April 2025 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.88 release. There are 393 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 25 Apr 2025 14:25:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.88-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.88-rc1 Karolina Stolarek <karolina.stolarek(a)intel.com> drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled Haisu Wang <haisuwang(a)tencent.com> btrfs: fix the length of reserved qgroup to free WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: avoid using deprecated ERR_get_error_line() Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: move common SSL helper functions to a header Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: Reset bpf_redirect_info before running a xdp's BPF prog. WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Mickaël Salaün <mic(a)digikod.net> landlock: Add the errata interface Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: add pre_deinit to be called after probe complete Boris Burkov <boris(a)bur.io> btrfs: fix qgroup reserve leaks in cow_file_range GONG Ruiqi <gongruiqi1(a)huawei.com> usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: fix potential array underflow in ucsi_ccg_sync_control() Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Eliminate superfluous get_numa_distances_cnt() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Chunguang.xu <chunguang.xu(a)shopee.com> nvme-rdma: unquiesce admin_q before destroy it Maksim Davydov <davydov-max(a)yandex-team.ru> x86/split_lock: Fix the delayed detection logic Vishal Annapurve <vannapurve(a)google.com> x86/tdx: Fix arch_safe_halt() execution for TDX VMs Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: fix memblock_reserve() usage on PVH Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: move xen_reserve_extra_memory() Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 Piotr Jaroszynski <pjaroszynski(a)nvidia.com> Fix mmu notifiers for range-based invalidates Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add mptcp_lib_wait_local_port_listen Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting freebind & transparent Yu Kuai <yukuai3(a)huawei.com> md: fix mddev uaf while iterating all_mddevs list Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix accept multishot handling Jani Nikula <jani.nikula(a)intel.com> drm/i915/gvt: fix unterminated-string-initialization warning Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Matthew Auld <matthew.auld(a)intel.com> drm/amdgpu/dma_buf: fix page_link check Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/smu11: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm: Prevent division by zero Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Handle being compiled without SI or CIK support better Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Fix stale rpmh votes from GPU Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Sharath Srinivasan <sharath.srinivasan(a)oracle.com> RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure consistent phy reference counts Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: megaraid_sas: Block zero-length ATA VPD inquiry Ard Biesheuvel <ardb(a)kernel.org> x86/boot/sev: Avoid shared GHCB page for early memory acceptance Sandipan Das <sandipan.das(a)amd.com> x86/cpu/amd: Fix workaround for erratum 1054 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix filter string testing Peter Collingbourne <pcc(a)google.com> string: Add load_unaligned_zeropad() code path to sized_strscpy() Chunjie Zhu <chunjie.zhu(a)cloud.com> smb3 client: fix open hardlink on deferred close file error Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Kuniyuki Iwashima <kuniyu(a)amazon.com> Revert "smb: client: fix TCP timers deadlock after rmmod" Kuniyuki Iwashima <kuniyu(a)amazon.com> Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix the warning from __kernel_write_iter Denis Arefev <arefev(a)swemel.ru> ksmbd: Prevent integer overflow in calculation of deadtime Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb_break_all_levII_oplock() Sean Heelan <seanheelan(a)gmail.com> ksmbd: Fix dangling pointer in krb_authenticate Miklos Szeredi <mszeredi(a)redhat.com> ovl: don't allow datadir only Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: fix apply_to_existing_page_range() Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm: fix filemap_get_folios_contig returning batches of identical folios Baoquan He <bhe(a)redhat.com> mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: LOOP_SET_FD: send uevents for partitions Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: properly send KOBJ_CHANGED uevent for disk device Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam/qi - Fix drv_ctx refcount bug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Kees Cook <kees(a)kernel.org> Bluetooth: vhci: Avoid needless snprintf() calls Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Process valid commands in too long frame Menglong Dong <menglong8.dong(a)gmail.com> ftrace: fix incorrect hash size in register_ftrace_direct() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: atr: Fix wrong include Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: decrease sc_count directly if fail to queue dl_recall Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable Evgeny Pimenov <pimenoveu12(a)gmail.com> ASoC: qcom: Fix sc7280 lpass potential buffer overflow Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate Alex Williamson <alex.williamson(a)redhat.com> Revert "PCI: Avoid reset when disabled via sysfs" Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Do not inline arch_kgdb_breakpoint() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: SH: Respect kunit cmdline Björn Töpel <bjorn(a)rivosinc.com> riscv: Properly export reserved regions in /proc/iomem Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Fix possible NULL pointer dereference for perout request Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Add phase offset configuration for perout signal Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Add pwidth configuration for perout signal Sagi Maimon <maimon.sagi(a)gmail.com> ptp: ocp: fix start time alignment in ptp_ocp_signal_set Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: free routing table on probe failure Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: clean up FDB, MDB, VLAN entries on unbind Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Jonas Gorski <jonas.gorski(a)gmail.com> net: bridge: switchdev: do not notify new brentries as changed Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: adjust mctp attribute naming Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: add an attr layer around alt-ifname Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: individually free previous values on double set Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: store recursive nests by a pointer Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: re-sort ignoring recursive nests Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: record information about recursive nests Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: track attribute use Abdun Nihaal <abdun.nihaal(a)gmail.com> cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Niklas Cassel <cassel(a)kernel.org> ata: libata-sata: Save all fields from sense data descriptor Michael Walle <mwalle(a)kernel.org> net: ethernet: ti: am65-cpsw: fix port_np reference counting Alexander Sverdlin <alexander.sverdlin(a)siemens.com> net: ethernet: ti: am65-cpsw-nuss: rename phy_node -> port_np Abdun Nihaal <abdun.nihaal(a)gmail.com> net: ngbe: fix memory leak in ngbe_probe() error path Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Zheng Qixing <zhengqixing(a)huawei.com> block: fix resource leak in blk_register_queue() error path Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Set SOCK_RCU_FREE Abdun Nihaal <abdun.nihaal(a)gmail.com> pds_core: fix memory leak in pdsc_debugfs_add_qcq() Matthew Wilcox (Oracle) <willy(a)infradead.org> test suite: use %zu to print size_t Christopher S M Hall <christopher.s.hall(a)intel.com> igc: add lock preventing multiple simultaneous PTM transactions Christopher S M Hall <christopher.s.hall(a)intel.com> igc: cleanup PTP module if probe fails Christopher S M Hall <christopher.s.hall(a)intel.com> igc: handle the IGC_PTP_ENABLED flag correctly Christopher S M Hall <christopher.s.hall(a)intel.com> igc: move ktime snapshot into PTM retry loop Christopher S M Hall <christopher.s.hall(a)intel.com> igc: increase wait time before retrying PTM Christopher S M Hall <christopher.s.hall(a)intel.com> igc: fix PTM cycle trigger logic Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Check encryption key size on incoming connection Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Shay Drory <shayd(a)nvidia.com> RDMA/core: Silence oversized kvmalloc() warning Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Reset clamp override on jack removal Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix wrong maximum DMA segment size Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Giuseppe Scrivano <gscrivan(a)redhat.com> ovl: remove unused forward declaration Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() Brady Norander <bradynorander(a)gmail.com> ASoC: dwc: always enable/disable i2s irqs Zheng Qixing <zhengqixing(a)huawei.com> md/md-bitmap: fix stats collection for external bitmaps Yu Kuai <yukuai3(a)huawei.com> md/raid10: fix missing discard IO accounting Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Enable force phy when SATA disk directly connected Kaixin Wang <kxwang23(a)m.fudan.edu.cn> HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Arnd Bergmann <arnd(a)arndb.de> media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Yi Liu <yi.l.liu(a)intel.com> iommufd: Fail replace if device has not been attached Nathan Chancellor <nathan(a)kernel.org> ACPI: platform-profile: Fix CFI violation when accessing sysfs files Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Cong Liu <liucong2(a)kylinos.cn> selftests: mptcp: fix incorrect fd checks in main_loop Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: close fd_in before returning in main_loop Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Stefan Eichenberger <stefan.eichenberger(a)toradex.com> phy: freescale: imx8m-pcie: assert phy reset and perst in power off Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_raw() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_one() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly zero-initialize on-stack CPUID unions Joshua Washington <joshwash(a)google.com> gve: handle overflow when reporting TX consumed descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind Guixin Liu <kanie(a)linux.alibaba.com> gpio: tegra186: fix resource handling in ACPI probe path zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg' Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix prefetch-vs-suspend race Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-ebs: fix prefetch-vs-suspend race Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gdsc: Set retain_ff before moving to HW CTRL Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Release pm subdomains in reverse add order Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks Pali Rohár <pali(a)kernel.org> cifs: Ensure that all non-client-specific reparse points are processed by the server Roman Smirnov <r.smirnov(a)omp.ru> cifs: fix integer overflow in match_server() Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not add length to print format in synthetic events Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: fix balloon target initialization for PVH dom0 Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Marc Herbert <Marc.Herbert(a)linux.intel.com> mm/hugetlb: move hugetlb_sysctl_init() to the __init section Shuai Xue <xueshuai(a)linux.alibaba.com> mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Peter Xu <peterx(a)redhat.com> mm/userfaultfd: fix release hang over concurrent GUP Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/mremap: correctly handle partial mremap() of VMA starting at 0 Ryan Roberts <ryan.roberts(a)arm.com> mm: fix lazy mmu docs and usage Jane Chu <jane.chu(a)oracle.com> mm: make page_mapped_in_vma() hugetlb walk aware David Hildenbrand <david(a)redhat.com> mm/rmap: reject hugetlb folios in folio_make_device_exclusive() Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix uninitialized rc in iommufd_access_rw() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone finishing with missing devices Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone activation with missing devices Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Zhenhua Huang <quic_zhenhuah(a)quicinc.com> arm64: mm: Correct the update of max_pfn Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Kartik Rajput <kkartik(a)nvidia.com> mailbox: tegra-hsp: Define dimensioning masks in SoC data Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use readsb helper for reading MDB Steve French <stfrench(a)microsoft.com> smb311 client: fix missing tcon check when mounting with linux/posix extensions Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> tpm: do not start chip while suspended Jan Kara <jack(a)suse.cz> udf: Fix inode_getblk() return value Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: fix to avoid atomicity corruption of atomic file Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Jeff Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Fix race between unprepare and queue_buf Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm: add q6apm_get_hw_pointer helper Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: reject zero sized provided buffers Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Haoxiang Li <haoxiang_li2024(a)163.com> wifi: mt76: Add check for devm_kstrdup() Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Add check for devm_kcalloc() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx219: Rectify runtime PM handling in probe and remove Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in remove Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: platform: stm32: Add check for clk_enable() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: visl: Fix ERANGE error when setting enum controls Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Fix timeout handling when waiting for TPM status Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Will Deacon <will(a)kernel.org> KVM: arm64: Tear down vGIC on failed vCPU creation Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Douglas Anderson <dianders(a)chromium.org> arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Arnd Bergmann <arnd(a)arndb.de> media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization Alain Volmat <alain.volmat(a)foss.st.com> dt-bindings: media: st,stmipid02: correct lane-polarities maxItems Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Workaround failed command reception on Infineon devices Ayush Jain <Ayush.jain3(a)amd.com> ktest: Fix Test Failures Due to Missing LOG_FILE Directories Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Add comments about entry data storing code Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check Christian König <christian.koenig(a)amd.com> drm/amdgpu: grab an additional reference on the gang fence v2 Ryo Takakura <ryotkkr98(a)gmail.com> PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type Wentao Liang <vulab(a)iscas.ac.cn> drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: debugfs hang_hws skip GPU with MES Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix mode1 reset crash issue David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Lucas De Marchi <lucas.demarchi(a)intel.com> drivers: base: devres: Allow to release group on device release Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for AYA NEO Slide Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Brendan Tam <Brendan.Tam(a)amd.com> drm/amd/display: add workaround flag to link to force FFE preset Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Update Cursor request mode to the beginning prefetch always Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Bluetooth: qca: simplify WCN399x NVM loading Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Philipp Hahn <phahn-oss(a)avm.de> cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Chao Yu <chao(a)kernel.org> Revert "f2fs: rebuild nat_bits during umount" Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Manish Dharanenthiran <quic_mdharane(a)quicinc.com> wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi Birger Koblitz <mail(a)birger-koblitz.de> net: sfp: add quirk for 2.5G OEM BX SFP Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Zhongqiu Han <quic_zhonhan(a)quicinc.com> jfs: Fix uninit-value access of imap allocated in the diMount() function Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Max Schulze <max.schulze(a)online.de> net: usb: asix_devices: add FiberGecko DeviceID Chaohai Chen <wdhh66(a)163.com> scsi: target: spc: Fix RSOC parameter data header size Chao Yu <chao(a)kernel.org> f2fs: don't retry IO for corrupted data scenario P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Syed Saba kareem <syed.sabakareem(a)amd.com> ASoC: amd: yc: update quirk data for new Lenovo model keenplify <keenplify(a)gmail.com> ASoC: amd: Add DMI quirk for ACP6X mic support Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for Actions UVC05 Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_audmix: register card device depends on 'dais' property Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERIODIC_SINE_ONLY quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: Add hid-universal-pidff driver and supported device ids Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add FIX_WHEEL_DIRECTION quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERMISSIVE_CONTROL quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_PBO quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_DELAY quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Zhang Heng <zhangheng(a)kylinos.cn> ASoC: SOF: topology: Use krealloc_array() to replace krealloc() Ingo Molnar <mingo(a)kernel.org> zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Xin Li (Intel) <xin(a)zytor.com> x86/ia32: Leave NULL selector values 0~3 unchanged Matthew Wilcox (Oracle) <willy(a)infradead.org> x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Mateusz Guzik <mjguzik(a)gmail.com> fs: consistently deref the files table with rcu_dereference_raw() Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Ido Schimmel <idosch(a)nvidia.com> ipv6: Align behavior across nexthops during path selection Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/huc: Fix fence not released on early probe errors Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Chenyuan Yang <chenyuan0y(a)gmail.com> net: libwx: handle page_pool_dev_alloc_pages error Maxime Ripard <mripard(a)kernel.org> drm/tests: probe-helper: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: modes: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: cmdline: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: helpers: Create kunit helper to destroy a drm_display_mode Yu-Chun Lin <eleanor15x(a)gmail.com> drm/tests: helpers: Fix compiler warning Jinjie Ruan <ruanjinjie(a)huawei.com> drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() Maxime Ripard <mripard(a)kernel.org> drm/tests: Add helper to create mock crtc Maxime Ripard <mripard(a)kernel.org> drm/tests: Add helper to create mock plane Maxime Ripard <mripard(a)kernel.org> drm/tests: helpers: Add atomic helpers Maxime Ripard <mripard(a)kernel.org> drm/tests: modeset: Fix drm_display_mode memory leak Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: Don't call .cleanup_data when prepare_data fails Toke Høiland-Jørgensen <toke(a)redhat.com> tc: Ensure we have enough buffer space when sending filter netlink notifications Pedro Tammela <pctammela(a)mojatatu.com> net/sched: cls_api: conditional notification of events Victor Nogueira <victor(a)mojatatu.com> rtnl: add helper to check if a notification is needed Jamal Hadi Salim <jhs(a)mojatatu.com> rtnl: add helper to check if rtnl group has listeners Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: qos: fix VF root node parent queue index Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() Badal Nilawar <badal.nilawar(a)intel.com> drm/i915: Disable RPG during live selftest Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/dg2: wait for HuC load completion before running selftests Harish Chegondi <harish.chegondi(a)intel.com> drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ Jani Nikula <jani.nikula(a)intel.com> drm/i915/mocs: use to_gt() instead of direct &i915->gt Edward Liaw <edliaw(a)google.com> selftests/futex: futex_waitv wouldblock test should fail ------------- Diffstat: .../bindings/arm/qcom,coresight-tpda.yaml | 3 +- .../bindings/arm/qcom,coresight-tpdm.yaml | 3 +- .../bindings/media/i2c/st,st-mipid02.yaml | 2 +- Documentation/netlink/specs/rt_link.yaml | 14 +- MAINTAINERS | 1 + Makefile | 7 +- arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/spectre.h | 1 - arch/arm64/include/asm/tlbflush.h | 22 ++- arch/arm64/kernel/proton-pack.c | 208 +++++++++++--------- arch/arm64/kvm/arm.c | 6 +- arch/arm64/mm/mmu.c | 3 +- arch/loongarch/kernel/acpi.c | 12 -- arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/kernel/cevt-ds1287.c | 1 + arch/powerpc/kernel/rtas.c | 4 + arch/riscv/include/asm/kgdb.h | 9 +- arch/riscv/include/asm/syscall.h | 7 +- arch/riscv/kernel/kgdb.c | 6 + arch/riscv/kernel/setup.c | 36 +++- arch/sparc/include/asm/pgtable_64.h | 2 - arch/sparc/mm/tlb.c | 5 +- arch/x86/Kconfig | 1 + arch/x86/boot/compressed/mem.c | 5 +- arch/x86/boot/compressed/sev.c | 67 ++----- arch/x86/boot/compressed/sev.h | 2 + arch/x86/coco/tdx/tdx.c | 26 ++- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 107 +---------- arch/x86/include/asm/irqflags.h | 40 ++-- arch/x86/include/asm/paravirt.h | 20 +- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/include/asm/tdx.h | 4 +- arch/x86/include/asm/xen/hypervisor.h | 5 - arch/x86/kernel/cpu/amd.c | 21 +- arch/x86/kernel/cpu/intel.c | 20 +- arch/x86/kernel/cpu/microcode/amd.c | 9 +- arch/x86/kernel/e820.c | 17 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/signal_32.c | 62 ++++-- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/x86.c | 4 + arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/platform/pvh/enlighten.c | 3 - arch/x86/xen/enlighten.c | 10 + arch/x86/xen/enlighten_pvh.c | 93 +++++---- arch/x86/xen/setup.c | 3 - block/blk-sysfs.c | 2 + certs/Makefile | 2 +- certs/extract-cert.c | 138 ++++++------- drivers/acpi/platform_profile.c | 20 +- drivers/ata/ahci.c | 2 + drivers/ata/libata-eh.c | 11 +- drivers/ata/libata-sata.c | 15 ++ drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 13 +- drivers/base/devres.c | 7 + drivers/block/loop.c | 7 +- drivers/bluetooth/btqca.c | 13 +- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_ldisc.c | 19 +- drivers/bluetooth/hci_uart.h | 1 + drivers/bluetooth/hci_vhci.c | 10 +- drivers/bus/mhi/host/main.c | 16 +- drivers/char/tpm/tpm-chip.c | 5 + drivers/char/tpm/tpm-interface.c | 7 - drivers/char/tpm/tpm_tis_core.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/clk/qcom/clk-branch.c | 4 +- drivers/clk/qcom/gdsc.c | 61 +++--- drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/cpufreq/cpufreq.c | 40 +++- drivers/crypto/caam/qi.c | 6 +- drivers/crypto/ccp/sp-pci.c | 15 +- drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/gpio/gpio-tegra186.c | 25 +-- drivers/gpio/gpio-zynq.c | 1 + drivers/gpu/drm/Kconfig | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 ++ .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- drivers/gpu/drm/amd/display/dc/dc.h | 2 + .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 +-- drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2 +- .../display/dc/link/protocols/link_dp_training.c | 2 + drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 + .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 + drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 ++++- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 3 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 4 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 19 +- drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11 +- drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1 + drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1 + drivers/gpu/drm/i915/gvt/opregion.c | 7 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/selftests/i915_selftest.c | 54 +++++- drivers/gpu/drm/mediatek/mtk_dpi.c | 23 ++- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 82 ++++---- drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 + drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10 +- drivers/gpu/drm/tests/drm_kunit_helpers.c | 213 +++++++++++++++++++++ drivers/gpu/drm/tests/drm_modes_test.c | 22 +++ drivers/gpu/drm/tests/drm_probe_helper_test.c | 8 +- drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/hid/Kconfig | 14 ++ drivers/hid/Makefile | 1 + drivers/hid/hid-ids.h | 31 +++ drivers/hid/hid-universal-pidff.c | 197 +++++++++++++++++++ drivers/hid/usbhid/hid-pidff.c | 173 ++++++++++++----- drivers/hsi/clients/ssi_protocol.c | 1 + drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i2c/i2c-atr.c | 2 +- drivers/i3c/master.c | 3 + drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/infiniband/core/cma.c | 4 +- drivers/infiniband/core/umem_odp.c | 6 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +- drivers/iommu/iommufd/device.c | 18 +- drivers/iommu/mtk_iommu.c | 26 +-- drivers/leds/rgb/leds-qcom-lpg.c | 8 +- drivers/mailbox/tegra-hsp.c | 72 +++++-- drivers/md/dm-ebs-target.c | 7 + drivers/md/dm-integrity.c | 3 + drivers/md/dm-verity-target.c | 8 + drivers/md/md-bitmap.c | 5 +- drivers/md/md.c | 22 ++- drivers/md/raid10.c | 1 + drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/imx219.c | 13 +- drivers/media/i2c/ov7251.c | 4 +- .../mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +- .../vcodec/decoder/vdec/vdec_vp9_req_lat_if.c | 3 +- .../mediatek/vcodec/encoder/venc/venc_h264_if.c | 6 +- drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++++++--- drivers/media/platform/qcom/venus/hfi_venus.c | 18 +- drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 +- drivers/media/rc/streamzap.c | 68 ++++--- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/test-drivers/visl/visl-core.c | 12 ++ drivers/media/usb/uvc/uvc_driver.c | 9 + drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/pci_endpoint_test.c | 6 +- drivers/mmc/host/dw_mmc.c | 94 ++++++++- drivers/mmc/host/dw_mmc.h | 27 +++ drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 12 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/dsa/b53/b53_common.c | 10 + drivers/net/dsa/mv88e6xxx/chip.c | 30 ++- drivers/net/dsa/mv88e6xxx/devlink.c | 3 +- drivers/net/ethernet/amd/pds_core/debugfs.c | 5 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 + drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +- drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_defines.h | 6 +- drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 113 +++++++---- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 10 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 19 +- drivers/net/ethernet/ti/am65-cpsw-nuss.h | 2 +- drivers/net/ethernet/ti/icssg/icss_iep.c | 150 ++++++++++----- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 3 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 +- drivers/net/phy/sfp.c | 2 + drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/usb/asix_devices.c | 17 ++ drivers/net/usb/cdc_ether.c | 7 + drivers/net/usb/r8152.c | 6 + drivers/net/usb/r8153_ecm.c | 6 + drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 42 +++- drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- drivers/net/wireless/mediatek/mt76/eeprom.c | 4 + drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/realtek/rtw89/core.c | 2 + drivers/net/wireless/realtek/rtw89/core.h | 6 + drivers/net/wireless/realtek/rtw89/pci.c | 10 + drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/host/rdma.c | 8 +- drivers/nvme/target/fc.c | 14 -- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 78 ++++---- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/controller/vmd.c | 12 +- drivers/pci/pci.c | 4 - drivers/pci/probe.c | 5 +- drivers/perf/arm_pmu.c | 8 +- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 ++ drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/platform/x86/asus-laptop.c | 9 +- drivers/ptp/ptp_ocp.c | 1 + drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 8 +- drivers/pwm/pwm-rcar.c | 24 +-- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 +- drivers/scsi/megaraid/megaraid_sas_base.c | 9 +- drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 +- drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/st.c | 2 +- drivers/soc/samsung/exynos-chipid.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/target/target_core_spc.c | 2 +- drivers/thermal/rockchip_thermal.c | 1 + drivers/ufs/host/ufs-exynos.c | 6 + drivers/usb/typec/ucsi/ucsi_ccg.c | 5 + drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/video/backlight/led_bl.c | 5 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/balloon.c | 34 +++- drivers/xen/xenfs/xensyms.c | 4 +- fs/Kconfig | 1 + fs/btrfs/disk-io.c | 12 ++ fs/btrfs/inode.c | 6 +- fs/btrfs/super.c | 3 +- fs/btrfs/zoned.c | 6 + fs/ext4/inode.c | 68 +++++-- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 17 ++ fs/ext4/xattr.c | 11 +- fs/f2fs/checkpoint.c | 21 +- fs/f2fs/f2fs.h | 32 +++- fs/f2fs/inode.c | 8 +- fs/f2fs/node.c | 110 +++-------- fs/f2fs/super.c | 4 + fs/file.c | 26 ++- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 + fs/hfsplus/bnode.c | 6 + fs/isofs/export.c | 2 +- fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 10 +- fs/jfs/jfs_imap.c | 4 +- fs/namespace.c | 3 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 7 - fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsfh.h | 7 - fs/overlayfs/overlayfs.h | 2 - fs/overlayfs/super.c | 5 + fs/smb/client/cifsproto.h | 2 + fs/smb/client/connect.c | 36 ++-- fs/smb/client/file.c | 28 +++ fs/smb/client/fs_context.c | 5 + fs/smb/client/inode.c | 10 + fs/smb/client/reparse.c | 4 - fs/smb/client/smb2misc.c | 9 +- fs/smb/server/oplock.c | 29 +-- fs/smb/server/oplock.h | 1 - fs/smb/server/smb2pdu.c | 4 +- fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/vfs.c | 3 +- fs/udf/inode.c | 1 + fs/userfaultfd.c | 51 +++-- include/drm/drm_kunit_helpers.h | 28 +++ include/linux/backing-dev.h | 1 + include/linux/hid.h | 9 + include/linux/nfs.h | 7 - include/linux/pgtable.h | 14 +- include/linux/rtnetlink.h | 22 +++ include/linux/tpm.h | 1 + include/net/sctp/structs.h | 3 +- include/net/xdp.h | 9 +- include/uapi/linux/kfd_ioctl.h | 2 + include/uapi/linux/landlock.h | 2 + include/xen/interface/xen-mca.h | 2 +- io_uring/kbuf.c | 2 + io_uring/net.c | 2 + kernel/locking/lockdep.c | 3 + kernel/sched/cpufreq_schedutil.c | 18 +- kernel/trace/ftrace.c | 8 +- kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_filter.c | 4 +- kernel/trace/trace_events_synth.c | 1 - kernel/trace/trace_probe.c | 28 +++ lib/sg_split.c | 2 - lib/string.c | 13 +- lib/zstd/common/portability_macros.h | 2 +- mm/filemap.c | 1 + mm/gup.c | 4 +- mm/hugetlb.c | 2 +- mm/memory-failure.c | 11 +- mm/memory.c | 4 +- mm/mremap.c | 10 +- mm/page_vma_mapped.c | 13 +- mm/rmap.c | 2 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +-- net/bluetooth/hci_event.c | 5 +- net/bluetooth/l2cap_core.c | 21 +- net/bridge/br_vlan.c | 4 +- net/core/filter.c | 80 ++++---- net/core/page_pool.c | 8 +- net/dsa/dsa.c | 59 +++++- net/dsa/tag_8021q.c | 2 +- net/ethtool/netlink.c | 8 +- net/ipv6/route.c | 8 +- net/mac80211/iface.c | 3 + net/mac80211/mesh_hwmp.c | 14 +- net/mctp/af_mctp.c | 3 + net/mptcp/sockopt.c | 28 +++ net/mptcp/subflow.c | 19 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/openvswitch/flow_netlink.c | 3 +- net/sched/cls_api.c | 74 +++++-- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_sfq.c | 66 +++++-- net/sctp/socket.c | 22 ++- net/sctp/transport.c | 2 + net/tipc/link.c | 1 + net/tls/tls_main.c | 6 + scripts/sign-file.c | 132 ++++++------- scripts/ssl-common.h | 32 ++++ security/landlock/errata.h | 87 +++++++++ security/landlock/setup.c | 30 +++ security/landlock/setup.h | 3 + security/landlock/syscalls.c | 22 ++- sound/pci/hda/hda_intel.c | 44 ++++- sound/soc/amd/yc/acp6x-mach.c | 14 ++ sound/soc/codecs/cs42l43-jack.c | 3 + sound/soc/codecs/lpass-wsa-macro.c | 139 +++++++++----- sound/soc/dwc/dwc-i2s.c | 13 +- sound/soc/fsl/fsl_audmix.c | 16 +- sound/soc/intel/avs/pcm.c | 3 +- sound/soc/qcom/lpass.h | 3 +- sound/soc/qcom/qdsp6/q6apm-dai.c | 9 +- sound/soc/qcom/qdsp6/q6apm.c | 18 +- sound/soc/qcom/qdsp6/q6apm.h | 3 + sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +- sound/soc/sof/topology.c | 4 +- sound/usb/midi.c | 80 +++++++- tools/net/ynl/ynl-gen-c.py | 165 ++++++++++++---- tools/objtool/check.c | 5 + tools/power/cpupower/bench/parse.c | 4 + tools/testing/ktest/ktest.pl | 8 + tools/testing/kunit/qemu_configs/sh.py | 4 +- tools/testing/radix-tree/linux.c | 4 +- .../futex/functional/futex_wait_wouldblock.c | 2 +- tools/testing/selftests/landlock/base_test.c | 46 ++++- .../selftests/mm/charge_reserved_hugetlb.sh | 4 +- .../selftests/mm/hugetlb_reparenting_test.sh | 2 +- tools/testing/selftests/net/mptcp/diag.sh | 23 +-- tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 19 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 20 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 18 ++ tools/testing/selftests/net/mptcp/simult_flows.sh | 19 +- 376 files changed, 4360 insertions(+), 1914 deletions(-)

5 months, 3 weeks

9
400
0 0

Re: [PATCH v3 1/1] iommu: Allow attaching static domains in iommu_attach_device_pasid()

by Dave Jiang

On 4/24/25 5:55 PM, Jack Vogel wrote: > > >> On Apr 24, 2025, at 16:15, Dave Jiang <dave.jiang(a)intel.com> wrote: >> >> >> >> On 4/24/25 3:59 PM, Jack Vogel wrote: >>> >>> >>>> On Apr 24, 2025, at 15:40, Dave Jiang <dave.jiang(a)intel.com> wrote: >>>> >>>> >>>> >>>> On 4/24/25 3:34 PM, Jack Vogel wrote: >>>>> I am having test issues with this patch, test system is running OL9, basically RHEL 9.5, the kernel boots ok, and the dmesg is clean… but the tests in accel-config dont pass. Specifically the crypto tests, this is due to vfio_pci_core not loading. Right now I’m not sure if any of this is my mistake, but at least it’s something I need to keep looking at. >>>>> >>>>> Also, since I saw that issue on the latest I did a backport to our UEK8 kernel which is 6.12.23, and on that kernel it still exhibited these messages on boot: >>>>> >>>>> *idxd*0000:6a:01.0: enabling device (0144 -> 0146) >>>>> >>>>> [ 21.112733] *idxd*0000:6a:01.0: failed to attach device pasid 1, domain type 4 >>>>> >>>>> [ 21.120770] *idxd*0000:6a:01.0: No in-kernel DMA with PASID. -95 >>>>> >>>>> >>>>> Again, maybe an issue in my backporting… however I’d like to be sure. >>>> >>>> Can you verify against latest upstream kernel plus the patch and see if you still see the error? >>>> >>>> DJ >>> >>> Yes, the kernel was build from the tip this morning. Like I said, it got no messages booting up, all looked fine. But when running the actual test suite in the accel-config tarball specifically the iaa crypt tests, they failed and the dmesg was from vfio_pci_core failed to load with an unknown symbol. >> >> I'm not sure what the test consists of (haven't worked on this device for almost 2 years). But usually the device is either bound to the idxd driver or the vfio_pci driver. Not both. And if the idxd driver didn't emit any errors while loading, then the test failure may be something else... >> >> Another way to verify is to set CONFIG_IOMMU_DEFAULT_DMA_LAZY vs PASSTHROUGH. If the tests still fail then it's something else. >> >> DJ > > There isn’t a lot of ways to test this driver, yes DPDK will use it, but apart from that? So, the tests that are part of your (Intel) accel-config package are the only convenient way that I’ve found to do so. It is also convenient, there is a “make check” target in the top Makefile that will invoke both set of DMA tests, and some crypto (IAA) tests. I have been planning to give this to our QA group as a verification suite. Do you have an alternative to this? This should be the right test package. Let me talk to our QA people and see if there are any issues. We can resolve this off list. If there's any issues that end up pointing to the original bug, we can raise that then. DJ > > Jack > >> >>> >>> This sounds like the module was wrong, but i would think it was installed with the v6.15 kernel….. >>> >>> Jack >>> >>>> >>>>> >>>>> Cheers, >>>>> >>>>> Jack >>>>> >>>>> >>>>>> On Apr 23, 2025, at 20:41, Lu Baolu <baolu.lu(a)linux.intel.com> wrote: >>>>>> >>>>>> The idxd driver attaches the default domain to a PASID of the device to >>>>>> perform kernel DMA using that PASID. The domain is attached to the >>>>>> device's PASID through iommu_attach_device_pasid(), which checks if the >>>>>> domain->owner matches the iommu_ops retrieved from the device. If they >>>>>> do not match, it returns a failure. >>>>>> >>>>>> if (ops != domain->owner || pasid == IOMMU_NO_PASID) >>>>>> return -EINVAL; >>>>>> >>>>>> The static identity domain implemented by the intel iommu driver doesn't >>>>>> specify the domain owner. Therefore, kernel DMA with PASID doesn't work >>>>>> for the idxd driver if the device translation mode is set to passthrough. >>>>>> >>>>>> Generally the owner field of static domains are not set because they are >>>>>> already part of iommu ops. Add a helper domain_iommu_ops_compatible() >>>>>> that checks if a domain is compatible with the device's iommu ops. This >>>>>> helper explicitly allows the static blocked and identity domains associated >>>>>> with the device's iommu_ops to be considered compatible. >>>>>> >>>>>> Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain") >>>>>> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031 >>>>>> Cc: stable(a)vger.kernel.org >>>>>> Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> >>>>>> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/ >>>>>> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> >>>>>> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> >>>>>> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> >>>>>> --- >>>>>> drivers/iommu/iommu.c | 21 ++++++++++++++++++--- >>>>>> 1 file changed, 18 insertions(+), 3 deletions(-) >>>>>> >>>>>> Change log: >>>>>> v3: >>>>>> - Convert all places checking domain->owner to the new helper. >>>>>> v2: https://lore.kernel.org/linux-iommu/20250423021839.2189204-1-baolu.lu@linux… >>>>>> - Make the solution generic for all static domains as suggested by >>>>>> Jason. >>>>>> v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux… >>>>>> >>>>>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c >>>>>> index 4f91a740c15f..b26fc3ed9f01 100644 >>>>>> --- a/drivers/iommu/iommu.c >>>>>> +++ b/drivers/iommu/iommu.c >>>>>> @@ -2204,6 +2204,19 @@ static void *iommu_make_pasid_array_entry(struct iommu_domain *domain, >>>>>> return xa_tag_pointer(domain, IOMMU_PASID_ARRAY_DOMAIN); >>>>>> } >>>>>> >>>>>> +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops, >>>>>> +struct iommu_domain *domain) >>>>>> +{ >>>>>> +if (domain->owner == ops) >>>>>> +return true; >>>>>> + >>>>>> +/* For static domains, owner isn't set. */ >>>>>> +if (domain == ops->blocked_domain || domain == ops->identity_domain) >>>>>> +return true; >>>>>> + >>>>>> +return false; >>>>>> +} >>>>>> + >>>>>> static int __iommu_attach_group(struct iommu_domain *domain, >>>>>> struct iommu_group *group) >>>>>> { >>>>>> @@ -2214,7 +2227,8 @@ static int __iommu_attach_group(struct iommu_domain *domain, >>>>>> return -EBUSY; >>>>>> >>>>>> dev = iommu_group_first_dev(group); >>>>>> -if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner) >>>>>> +if (!dev_has_iommu(dev) || >>>>>> + !domain_iommu_ops_compatible(dev_iommu_ops(dev), domain)) >>>>>> return -EINVAL; >>>>>> >>>>>> return __iommu_group_set_domain(group, domain); >>>>>> @@ -3435,7 +3449,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, >>>>>> !ops->blocked_domain->ops->set_dev_pasid) >>>>>> return -EOPNOTSUPP; >>>>>> >>>>>> -if (ops != domain->owner || pasid == IOMMU_NO_PASID) >>>>>> +if (!domain_iommu_ops_compatible(ops, domain) || >>>>>> + pasid == IOMMU_NO_PASID) >>>>>> return -EINVAL; >>>>>> >>>>>> mutex_lock(&group->mutex); >>>>>> @@ -3511,7 +3526,7 @@ int iommu_replace_device_pasid(struct iommu_domain *domain, >>>>>> if (!domain->ops->set_dev_pasid) >>>>>> return -EOPNOTSUPP; >>>>>> >>>>>> -if (dev_iommu_ops(dev) != domain->owner || >>>>>> +if (!domain_iommu_ops_compatible(dev_iommu_ops(dev), domain) || >>>>>> pasid == IOMMU_NO_PASID || !handle) >>>>>> return -EINVAL; >>>>>> >>>>>> -- >>>>>> 2.43.0 >

5 months, 3 weeks

1
0
0 0

+ mm-userfaultfd-fix-uninitialized-output-field-for-eagain-race.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/userfaultfd: fix uninitialized output field for -EAGAIN race has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-userfaultfd-fix-uninitialized-output-field-for-eagain-race.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/userfaultfd: fix uninitialized output field for -EAGAIN race Date: Thu, 24 Apr 2025 17:57:28 -0400 While discussing some userfaultfd relevant issues recently, Andrea noticed a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s. Quote from Andrea, explaining how -EAGAIN was processed, and how this should fix it (taking example of UFFDIO_COPY ioctl): The "mmap_changing" and "stale pmd" conditions are already reported as -EAGAIN written in the copy field, this does not change it. This change removes the subnormal case that left copy.copy uninitialized and required apps to explicitly set the copy field to get deterministic behavior (which is a requirement contrary to the documentation in both the manpage and source code). In turn there's no alteration to backwards compatibility as result of this change because userland will find the copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN and sometime uninitialized. Even then the change only can make a difference to non cooperative users of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not true for the vast majority of apps using userfaultfd or this unintended uninitialized field may have been noticed sooner. Meanwhile, since this bug existed for years, it also almost affects all ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also get affected in the same way: - UFFDIO_CONTINUE - UFFDIO_POISON - UFFDIO_MOVE This patch should have fixed all of them. Link: https://lkml.kernel.org/r/20250424215729.194656-2-peterx@redhat.com Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl") Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) --- a/fs/userfaultfd.c~mm-userfaultfd-fix-uninitialized-output-field-for-eagain-race +++ a/fs/userfaultfd.c @@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userf user_uffdio_copy = (struct uffdio_copy __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_copy->copy))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_copy, user_uffdio_copy, @@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct u user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage, @@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct u user_uffdio_continue = (struct uffdio_continue __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_continue->mapped))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_continue, user_uffdio_continue, @@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(str user_uffdio_poison = (struct uffdio_poison __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_poison->updated))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_poison, user_uffdio_poison, @@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userf user_uffdio_move = (struct uffdio_move __user *) arg; - if (atomic_read(&ctx->mmap_changing)) - return -EAGAIN; + ret = -EAGAIN; + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_move->move))) + return -EFAULT; + goto out; + } if (copy_from_user(&uffdio_move, user_uffdio_move, /* don't copy "move" last field */ _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-userfaultfd-fix-uninitialized-output-field-for-eagain-race.patch mm-selftests-add-a-test-to-verify-mmap_changing-race-with-eagain.patch

5 months, 3 weeks

1
0
0 0

[PATCH stable] xdp: Reset bpf_redirect_info before running a xdp's BPF prog.

by Sebastian Andrzej Siewior

Ricardo reported a KASAN discovered use after free in v6.6-stable. The syzbot starts a BPF program via xdp_test_run_batch() which assigns ri->tgt_value via dev_hash_map_redirect() and the return code isn't XDP_REDIRECT it looks like nonsense. So the output in bpf_warn_invalid_xdp_action() appears once. Then the TUN driver runs another BPF program (on the same CPU) which returns XDP_REDIRECT without setting ri->tgt_value first. It invokes bpf_trace_printk() to print four characters and obtain the required return value. This is enough to get xdp_do_redirect() invoked which then accesses the pointer in tgt_value which might have been already deallocated. This problem does not affect upstream because since commit 401cb7dae8130 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.") the per-CPU variable is referenced via task's task_struct and exists on the stack during NAPI callback. Therefore it is cleared once before the first invocation and remains valid within the RCU section of the NAPI callback. Instead of performing the huge backport of the commit (plus its fix ups) here is an alternative version which only resets the variable in question prior invoking the BPF program. Acked-by: Toke Høiland-Jørgensen <toke(a)kernel.org> Reported-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com> Closes: https://lore.kernel.org/all/20250226-20250204-kasan-slab-use-after-free-rea… Fixes: 97f91a7cf04ff ("bpf: add bpf_redirect_map helper routine") Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> --- I discussed this with Toke, thread starts at https://lore.kernel.org/all/20250313183911.SPAmGLyw@linutronix.de/ The commit, which this by accident, is part of v6.11-rc1. I added the commit introducing map redirects as the origin of the problem which is v4.14-rc1. The code is a bit different there but it seems to work similar. Affected kernels would be from v4.14 to v6.10. include/net/xdp.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/include/net/xdp.h b/include/net/xdp.h index de08c8e0d1348..b39ac83618a55 100644 --- a/include/net/xdp.h +++ b/include/net/xdp.h @@ -486,7 +486,14 @@ static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog, * under local_bh_disable(), which provides the needed RCU protection * for accessing map entries. */ - u32 act = __bpf_prog_run(prog, xdp, BPF_DISPATCHER_FUNC(xdp)); + struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); + u32 act; + + if (ri->map_id || ri->map_type) { + ri->map_id = 0; + ri->map_type = BPF_MAP_TYPE_UNSPEC; + } + act = __bpf_prog_run(prog, xdp, BPF_DISPATCHER_FUNC(xdp)); if (static_branch_unlikely(&bpf_master_redirect_enabled_key)) { if (act == XDP_TX && netif_is_bond_slave(xdp->rxq->dev)) -- 2.49.0

5 months, 3 weeks

3
7
0 0

[PATCH 5.15] Bluetooth: SCO: Fix UAF on sco_sock_timeout

by Xiangyu Chen

From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> [ Upstream commit 1bf4470a3939c678fb822073e9ea77a0560bc6bb ] conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list. Reported-by: syzbot+4c0d0c4cde787116d465(a)syzkaller.appspotmail.com Tested-by: syzbot+4c0d0c4cde787116d465(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=4c0d0c4cde787116d465 Fixes: ba316be1b6a0 ("Bluetooth: schedule SCO timeouts with delayed_work") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified on the build test --- include/net/bluetooth/bluetooth.h | 1 + net/bluetooth/af_bluetooth.c | 22 ++++++++++++++++++++++ net/bluetooth/sco.c | 18 ++++++++++++------ 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h index 7d2bd562da4b..b08b559f5242 100644 --- a/include/net/bluetooth/bluetooth.h +++ b/include/net/bluetooth/bluetooth.h @@ -314,6 +314,7 @@ int bt_sock_register(int proto, const struct net_proto_family *ops); void bt_sock_unregister(int proto); void bt_sock_link(struct bt_sock_list *l, struct sock *s); void bt_sock_unlink(struct bt_sock_list *l, struct sock *s); +bool bt_sock_linked(struct bt_sock_list *l, struct sock *s); int bt_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, int flags); int bt_sock_stream_recvmsg(struct socket *sock, struct msghdr *msg, diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index 9c9c855b9736..aebef5cf12d4 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c @@ -154,6 +154,28 @@ void bt_sock_unlink(struct bt_sock_list *l, struct sock *sk) } EXPORT_SYMBOL(bt_sock_unlink); +bool bt_sock_linked(struct bt_sock_list *l, struct sock *s) +{ + struct sock *sk; + + if (!l || !s) + return false; + + read_lock(&l->lock); + + sk_for_each(sk, &l->head) { + if (s == sk) { + read_unlock(&l->lock); + return true; + } + } + + read_unlock(&l->lock); + + return false; +} +EXPORT_SYMBOL(bt_sock_linked); + void bt_accept_enqueue(struct sock *parent, struct sock *sk, bool bh) { BT_DBG("parent %p, sk %p", parent, sk); diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index f5192116922d..83412efe2895 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -76,6 +76,16 @@ struct sco_pinfo { #define SCO_CONN_TIMEOUT (HZ * 40) #define SCO_DISCONN_TIMEOUT (HZ * 2) +static struct sock *sco_sock_hold(struct sco_conn *conn) +{ + if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) + return NULL; + + sock_hold(conn->sk); + + return conn->sk; +} + static void sco_sock_timeout(struct work_struct *work) { struct sco_conn *conn = container_of(work, struct sco_conn, @@ -87,9 +97,7 @@ static void sco_sock_timeout(struct work_struct *work) sco_conn_unlock(conn); return; } - sk = conn->sk; - if (sk) - sock_hold(sk); + sk = sco_sock_hold(conn); sco_conn_unlock(conn); if (!sk) @@ -191,9 +199,7 @@ static void sco_conn_del(struct hci_conn *hcon, int err) /* Kill socket */ sco_conn_lock(conn); - sk = conn->sk; - if (sk) - sock_hold(sk); + sk = sco_sock_hold(conn); sco_conn_unlock(conn); if (sk) { -- 2.43.0

5 months, 3 weeks

2
1
0 0

[PATCH 5.15.y] drm/amd/display: fix double free issue during amdgpu module unload

by Xiangyu Chen

From: Tim Huang <tim.huang(a)amd.com> [ Upstream commit 20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d ] Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double free issue may occur when unloading the amdgpu module. [ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0 [ 279.190577] Call Trace: [ 279.190580] <TASK> [ 279.190582] ? show_regs+0x69/0x80 [ 279.190590] ? die+0x3b/0x90 [ 279.190595] ? do_trap+0xc8/0xe0 [ 279.190601] ? do_error_trap+0x73/0xa0 [ 279.190605] ? __slab_free+0x152/0x2f0 [ 279.190609] ? exc_invalid_op+0x56/0x70 [ 279.190616] ? __slab_free+0x152/0x2f0 [ 279.190642] ? asm_exc_invalid_op+0x1f/0x30 [ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191096] ? __slab_free+0x152/0x2f0 [ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191469] kfree+0x260/0x2b0 [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191821] link_destroy+0xd7/0x130 [amdgpu] [ 279.192248] dc_destruct+0x90/0x270 [amdgpu] [ 279.192666] dc_destroy+0x19/0x40 [amdgpu] [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu] [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu] [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu] [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu] [ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu] [ 279.194632] pci_device_remove+0x3a/0xa0 [ 279.194638] device_remove+0x40/0x70 [ 279.194642] device_release_driver_internal+0x1ad/0x210 [ 279.194647] driver_detach+0x4e/0xa0 [ 279.194650] bus_remove_driver+0x6f/0xf0 [ 279.194653] driver_unregister+0x33/0x60 [ 279.194657] pci_unregister_driver+0x44/0x90 [ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu] [ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0 [ 279.194946] __x64_sys_delete_module+0x16/0x20 [ 279.194950] do_syscall_64+0x58/0x120 [ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 279.194980] </TASK> Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Tim Huang <tim.huang(a)amd.com> Reviewed-by: Roman Li <roman.li(a)amd.com> Signed-off-by: Roman Li <roman.li(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [ dc_link_destruct() moved from core/dc_link.c to link/link_factory.c since commit: 54618888d1ea ("drm/amd/display: break down dc_link.c"), so modified the path to apply on 5.15.y ] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified on the build test --- drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c index b727bd7e039d..6696372b82f4 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c @@ -79,7 +79,7 @@ static void dc_link_destruct(struct dc_link *link) if (link->panel_cntl) link->panel_cntl->funcs->destroy(&link->panel_cntl); - if (link->link_enc) { + if (link->link_enc && !link->is_dig_mapping_flexible) { /* Update link encoder resource tracking variables. These are used for * the dynamic assignment of link encoders to streams. Virtual links * are not assigned encoder resources on creation. -- 2.34.1

5 months, 3 weeks

2
1
0 0

Re: [PATCH v3 1/1] iommu: Allow attaching static domains in iommu_attach_device_pasid()

by Dave Jiang

On 4/24/25 3:59 PM, Jack Vogel wrote: > > >> On Apr 24, 2025, at 15:40, Dave Jiang <dave.jiang(a)intel.com> wrote: >> >> >> >> On 4/24/25 3:34 PM, Jack Vogel wrote: >>> I am having test issues with this patch, test system is running OL9, basically RHEL 9.5, the kernel boots ok, and the dmesg is clean… but the tests in accel-config dont pass. Specifically the crypto tests, this is due to vfio_pci_core not loading. Right now I’m not sure if any of this is my mistake, but at least it’s something I need to keep looking at. >>> >>> Also, since I saw that issue on the latest I did a backport to our UEK8 kernel which is 6.12.23, and on that kernel it still exhibited these messages on boot: >>> >>> *idxd*0000:6a:01.0: enabling device (0144 -> 0146) >>> >>> [ 21.112733] *idxd*0000:6a:01.0: failed to attach device pasid 1, domain type 4 >>> >>> [ 21.120770] *idxd*0000:6a:01.0: No in-kernel DMA with PASID. -95 >>> >>> >>> Again, maybe an issue in my backporting… however I’d like to be sure. >> >> Can you verify against latest upstream kernel plus the patch and see if you still see the error? >> >> DJ > > Yes, the kernel was build from the tip this morning. Like I said, it got no messages booting up, all looked fine. But when running the actual test suite in the accel-config tarball specifically the iaa crypt tests, they failed and the dmesg was from vfio_pci_core failed to load with an unknown symbol. I'm not sure what the test consists of (haven't worked on this device for almost 2 years). But usually the device is either bound to the idxd driver or the vfio_pci driver. Not both. And if the idxd driver didn't emit any errors while loading, then the test failure may be something else... Another way to verify is to set CONFIG_IOMMU_DEFAULT_DMA_LAZY vs PASSTHROUGH. If the tests still fail then it's something else. DJ > > This sounds like the module was wrong, but i would think it was installed with the v6.15 kernel….. > > Jack > >> >>> >>> Cheers, >>> >>> Jack >>> >>> >>>> On Apr 23, 2025, at 20:41, Lu Baolu <baolu.lu(a)linux.intel.com> wrote: >>>> >>>> The idxd driver attaches the default domain to a PASID of the device to >>>> perform kernel DMA using that PASID. The domain is attached to the >>>> device's PASID through iommu_attach_device_pasid(), which checks if the >>>> domain->owner matches the iommu_ops retrieved from the device. If they >>>> do not match, it returns a failure. >>>> >>>> if (ops != domain->owner || pasid == IOMMU_NO_PASID) >>>> return -EINVAL; >>>> >>>> The static identity domain implemented by the intel iommu driver doesn't >>>> specify the domain owner. Therefore, kernel DMA with PASID doesn't work >>>> for the idxd driver if the device translation mode is set to passthrough. >>>> >>>> Generally the owner field of static domains are not set because they are >>>> already part of iommu ops. Add a helper domain_iommu_ops_compatible() >>>> that checks if a domain is compatible with the device's iommu ops. This >>>> helper explicitly allows the static blocked and identity domains associated >>>> with the device's iommu_ops to be considered compatible. >>>> >>>> Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain") >>>> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031 >>>> Cc: stable(a)vger.kernel.org >>>> Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> >>>> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/ >>>> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> >>>> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> >>>> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> >>>> --- >>>> drivers/iommu/iommu.c | 21 ++++++++++++++++++--- >>>> 1 file changed, 18 insertions(+), 3 deletions(-) >>>> >>>> Change log: >>>> v3: >>>> - Convert all places checking domain->owner to the new helper. >>>> v2: https://lore.kernel.org/linux-iommu/20250423021839.2189204-1-baolu.lu@linux… >>>> - Make the solution generic for all static domains as suggested by >>>> Jason. >>>> v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux… >>>> >>>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c >>>> index 4f91a740c15f..b26fc3ed9f01 100644 >>>> --- a/drivers/iommu/iommu.c >>>> +++ b/drivers/iommu/iommu.c >>>> @@ -2204,6 +2204,19 @@ static void *iommu_make_pasid_array_entry(struct iommu_domain *domain, >>>> return xa_tag_pointer(domain, IOMMU_PASID_ARRAY_DOMAIN); >>>> } >>>> >>>> +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops, >>>> +struct iommu_domain *domain) >>>> +{ >>>> +if (domain->owner == ops) >>>> +return true; >>>> + >>>> +/* For static domains, owner isn't set. */ >>>> +if (domain == ops->blocked_domain || domain == ops->identity_domain) >>>> +return true; >>>> + >>>> +return false; >>>> +} >>>> + >>>> static int __iommu_attach_group(struct iommu_domain *domain, >>>> struct iommu_group *group) >>>> { >>>> @@ -2214,7 +2227,8 @@ static int __iommu_attach_group(struct iommu_domain *domain, >>>> return -EBUSY; >>>> >>>> dev = iommu_group_first_dev(group); >>>> -if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner) >>>> +if (!dev_has_iommu(dev) || >>>> + !domain_iommu_ops_compatible(dev_iommu_ops(dev), domain)) >>>> return -EINVAL; >>>> >>>> return __iommu_group_set_domain(group, domain); >>>> @@ -3435,7 +3449,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, >>>> !ops->blocked_domain->ops->set_dev_pasid) >>>> return -EOPNOTSUPP; >>>> >>>> -if (ops != domain->owner || pasid == IOMMU_NO_PASID) >>>> +if (!domain_iommu_ops_compatible(ops, domain) || >>>> + pasid == IOMMU_NO_PASID) >>>> return -EINVAL; >>>> >>>> mutex_lock(&group->mutex); >>>> @@ -3511,7 +3526,7 @@ int iommu_replace_device_pasid(struct iommu_domain *domain, >>>> if (!domain->ops->set_dev_pasid) >>>> return -EOPNOTSUPP; >>>> >>>> -if (dev_iommu_ops(dev) != domain->owner || >>>> +if (!domain_iommu_ops_compatible(dev_iommu_ops(dev), domain) || >>>> pasid == IOMMU_NO_PASID || !handle) >>>> return -EINVAL; >>>> >>>> -- >>>> 2.43.0 >

5 months, 3 weeks

1
0
0 0

Re: [PATCH v3 1/1] iommu: Allow attaching static domains in iommu_attach_device_pasid()

by Dave Jiang

On 4/24/25 3:34 PM, Jack Vogel wrote: > I am having test issues with this patch, test system is running OL9, basically RHEL 9.5, the kernel boots ok, and the dmesg is clean… but the tests in accel-config dont pass. Specifically the crypto tests, this is due to vfio_pci_core not loading. Right now I’m not sure if any of this is my mistake, but at least it’s something I need to keep looking at. > > Also, since I saw that issue on the latest I did a backport to our UEK8 kernel which is 6.12.23, and on that kernel it still exhibited these messages on boot: > > *idxd*0000:6a:01.0: enabling device (0144 -> 0146) > > [ 21.112733] *idxd*0000:6a:01.0: failed to attach device pasid 1, domain type 4 > > [ 21.120770] *idxd*0000:6a:01.0: No in-kernel DMA with PASID. -95 > > > Again, maybe an issue in my backporting… however I’d like to be sure. Can you verify against latest upstream kernel plus the patch and see if you still see the error? DJ > > Cheers, > > Jack > > >> On Apr 23, 2025, at 20:41, Lu Baolu <baolu.lu(a)linux.intel.com> wrote: >> >> The idxd driver attaches the default domain to a PASID of the device to >> perform kernel DMA using that PASID. The domain is attached to the >> device's PASID through iommu_attach_device_pasid(), which checks if the >> domain->owner matches the iommu_ops retrieved from the device. If they >> do not match, it returns a failure. >> >> if (ops != domain->owner || pasid == IOMMU_NO_PASID) >> return -EINVAL; >> >> The static identity domain implemented by the intel iommu driver doesn't >> specify the domain owner. Therefore, kernel DMA with PASID doesn't work >> for the idxd driver if the device translation mode is set to passthrough. >> >> Generally the owner field of static domains are not set because they are >> already part of iommu ops. Add a helper domain_iommu_ops_compatible() >> that checks if a domain is compatible with the device's iommu ops. This >> helper explicitly allows the static blocked and identity domains associated >> with the device's iommu_ops to be considered compatible. >> >> Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain") >> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031 >> Cc: stable(a)vger.kernel.org >> Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> >> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/ >> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> >> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> >> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> >> --- >> drivers/iommu/iommu.c | 21 ++++++++++++++++++--- >> 1 file changed, 18 insertions(+), 3 deletions(-) >> >> Change log: >> v3: >> - Convert all places checking domain->owner to the new helper. >> v2: https://lore.kernel.org/linux-iommu/20250423021839.2189204-1-baolu.lu@linux… >> - Make the solution generic for all static domains as suggested by >> Jason. >> v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux… >> >> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c >> index 4f91a740c15f..b26fc3ed9f01 100644 >> --- a/drivers/iommu/iommu.c >> +++ b/drivers/iommu/iommu.c >> @@ -2204,6 +2204,19 @@ static void *iommu_make_pasid_array_entry(struct iommu_domain *domain, >> return xa_tag_pointer(domain, IOMMU_PASID_ARRAY_DOMAIN); >> } >> >> +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops, >> +struct iommu_domain *domain) >> +{ >> +if (domain->owner == ops) >> +return true; >> + >> +/* For static domains, owner isn't set. */ >> +if (domain == ops->blocked_domain || domain == ops->identity_domain) >> +return true; >> + >> +return false; >> +} >> + >> static int __iommu_attach_group(struct iommu_domain *domain, >> struct iommu_group *group) >> { >> @@ -2214,7 +2227,8 @@ static int __iommu_attach_group(struct iommu_domain *domain, >> return -EBUSY; >> >> dev = iommu_group_first_dev(group); >> -if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner) >> +if (!dev_has_iommu(dev) || >> + !domain_iommu_ops_compatible(dev_iommu_ops(dev), domain)) >> return -EINVAL; >> >> return __iommu_group_set_domain(group, domain); >> @@ -3435,7 +3449,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, >> !ops->blocked_domain->ops->set_dev_pasid) >> return -EOPNOTSUPP; >> >> -if (ops != domain->owner || pasid == IOMMU_NO_PASID) >> +if (!domain_iommu_ops_compatible(ops, domain) || >> + pasid == IOMMU_NO_PASID) >> return -EINVAL; >> >> mutex_lock(&group->mutex); >> @@ -3511,7 +3526,7 @@ int iommu_replace_device_pasid(struct iommu_domain *domain, >> if (!domain->ops->set_dev_pasid) >> return -EOPNOTSUPP; >> >> -if (dev_iommu_ops(dev) != domain->owner || >> +if (!domain_iommu_ops_compatible(dev_iommu_ops(dev), domain) || >> pasid == IOMMU_NO_PASID || !handle) >> return -EINVAL; >> >> -- >> 2.43.0 >> >

5 months, 3 weeks

1
0
0 0

[alternative-merged] smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: smaps: fix crash in smaps_hugetlb_range for non-present hugetlb entries has been removed from the -mm tree. Its filename was smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries.patch This patch was dropped because an alternative patch was or shall be merged ------------------------------------------------------ From: Ming Wang <wangming01(a)loongson.cn> Subject: smaps: fix crash in smaps_hugetlb_range for non-present hugetlb entries Date: Wed, 23 Apr 2025 09:03:59 +0800 When reading /proc/pid/smaps for a process that has mapped a hugetlbfs file with MAP_PRIVATE, the kernel might crash inside pfn_swap_entry_to_page. This occurs on LoongArch under specific conditions. The root cause involves several steps: 1. When the hugetlbfs file is mapped (MAP_PRIVATE), the initial PMD (or relevant level) entry is often populated by the kernel during mmap() with a non-present entry pointing to the architecture's invalid_pte_table On the affected LoongArch system, this address was observed to be 0x90000000031e4000. 2. The smaps walker (walk_hugetlb_range -> smaps_hugetlb_range) reads this entry. 3. The generic is_swap_pte() macro checks `!pte_present() && !pte_none()`. The entry (invalid_pte_table address) is not present. Crucially, the generic pte_none() check (`!(pte_val(pte) & ~_PAGE_GLOBAL)`) returns false because the invalid_pte_table address is non-zero. Therefore, is_swap_pte() incorrectly returns true. 4. The code enters the `else if (is_swap_pte(...))` block. 5. Inside this block, it checks `is_pfn_swap_entry()`. Due to a bit pattern coincidence in the invalid_pte_table address on LoongArch, the embedded generic `is_migration_entry()` check happens to return true (misinterpreting parts of the address as a migration type). 6. This leads to a call to pfn_swap_entry_to_page() with the bogus swap entry derived from the invalid table address. 7. pfn_swap_entry_to_page() extracts a meaningless PFN, finds an unrelated struct page, checks its lock status (unlocked), and hits the `BUG_ON(is_migration_entry(entry) && !PageLocked(p))` assertion. The original code's intent in the `else if` block seems aimed at handling potential migration entries, as indicated by the inner `is_pfn_swap_entry()` check. The issue arises because the outer `is_swap_pte()` check incorrectly includes the invalid table pointer case on LoongArch. This patch fixes the issue by changing the condition in smaps_hugetlb_range() from the broad `is_swap_pte()` to the specific `is_hugetlb_entry_migration()`. The `is_hugetlb_entry_migration()` helper function correctly handles this by first checking `huge_pte_none()`. Architectures like LoongArch can provide an override for `huge_pte_none()` that specifically recognizes the `invalid_pte_table` address as a "none" state for HugeTLB entries. This ensures `is_hugetlb_entry_migration()` returns false for the invalid entry, preventing the code from entering the faulty block. This change makes the code reflect the likely original intent (handling migration) more accurately and leverages architecture-specific helpers (`huge_pte_none`) to correctly interpret special PTE/PMD values in the HugeTLB context, fixing the crash on LoongArch without altering the generic is_swap_pte() behavior. Link: https://lkml.kernel.org/r/20250423010359.2030576-1-wangming01@loongson.cn Fixes: 25ee01a2fca0 ("mm: hugetlb: proc: add hugetlb-related fields to /proc/PID/smaps") Co-developed-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> Signed-off-by: Ming Wang <wangming01(a)loongson.cn> Cc: Andrii Nakryiko <andrii(a)kernel.org> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: David Hildenbrand <david(a)redhat.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Huacai Chen <chenhuacai(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Joern Engel <joern(a)logfs.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.cz> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries +++ a/fs/proc/task_mmu.c @@ -1027,7 +1027,7 @@ static int smaps_hugetlb_range(pte_t *pt if (pte_present(ptent)) { folio = page_folio(pte_page(ptent)); present = true; - } else if (is_swap_pte(ptent)) { + } else if (is_hugetlb_entry_migration(ptent)) { swp_entry_t swpent = pte_to_swp_entry(ptent); if (is_pfn_swap_entry(swpent)) _ Patches currently in -mm which might be from wangming01(a)loongson.cn are

5 months, 3 weeks

1
0
0 0

[PATCH] btrfs: adjust subpage bit start based on sectorsize

by Josef Bacik

When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes. When writing out a subpage EB we scan the subpage bitmap for a dirty range. If the range isn't dirty we do bit_start++; to move onto the next bit. The problem is the bitmap is based on the number of sectors that an EB has. So in this case, we have a 64k pagesize, 16k nodesize, but a 4k sectorsize. This means our bitmap is 4 bits for every node. With a 64k page size we end up with 4 nodes per page. To make this easier this is how everything looks [0 16k 32k 48k ] logical address [0 4 8 12 ] radix tree offset [ 64k page ] folio [ 16k eb ][ 16k eb ][ 16k eb ][ 16k eb ] extent buffers [ | | | | | | | | | | | | | | | | ] bitmap Now we use all of our addressing based on fs_info->sectorsize_bits, so as you can see the above our 16k eb->start turns into radix entry 4. When we find a dirty range for our eb, we correctly do bit_start += sectors_per_node, because if we start at bit 0, the next bit for the next eb is 4, to correspond to eb->start 16k. However if our range is clean, we will do bit_start++, which will now put us offset from our radix tree entries. In our case, assume that the first time we check the bitmap the block is not dirty, we increment bit_start so now it == 1, and then we loop around and check again. This time it is dirty, and we go to find that start using the following equation start = folio_start + bit_start * fs_info->sectorsize; so in the case above, eb->start 0 is now dirty, and we calculate start as 0 + 1 * fs_info->sectorsize = 4096 4096 >> 12 = 1 Now we're looking up the radix tree for 1, and we won't find an eb. What's worse is now we're using bit_start == 1, so we do bit_start += sectors_per_node, which is now 5. If that eb is dirty we will run into the same thing, we will look at an offset that is not populated in the radix tree, and now we're skipping the writeout of dirty extent buffers. The best fix for this is to not use sectorsize_bits to address nodes, but that's a larger change. Since this is a fs corruption problem fix it simply by always using sectors_per_node to increment the start bit. cc: stable(a)vger.kernel.org Fixes: c4aec299fa8f ("btrfs: introduce submit_eb_subpage() to submit a subpage metadata page") Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> --- - Further testing indicated that the page tagging theoretical race isn't getting hit in practice, so we're going to limit the "hotfix" to this specific patch, and then send subsequent patches to address the other issues we're hitting. My simplify metadata writebback patches are the more wholistic fix. fs/btrfs/extent_io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 5f08615b334f..6cfd286b8bbc 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -2034,7 +2034,7 @@ static int submit_eb_subpage(struct folio *folio, struct writeback_control *wbc) subpage->bitmaps)) { spin_unlock_irqrestore(&subpage->lock, flags); spin_unlock(&folio->mapping->i_private_lock); - bit_start++; + bit_start += sectors_per_node; continue; } -- 2.48.1

5 months, 3 weeks

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2025