == BPF_ALU) && (BPF_CLASS(prevcode) == BPF_ALU64 || BPF_CLASS(prevcode) == BPF_ALU) && @@ -1099,13 +1098,8 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code * 16 byte instruction that uses two 'struct bpf_insn' */ case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ - tmp_idx = ctx->idx; PPC_LI32(dst_reg_h, (u32)insn[i + 1].imm); PPC_LI32(dst_reg, (u32)insn[i].imm); - /* padding to allow full 4 instructions for later patching */ - if (!image) - for (j = ctx->idx - tmp_idx; j < 4; j++) - EMIT(PPC_RAW_NOP()); /* Adjust for two bpf instructions */ addrs[++i] = ctx->idx * 4; break; diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c index 233703b06d7c..5daa77aee7f7 100644 --- a/arch/powerpc/net/bpf_jit_comp64.c +++ b/arch/powerpc/net/bpf_jit_comp64.c @@ -227,7 +227,14 @@ int bpf_jit_emit_func_call_rel(u32 *image, u32 *fimage, struct codegen_context * #ifdef CONFIG_PPC_KERNEL_PCREL reladdr = func_addr - local_paca->kernelbase; - if (reladdr < (long)SZ_8G && reladdr >= -(long)SZ_8G) { + /* + * If fimage is NULL (the initial pass to find image size), + * account for the maximum no. of instructions possible. + */ + if (!fimage) { + ctx->idx += 7; + return 0; + } else if (reladdr < (long)SZ_8G && reladdr >= -(long)SZ_8G) { EMIT(PPC_RAW_LD(_R12, _R13, offsetof(struct paca_struct, kernelbase))); /* Align for subsequent prefix instruction */ if (!IS_ALIGNED((unsigned long)fimage + CTX_NIA(ctx), 8)) @@ -412,7 +419,6 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code u64 imm64; u32 true_cond; u32 tmp_idx; - int j; /* * addrs[] maps a BPF bytecode address into a real offset from @@ -1046,12 +1052,7 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ imm64 = ((u64)(u32) insn[i].imm) | (((u64)(u32) insn[i+1].imm) << 32); - tmp_idx = ctx->idx; PPC_LI64(dst_reg, imm64); - /* padding to allow full 5 instructions for later patching */ - if (!image) - for (j = ctx->idx - tmp_idx; j < 5; j++) - EMIT(PPC_RAW_NOP()); /* Adjust for two bpf instructions */ addrs[++i] = ctx->idx * 4; break; -- 2.49.0

5 months, 3 weeks

2
1
0 0

[PATCH] powerpc64/ftrace: fix clobbered r15 during livepatching

by Hari Bathini

While r15 is clobbered always with PPC_FTRACE_OUT_OF_LINE, it is not restored in livepatch sequence leading to not so obvious fails like below: BUG: Unable to handle kernel data access on write at 0xc0000000000f9078 Faulting instruction address: 0xc0000000018ff958 Oops: Kernel access of bad area, sig: 11 [#1] ... NIP: c0000000018ff958 LR: c0000000018ff930 CTR: c0000000009c0790 REGS: c00000005f2e7790 TRAP: 0300 Tainted: G K (6.14.0+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 2822880b XER: 20040000 CFAR: c0000000008addc0 DAR: c0000000000f9078 DSISR: 0a000000 IRQMASK: 1 GPR00: c0000000018f2584 c00000005f2e7a30 c00000000280a900 c000000017ffa488 GPR04: 0000000000000008 0000000000000000 c0000000018f24fc 000000000000000d GPR08: fffffffffffe0000 000000000000000d 0000000000000000 0000000000008000 GPR12: c0000000009c0790 c000000017ffa480 c00000005f2e7c78 c0000000000f9070 GPR16: c00000005f2e7c90 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 c00000005f3efa80 c00000005f2e7c60 c00000005f2e7c88 GPR24: c00000005f2e7c60 0000000000000001 c0000000000f9078 0000000000000000 GPR28: 00007fff97960000 c000000017ffa480 0000000000000000 c0000000000f9078 ... Call Trace: check_heap_object+0x34/0x390 (unreliable) __mutex_unlock_slowpath.isra.0+0xe4/0x230 seq_read_iter+0x430/0xa90 proc_reg_read_iter+0xa4/0x200 vfs_read+0x41c/0x510 ksys_read+0xa4/0x190 system_call_exception+0x1d0/0x440 system_call_vectored_common+0x15c/0x2ec Fix it by restoring r15 always. Fixes: eec37961a56a ("powerpc64/ftrace: Move ftrace sequence out of line") Reported-by: Viktor Malik <vmalik(a)redhat.com> Closes: https://lore.kernel.org/lkml/1aec4a9a-a30b-43fd-b303-7a351caeccb7@redhat.com Cc: stable(a)vger.kernel.org # v6.13+ Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- arch/powerpc/kernel/trace/ftrace_entry.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/trace/ftrace_entry.S b/arch/powerpc/kernel/trace/ftrace_entry.S index 2c1b24100eca..3565c67fc638 100644 --- a/arch/powerpc/kernel/trace/ftrace_entry.S +++ b/arch/powerpc/kernel/trace/ftrace_entry.S @@ -212,10 +212,10 @@ bne- 1f mr r3, r15 +1: mtlr r3 .if \allregs == 0 REST_GPR(15, r1) .endif -1: mtlr r3 #endif /* Restore gprs */ -- 2.49.0

5 months, 3 weeks

4
3
0 0

[PATCH 6.1 6.6 6.12 6.13] scripts/sorttable: fix ELF64 mcount_loc address parsing when compiling on 32-bit

by Sahil Gupta

The ftrace __mcount_loc buildtime sort does not work properly when the host is 32-bit and the target is 64-bit. sorttable parses the start and stop addresses by calling strtoul on the buffer holding the hexadecimal string. Since the target is 64-bit but unsigned long on 32-bit machines is 32 bits, strtoul, and by extension the start and stop addresses, can max out to 2^32 - 1. This patch adds a new macro, parse_addr, that corresponds to a strtoul or strtoull call based on whether you are operating on a 32-bit ELF or a 64-bit ELF. This way, the correct width is guaranteed whether or not the host is 32-bit. This should cleanly apply on all of the 6.x stable kernels. Manually verified that the __mcount_loc section is sorted by parsing the ELF and verified tests corresponding to CONFIG_FTRACE_SORT_STARTUP_TEST for kernels built on a 32-bit and a 64-bit host. Signed-off-by: Sahil Gupta <s.gupta(a)arista.com> --- scripts/sorttable.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/sorttable.h b/scripts/sorttable.h index 7bd0184380d3..9ed7acca9f30 100644 --- a/scripts/sorttable.h +++ b/scripts/sorttable.h @@ -40,6 +40,7 @@ #undef uint_t #undef _r #undef _w +#undef parse_addr #ifdef SORTTABLE_64 # define extable_ent_size 16 @@ -65,6 +66,7 @@ # define uint_t uint64_t # define _r r8 # define _w w8 +# define parse_addr(buf) strtoull(buf, NULL, 16) #else # define extable_ent_size 8 # define compare_extable compare_extable_32 @@ -89,6 +91,7 @@ # define uint_t uint32_t # define _r r # define _w w +# define parse_addr(buf) strtoul(buf, NULL, 16) #endif #if defined(SORTTABLE_64) && defined(UNWINDER_ORC_ENABLED) @@ -246,13 +249,13 @@ static void get_mcount_loc(uint_t *_start, uint_t *_stop) len = strlen(start_buff); start_buff[len - 1] = '\0'; } - *_start = strtoul(start_buff, NULL, 16); + *_start = parse_addr(start_buff); while (fgets(stop_buff, sizeof(stop_buff), file_stop) != NULL) { len = strlen(stop_buff); stop_buff[len - 1] = '\0'; } - *_stop = strtoul(stop_buff, NULL, 16); + *_stop = parse_addr(stop_buff); pclose(file_start); pclose(file_stop); -- 2.47.0

5 months, 3 weeks

4
8
0 0

[PATCH v2] drm/v3d: Add job to pending list if the reset was skipped

by Maíra Canal

When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically freed through `free_job()`. Consequently, when we skip the reset and keep the job running, the job won't be freed when it finally completes. This situation leads to a memory leak, as exposed in [1] and [2]. Similarly to commit 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active"), this patch ensures the job is put back on the pending list when extending the timeout. Cc: stable(a)vger.kernel.org # 6.0 Reported-by: Daivik Bhatia <dtgs1208(a)gmail.com> Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/12227 [1] Closes: https://github.com/raspberrypi/linux/issues/6817 [2] Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com> --- Hi, While we typically strive to avoid exposing the scheduler's internals within the drivers, I'm proposing this fix as an interim solution. I'm aware that a comprehensive fix will need some adjustments on the DRM sched side, and I plan to address that soon. However, it would be hard to justify the backport of such patches to the stable branches and this issue is affecting users in the moment. Therefore, I'd like to push this patch to drm-misc-fixes in order to address this leak as soon as possible, while working in a more generic solution. Best Regards, - Maíra v1 -> v2: https://lore.kernel.org/dri-devel/20250427202907.94415-2-mcanal@igalia.com/ - Protect the pending list by using its spinlock. - Add the URL of another downstream issue related to this patch. drivers/gpu/drm/v3d/v3d_sched.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index b3be08b0ca91..c612363181df 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -734,11 +734,16 @@ v3d_gpu_reset_for_timeout(struct v3d_dev *v3d, struct drm_sched_job *sched_job) return DRM_GPU_SCHED_STAT_NOMINAL; } -/* If the current address or return address have changed, then the GPU - * has probably made progress and we should delay the reset. This - * could fail if the GPU got in an infinite loop in the CL, but that - * is pretty unlikely outside of an i-g-t testcase. - */ +static void +v3d_sched_skip_reset(struct drm_sched_job *sched_job) +{ + struct drm_gpu_scheduler *sched = sched_job->sched; + + spin_lock(&sched->job_list_lock); + list_add(&sched_job->list, &sched->pending_list); + spin_unlock(&sched->job_list_lock); +} + static enum drm_gpu_sched_stat v3d_cl_job_timedout(struct drm_sched_job *sched_job, enum v3d_queue q, u32 *timedout_ctca, u32 *timedout_ctra) @@ -748,9 +753,16 @@ v3d_cl_job_timedout(struct drm_sched_job *sched_job, enum v3d_queue q, u32 ctca = V3D_CORE_READ(0, V3D_CLE_CTNCA(q)); u32 ctra = V3D_CORE_READ(0, V3D_CLE_CTNRA(q)); + /* If the current address or return address have changed, then the GPU + * has probably made progress and we should delay the reset. This + * could fail if the GPU got in an infinite loop in the CL, but that + * is pretty unlikely outside of an i-g-t testcase. + */ if (*timedout_ctca != ctca || *timedout_ctra != ctra) { *timedout_ctca = ctca; *timedout_ctra = ctra; + + v3d_sched_skip_reset(sched_job); return DRM_GPU_SCHED_STAT_NOMINAL; } @@ -790,11 +802,13 @@ v3d_csd_job_timedout(struct drm_sched_job *sched_job) struct v3d_dev *v3d = job->base.v3d; u32 batches = V3D_CORE_READ(0, V3D_CSD_CURRENT_CFG4(v3d->ver)); - /* If we've made progress, skip reset and let the timer get - * rearmed. + /* If we've made progress, skip reset, add the job to the pending + * list, and let the timer get rearmed. */ if (job->timedout_batches != batches) { job->timedout_batches = batches; + + v3d_sched_skip_reset(sched_job); return DRM_GPU_SCHED_STAT_NOMINAL; } -- 2.49.0

5 months, 4 weeks

2
2
0 0

[PATCH v3] x86/sev: Fix making shared pages private during kdump

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> When the shared pages are being made private during kdump preparation there are additional checks to handle shared GHCB pages. These additional checks include handling the case of GHCB page being contained within a huge page. While handling the case of GHCB page contained within a huge page any shared page just below the GHCB page gets skipped from being transitioned back to private during kdump preparation. This subsequently causes a 0x404 #VC exception when this skipped shared page is accessed later while dumping guest memory during vmcore generation via kdump. Split the initial check for skipping the GHCB page into the page being skipped fully containing the GHCB and GHCB being contained within a huge page. Also ensure that the skipped huge page containing the GHCB page is transitioned back to private later when changing GHCBs to private at end of kdump preparation. Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: stable(a)vger.kernel.org Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- arch/x86/coco/sev/core.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index d35fec7b164a..1f53383bd1fa 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1019,7 +1019,13 @@ static void unshare_all_memory(void) data = per_cpu(runtime_data, cpu); ghcb = (unsigned long)&data->ghcb_page; - if (addr <= ghcb && ghcb <= addr + size) { + /* Handle the case of a huge page containing the GHCB page */ + if (level == PG_LEVEL_4K && addr == ghcb) { + skipped_addr = true; + break; + } + if (level > PG_LEVEL_4K && addr <= ghcb && + ghcb < addr + size) { skipped_addr = true; break; } @@ -1131,8 +1137,8 @@ static void shutdown_all_aps(void) void snp_kexec_finish(void) { struct sev_es_runtime_data *data; + unsigned long size, mask; unsigned int level, cpu; - unsigned long size; struct ghcb *ghcb; pte_t *pte; @@ -1160,6 +1166,10 @@ void snp_kexec_finish(void) ghcb = &data->ghcb_page; pte = lookup_address((unsigned long)ghcb, &level); size = page_level_size(level); + mask = page_level_mask(level); + /* Handle the case of a huge page containing the GHCB page */ + if (level > PG_LEVEL_4K) + ghcb = (struct ghcb *)((unsigned long)ghcb & mask); set_pte_enc(pte, level, (void *)ghcb); snp_set_memory_private((unsigned long)ghcb, (size / PAGE_SIZE)); } -- 2.34.1

5 months, 4 weeks

4
4
0 0

[PATCH v4] x86/sev: Don't touch VMSA pages during kdump of SNP guest memory

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> When kdump is running makedumpfile to generate vmcore and dumping SNP guest memory it touches the VMSA page of the vCPU executing kdump which then results in unrecoverable #NPF/RMP faults as the VMSA page is marked busy/in-use when the vCPU is running and subsequently causes guest softlockup/hang. Additionally other APs may be halted in guest mode and their VMSA pages are marked busy and touching these VMSA pages during guest memory dump will also cause #NPF. Issue AP_DESTROY GHCB calls on other APs to ensure they are kicked out of guest mode and then clear the VMSA bit on their VMSA pages. If the vCPU running kdump is an AP, mark it's VMSA page as offline to ensure that makedumpfile excludes that page while dumping guest memory. Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Reviewed-by: Pankaj Gupta <pankaj.gupta(a)amd.com> Cc: stable(a)vger.kernel.org Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- arch/x86/coco/sev/core.c | 244 +++++++++++++++++++++++++-------------- 1 file changed, 158 insertions(+), 86 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index dcfaa698d6cf..d35fec7b164a 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -877,6 +877,102 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t end) set_pages_state(vaddr, npages, SNP_PAGE_STATE_PRIVATE); } +static int vmgexit_ap_control(u64 event, struct sev_es_save_area *vmsa, u32 apic_id) +{ + bool create = event == SVM_VMGEXIT_AP_CREATE; + struct ghcb_state state; + unsigned long flags; + struct ghcb *ghcb; + int ret = 0; + + local_irq_save(flags); + + ghcb = __sev_get_ghcb(&state); + + vc_ghcb_invalidate(ghcb); + + if (create) + ghcb_set_rax(ghcb, vmsa->sev_features); + + ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_AP_CREATION); + ghcb_set_sw_exit_info_1(ghcb, + ((u64)apic_id << 32) | + ((u64)snp_vmpl << 16) | + event); + ghcb_set_sw_exit_info_2(ghcb, __pa(vmsa)); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + VMGEXIT(); + + if (!ghcb_sw_exit_info_1_is_valid(ghcb) || + lower_32_bits(ghcb->save.sw_exit_info_1)) { + pr_err("SNP AP %s error\n", (create ? "CREATE" : "DESTROY")); + ret = -EINVAL; + } + + __sev_put_ghcb(&state); + + local_irq_restore(flags); + + return ret; +} + +static int snp_set_vmsa(void *va, void *caa, int apic_id, bool make_vmsa) +{ + int ret; + + if (snp_vmpl) { + struct svsm_call call = {}; + unsigned long flags; + + local_irq_save(flags); + + call.caa = this_cpu_read(svsm_caa); + call.rcx = __pa(va); + + if (make_vmsa) { + /* Protocol 0, Call ID 2 */ + call.rax = SVSM_CORE_CALL(SVSM_CORE_CREATE_VCPU); + call.rdx = __pa(caa); + call.r8 = apic_id; + } else { + /* Protocol 0, Call ID 3 */ + call.rax = SVSM_CORE_CALL(SVSM_CORE_DELETE_VCPU); + } + + ret = svsm_perform_call_protocol(&call); + + local_irq_restore(flags); + } else { + /* + * If the kernel runs at VMPL0, it can change the VMSA + * bit for a page using the RMPADJUST instruction. + * However, for the instruction to succeed it must + * target the permissions of a lesser privileged (higher + * numbered) VMPL level, so use VMPL1. + */ + u64 attrs = 1; + + if (make_vmsa) + attrs |= RMPADJUST_VMSA_PAGE_BIT; + + ret = rmpadjust((unsigned long)va, RMP_PG_SIZE_4K, attrs); + } + + return ret; +} + +static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa, int apic_id) +{ + int err; + + err = snp_set_vmsa(vmsa, NULL, apic_id, false); + if (err) + pr_err("clear VMSA page failed (%u), leaking page\n", err); + else + free_page((unsigned long)vmsa); +} + static void set_pte_enc(pte_t *kpte, int level, void *va) { struct pte_enc_desc d = { @@ -973,6 +1069,65 @@ void snp_kexec_begin(void) pr_warn("Failed to stop shared<->private conversions\n"); } +/* + * Shutdown all APs except the one handling kexec/kdump and clearing + * the VMSA tag on AP's VMSA pages as they are not being used as + * VMSA page anymore. + */ +static void shutdown_all_aps(void) +{ + struct sev_es_save_area *vmsa; + int apic_id, this_cpu, cpu; + + this_cpu = get_cpu(); + + /* + * APs are already in HLT loop when enc_kexec_finish() callback + * is invoked. + */ + for_each_present_cpu(cpu) { + vmsa = per_cpu(sev_vmsa, cpu); + + /* + * The BSP or offlined APs do not have guest allocated VMSA + * and there is no need to clear the VMSA tag for this page. + */ + if (!vmsa) + continue; + + /* + * Cannot clear the VMSA tag for the currently running vCPU. + */ + if (this_cpu == cpu) { + unsigned long pa; + struct page *p; + + pa = __pa(vmsa); + /* + * Mark the VMSA page of the running vCPU as offline + * so that is excluded and not touched by makedumpfile + * while generating vmcore during kdump. + */ + p = pfn_to_online_page(pa >> PAGE_SHIFT); + if (p) + __SetPageOffline(p); + continue; + } + + apic_id = cpuid_to_apicid[cpu]; + + /* + * Issue AP destroy to ensure AP gets kicked out of guest mode + * to allow using RMPADJUST to remove the VMSA tag on it's + * VMSA page. + */ + vmgexit_ap_control(SVM_VMGEXIT_AP_DESTROY, vmsa, apic_id); + snp_cleanup_vmsa(vmsa, apic_id); + } + + put_cpu(); +} + void snp_kexec_finish(void) { struct sev_es_runtime_data *data; @@ -987,6 +1142,8 @@ void snp_kexec_finish(void) if (!IS_ENABLED(CONFIG_KEXEC_CORE)) return; + shutdown_all_aps(); + unshare_all_memory(); /* @@ -1008,51 +1165,6 @@ void snp_kexec_finish(void) } } -static int snp_set_vmsa(void *va, void *caa, int apic_id, bool make_vmsa) -{ - int ret; - - if (snp_vmpl) { - struct svsm_call call = {}; - unsigned long flags; - - local_irq_save(flags); - - call.caa = this_cpu_read(svsm_caa); - call.rcx = __pa(va); - - if (make_vmsa) { - /* Protocol 0, Call ID 2 */ - call.rax = SVSM_CORE_CALL(SVSM_CORE_CREATE_VCPU); - call.rdx = __pa(caa); - call.r8 = apic_id; - } else { - /* Protocol 0, Call ID 3 */ - call.rax = SVSM_CORE_CALL(SVSM_CORE_DELETE_VCPU); - } - - ret = svsm_perform_call_protocol(&call); - - local_irq_restore(flags); - } else { - /* - * If the kernel runs at VMPL0, it can change the VMSA - * bit for a page using the RMPADJUST instruction. - * However, for the instruction to succeed it must - * target the permissions of a lesser privileged (higher - * numbered) VMPL level, so use VMPL1. - */ - u64 attrs = 1; - - if (make_vmsa) - attrs |= RMPADJUST_VMSA_PAGE_BIT; - - ret = rmpadjust((unsigned long)va, RMP_PG_SIZE_4K, attrs); - } - - return ret; -} - #define __ATTR_BASE (SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK) #define INIT_CS_ATTRIBS (__ATTR_BASE | SVM_SELECTOR_READ_MASK | SVM_SELECTOR_CODE_MASK) #define INIT_DS_ATTRIBS (__ATTR_BASE | SVM_SELECTOR_WRITE_MASK) @@ -1084,24 +1196,10 @@ static void *snp_alloc_vmsa_page(int cpu) return page_address(p + 1); } -static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa, int apic_id) -{ - int err; - - err = snp_set_vmsa(vmsa, NULL, apic_id, false); - if (err) - pr_err("clear VMSA page failed (%u), leaking page\n", err); - else - free_page((unsigned long)vmsa); -} - static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) { struct sev_es_save_area *cur_vmsa, *vmsa; - struct ghcb_state state; struct svsm_ca *caa; - unsigned long flags; - struct ghcb *ghcb; u8 sipi_vector; int cpu, ret; u64 cr4; @@ -1215,33 +1313,7 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) } /* Issue VMGEXIT AP Creation NAE event */ - local_irq_save(flags); - - ghcb = __sev_get_ghcb(&state); - - vc_ghcb_invalidate(ghcb); - ghcb_set_rax(ghcb, vmsa->sev_features); - ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_AP_CREATION); - ghcb_set_sw_exit_info_1(ghcb, - ((u64)apic_id << 32) | - ((u64)snp_vmpl << 16) | - SVM_VMGEXIT_AP_CREATE); - ghcb_set_sw_exit_info_2(ghcb, __pa(vmsa)); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - VMGEXIT(); - - if (!ghcb_sw_exit_info_1_is_valid(ghcb) || - lower_32_bits(ghcb->save.sw_exit_info_1)) { - pr_err("SNP AP Creation error\n"); - ret = -EINVAL; - } - - __sev_put_ghcb(&state); - - local_irq_restore(flags); - - /* Perform cleanup if there was an error */ + ret = vmgexit_ap_control(SVM_VMGEXIT_AP_CREATE, vmsa, apic_id); if (ret) { snp_cleanup_vmsa(vmsa, apic_id); vmsa = NULL; -- 2.34.1

5 months, 4 weeks

3
2
0 0

[PATCH 6.12 000/280] 6.12.26-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.26 release. There are 280 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 May 2025 16:10:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.26-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.26-rc1 Christoph Hellwig <hch(a)lst.de> mq-deadline: don't call req_get_ioprio from the I/O completion handler Keerthy <j-keerthy(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size Herbert Xu <herbert(a)gondor.apana.org.au> crypto: Kconfig - Select LIB generic option Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: class: Unlocked on error in typec_register_partner() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings, part 2 Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Ignore end-of-section jumps for KCOV/GCOV Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix Short Packet handling rework ignoring errors Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Dan Carpenter <dan.carpenter(a)linaro.org> media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lib/Kconfig - Hide arch options from user Robin Murphy <robin.murphy(a)arm.com> iommu: Handle race with default domain setup Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable STU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Marek Behún <kabel(a)kernel.org> Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family" Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: class: Invalidate USB device pointers on partner unregistration Baokun Li <libaokun1(a)huawei.com> ext4: goto right label 'out_mmap_sem' in ext4_setattr() Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer Daniel Borkmann <daniel(a)iogearbox.net> vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: class: Fix NULL pointer access Shigeru Yoshida <syoshida(a)redhat.com> selftests/bpf: Adjust data size to have ETH_HLEN Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: check program redirect in xdp_cpumap_attach Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: make xdp_cpumap_attach keep redirect prog attached Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: fix bpf_map_redirect call for cpu map test Christoph Hellwig <hch(a)lst.de> xfs: flush inodegc before swapon Christoph Hellwig <hch(a)lst.de> xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate Carlos Maiolino <cem(a)kernel.org> xfs: Do not allow norecovery mount with quotacheck Lukas Herbolt <lukas(a)herbolt.com> xfs: do not check NEEDSREPAIR if ro,norecovery mount. Dmitry Torokhov <dmitry.torokhov(a)gmail.com> driver core: fix potential NULL pointer dereference in dev_uevent() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> driver core: introduce device_set_driver() helper Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Revert "drivers: core: synchronize really_probe() and dev_uevent()" Tamura Dai <kirinode0(a)gmail.com> spi: spi-imx: Add check for spi_imx_setupxfer() Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Use the right function for hdp flush Christian König <christian.koenig(a)amd.com> drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Pi Xiange <xiange.pi(a)intel.com> x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores Mostafa Saleh <smostafa(a)google.com> ubsan: Fix panic from test_ubsan_out_of_bounds Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: add rate limiting and simplify timeout error message Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" Andrew Jones <ajones(a)ventanamicro.com> riscv: Provide all alternative macros all the time Gou Hao <gouhao(a)uniontech.com> iomap: skip unnecessary ifs_block_is_uptodate check Song Liu <song(a)kernel.org> netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS Fernando Fernandez Mancera <ffmancera(a)riseup.net> x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc_dma: get codec or cpu dai from backend Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Move phy calls to .exit() callback Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Robin Murphy <robin.murphy(a)arm.com> iommu: Clear iommu-dma ops on cleanup Pali Rohár <pali(a)kernel.org> cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> timekeeping: Add a lockdep override in tick_freeze() Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode Daniel Wagner <wagi(a)kernel.org> nvmet-fc: put ref when assoc->del_work is already scheduled Daniel Wagner <wagi(a)kernel.org> nvmet-fc: take tgtport reference only once Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on context switch with eIBRS Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: disable CPU idle and frequency drivers for PVH dom0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Uday Shankar <ushankar(a)purestorage.com> nvme: multipath: fix return value of nvme_available_path Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Julia Filipchuk <julia.filipchuk(a)intel.com> drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 Jay Cornwall <jay.cornwall(a)amd.com> drm/amdgpu: Increase KIQ invalidate_tlbs timeout Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Mario Limonciello <mario.limonciello(a)amd.com> ACPI: EC: Set ec_no_wakeup for Lenovo Go S Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Jason Andryuk <jason.andryuk(a)amd.com> xen: Change xen-acpi-processor dom0 dependency Gabriel Shahrouzi <gshahrouzi(a)gmail.com> perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Waiman Long <longman(a)redhat.com> cgroup/cpuset: Don't allow creation of local partition over a remote one Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through debug printing Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Xi Ruoyao <xry111(a)xry111.site> kbuild: add dependency from vmlinux to sorttable Pavel Begunkov <asml.silence(a)gmail.com> io_uring: always do atomic put from iowq Lukas Stockmann <lukas.stockmann(a)siemens.com> rtc: pcf85063: do a SW reset if POR failed Ignacio Encinas <ignacio(a)iencinas.com> 9p/trans_fd: mark concurrent read and writes to p9_conn->err Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix improper handling of bogus negative read/write replies Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> ntb_hw_amd: Add NTB PCI ID for new gen CPU Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, lkdtm: Obfuscate the do_nothing() pointer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, panic: Disable SMAP in __stack_chk_fail() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings Benjamin Berg <benjamin.berg(a)intel.com> um: work around sched_yield not yielding in time-travel mode Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Scan retimers after device router has been enumerated Théo Lebrun <theo.lebrun(a)bootlin.com> usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Andy Yan <andy.yan(a)rock-chips.com> phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Add support for Nuvoton npcm845 i3c Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Handle spurious events on Etron host isoc enpoints Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix isochronous Ring Underrun/Overrun event handling Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Complete 'error mid TD' transfers when handling Missed Service John Stultz <jstultz(a)google.com> sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Refactor loop to avoid NULL endpoints Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Keep write operations atomic Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Always clear the platform ack interrupt first Huisong Li <lihuisong(a)huawei.com> mailbox: pcc: Fix the possible race in updation of chan_in_use flag Yafang Shao <laoar.shao(a)gmail.com> bpf: Reject attaching fexit/fmod_ret to __noreturn functions Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage Sewon Nam <swnam0729(a)gmail.com> bpf: bpftool: Setting error code in do_loader() Haoxiang Li <haoxiang_li2024(a)163.com> s390/tty: Fix a potential memory leak bug Haoxiang Li <haoxiang_li2024(a)163.com> s390/sclp: Add check for get_zeroed_page() Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Yonghong Song <yonghong.song(a)linux.dev> bpf: Fix kmemleak warning for percpu hashmap Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lib/Kconfig - Fix lib built-in failure when arch is modular Devaraj Rangasamy <Devaraj.Rangasamy(a)amd.com> crypto: ccp - Add support for PCI device 0x1134 Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Dmitry Mastykin <mastichi(a)gmail.com> pinctrl: mcp23s08: Get rid of spurious level interrupts Chenyuan Yang <chenyuan0y(a)gmail.com> pinctrl: renesas: rza2: Fix potential NULL pointer dereference Amery Hung <ameryhung(a)gmail.com> selftests/bpf: Fix stdout race condition in traffic monitor Oliver Neukum <oneukum(a)suse.com> USB: wdm: add annotation Oliver Neukum <oneukum(a)suse.com> USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context Oliver Neukum <oneukum(a)suse.com> USB: wdm: close race between wdm_open and wdm_wwan_port_stop Oliver Neukum <oneukum(a)suse.com> USB: wdm: handle IO errors in wdm_wwan_port_start Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Mike Looijmans <mike.looijmans(a)topic.nl> usb: dwc3: xilinx: Prevent spike in reset signal Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)kernel.org> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix usbmisc handling Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix invalid pointer dereference in Etron workaround Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Limit time spent with xHC interrupts disabled during bus resume Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Günther Noack <gnoack3000(a)gmail.com> tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT Mahesh Rao <mahesh.rao(a)intel.com> firmware: stratix10-svc: Add of_platform_default_populate() Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: register chrdev region with all possible minors Sean Christopherson <seanjc(a)google.com> KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly treat routing entry type changes as changes Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Fix fortify-panic caused by invalid counted_by() use Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Damien Le Moal <dlemoal(a)kernel.org> scsi: Improve CDL control Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_msense_control_ata_feature() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Improve CDL control Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Smita Koralahalli <Smita.KoralahalliChannabasappa(a)amd.com> cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Jens Axboe <axboe(a)kernel.dk> io_uring: fix 'sync' handling of io_fallback_tw() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fully clear some CSRs when VM reboot Petr Tesarik <ptesarik(a)suse.com> LoongArch: Remove a bogus reference to ZONE_DMA Ming Wang <wangming01(a)loongson.cn> LoongArch: Return NULL from huge_pte_offset() for invalid PMD Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Handle fp, lsx, lasx and lbt assembly symbols Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/insn: Fix CTEST instruction decoding Roman Li <Roman.Li(a)amd.com> drm/amd/display: Force full update in gpu reset Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix gpu reset in multidisplay config Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da: fix reset signal polarity in unprepare Christian Schrefl <chrisi.schrefl(a)gmail.com> rust: firmware: Use `ffi::c_char` type in `FwFunc` Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix pending I/O counter Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: selftests: initialize TCP header and skb payload with zero Alexey Nepomnyashih <sdl(a)nppct.ru> xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Breno Leitao <leitao(a)debian.org> sched_ext: Use kvzalloc for large exit_dump allocation Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Florian Westphal <fw(a)strlen.de> netfilter: fib: avoid lookup if socket is available Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make do_xyz() exception handlers more robust Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make regs_irqs_disabled() more clear Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Select ARCH_USE_MEMTEST Luo Gengkun <luogengkun(a)huaweicloud.com> perf/x86: Fix non-sampling (counting) events on certain x86 platforms Alexei Starovoitov <ast(a)kernel.org> bpf: Add namespace to BPF internal symbols T.J. Mercier <tjmercier(a)google.com> splice: remove duplicate noinline from pipe_clear_nowait Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Björn Töpel <bjorn(a)rivosinc.com> riscv: Replace function-like macro by static inline function Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Christoph Hellwig <hch(a)lst.de> block: never reduce ra_pages in blk_apply_bdi_limits Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make wait_context part of q_info Brett Creeley <brett.creeley(a)amd.com> pds_core: Remove unnecessary check in pds_client_adminq_cmd() Brett Creeley <brett.creeley(a)amd.com> pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result Brett Creeley <brett.creeley(a)amd.com> pds_core: Prevent possible adminq overflow/stuck condition Daniel Golle <daniel(a)makrotopia.org> net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Al Viro <viro(a)zeniv.linux.org.uk> fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: disable BHs when required Chenyuan Yang <chenyuan0y(a)gmail.com> scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Anastasia Kovaleva <a.kovaleva(a)yadro.com> scsi: core: Clear flags for scsi_cmnd that did not complete Henry Martin <bsdhenrymartin(a)gmail.com> net/mlx5: Move ttc allocation after switch case to prevent leaks Henry Martin <bsdhenrymartin(a)gmail.com> net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: Fix vhost_scsi_send_status() Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: Fix vhost_scsi_send_bad_target() Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Add better resource allocation failure handling T.J. Mercier <tjmercier(a)google.com> cgroup/cpuset-v1: Add missing support for cpuset_v2_mode Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: return EIO on RAID1 block group write pointer mismatch Qu Wenruo <wqu(a)suse.com> btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Johan Hovold <johan+linaro(a)kernel.org> cpufreq: fix compile-test defaults Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> cpufreq: Do not enable by default during compile testing Marc Zyngier <maz(a)kernel.org> cpufreq: cppc: Fix invalid return value in .get() callback Chenyuan Yang <chenyuan0y(a)gmail.com> scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Andre Przywara <andre.przywara(a)arm.com> cpufreq: sun50i: prevent out-of-bounds access David Howells <dhowells(a)redhat.com> ceph: Fix incorrect flush end position calculation Nathan Chancellor <nathan(a)kernel.org> lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display/dml2: use vzalloc rather than kzalloc Rohit Chavan <roheetchavan(a)gmail.com> drm/amd/display: Fix unnecessary cast warnings from checkpatch Matt Roper <matthew.d.roper(a)intel.com> drm/xe/bmg: Add one additional PCI ID Jonathan Currier <dullfire(a)yahoo.com> net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Move UFS shareability value to drvdata Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: exynos: Remove superfluous function parameter Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: exynos: Remove empty drv_init method Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in __smb2_lease_break_noti() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add netdev-up/down event debug print Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use __GFP_RETRY_MAYFAIL Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Fix the NPU's DPU frequency calculation Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Add auto selection logic for job scheduler Jonathan Currier <dullfire(a)yahoo.com> PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends Roger Pau Monne <roger.pau(a)citrix.com> PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Support mmap() of PCI resources except for ISM devices Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Report PCI error recovery results via SCLP Niklas Schnelle <schnelle(a)linux.ibm.com> s390/sclp: Allow user-space to provide PCI reports for optical modules Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Zijun Hu <quic_zijuhu(a)quicinc.com> of: resolver: Fix device node refcount leakage in of_resolve_phandles() Rob Herring (Arm) <robh(a)kernel.org> of: resolver: Simplify of_resolve_phandles() using __free() Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks Manorit Chawdhry <m-chawdhry(a)ti.com> arm64: dts: ti: Refactor J784s4 SoC files to a common file Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Ming Lei <ming.lei(a)redhat.com> block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone Christoph Hellwig <hch(a)lst.de> block: remove the ioprio field from struct request Christoph Hellwig <hch(a)lst.de> block: remove the write_hint field from struct request Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Add missing ov08x40_identify_module() call on stream-start Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Move ov08x40_identify_module() function up André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Fix link frequency validation André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Check number of lanes from device tree André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Replace register addresses with macros André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Convert to CCI register access helpers André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Simplify with dev_err_probe() André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Use subdev active state Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: EM: Address RCU-related sparse warnings Li RongQing <lirongqing(a)baidu.com> PM: EM: use kfree_rcu() to simplify the code Tudor Ambarus <tudor.ambarus(a)linaro.org> mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get Tudor Ambarus <tudor.ambarus(a)linaro.org> soc: qcom: ice: introduce devm_of_qcom_ice_get Jinjiang Tu <tujinjiang(a)huawei.com> mm/vmscan: don't try to reclaim hwpoison folio Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Steven Rostedt <rostedt(a)goodmis.org> tracing: Add __print_dynamic_array() helper Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default ------------- Diffstat: Documentation/bpf/bpf_devel_QA.rst | 8 + Makefile | 4 +- arch/arm/crypto/Kconfig | 10 +- .../arm64/boot/dts/ti/k3-j784s4-j742s2-common.dtsi | 148 ++ .../boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 2673 +++++++++++++++++++ ...tsi => k3-j784s4-j742s2-mcu-wakeup-common.dtsi} | 2 +- ...l.dtsi => k3-j784s4-j742s2-thermal-common.dtsi} | 0 arch/arm64/boot/dts/ti/k3-j784s4-main.dtsi | 2705 +------------------- arch/arm64/boot/dts/ti/k3-j784s4.dtsi | 133 +- arch/arm64/crypto/Kconfig | 6 +- arch/loongarch/Kconfig | 1 + arch/loongarch/include/asm/fpu.h | 33 +- arch/loongarch/include/asm/lbt.h | 10 +- arch/loongarch/include/asm/ptrace.h | 4 +- arch/loongarch/kernel/fpu.S | 6 + arch/loongarch/kernel/lbt.S | 4 + arch/loongarch/kernel/signal.c | 21 - arch/loongarch/kernel/traps.c | 20 +- arch/loongarch/kvm/vcpu.c | 8 + arch/loongarch/mm/hugetlbpage.c | 2 +- arch/loongarch/mm/init.c | 3 - arch/mips/crypto/Kconfig | 7 +- arch/mips/include/asm/mips-cm.h | 22 + arch/mips/kernel/mips-cm.c | 14 + arch/parisc/kernel/pdt.c | 2 + arch/powerpc/crypto/Kconfig | 7 +- arch/riscv/crypto/Kconfig | 1 - arch/riscv/include/asm/alternative-macros.h | 21 +- arch/riscv/include/asm/cacheflush.h | 15 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/s390/Kconfig | 4 +- arch/s390/crypto/Kconfig | 3 +- arch/s390/include/asm/pci.h | 3 + arch/s390/include/asm/sclp.h | 33 + arch/s390/kvm/intercept.c | 2 +- arch/s390/kvm/interrupt.c | 8 +- arch/s390/kvm/kvm-s390.c | 10 +- arch/s390/kvm/trace-s390.h | 4 +- arch/s390/pci/Makefile | 2 +- arch/s390/pci/pci_event.c | 21 +- arch/s390/pci/pci_fixup.c | 23 + arch/s390/pci/pci_report.c | 111 + arch/s390/pci/pci_report.h | 16 + arch/um/include/linux/time-internal.h | 2 + arch/um/kernel/skas/syscall.c | 11 + arch/x86/crypto/Kconfig | 11 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/intel-family.h | 2 + arch/x86/kernel/cpu/bugs.c | 36 +- arch/x86/kernel/i8253.c | 3 +- arch/x86/kvm/svm/avic.c | 66 +- arch/x86/kvm/vmx/posted_intr.c | 28 +- arch/x86/kvm/x86.c | 20 +- arch/x86/lib/x86-opcode-map.txt | 4 +- arch/x86/mm/tlb.c | 6 +- arch/x86/pci/xen.c | 8 +- arch/x86/xen/enlighten_pvh.c | 19 +- block/blk-merge.c | 26 +- block/blk-mq.c | 6 +- block/blk-settings.c | 8 +- block/mq-deadline.c | 13 +- crypto/Kconfig | 3 + crypto/crypto_null.c | 37 +- drivers/accel/ivpu/ivpu_drv.c | 10 +- drivers/accel/ivpu/ivpu_drv.h | 2 + drivers/accel/ivpu/ivpu_fw.c | 18 +- drivers/accel/ivpu/ivpu_fw.h | 3 + drivers/accel/ivpu/ivpu_hw.h | 12 +- drivers/accel/ivpu/ivpu_hw_btrs.c | 128 +- drivers/accel/ivpu/ivpu_hw_btrs.h | 6 +- drivers/accel/ivpu/ivpu_job.c | 14 +- drivers/accel/ivpu/ivpu_sysfs.c | 24 + drivers/acpi/ec.c | 28 + drivers/acpi/pptt.c | 4 +- drivers/ata/libata-scsi.c | 25 +- drivers/base/base.h | 17 + drivers/base/bus.c | 2 +- drivers/base/core.c | 38 +- drivers/base/dd.c | 7 +- drivers/char/misc.c | 2 +- drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/comedi/drivers/jr3_pci.c | 2 +- drivers/cpufreq/Kconfig.arm | 20 +- drivers/cpufreq/apple-soc-cpufreq.c | 10 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/scmi-cpufreq.c | 10 +- drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/cpufreq/sun50i-cpufreq-nvmem.c | 18 +- drivers/crypto/atmel-sha204a.c | 6 + drivers/crypto/ccp/sp-pci.c | 1 + drivers/cxl/core/regs.c | 4 - drivers/dma/dmatest.c | 6 +- drivers/firmware/stratix10-svc.c | 14 +- drivers/gpio/gpiolib-of.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 19 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 +- .../drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 11 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 6 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 4 +- drivers/gpu/drm/xe/xe_wa_oob.rules | 2 + drivers/i3c/master/svc-i3c-master.c | 17 +- drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 2 +- drivers/iommu/iommu.c | 8 + drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/mailbox/pcc.c | 15 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/raid1.c | 26 +- drivers/media/i2c/Kconfig | 1 + drivers/media/i2c/imx214.c | 934 ++++--- drivers/media/i2c/ov08x40.c | 78 +- drivers/misc/lkdtm/perms.c | 14 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/misc/mei/vsc-tp.c | 26 +- drivers/mmc/host/sdhci-msm.c | 2 +- drivers/net/dsa/mt7530.c | 6 +- drivers/net/dsa/mv88e6xxx/chip.c | 27 +- drivers/net/ethernet/amd/pds_core/adminq.c | 36 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 3 - drivers/net/ethernet/amd/pds_core/core.c | 9 +- drivers/net/ethernet/amd/pds_core/core.h | 4 +- drivers/net/ethernet/amd/pds_core/devlink.c | 4 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 24 +- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 10 +- .../net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c | 26 +- drivers/net/ethernet/sun/niu.c | 2 + drivers/net/phy/microchip.c | 46 +- drivers/net/phy/phy_led_triggers.c | 23 +- drivers/net/vmxnet3/vmxnet3_xdp.c | 2 +- drivers/net/xen-netfront.c | 19 +- drivers/ntb/hw/amd/ntb_hw_amd.c | 1 + drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +- drivers/nvme/host/core.c | 9 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/fc.c | 25 +- drivers/of/resolver.c | 37 +- drivers/pci/msi/msi.c | 38 +- drivers/phy/rockchip/phy-rockchip-usbdp.c | 1 - drivers/pinctrl/pinctrl-mcp23s08.c | 23 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 3 + drivers/regulator/rk808-regulator.c | 4 +- drivers/rtc/rtc-pcf85063.c | 19 +- drivers/s390/char/sclp.h | 14 - drivers/s390/char/sclp_con.c | 17 + drivers/s390/char/sclp_pci.c | 19 +- drivers/s390/char/sclp_tty.c | 12 + drivers/s390/net/ism_drv.c | 1 - drivers/scsi/hisi_sas/hisi_sas_main.c | 20 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 +- drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi.c | 36 +- drivers/scsi/scsi_lib.c | 6 +- drivers/scsi/sd.c | 6 +- drivers/soc/qcom/ice.c | 48 + drivers/spi/spi-imx.c | 5 +- drivers/spi/spi-tegra210-quad.c | 6 +- drivers/thunderbolt/tb.c | 16 +- drivers/tty/serial/msm_serial.c | 6 + drivers/tty/serial/sifive.c | 6 + drivers/tty/vt/selection.c | 5 +- drivers/ufs/core/ufs-mcq.c | 12 +- drivers/ufs/core/ufshcd.c | 2 + drivers/ufs/host/ufs-exynos.c | 106 +- drivers/ufs/host/ufs-exynos.h | 8 +- drivers/ufs/host/ufs-qcom.c | 2 +- drivers/usb/cdns3/cdns3-gadget.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 44 +- drivers/usb/class/cdc-wdm.c | 21 +- drivers/usb/core/quirks.c | 9 + drivers/usb/dwc3/dwc3-pci.c | 10 + drivers/usb/dwc3/dwc3-xilinx.c | 4 +- drivers/usb/dwc3/gadget.c | 28 +- drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 + drivers/usb/host/xhci-hub.c | 30 +- drivers/usb/host/xhci-mvebu.c | 10 - drivers/usb/host/xhci-mvebu.h | 6 - drivers/usb/host/xhci-plat.c | 2 +- drivers/usb/host/xhci-ring.c | 75 +- drivers/usb/host/xhci.c | 4 +- drivers/usb/host/xhci.h | 4 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/typec/class.c | 24 +- drivers/usb/typec/class.h | 1 + drivers/vhost/scsi.c | 80 +- drivers/xen/Kconfig | 2 +- fs/btrfs/file.c | 9 +- fs/btrfs/zoned.c | 1 - fs/ceph/inode.c | 2 +- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 9 +- fs/iomap/buffered-io.c | 2 +- fs/namespace.c | 69 +- fs/netfs/main.c | 4 + fs/ntfs3/file.c | 20 +- fs/smb/client/sess.c | 60 +- fs/smb/client/smb1ops.c | 36 + fs/smb/server/asn1.c | 6 +- fs/smb/server/auth.c | 19 +- fs/smb/server/connection.c | 8 +- fs/smb/server/crypto_ctx.c | 6 +- fs/smb/server/glob.h | 2 + fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/ksmbd_work.c | 10 +- fs/smb/server/mgmt/ksmbd_ida.c | 11 +- fs/smb/server/mgmt/share_config.c | 10 +- fs/smb/server/mgmt/tree_connect.c | 5 +- fs/smb/server/mgmt/user_config.c | 8 +- fs/smb/server/mgmt/user_session.c | 10 +- fs/smb/server/misc.c | 11 +- fs/smb/server/ndr.c | 10 +- fs/smb/server/oplock.c | 12 +- fs/smb/server/server.c | 4 +- fs/smb/server/server.h | 1 + fs/smb/server/smb2pdu.c | 42 +- fs/smb/server/smb_common.c | 2 +- fs/smb/server/smbacl.c | 23 +- fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/transport_rdma.c | 10 +- fs/smb/server/transport_tcp.c | 93 +- fs/smb/server/transport_tcp.h | 2 + fs/smb/server/unicode.c | 4 +- fs/smb/server/vfs.c | 12 +- fs/smb/server/vfs_cache.c | 18 +- fs/splice.c | 2 +- fs/xfs/xfs_aops.c | 41 +- fs/xfs/xfs_qm_bhv.c | 49 +- fs/xfs/xfs_super.c | 8 +- include/drm/intel/i915_pciids.h | 1 + include/linux/blk-mq.h | 8 +- include/linux/energy_model.h | 12 +- include/linux/msi.h | 3 +- include/linux/pci.h | 2 + include/linux/pci_ids.h | 1 + include/net/netfilter/nft_fib.h | 21 + include/soc/qcom/ice.h | 2 + include/trace/events/block.h | 6 +- include/trace/stages/stage3_trace_output.h | 8 + include/trace/stages/stage7_class_define.h | 1 + include/uapi/drm/ivpu_accel.h | 4 +- init/Kconfig | 2 +- io_uring/io_uring.c | 15 +- io_uring/refs.h | 7 + kernel/bpf/bpf_cgrp_storage.c | 11 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/preload/bpf_preload_kern.c | 1 + kernel/bpf/syscall.c | 6 +- kernel/bpf/verifier.c | 32 + kernel/cgroup/cgroup.c | 29 + kernel/cgroup/cpuset-internal.h | 1 + kernel/cgroup/cpuset.c | 14 + kernel/dma/contiguous.c | 3 +- kernel/events/core.c | 6 +- kernel/irq/msi.c | 2 +- kernel/module/Kconfig | 1 + kernel/panic.c | 6 + kernel/power/energy_model.c | 47 +- kernel/sched/ext.c | 4 +- kernel/time/tick-common.c | 22 + kernel/trace/bpf_trace.c | 7 +- kernel/trace/trace_events.c | 7 + lib/Kconfig.ubsan | 1 - lib/crypto/Kconfig | 37 +- lib/test_ubsan.c | 18 +- mm/vmscan.c | 7 + net/9p/client.c | 30 +- net/9p/trans_fd.c | 17 +- net/core/lwtunnel.c | 26 +- net/core/selftests.c | 18 +- net/ipv4/netfilter/nft_fib_ipv4.c | 11 +- net/ipv6/netfilter/nft_fib_ipv6.c | 19 +- net/sched/sch_hfsc.c | 23 +- net/tipc/monitor.c | 3 +- rust/kernel/firmware.rs | 8 +- samples/trace_events/trace-events-sample.h | 13 +- scripts/Makefile.lib | 2 +- scripts/Makefile.vmlinux | 4 + sound/soc/codecs/wcd934x.c | 2 +- sound/soc/fsl/fsl_asrc_dma.c | 15 +- sound/virtio/virtio_pcm.c | 21 +- tools/arch/x86/lib/x86-opcode-map.txt | 4 +- tools/bpf/bpftool/prog.c | 1 + tools/objtool/check.c | 36 +- tools/testing/selftests/bpf/network_helpers.c | 33 +- .../selftests/bpf/prog_tests/xdp_cpumap_attach.c | 44 +- .../selftests/bpf/prog_tests/xdp_devmap_attach.c | 8 +- .../bpf/progs/test_xdp_with_cpumap_helpers.c | 7 +- tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 + 312 files changed, 6080 insertions(+), 4681 deletions(-)

5 months, 4 weeks

13
293
0 0

[PATCH] fs/eventpoll: fix endless busy loop after timeout has expired

by Max Kellermann

After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future"), the following program would immediately enter a busy loop in the kernel: ``` int main() { int e = epoll_create1(0); struct epoll_event event = {.events = EPOLLIN}; epoll_ctl(e, EPOLL_CTL_ADD, 0, &event); const struct timespec timeout = {.tv_nsec = 1}; epoll_pwait2(e, &event, 1, &timeout, 0); } ``` This happens because the given (non-zero) timeout of 1 nanosecond usually expires before ep_poll() is entered and then ep_schedule_timeout() returns false, but `timed_out` is never set because the code line that sets it is skipped. This quickly turns into a soft lockup, RCU stalls and deadlocks, inflicting severe headaches to the whole system. When the timeout has expired, we don't need to schedule a hrtimer, but we should set the `timed_out` variable. Therefore, I suggest moving the ep_schedule_timeout() check into the `timed_out` expression instead of skipping it. Fixes: 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future") Cc: Joe Damato <jdamato(a)fastly.com> Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/eventpoll.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index 4bc264b854c4..d4dbffdedd08 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -2111,9 +2111,10 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, write_unlock_irq(&ep->lock); - if (!eavail && ep_schedule_timeout(to)) - timed_out = !schedule_hrtimeout_range(to, slack, - HRTIMER_MODE_ABS); + if (!eavail) + timed_out = !ep_schedule_timeout(to) || + !schedule_hrtimeout_range(to, slack, + HRTIMER_MODE_ABS); __set_current_state(TASK_RUNNING); /* -- 2.47.2

5 months, 4 weeks

3
2
0 0

[PATCH 5.10 000/286] 5.10.237-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.237 release. There are 286 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 May 2025 16:10:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.237-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.237-rc1 Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: hfi_parser: Check for instance after hfi platform get Colin Ian King <colin.king(a)canonical.com> media: venus: Fix uninitialized variable count being checked for zero Krzysztof Kozlowski <krzk(a)kernel.org> soc: samsung: exynos-chipid: correct helpers __init annotation Rob Herring <robh(a)kernel.org> PCI: Fix use-after-free in pci_bus_release_domain_nr() Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer David Hildenbrand <david(a)redhat.com> s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)loongson.cn> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Matthew Auld <matthew.auld(a)intel.com> drm/amdgpu/dma_buf: fix page_link check Ramesh Errabolu <Ramesh.Errabolu(a)amd.com> drm/amdgpu: Remove amdgpu_device arg from free_sgt api (v2) Lee Jones <lee.jones(a)linaro.org> drm/amd/amdgpu/amdgpu_vram_mgr: Add missing descriptions for 'dev' and 'dir' Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Pali Rohár <pali(a)kernel.org> PCI: Assign PCI domain IDs by ida_alloc() Kai-Heng Feng <kai.heng.feng(a)canonical.com> PCI: Coalesce host bridge contiguous apertures Boqun Feng <boqun.feng(a)gmail.com> PCI: Introduce domain_nr in pci_host_bridge Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Enzo Matsumiya <ematsumiya(a)suse.de> cifs: print TIDs as hex Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Sam Protsenko <semen.protsenko(a)linaro.org> soc: samsung: exynos-chipid: Pass revision reg offsets Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> soc: samsung: exynos-chipid: avoid soc_device_to_device() Krzysztof Kozlowski <krzk(a)kernel.org> soc: samsung: exynos-chipid: convert to driver and merge exynos-asv Krzysztof Kozlowski <krzk(a)kernel.org> soc: samsung: exynos-chipid: initialize later - with arch_initcall Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: Get codecs and capabilities from hfi platform Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: hfi_plat: Add codecs and capabilities ops Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: Rename venus_caps to hfi_plat_caps Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: Create hfi platform and move vpp/vsp there Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: pm_helpers: Check instance state when calculate instance frequency Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: hfi: Correct session init return error Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: Limit HFI sessions to the maximum supported Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: venc: Init the session only once in queue_setup Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Sean Young <sean(a)mess.org> media: streamzap: remove unused struct members Sean Young <sean(a)mess.org> media: streamzap: less chatter Sean Young <sean(a)mess.org> media: streamzap: no need for usb pid/vid in device name Sean Young <sean(a)mess.org> media: streamzap: remove unnecessary ir_raw_event_reset and handle Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Allow synthetic events to pass around stacktraces Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Hans de Goede <hdegoede(a)redhat.com> drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Miroslav Franc <mfranc(a)suse.cz> s390/dasd: fix double module refcount decrement Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: fix apply_to_existing_page_range() Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Chris Wilson <chris.p.wilson(a)intel.com> drm/i915/gt: Cleanup partial engine discovery failures Miaohe Lin <linmiaohe(a)huawei.com> kernel/resource: fix kfree() of bootmem memory again Abhishek Sahu <abhsahu(a)nvidia.com> vfio/pci: fix memory leak during D3hot to D0 transition Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix flushing uninitialized delayed_work on cache_ctr error Pei Li <peili.dev(a)gmail.com> jfs: Fix shift-out-of-bounds in dbDiscardAG WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Eric Dumazet <edumazet(a)google.com> net: defer final 'struct net' free in netns dismantle Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Tuo Li <islituo(a)gmail.com> scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() Ilya Maximets <i.maximets(a)ovn.org> openvswitch: fix lockup on tx to unregistering netdev with carrier Felix Huettner <felix.huettner(a)mail.schwarz> net: openvswitch: fix race on port output Chen Hanxiao <chenhx.fnst(a)fujitsu.com> ipvs: properly dereference pe in ip_vs_add_service Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Fix use-after-free of encap entry in neigh update handler Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix timer use-after-free on failed mount Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Yu Kuai <yukuai3(a)huawei.com> blk-cgroup: support to track if policy is online Hou Tao <houtao1(a)huawei.com> bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL ptr deref in crypto_aead_setkey() Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix UAF in async decryption Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential deadlock when releasing mids Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix UAF in cifs_demultiplex_thread() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath10k: avoid NULL pointer error during sdio remove Miaoqian Lin <linmq006(a)gmail.com> phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Chunguang Xu <chunguang.xu(a)shopee.com> nvme: avoid double free special payload Ard Biesheuvel <ardb(a)kernel.org> x86/pvh: Call C code via the kernel virtual mapping Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay: Prevent division by zero Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix filter string testing Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam/qi - Fix drv_ctx refcount bug Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: decrease sc_count directly if fail to queue dl_recall Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Jeff Layton <jlayton(a)kernel.org> nfs: move nfs_fhandle_hash to common include file Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Do not inline arch_kgdb_breakpoint() Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Abdun Nihaal <abdun.nihaal(a)gmail.com> cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Christopher S M Hall <christopher.s.hall(a)intel.com> igc: cleanup PTP module if probe fails Christopher S M Hall <christopher.s.hall(a)intel.com> igc: handle the IGC_PTP_ENABLED flag correctly Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Shay Drory <shayd(a)nvidia.com> RDMA/core: Silence oversized kvmalloc() warning Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix wrong maximum DMA segment size Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Kaixin Wang <kxwang23(a)m.fudan.edu.cn> HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Daniel Golle <daniel(a)makrotopia.org> pwm: mediatek: always use bus clock for PWM on MT7622 Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Eric Biggers <ebiggers(a)google.com> ext4: reject casefold inode flag without casefold feature Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Ben Dooks <ben.dooks(a)sifive.com> bpf: Add endian modifiers to fix endian warnings Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Geert Uytterhoeven <geert+renesas(a)glider.be> pwm: rcar: Simplify multiplication/shift logic Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Fabien Parent <fparent(a)baylibre.com> pwm: mediatek: Always use bus clock Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Hannes Reinecke <hare(a)suse.de> ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() ------------- Diffstat: Makefile | 7 +- arch/arm/mach-exynos/Kconfig | 1 - arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/kernel/proton-pack.c | 1 + arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/include/asm/mips-cm.h | 22 +++ arch/mips/kernel/cevt-ds1287.c | 1 + arch/mips/kernel/mips-cm.c | 14 ++ arch/parisc/kernel/pdt.c | 2 + arch/powerpc/kernel/rtas.c | 4 + arch/riscv/include/asm/kgdb.h | 9 +- arch/riscv/include/asm/syscall.h | 7 +- arch/riscv/kernel/kgdb.c | 6 + arch/s390/kvm/trace-s390.h | 4 +- arch/sparc/mm/tlb.c | 5 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 49 ++----- arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/bugs.c | 8 +- arch/x86/kernel/e820.c | 17 ++- arch/x86/kvm/svm/avic.c | 60 ++++---- arch/x86/kvm/vmx/posted_intr.c | 28 ++-- arch/x86/platform/pvh/head.S | 7 +- block/blk-cgroup.c | 24 +++- block/blk-iocost.c | 7 +- crypto/crypto_null.c | 37 +++-- drivers/acpi/pptt.c | 4 +- drivers/ata/ahci.c | 2 + drivers/ata/libata-eh.c | 11 +- drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 118 ++++++--------- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_ldisc.c | 19 ++- drivers/bluetooth/hci_uart.h | 1 + drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/cpufreq/cpufreq.c | 8 ++ drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/crypto/atmel-sha204a.c | 7 +- drivers/crypto/caam/qi.c | 6 +- drivers/crypto/ccp/sp-pci.c | 15 +- drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/gpio/gpio-zynq.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 ++ .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 9 ++ drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/hid/usbhid/hid-pidff.c | 60 +++++--- drivers/hsi/clients/ssi_protocol.c | 1 + drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i3c/master.c | 3 + drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/core/umem_odp.c | 6 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +- drivers/iommu/amd/iommu.c | 2 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/dm-cache-target.c | 24 ++-- drivers/md/dm-integrity.c | 3 + drivers/md/raid1.c | 26 ++-- drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ov7251.c | 4 +- drivers/media/platform/qcom/venus/Makefile | 3 +- drivers/media/platform/qcom/venus/core.c | 17 --- drivers/media/platform/qcom/venus/core.h | 41 +----- drivers/media/platform/qcom/venus/helpers.c | 60 ++++---- drivers/media/platform/qcom/venus/helpers.h | 2 +- drivers/media/platform/qcom/venus/hfi.c | 18 ++- drivers/media/platform/qcom/venus/hfi_parser.c | 159 ++++++++++++++++----- drivers/media/platform/qcom/venus/hfi_parser.h | 2 +- drivers/media/platform/qcom/venus/hfi_platform.c | 49 +++++++ drivers/media/platform/qcom/venus/hfi_platform.h | 61 ++++++++ .../media/platform/qcom/venus/hfi_platform_v4.c | 60 ++++++++ drivers/media/platform/qcom/venus/hfi_venus.c | 18 ++- drivers/media/platform/qcom/venus/pm_helpers.c | 12 +- drivers/media/platform/qcom/venus/vdec.c | 8 +- drivers/media/platform/qcom/venus/venc.c | 91 ++++++++---- drivers/media/rc/streamzap.c | 135 +++++++---------- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/misc/pci_endpoint_test.c | 6 +- drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 9 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/dsa/b53/b53_common.c | 10 ++ drivers/net/dsa/mv88e6xxx/chip.c | 25 +++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 7 + .../net/ethernet/mellanox/mlx5/core/en/rep/neigh.c | 15 +- .../net/ethernet/mellanox/mlx5/core/en/rep/tc.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 33 ++++- drivers/net/ethernet/mellanox/mlx5/core/en_tc.h | 3 + drivers/net/phy/phy_led_triggers.c | 23 +-- drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/wireless/ath/ath10k/sdio.c | 5 +- drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +-- drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/host/core.c | 10 ++ drivers/nvme/target/fc.c | 14 -- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 13 +- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/pci.c | 107 ++++++++------ drivers/pci/probe.c | 60 ++++++-- drivers/pci/remove.c | 7 + drivers/perf/arm_pmu.c | 8 +- drivers/phy/tegra/xusb.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/platform/x86/asus-laptop.c | 9 +- .../x86/intel_speed_select_if/isst_if_common.c | 2 +- drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 20 ++- drivers/pwm/pwm-rcar.c | 24 ++-- drivers/s390/block/dasd.c | 5 +- drivers/s390/virtio/virtio_ccw.c | 16 ++- drivers/scsi/lpfc/lpfc_hbadisc.c | 2 + drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/st.c | 2 +- drivers/scsi/ufs/ufs_bsg.c | 1 + drivers/soc/samsung/Kconfig | 12 +- drivers/soc/samsung/Makefile | 3 +- drivers/soc/samsung/exynos-asv.c | 45 ++---- drivers/soc/samsung/exynos-asv.h | 2 + drivers/soc/samsung/exynos-chipid.c | 139 +++++++++++++----- drivers/soc/ti/omap_prm.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/staging/comedi/drivers/jr3_pci.c | 15 +- drivers/staging/rtl8723bs/core/rtw_mlme.c | 2 + drivers/thermal/rockchip_thermal.c | 1 + drivers/tty/serial/sifive.c | 6 + drivers/usb/cdns3/gadget.c | 2 + drivers/usb/core/quirks.c | 9 ++ drivers/usb/dwc3/gadget.c | 6 + drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 +++ drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/vfio/pci/vfio_pci.c | 13 ++ drivers/video/backlight/led_bl.c | 5 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/xenfs/xensyms.c | 4 +- fs/Kconfig | 1 + fs/btrfs/super.c | 3 +- fs/cifs/cifs_debug.c | 6 + fs/cifs/cifsglob.h | 9 ++ fs/cifs/cifsproto.h | 7 +- fs/cifs/connect.c | 2 +- fs/cifs/smb2misc.c | 11 +- fs/cifs/smb2ops.c | 48 ++++--- fs/cifs/smb2pdu.c | 10 +- fs/cifs/transport.c | 43 +++--- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 76 +++++++--- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 19 ++- fs/ext4/xattr.c | 11 +- fs/f2fs/node.c | 9 +- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 + fs/hfsplus/bnode.c | 6 + fs/isofs/export.c | 2 +- fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 12 +- fs/jfs/jfs_imap.c | 2 +- fs/namespace.c | 3 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 22 --- fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsfh.h | 7 - fs/proc/array.c | 64 +++++---- include/linux/backing-dev.h | 1 + include/linux/blk-cgroup.h | 1 + include/linux/filter.h | 4 + include/linux/nfs.h | 13 ++ include/linux/pci.h | 12 ++ include/linux/soc/samsung/exynos-chipid.h | 6 +- include/net/net_namespace.h | 1 + include/net/sctp/structs.h | 3 +- include/uapi/linux/kfd_ioctl.h | 2 + include/xen/interface/xen-mca.h | 2 +- init/Kconfig | 3 +- kernel/bpf/helpers.c | 11 +- kernel/bpf/syscall.c | 17 ++- kernel/dma/contiguous.c | 3 +- kernel/locking/lockdep.c | 3 + kernel/resource.c | 41 ++---- kernel/sched/cpufreq_schedutil.c | 18 ++- kernel/trace/ftrace.c | 1 + kernel/trace/trace.h | 4 + kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_filter.c | 4 +- kernel/trace/trace_events_hist.c | 7 +- kernel/trace/trace_events_synth.c | 82 ++++++++++- kernel/trace/trace_synth.h | 1 + lib/sg_split.c | 2 - mm/memory.c | 4 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +--- net/bluetooth/hci_event.c | 5 +- net/core/dev.c | 1 + net/core/filter.c | 80 ++++++----- net/core/net_namespace.c | 21 ++- net/core/page_pool.c | 8 +- net/ipv4/inet_connection_sock.c | 19 ++- net/mac80211/iface.c | 3 + net/mac80211/mesh_hwmp.c | 14 +- net/mptcp/protocol.c | 45 ++++++ net/mptcp/subflow.c | 15 +- net/netfilter/ipvs/ip_vs_ctl.c | 10 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/openvswitch/actions.c | 4 +- net/openvswitch/flow_netlink.c | 3 +- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_hfsc.c | 23 ++- net/sctp/socket.c | 22 +-- net/sctp/transport.c | 2 + net/tipc/link.c | 1 + net/tipc/monitor.c | 3 +- net/tls/tls_main.c | 6 + sound/pci/hda/hda_intel.c | 15 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/qcom/qdsp6/q6asm-dai.c | 19 ++- sound/usb/midi.c | 80 ++++++++++- tools/objtool/check.c | 3 + tools/power/cpupower/bench/parse.c | 4 + tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 ++++ .../selftests/vm/charge_reserved_hugetlb.sh | 4 +- .../selftests/vm/hugetlb_reparenting_test.sh | 2 +- 268 files changed, 2396 insertions(+), 1209 deletions(-)

5 months, 4 weeks

6
291
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2025