Linux-stable-mirror August 2025

linux-stable-mirror@lists.linaro.org

518 participants
1331 discussions

FAILED: patch "[PATCH] randstruct: gcc-plugin: Fix attribute addition" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f39f18f3c3531aa802b58a20d39d96e82eb96c14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060527-upwind-coveting-bcba@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f39f18f3c3531aa802b58a20d39d96e82eb96c14 Mon Sep 17 00:00:00 2001 From: Kees Cook <kees(a)kernel.org> Date: Fri, 30 May 2025 15:18:28 -0700 Subject: [PATCH] randstruct: gcc-plugin: Fix attribute addition Based on changes in the 2021 public version of the randstruct out-of-tree GCC plugin[1], more carefully update the attributes on resulting decls, to avoid tripping checks in GCC 15's comptypes_check_enum_int() when it has been configured with "--enable-checking=misc": arch/arm64/kernel/kexec_image.c:132:14: internal compiler error: in comptypes_check_enum_int, at c/c-typeck.cc:1519 132 | const struct kexec_file_ops kexec_image_ops = { | ^~~~~~~~~~~~~~ internal_error(char const*, ...), at gcc/gcc/diagnostic-global-context.cc:517 fancy_abort(char const*, int, char const*), at gcc/gcc/diagnostic.cc:1803 comptypes_check_enum_int(tree_node*, tree_node*, bool*), at gcc/gcc/c/c-typeck.cc:1519 ... Link: https://archive.org/download/grsecurity/grsecurity-3.1-5.10.41-202105280954… [1] Reported-by: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Closes: https://github.com/KSPP/linux/issues/367 Closes: https://lore.kernel.org/lkml/20250530000646.104457-1-thiago.bauermann@linar… Reported-by: Ingo Saitz <ingo(a)hannover.ccc.de> Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104745 Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") Tested-by: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Link: https://lore.kernel.org/r/20250530221824.work.623-kees@kernel.org Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index 3222c1070444..ef12c8f929ed 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -123,6 +123,38 @@ static inline tree build_const_char_string(int len, const char *str) return cstr; } +static inline void __add_type_attr(tree type, const char *attr, tree args) +{ + tree oldattr; + + if (type == NULL_TREE) + return; + oldattr = lookup_attribute(attr, TYPE_ATTRIBUTES(type)); + if (oldattr != NULL_TREE) { + gcc_assert(TREE_VALUE(oldattr) == args || TREE_VALUE(TREE_VALUE(oldattr)) == TREE_VALUE(args)); + return; + } + + TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); + TYPE_ATTRIBUTES(type) = tree_cons(get_identifier(attr), args, TYPE_ATTRIBUTES(type)); +} + +static inline void add_type_attr(tree type, const char *attr, tree args) +{ + tree main_variant = TYPE_MAIN_VARIANT(type); + + __add_type_attr(TYPE_CANONICAL(type), attr, args); + __add_type_attr(TYPE_CANONICAL(main_variant), attr, args); + __add_type_attr(main_variant, attr, args); + + for (type = TYPE_NEXT_VARIANT(main_variant); type; type = TYPE_NEXT_VARIANT(type)) { + if (!lookup_attribute(attr, TYPE_ATTRIBUTES(type))) + TYPE_ATTRIBUTES(type) = TYPE_ATTRIBUTES(main_variant); + + __add_type_attr(TYPE_CANONICAL(type), attr, args); + } +} + #define PASS_INFO(NAME, REF, ID, POS) \ struct register_pass_info NAME##_pass_info = { \ .pass = make_##NAME##_pass(), \ diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index 971a1908a8cc..ff65a4f87f24 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -73,6 +73,9 @@ static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int f if (TYPE_P(*node)) { type = *node; + } else if (TREE_CODE(*node) == FIELD_DECL) { + *no_add_attrs = false; + return NULL_TREE; } else { gcc_assert(TREE_CODE(*node) == TYPE_DECL); type = TREE_TYPE(*node); @@ -348,15 +351,14 @@ static int relayout_struct(tree type) TREE_CHAIN(newtree[i]) = newtree[i+1]; TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; + add_type_attr(type, "randomize_performed", NULL_TREE); + add_type_attr(type, "designated_init", NULL_TREE); + if (has_flexarray) + add_type_attr(type, "has_flexarray", NULL_TREE); + main_variant = TYPE_MAIN_VARIANT(type); - for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { + for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) TYPE_FIELDS(variant) = newtree[0]; - TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - if (has_flexarray) - TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); - } /* * force a re-layout of the main variant @@ -424,10 +426,8 @@ static void randomize_type(tree type) if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) relayout_struct(type); - for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { - TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); - TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); - } + add_type_attr(type, "randomize_considered", NULL_TREE); + #ifdef __DEBUG_PLUGIN fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); #ifdef __DEBUG_VERBOSE

3 months, 4 weeks

[PATCH v2] bus: mhi: ep: Fix chained transfer handling in read path

by Sumit Kumar

From: Sumit Kumar <sumk(a)qti.qualcomm.com> The current implementation of mhi_ep_read_channel, in case of chained transactions, assumes the End of Transfer(EOT) bit is received with the doorbell. As a result, it may incorrectly advance mhi_chan->rd_offset beyond wr_offset during host-to-device transfers when EOT has not yet arrived. This can lead to access of unmapped host memory, causing IOMMU faults and processing of stale TREs. This change modifies the loop condition to ensure mhi_queue is not empty, allowing the function to process only valid TREs up to the current write pointer. This prevents premature reads and ensures safe traversal of chained TREs. Removed buf_left from the while loop condition to avoid exiting prematurely before reading the ring completely. Removed write_offset since it will always be zero because the new cache buffer is allocated everytime. Fixes: 5301258899773 ("bus: mhi: ep: Add support for reading from the host") Cc: stable(a)vger.kernel.org Co-developed-by: Akhil Vinod <akhvin(a)qti.qualcomm.com> Signed-off-by: Akhil Vinod <akhvin(a)qti.qualcomm.com> Signed-off-by: Sumit Kumar <sumk(a)qti.qualcomm.com> --- Changes in v2: - Use mhi_ep_queue_is_empty in while loop (Mani). - Remove do while loop in mhi_ep_process_ch_ring (Mani). - Remove buf_left, wr_offset, tr_done. - Haven't added Reviewed-by as there is change in logic. - Link to v1: https://lore.kernel.org/r/20250709-chained_transfer-v1-1-2326a4605c9c@quici… --- drivers/bus/mhi/ep/main.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index b3eafcf2a2c50d95e3efd3afb27038ecf55552a5..cdea24e9291959ae0a92487c1b9698dc8164d2f1 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -403,17 +403,13 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, { struct mhi_ep_chan *mhi_chan = &mhi_cntrl->mhi_chan[ring->ch_id]; struct device *dev = &mhi_cntrl->mhi_dev->dev; - size_t tr_len, read_offset, write_offset; + size_t tr_len, read_offset; struct mhi_ep_buf_info buf_info = {}; u32 len = MHI_EP_DEFAULT_MTU; struct mhi_ring_element *el; - bool tr_done = false; void *buf_addr; - u32 buf_left; int ret; - buf_left = len; - do { /* Don't process the transfer ring if the channel is not in RUNNING state */ if (mhi_chan->state != MHI_CH_STATE_RUNNING) { @@ -426,24 +422,23 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, /* Check if there is data pending to be read from previous read operation */ if (mhi_chan->tre_bytes_left) { dev_dbg(dev, "TRE bytes remaining: %u\n", mhi_chan->tre_bytes_left); - tr_len = min(buf_left, mhi_chan->tre_bytes_left); + tr_len = min(len, mhi_chan->tre_bytes_left); } else { mhi_chan->tre_loc = MHI_TRE_DATA_GET_PTR(el); mhi_chan->tre_size = MHI_TRE_DATA_GET_LEN(el); mhi_chan->tre_bytes_left = mhi_chan->tre_size; - tr_len = min(buf_left, mhi_chan->tre_size); + tr_len = min(len, mhi_chan->tre_size); } read_offset = mhi_chan->tre_size - mhi_chan->tre_bytes_left; - write_offset = len - buf_left; buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL); if (!buf_addr) return -ENOMEM; buf_info.host_addr = mhi_chan->tre_loc + read_offset; - buf_info.dev_addr = buf_addr + write_offset; + buf_info.dev_addr = buf_addr; buf_info.size = tr_len; buf_info.cb = mhi_ep_read_completion; buf_info.cb_buf = buf_addr; @@ -459,16 +454,12 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, goto err_free_buf_addr; } - buf_left -= tr_len; mhi_chan->tre_bytes_left -= tr_len; - if (!mhi_chan->tre_bytes_left) { - if (MHI_TRE_DATA_GET_IEOT(el)) - tr_done = true; - + if (!mhi_chan->tre_bytes_left) mhi_chan->rd_offset = (mhi_chan->rd_offset + 1) % ring->ring_size; - } - } while (buf_left && !tr_done); + /* Read until the some buffer is left or the ring becomes not empty */ + } while (!mhi_ep_queue_is_empty(mhi_chan->mhi_dev, DMA_TO_DEVICE)); return 0; @@ -502,15 +493,11 @@ static int mhi_ep_process_ch_ring(struct mhi_ep_ring *ring) mhi_chan->xfer_cb(mhi_chan->mhi_dev, &result); } else { /* UL channel */ - do { - ret = mhi_ep_read_channel(mhi_cntrl, ring); - if (ret < 0) { - dev_err(&mhi_chan->mhi_dev->dev, "Failed to read channel\n"); - return ret; - } - - /* Read until the ring becomes empty */ - } while (!mhi_ep_queue_is_empty(mhi_chan->mhi_dev, DMA_TO_DEVICE)); + ret = mhi_ep_read_channel(mhi_cntrl, ring); + if (ret < 0) { + dev_err(&mhi_chan->mhi_dev->dev, "Failed to read channel\n"); + return ret; + } } return 0; --- base-commit: 4c06e63b92038fadb566b652ec3ec04e228931e8 change-id: 20250709-chained_transfer-0b95f8afa487 Best regards, -- Sumit Kumar <quic_sumk(a)quicinc.com>

3 months, 4 weeks

[PATCH] mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()

by Uladzislau Rezki (Sony)

kasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and always allocate memory using the hardcoded GFP_KERNEL flag. This makes them inconsistent with vmalloc(), which was recently extended to support GFP_NOFS and GFP_NOIO allocations. Page table allocations performed during shadow population also ignore the external gfp_mask. To preserve the intended semantics of GFP_NOFS and GFP_NOIO, wrap the apply_to_page_range() calls into the appropriate memalloc scope. This patch: - Extends kasan_populate_vmalloc() and helpers to take gfp_mask; - Passes gfp_mask down to alloc_pages_bulk() and __get_free_page(); - Enforces GFP_NOFS/NOIO semantics with memalloc_*_save()/restore() around apply_to_page_range(); - Updates vmalloc.c and percpu allocator call sites accordingly. To: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: <stable(a)vger.kernel.org> Fixes: 451769ebb7e7 ("mm/vmalloc: alloc GFP_NO{FS,IO} for vmalloc") Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> --- include/linux/kasan.h | 6 +++--- mm/kasan/shadow.c | 31 ++++++++++++++++++++++++------- mm/vmalloc.c | 8 ++++---- 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 890011071f2b..fe5ce9215821 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -562,7 +562,7 @@ static inline void kasan_init_hw_tags(void) { } #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) void kasan_populate_early_vm_area_shadow(void *start, unsigned long size); -int kasan_populate_vmalloc(unsigned long addr, unsigned long size); +int kasan_populate_vmalloc(unsigned long addr, unsigned long size, gfp_t gfp_mask); void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, unsigned long free_region_end, @@ -574,7 +574,7 @@ static inline void kasan_populate_early_vm_area_shadow(void *start, unsigned long size) { } static inline int kasan_populate_vmalloc(unsigned long start, - unsigned long size) + unsigned long size, gfp_t gfp_mask) { return 0; } @@ -610,7 +610,7 @@ static __always_inline void kasan_poison_vmalloc(const void *start, static inline void kasan_populate_early_vm_area_shadow(void *start, unsigned long size) { } static inline int kasan_populate_vmalloc(unsigned long start, - unsigned long size) + unsigned long size, gfp_t gfp_mask) { return 0; } diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index d2c70cd2afb1..c7c0be119173 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -335,13 +335,13 @@ static void ___free_pages_bulk(struct page **pages, int nr_pages) } } -static int ___alloc_pages_bulk(struct page **pages, int nr_pages) +static int ___alloc_pages_bulk(struct page **pages, int nr_pages, gfp_t gfp_mask) { unsigned long nr_populated, nr_total = nr_pages; struct page **page_array = pages; while (nr_pages) { - nr_populated = alloc_pages_bulk(GFP_KERNEL, nr_pages, pages); + nr_populated = alloc_pages_bulk(gfp_mask, nr_pages, pages); if (!nr_populated) { ___free_pages_bulk(page_array, nr_total - nr_pages); return -ENOMEM; @@ -353,25 +353,42 @@ static int ___alloc_pages_bulk(struct page **pages, int nr_pages) return 0; } -static int __kasan_populate_vmalloc(unsigned long start, unsigned long end) +static int __kasan_populate_vmalloc(unsigned long start, unsigned long end, gfp_t gfp_mask) { unsigned long nr_pages, nr_total = PFN_UP(end - start); struct vmalloc_populate_data data; + unsigned int flags; int ret = 0; - data.pages = (struct page **)__get_free_page(GFP_KERNEL | __GFP_ZERO); + data.pages = (struct page **)__get_free_page(gfp_mask | __GFP_ZERO); if (!data.pages) return -ENOMEM; while (nr_total) { nr_pages = min(nr_total, PAGE_SIZE / sizeof(data.pages[0])); - ret = ___alloc_pages_bulk(data.pages, nr_pages); + ret = ___alloc_pages_bulk(data.pages, nr_pages, gfp_mask); if (ret) break; data.start = start; + + /* + * page tables allocations ignore external gfp mask, enforce it + * by the scope API + */ + if ((gfp_mask & (__GFP_FS | __GFP_IO)) == __GFP_IO) + flags = memalloc_nofs_save(); + else if ((gfp_mask & (__GFP_FS | __GFP_IO)) == 0) + flags = memalloc_noio_save(); + ret = apply_to_page_range(&init_mm, start, nr_pages * PAGE_SIZE, kasan_populate_vmalloc_pte, &data); + + if ((gfp_mask & (__GFP_FS | __GFP_IO)) == __GFP_IO) + memalloc_nofs_restore(flags); + else if ((gfp_mask & (__GFP_FS | __GFP_IO)) == 0) + memalloc_noio_restore(flags); + ___free_pages_bulk(data.pages, nr_pages); if (ret) break; @@ -385,7 +402,7 @@ static int __kasan_populate_vmalloc(unsigned long start, unsigned long end) return ret; } -int kasan_populate_vmalloc(unsigned long addr, unsigned long size) +int kasan_populate_vmalloc(unsigned long addr, unsigned long size, gfp_t gfp_mask) { unsigned long shadow_start, shadow_end; int ret; @@ -414,7 +431,7 @@ int kasan_populate_vmalloc(unsigned long addr, unsigned long size) shadow_start = PAGE_ALIGN_DOWN(shadow_start); shadow_end = PAGE_ALIGN(shadow_end); - ret = __kasan_populate_vmalloc(shadow_start, shadow_end); + ret = __kasan_populate_vmalloc(shadow_start, shadow_end, gfp_mask); if (ret) return ret; diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 6dbcdceecae1..5edd536ba9d2 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2026,6 +2026,8 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, if (unlikely(!vmap_initialized)) return ERR_PTR(-EBUSY); + /* Only reclaim behaviour flags are relevant. */ + gfp_mask = gfp_mask & GFP_RECLAIM_MASK; might_sleep(); /* @@ -2038,8 +2040,6 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, */ va = node_alloc(size, align, vstart, vend, &addr, &vn_id); if (!va) { - gfp_mask = gfp_mask & GFP_RECLAIM_MASK; - va = kmem_cache_alloc_node(vmap_area_cachep, gfp_mask, node); if (unlikely(!va)) return ERR_PTR(-ENOMEM); @@ -2089,7 +2089,7 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, BUG_ON(va->va_start < vstart); BUG_ON(va->va_end > vend); - ret = kasan_populate_vmalloc(addr, size); + ret = kasan_populate_vmalloc(addr, size, gfp_mask); if (ret) { free_vmap_area(va); return ERR_PTR(ret); @@ -4826,7 +4826,7 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, /* populate the kasan shadow space */ for (area = 0; area < nr_vms; area++) { - if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area])) + if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area], GFP_KERNEL)) goto err_free_shadow; } -- 2.47.2

3 months, 4 weeks

[PATCH v4 1/1] eventpoll: Replace rwlock with spinlock

by Nam Cao

The ready event list of an epoll object is protected by read-write semaphore: - The consumer (waiter) acquires the write lock and takes items. - the producer (waker) takes the read lock and adds items. The point of this design is enabling epoll to scale well with large number of producers, as multiple producers can hold the read lock at the same time. Unfortunately, this implementation may cause scheduling priority inversion problem. Suppose the consumer has higher scheduling priority than the producer. The consumer needs to acquire the write lock, but may be blocked by the producer holding the read lock. Since read-write semaphore does not support priority-boosting for the readers (even with CONFIG_PREEMPT_RT=y), we have a case of priority inversion: a higher priority consumer is blocked by a lower priority producer. This problem was reported in [1]. Furthermore, this could also cause stall problem, as described in [2]. Fix this problem by replacing rwlock with spinlock. This reduces the event bandwidth, as the producers now have to contend with each other for the spinlock. According to the benchmark from https://github.com/rouming/test-tools/blob/master/stress-epoll.c: On 12 x86 CPUs: Before After Diff threads events/ms events/ms 8 7162 4956 -31% 16 8733 5383 -38% 32 7968 5572 -30% 64 10652 5739 -46% 128 11236 5931 -47% On 4 riscv CPUs: Before After Diff threads events/ms events/ms 8 2958 2833 -4% 16 3323 3097 -7% 32 3451 3240 -6% 64 3554 3178 -11% 128 3601 3235 -10% Although the numbers look bad, it should be noted that this benchmark creates multiple threads who do nothing except constantly generating new epoll events, thus contention on the spinlock is high. For real workload, the event rate is likely much lower, and the performance drop is not as bad. Using another benchmark (perf bench epoll wait) where spinlock contention is lower, improvement is even observed on x86: On 12 x86 CPUs: Before: Averaged 110279 operations/sec (+- 1.09%), total secs = 8 After: Averaged 114577 operations/sec (+- 2.25%), total secs = 8 On 4 riscv CPUs: Before: Averaged 175767 operations/sec (+- 0.62%), total secs = 8 After: Averaged 167396 operations/sec (+- 0.23%), total secs = 8 In conclusion, no one is likely to be upset over this change. After all, spinlock was used originally for years, and the commit which converted to rwlock didn't mention a real workload, just that the benchmark numbers are nice. This patch is not exactly the revert of commit a218cc491420 ("epoll: use rwlock in order to reduce ep_poll_callback() contention"), because git revert conflicts in some places which are not obvious on the resolution. This patch is intended to be backported, therefore go with the obvious approach: - Replace rwlock_t with spinlock_t one to one - Delete list_add_tail_lockless() and chain_epi_lockless(). These were introduced to allow producers to concurrently add items to the list. But now that spinlock no longer allows producers to touch the event list concurrently, these two functions are not necessary anymore. Fixes: a218cc491420 ("epoll: use rwlock in order to reduce ep_poll_callback() contention") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- fs/eventpoll.c | 139 +++++++++---------------------------------------- 1 file changed, 26 insertions(+), 113 deletions(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index 0fbf5dfedb24..a171f7e7dacc 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -46,10 +46,10 @@ * * 1) epnested_mutex (mutex) * 2) ep->mtx (mutex) - * 3) ep->lock (rwlock) + * 3) ep->lock (spinlock) * * The acquire order is the one listed above, from 1 to 3. - * We need a rwlock (ep->lock) because we manipulate objects + * We need a spinlock (ep->lock) because we manipulate objects * from inside the poll callback, that might be triggered from * a wake_up() that in turn might be called from IRQ context. * So we can't sleep inside the poll callback and hence we need @@ -195,7 +195,7 @@ struct eventpoll { struct list_head rdllist; /* Lock which protects rdllist and ovflist */ - rwlock_t lock; + spinlock_t lock; /* RB tree root used to store monitored fd structs */ struct rb_root_cached rbr; @@ -740,10 +740,10 @@ static void ep_start_scan(struct eventpoll *ep, struct list_head *txlist) * in a lockless way. */ lockdep_assert_irqs_enabled(); - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); list_splice_init(&ep->rdllist, txlist); WRITE_ONCE(ep->ovflist, NULL); - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); } static void ep_done_scan(struct eventpoll *ep, @@ -751,7 +751,7 @@ static void ep_done_scan(struct eventpoll *ep, { struct epitem *epi, *nepi; - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); /* * During the time we spent inside the "sproc" callback, some * other events might have been queued by the poll callback. @@ -792,7 +792,7 @@ static void ep_done_scan(struct eventpoll *ep, wake_up(&ep->wq); } - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); } static void ep_get(struct eventpoll *ep) @@ -867,10 +867,10 @@ static bool __ep_remove(struct eventpoll *ep, struct epitem *epi, bool force) rb_erase_cached(&epi->rbn, &ep->rbr); - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); if (ep_is_linked(epi)) list_del_init(&epi->rdllink); - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); wakeup_source_unregister(ep_wakeup_source(epi)); /* @@ -1151,7 +1151,7 @@ static int ep_alloc(struct eventpoll **pep) return -ENOMEM; mutex_init(&ep->mtx); - rwlock_init(&ep->lock); + spin_lock_init(&ep->lock); init_waitqueue_head(&ep->wq); init_waitqueue_head(&ep->poll_wait); INIT_LIST_HEAD(&ep->rdllist); @@ -1238,100 +1238,10 @@ struct file *get_epoll_tfile_raw_ptr(struct file *file, int tfd, } #endif /* CONFIG_KCMP */ -/* - * Adds a new entry to the tail of the list in a lockless way, i.e. - * multiple CPUs are allowed to call this function concurrently. - * - * Beware: it is necessary to prevent any other modifications of the - * existing list until all changes are completed, in other words - * concurrent list_add_tail_lockless() calls should be protected - * with a read lock, where write lock acts as a barrier which - * makes sure all list_add_tail_lockless() calls are fully - * completed. - * - * Also an element can be locklessly added to the list only in one - * direction i.e. either to the tail or to the head, otherwise - * concurrent access will corrupt the list. - * - * Return: %false if element has been already added to the list, %true - * otherwise. - */ -static inline bool list_add_tail_lockless(struct list_head *new, - struct list_head *head) -{ - struct list_head *prev; - - /* - * This is simple 'new->next = head' operation, but cmpxchg() - * is used in order to detect that same element has been just - * added to the list from another CPU: the winner observes - * new->next == new. - */ - if (!try_cmpxchg(&new->next, &new, head)) - return false; - - /* - * Initially ->next of a new element must be updated with the head - * (we are inserting to the tail) and only then pointers are atomically - * exchanged. XCHG guarantees memory ordering, thus ->next should be - * updated before pointers are actually swapped and pointers are - * swapped before prev->next is updated. - */ - - prev = xchg(&head->prev, new); - - /* - * It is safe to modify prev->next and new->prev, because a new element - * is added only to the tail and new->next is updated before XCHG. - */ - - prev->next = new; - new->prev = prev; - - return true; -} - -/* - * Chains a new epi entry to the tail of the ep->ovflist in a lockless way, - * i.e. multiple CPUs are allowed to call this function concurrently. - * - * Return: %false if epi element has been already chained, %true otherwise. - */ -static inline bool chain_epi_lockless(struct epitem *epi) -{ - struct eventpoll *ep = epi->ep; - - /* Fast preliminary check */ - if (epi->next != EP_UNACTIVE_PTR) - return false; - - /* Check that the same epi has not been just chained from another CPU */ - if (cmpxchg(&epi->next, EP_UNACTIVE_PTR, NULL) != EP_UNACTIVE_PTR) - return false; - - /* Atomically exchange tail */ - epi->next = xchg(&ep->ovflist, epi); - - return true; -} - /* * This is the callback that is passed to the wait queue wakeup * mechanism. It is called by the stored file descriptors when they * have events to report. - * - * This callback takes a read lock in order not to contend with concurrent - * events from another file descriptor, thus all modifications to ->rdllist - * or ->ovflist are lockless. Read lock is paired with the write lock from - * ep_start/done_scan(), which stops all list modifications and guarantees - * that lists state is seen correctly. - * - * Another thing worth to mention is that ep_poll_callback() can be called - * concurrently for the same @epi from different CPUs if poll table was inited - * with several wait queues entries. Plural wakeup from different CPUs of a - * single wait queue is serialized by wq.lock, but the case when multiple wait - * queues are used should be detected accordingly. This is detected using - * cmpxchg() operation. */ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, void *key) { @@ -1342,7 +1252,7 @@ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, v unsigned long flags; int ewake = 0; - read_lock_irqsave(&ep->lock, flags); + spin_lock_irqsave(&ep->lock, flags); ep_set_busy_poll_napi_id(epi); @@ -1371,12 +1281,15 @@ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, v * chained in ep->ovflist and requeued later on. */ if (READ_ONCE(ep->ovflist) != EP_UNACTIVE_PTR) { - if (chain_epi_lockless(epi)) + if (epi->next == EP_UNACTIVE_PTR) { + epi->next = READ_ONCE(ep->ovflist); + WRITE_ONCE(ep->ovflist, epi); ep_pm_stay_awake_rcu(epi); + } } else if (!ep_is_linked(epi)) { /* In the usual case, add event to ready list. */ - if (list_add_tail_lockless(&epi->rdllink, &ep->rdllist)) - ep_pm_stay_awake_rcu(epi); + list_add_tail(&epi->rdllink, &ep->rdllist); + ep_pm_stay_awake_rcu(epi); } /* @@ -1409,7 +1322,7 @@ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, v pwake++; out_unlock: - read_unlock_irqrestore(&ep->lock, flags); + spin_unlock_irqrestore(&ep->lock, flags); /* We have to call this outside the lock */ if (pwake) @@ -1744,7 +1657,7 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event, } /* We have to drop the new item inside our item list to keep track of it */ - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); /* record NAPI ID of new item if present */ ep_set_busy_poll_napi_id(epi); @@ -1761,7 +1674,7 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event, pwake++; } - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); /* We have to call this outside the lock */ if (pwake) @@ -1825,7 +1738,7 @@ static int ep_modify(struct eventpoll *ep, struct epitem *epi, * list, push it inside. */ if (ep_item_poll(epi, &pt, 1)) { - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); if (!ep_is_linked(epi)) { list_add_tail(&epi->rdllink, &ep->rdllist); ep_pm_stay_awake(epi); @@ -1836,7 +1749,7 @@ static int ep_modify(struct eventpoll *ep, struct epitem *epi, if (waitqueue_active(&ep->poll_wait)) pwake++; } - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); } /* We have to call this outside the lock */ @@ -2088,7 +2001,7 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, init_wait(&wait); wait.func = ep_autoremove_wake_function; - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); /* * Barrierless variant, waitqueue_active() is called under * the same lock on wakeup ep_poll_callback() side, so it @@ -2107,7 +2020,7 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, if (!eavail) __add_wait_queue_exclusive(&ep->wq, &wait); - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); if (!eavail) timed_out = !ep_schedule_timeout(to) || @@ -2123,7 +2036,7 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, eavail = 1; if (!list_empty_careful(&wait.entry)) { - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); /* * If the thread timed out and is not on the wait queue, * it means that the thread was woken up after its @@ -2134,7 +2047,7 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, if (timed_out) eavail = list_empty(&wait.entry); __remove_wait_queue(&ep->wq, &wait); - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); } } } -- 2.39.5

3 months, 4 weeks

[PATCH] iommu/s390: Fix memory corruption when using identity domain

by Matthew Rosato

zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are stored as part of the s390_domain. The problem, however, is that the identity domain is not backed by an s390_domain and so the conversion via to_s390_domain() yields a bad address that is zero'd initially and read on-demand later via a sysfs read. These counters aren't necessary for the identity domain; just return NULL in this case. This issue was discovered via KASAN with reports that look like: BUG: KASAN: global-out-of-bounds in zpci_fmb_enable_device when using the identity domain for a device on s390. Cc: stable(a)vger.kernel.org Fixes: 64af12c6ec3a ("iommu/s390: implement iommu passthrough via identity domain") Reported-by: Cam Miller <cam(a)linux.ibm.com> Signed-off-by: Matthew Rosato <mjrosato(a)linux.ibm.com> --- drivers/iommu/s390-iommu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/s390-iommu.c b/drivers/iommu/s390-iommu.c index 9c80d61deb2c..d7370347c910 100644 --- a/drivers/iommu/s390-iommu.c +++ b/drivers/iommu/s390-iommu.c @@ -1032,7 +1032,8 @@ struct zpci_iommu_ctrs *zpci_get_iommu_ctrs(struct zpci_dev *zdev) lockdep_assert_held(&zdev->dom_lock); - if (zdev->s390_domain->type == IOMMU_DOMAIN_BLOCKED) + if (zdev->s390_domain->type == IOMMU_DOMAIN_BLOCKED || + zdev->s390_domain->type == IOMMU_DOMAIN_IDENTITY) return NULL; s390_domain = to_s390_domain(zdev->s390_domain); -- 2.50.1

3 months, 4 weeks

[PATCH 6.1&6.6 0/3] kbuild: Avoid weak external linkage where possible

by Huacai Chen

Backport this series to 6.1&6.6 because LoongArch gets build errors with latest binutils which has commit 599df6e2db17d1c4 ("ld, LoongArch: print error about linking without -fPIC or -fPIE flag in more detail"). CC .vmlinux.export.o UPD include/generated/utsversion.h CC init/version-timestamp.o LD .tmp_vmlinux.kallsyms1 loongarch64-unknown-linux-gnu-ld: kernel/kallsyms.o:(.text+0): relocation R_LARCH_PCALA_HI20 against `kallsyms_markers` can not be used when making a PIE object; recompile with -fPIE loongarch64-unknown-linux-gnu-ld: kernel/crash_core.o:(.init.text+0x984): relocation R_LARCH_PCALA_HI20 against `kallsyms_names` can not be used when making a PIE object; recompile with -fPIE loongarch64-unknown-linux-gnu-ld: kernel/bpf/btf.o:(.text+0xcc7c): relocation R_LARCH_PCALA_HI20 against `__start_BTF` can not be used when making a PIE object; recompile with -fPIE loongarch64-unknown-linux-gnu-ld: BFD (GNU Binutils) 2.43.50.20241126 assertion fail ../../bfd/elfnn-loongarch.c:2673 In theory 5.10&5.15 also need this, but since LoongArch get upstream at 5.19, so I just ignore them because there is no error report about other archs now. Weak external linkage is intended for cases where a symbol reference can remain unsatisfied in the final link. Taking the address of such a symbol should yield NULL if the reference was not satisfied. Given that ordinary RIP or PC relative references cannot produce NULL, some kind of indirection is always needed in such cases, and in position independent code, this results in a GOT entry. In ordinary code, it is arch specific but amounts to the same thing. While unavoidable in some cases, weak references are currently also used to declare symbols that are always defined in the final link, but not in the first linker pass. This means we end up with worse codegen for no good reason. So let's clean this up, by providing preliminary definitions that are only used as a fallback. Ard Biesheuvel (3): kallsyms: Avoid weak references for kallsyms symbols vmlinux: Avoid weak reference to notes section btf: Avoid weak external references Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- include/asm-generic/vmlinux.lds.h | 28 ++++++++++++++++++ kernel/bpf/btf.c | 7 +++-- kernel/bpf/sysfs_btf.c | 6 ++-- kernel/kallsyms.c | 6 ---- kernel/kallsyms_internal.h | 30 ++++++++------------ kernel/ksysfs.c | 4 +-- lib/buildid.c | 4 +-- 7 files changed, 52 insertions(+), 33 deletions(-) --- 2.27.0

3 months, 4 weeks

[PATCH] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed

by Krzysztof Kozlowski

If earlier opening of source graph fails (e.g. ADSP rejects due to incorrect audioreach topology), the graph is closed and "dai_data->graph[dai->id]" is assigned NULL. Preparing the DAI for sink graph continues though and next call to q6apm_lpass_dai_prepare() receives dai_data->graph[dai->id]=NULL leading to NULL pointer exception: qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22 Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8 ... Call trace: q6apm_graph_media_format_pcm+0x48/0x120 (P) q6apm_lpass_dai_prepare+0x110/0x1b4 snd_soc_pcm_dai_prepare+0x74/0x108 __soc_pcm_prepare+0x44/0x160 dpcm_be_dai_prepare+0x124/0x1c0 Fixes: 30ad723b93ad ("ASoC: qdsp6: audioreach: add q6apm lpass dai support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c b/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c index f90628d9b90e..7520e6f024c3 100644 --- a/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c +++ b/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c @@ -191,6 +191,12 @@ static int q6apm_lpass_dai_prepare(struct snd_pcm_substream *substream, struct s return rc; } dai_data->graph[graph_id] = graph; + } else if (!dai_data->graph[dai->id]) { + /* + * Loading source graph failed before, so abort loading the sink + * as well. + */ + return -EINVAL; } cfg->direction = substream->stream; -- 2.48.1

4 months

[PATCH] firmware: meson_sm: fix device leak at probe

by Johan Hovold

Make sure to drop the reference to the secure monitor device taken by of_find_device_by_node() when looking up its driver data on behalf of other drivers (e.g. during probe). Note that holding a reference to the platform device does not prevent its driver data from going away so there is no point in keeping the reference after the helper returns. Fixes: 8cde3c2153e8 ("firmware: meson_sm: Rework driver as a proper platform driver") Cc: stable(a)vger.kernel.org # 5.5 Cc: Carlo Caione <ccaione(a)baylibre.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/firmware/meson/meson_sm.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/meson/meson_sm.c b/drivers/firmware/meson/meson_sm.c index f25a9746249b..3ab67aaa9e5d 100644 --- a/drivers/firmware/meson/meson_sm.c +++ b/drivers/firmware/meson/meson_sm.c @@ -232,11 +232,16 @@ EXPORT_SYMBOL(meson_sm_call_write); struct meson_sm_firmware *meson_sm_get(struct device_node *sm_node) { struct platform_device *pdev = of_find_device_by_node(sm_node); + struct meson_sm_firmware *fw; if (!pdev) return NULL; - return platform_get_drvdata(pdev); + fw = platform_get_drvdata(pdev); + + put_device(&pdev->dev); + + return fw; } EXPORT_SYMBOL_GPL(meson_sm_get); -- 2.49.1

4 months

[PATCH 5.15.y 0/2] Fix TSA CPUID management in KVM

by Boris Ostrovsky

Backport of AMD's TSA mitigation to 5.15 did not set CPUID bits that are passed to a guest correctly (commit c334ae4a545a "KVM: SVM: Advertise TSA CPUID bits to guests"). This series attempts to address this: * The first patch from Kim allows us to properly use cpuid caps. * The second patch is a combination of fixes to c334ae4a545a and f3f9deccfc68, which is stable-only patch to 6.12.y. (Not sure what to do with attribution) Alternatively, we can opencode all of this (the way it's currently done in __do_cpuid_func()'s 0x80000021 case) and do everything in a single patch. Boris Ostrovsky (1): KVM: SVM: Properly advertise TSA CPUID bits to guests Kim Phillips (1): KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code arch/x86/kvm/cpuid.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) -- 2.43.5

4 months

[PATCH 6.12 000/322] 6.12.44-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.44 release. There are 322 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Aug 2025 11:08:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.44-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.44-rc1 Al Viro <viro(a)zeniv.linux.org.uk> alloc_fdtable(): change calling conventions. Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't leak dst refcount for loopback packets Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Armen Ratner <armeng(a)nvidia.com> net/mlx5e: Preserve shared buffer capacity during headroom updates Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Query FW for buffer ownership Oren Sidi <osidi(a)nvidia.com> net/mlx5: Add IFC bits and enums for buf_ownership Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Relocate function declarations from port.h to mlx5_core.h Daniel Jurgens <danielj(a)nvidia.com> net/mlx5: Base ECVF devlink port attrs from 0 Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: Skip overlap check for SPI field Hangbin Liu <liuhangbin(a)gmail.com> bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Hangbin Liu <liuhangbin(a)gmail.com> bonding: update LACP activity flag after setting lacp_active Dewei Meng <mengdewei(a)cqsoftware.com.cn> ALSA: timer: fix ida_free call while not allocated William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix KSZ9477 HSR port setup issue ValdikSS <iam(a)valdikss.org.ru> igc: fix disabling L1.2 PCI-E link substate on I226 on init Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Do not map lowcore with identity mapping Kanglong Wang <wangkanglong(a)loongson.cn> LoongArch: Optimize module load time by optimizing PLT/GOT counting Parthiban Veerasooran <parthiban.veerasooran(a)microchip.com> microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 Parthiban Veerasooran <parthiban.veerasooran(a)microchip.com> microchip: lan865x: fix missing netif_start_queue() call on device open D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix UAF on smcsk after smc_listen_out() Jordan Rhee <jordanrhee(a)google.com> gve: prevent ethtool ops after shutdown Yuichiro Tsuji <yuichtsu(a)amazon.com> net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix timestamping for vsc8584 David Howells <dhowells(a)redhat.com> cifs: Fix oops due to uninitialised variable MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. Qingfang Deng <dqfext(a)gmail.com> ppp: fix race conditions in ppp_fill_forward_path Qingfang Deng <dqfext(a)gmail.com> net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Jakub Ramaseuski <jramaseu(a)redhat.com> net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't print errors for nonexistent connectors Chenyuan Yang <chenyuan0y(a)gmail.com> drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the hibmc loaded failed bug Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: refactored struct hibmc_drm_private Miguel Ojeda <ojeda(a)kernel.org> rust: alloc: fix `rusttest` by providing `Cmalloc::aligned_layout` too Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Sergey Shtylyov <s.shtylyov(a)omp.ru> Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix scan state after PA Sync has been established Kees Cook <kees(a)kernel.org> iommu/amd: Avoid stack buffer overflow from kernel cmdline Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Justin Lai <justinlai0215(a)realtek.com> rtase: Fix Rx descriptor CRC error bit definition Wang Liang <wangliang74(a)huawei.com> net: bridge: fix soft lockup in br_multicast_query_expired() Suraj Gupta <suraj.gupta2(a)amd.com> net: xilinx: axienet: Fix RX skb ring management in DMAengine mode Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix dip entries leak on devices newer than hip09 Anantha Prabhu <anantha.prabhu(a)broadcom.com> RDMA/bnxt_re: Fix to initialize the PBL array Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix a possible memory leak in the driver Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to remove workload check in SRQ limit path Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to do SRQ armena by default wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix querying wrong SCC context for DIP algorithm Boshi Yu <boshiyu(a)linux.alibaba.com> RDMA/erdma: Fix ignored return value of init_kernel_qp Danilo Krummrich <dakr(a)kernel.org> rust: alloc: replace aligned_size() with Kmalloc::aligned_layout() Nitin Gote <nitin.r.gote(a)intel.com> iosys-map: Fix undefined behavior in iosys_map_clear() José Expósito <jose.exposito89(a)gmail.com> drm/tests: Fix drm_test_fb_xrgb8888_to_xrgb2101010() on big-endian Thomas Zimmermann <tzimmermann(a)suse.de> drm/tests: Do not use drm_fb_blit() in format-helper tests Thomas Zimmermann <tzimmermann(a)suse.de> drm/format-helper: Add generic conversion to 32-bit formats Thomas Zimmermann <tzimmermann(a)suse.de> drm/format-helper: Move helpers for pixel conversion to header file Kerem Karabay <kekrby(a)gmail.com> drm/format-helper: Add conversion from XRGB8888 to BGR888 Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Move drawing functions to drm_draw José Expósito <jose.exposito89(a)gmail.com> drm/tests: Fix endian warning Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix a partition error with CPU hotplug Waiman Long <longman(a)redhat.com> cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Fanhua Li <lifanhua5(a)huawei.com> drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Clamp too high speed_hz Tianxiang Peng <txpeng(a)tencent.com> x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: change invalid data error to -EBUSY Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: imu: inv_icm42600: Convert to uXX and sXX integer types David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 Jakub Kicinski <kuba(a)kernel.org> tls: fix handling of zero-length records on the rx_list Michal Suchanek <msuchanek(a)suse.de> powerpc/boot: Fix build with gcc 15 NeilBrown <neil(a)brown.name> ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() Imre Deak <imre.deak(a)intel.com> drm/i915/icl+/tc: Cache the max lane count value Jan Beulich <jbeulich(a)suse.com> compiler: remove __ADDRESSABLE_ASM{_STR,}() again Imre Deak <imre.deak(a)intel.com> drm/i915/icl+/tc: Convert AUX powered WARN to a debug message Pu Lehui <pulehui(a)huawei.com> tracing: Limit access to parser->buffer when trace_get_user failed Steven Rostedt <rostedt(a)goodmis.org> tracing: Remove unneeded goto out logic David Lechner <dlechner(a)baylibre.com> iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: as73211: Ensure buffer holes are zeroed Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: Use aligned_s64 instead of open coding alignment. Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Wildcat Lake Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Remove WARN_ON for device endpoint command timeouts Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> usb: xhci: Fix slot_id resource race conflict Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: disable low power mode when reading comparator values Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Vasut <marek.vasut+renesas(a)mailbox.org> usb: renesas-xhci: Fix External ROM access timeouts Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Edward Adam Davis <eadavis(a)qq.com> comedi: pcl726: Prevent invalid irq number Ian Abbott <abbotti(a)mev.co.uk> comedi: Make insn_rw_emulate_bits() do insn->n samples Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Thorsten Blum <thorsten.blum(a)linux.dev> cdx: Fix off-by-one error in cdx_rpmsg_probe() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() Miaoqian Lin <linmq006(a)gmail.com> most: core: Drop device reference after usage in get_channel() David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems Salah Triki <salah.triki(a)gmail.com> iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid selecting states with too much latency Christian Loehle <christian.loehle(a)arm.com> cpuidle: menu: Remove iowait influence Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Stefan Metzmacher <metze(a)samba.org> smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Charalampos Mitrodimas <charmitro(a)posteo.net> debugfs: fix mount options not being applied Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am6*: Remove disable-wp for eMMC Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62*: Add non-removable flag for eMMC Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am6*: Add boot phase flag to support MMC boot Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: subpage: keep TOWRITE tag until folio is cleaned Baokun Li <libaokun1(a)huawei.com> ext4: preserve SB_I_VERSION on remount Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix setting ODR in probe Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Use standard PCIe definitions Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support Simon Richter <Simon.Richter(a)hogyros.de> Mark xe driver as BROKEN if kernel page size is not 4kB Geliang Tang <geliang(a)kernel.org> mptcp: disable add_addr retransmission when timeout is 0 Geliang Tang <geliang(a)kernel.org> mptcp: remove duplicate sk_reset_timer call Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() Mike Christie <michael.christie(a)oracle.com> scsi: core: Fix command pass through retry regression Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix Xorg desktop unresponsive on Replay panel Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overclock DCE 6 by 15% Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid a NULL pointer dereference Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swm14: Update power limit logic Thorsten Blum <thorsten.blum(a)linux.dev> accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() Keith Busch <kbusch(a)kernel.org> kvm: retry nx_huge_page_recovery_thread creation Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel-uncore-freq: Check write blocked for ELC Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Fix SCCB present check Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Flush delayed SKBs while releasing RXE resources Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com> ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Jinjiang Tu <tujinjiang(a)huawei.com> mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Herton R. Krzesinski <herton(a)redhat.com> mm/debug_vm_pgtable: clear page table entries at destroy_args() Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a race when updating an existing write Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: Add a new function to simplify the code Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement Dominique Martinet <asmadeus(a)codewreck.org> iov_iter: iterate_folioq: fix handling of offset >= folio size Jens Axboe <axboe(a)kernel.dk> io_uring/futex: ensure io_futex_wait() cleans up properly on failure Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "can: ti_hecc: fix -Woverflow compiler warning" Andrea Righi <arighi(a)nvidia.com> sched_ext: initialize built-in idle state before ops.init() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Return aborted command when missing sense and result TF Jens Axboe <axboe(a)kernel.dk> io_uring/net: commit partial buffers on retry David Howells <dhowells(a)redhat.com> netfs: Fix unbuffered write error handling Filipe Manana <fdmanana(a)suse.com> btrfs: send: make fs_path_len() inline and constify its argument Filipe Manana <fdmanana(a)suse.com> btrfs: send: use fallocate for hole punching with send stream v2 Filipe Manana <fdmanana(a)suse.com> btrfs: send: avoid path allocation for the current inode when issuing commands Filipe Manana <fdmanana(a)suse.com> btrfs: send: keep the current inode's path cached Filipe Manana <fdmanana(a)suse.com> btrfs: send: add and use helper to rename current inode when processing refs Filipe Manana <fdmanana(a)suse.com> btrfs: send: only use boolean variables at process_recorded_refs() Filipe Manana <fdmanana(a)suse.com> btrfs: send: factor out common logic when sending xattrs Christoph Hellwig <hch(a)lst.de> xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: requeue to unused block group list if zone finish failed Boris Burkov <boris(a)bur.io> btrfs: codify pattern for adding block_group to bg_list Boris Burkov <boris(a)bur.io> btrfs: explicitly ref count block_group on new_bgs list Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() Filipe Manana <fdmanana(a)suse.com> btrfs: always abort transaction on failure to add block group to free space tree David Sterba <dsterba(a)suse.com> btrfs: move transaction aborts to the error site in add_block_group_free_space() Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix race between quota disable and quota rescan ioctl David Sterba <dsterba(a)suse.com> btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> USB: typec: Use str_enable_disable-like helpers Tom Lendacky <thomas.lendacky(a)amd.com> x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero SeongJae Park <sj(a)kernel.org> mm/damon/ops-common: ignore migration request to invalid nodes Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm: check flush doesn't reset limits Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: kernel: flush: do not reset ADD_ADDR limit Christoph Paasch <cpaasch(a)openai.com> mptcp: drop skb if MPTCP skb extension allocation fails Chen Yu <yu.c.chen(a)intel.com> ACPI: pfr_update: Fix the driver update version check Eric Biggers <ebiggers(a)kernel.org> ipv6: sr: Fix MAC comparison to be constant-time Andrea Righi <arighi(a)nvidia.com> sched/ext: Fix invalid task state transitions on class switch Jakub Acs <acsjakub(a)amazon.de> net, hsr: reject HSR frame if skb can't hold tag Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Make function kvm_own_lbt() robust Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overwrite dce60_clk_mgr Siyang Liu <Security(a)tencent.com> drm/amd/display: fix a Null pointer dereference vulnerability Michel Dänzer <mdaenzer(a)redhat.com> drm/amd/display: Add primary plane to commits for correct VRR handling Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 4.1.0 client id mappings Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 3.0.1 client id mappings Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Update external revid for GC v9.5.0 Nathan Chancellor <nathan(a)kernel.org> drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() Peter Shkenev <mustela(a)erminea.space> drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities Gang Ba <Gang.Ba(a)amd.com> drm/amdgpu: Avoid extra evict-restore process. Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached power limit during resume Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/discovery: fix fw based ip discovery Ricardo Ribalda <ribalda(a)chromium.org> media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> media: venus: Fix MSM8998 frequency table Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Hans de Goede <hansg(a)kernel.org> media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Mathis Foerst <mathis.foerst(a)mt.com> media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: pisp_be: Fix pm_runtime underrun in probe Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix AV1 decoder clock frequency Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix wrong pixel_array control size Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu6: isys: Use correct pads for xlate_streams() Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Bingbu Cao <bingbu.cao(a)intel.com> media: hi556: correct the test pattern configuration Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser John David Anglin <dave.anglin(a)bell.net> parisc: Update comments in make_insert_tlb John David Anglin <dave.anglin(a)bell.net> parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() John David Anglin <dave.anglin(a)bell.net> parisc: Revise gateway LWS calls to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Revise __get_user() to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers John David Anglin <dave.anglin(a)bell.net> parisc: Drop WARN_ON_ONCE() from flush_cache_vmap John David Anglin <dave.anglin(a)bell.net> parisc: Define and use set_pte_at() John David Anglin <dave.anglin(a)bell.net> parisc: Check region is readable by user in raw_copy_from_user() Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct linker when mixing clang and GNU ld Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Muhammad Usama Anjum <usama.anjum(a)collabora.com> ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context Xaver Hugl <xaver.hugl(a)kde.org> amdgpu/amdgpu_discovery: increase timeout limit for IFWI init Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence Will Deacon <will(a)kernel.org> vhost/vsock: Avoid allocating arbitrarily-sized SKBs Will Deacon <will(a)kernel.org> vsock/virtio: Validate length in packet header before skb_put() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Delay link start until configfs 'start' written Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Lukas Wunner <lukas(a)wunner.de> PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge Chi Zhiling <chizhiling(a)kylinos.cn> readahead: fix return value of page_cache_next_miss() when no hole is found Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: renesas: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Gabor Juhos <j4g8y7(a)gmail.com> mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: Fix spi_nor_try_unlock_all() Tim Harvey <tharvey(a)gateworks.com> hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: change to buffer predisable David Lechner <dlechner(a)baylibre.com> iio: imu: bno055: fix OOB access of hw_xlate array Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Fix CDL control Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix default runtime and system PM levels Archana Patni <archana.patni(a)intel.com> scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix race between config read submit and interrupt completion André Draszik <andre.draszik(a)linaro.org> scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Macpaul Lin <macpaul.lin(a)mediatek.com> scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints Helge Deller <deller(a)gmx.de> apparmor: Fix 8-byte alignment for initial dfa blob streams Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses Hong Guan <hguan(a)ti.com> arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1 Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: ufs: add dma-coherent property Alexander Sverdlin <alexander.sverdlin(a)siemens.com> arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: fix printing of mount info messages for NODATACOW/NODATASUM Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: restore mount option info messages during mount Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: fix incorrect log message for nobarrier mount option Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix write time activation failure for metadata block group Zhang Yi <yi.zhang(a)huawei.com> ext4: fix hole length calculation overflow in non-extent inodes Liao Yuanhong <liaoyuanhong(a)vivo.com> ext4: use kmalloc_array() for array space allocation Theodore Ts'o <tytso(a)mit.edu> ext4: don't try to clear the orphan_present feature block device is r/o Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe-event: Sanitize wildcard for fprobe event name Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: extend the connection limiting mechanism to support IPv6 Ziyan Xu <ziyan(a)securitygossip.com> ksmbd: fix refcount leak causing resource not released Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment issue on ucode loading Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - flush misc workqueue during device shutdown John Ernberg <john.ernberg(a)actia.se> crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - lower priority for skcipher and aead algorithms Eric Biggers <ebiggers(a)kernel.org> lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Youssef Samir <quic_yabdulra(a)quicinc.com> bus: mhi: host: Detect events pointing to unexpected TREs Alexander Wilhelm <alexander.wilhelm(a)westermo.com> bus: mhi: host: Fix endianness of BHI vector table Johan Hovold <johan(a)kernel.org> usb: dwc3: imx8mp: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Damien Le Moal <dlemoal(a)kernel.org> dm: Check for forbidden splitting of zone write operations Damien Le Moal <dlemoal(a)kernel.org> dm: dm-crypt: Do not partially accept write BIOs with zoned targets Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Take active children into account in pm_runtime_get_if_in_use() Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR ------------- Diffstat: .../bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 +- .../display/sprd/sprd,sharkl3-dsi-host.yaml | 2 +- .../devicetree/bindings/ufs/mediatek,ufs.yaml | 4 + Documentation/networking/mptcp-sysctl.rst | 2 + Makefile | 6 +- arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts | 36 ++ arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62-phycore-som.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12 +- arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2 +- arch/arm64/boot/dts/ti/k3-am625-sk.dts | 24 ++ arch/arm64/boot/dts/ti/k3-am62a-phycore-som.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 7 +- arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 2 +- arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 24 -- arch/arm64/boot/dts/ti/k3-am642-evm.dts | 1 - arch/arm64/boot/dts/ti/k3-am654-base-board.dts | 1 - .../dts/ti/k3-am6548-iot2050-advanced-common.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am69-sk.dts | 1 - arch/arm64/boot/dts/ti/k3-pinctrl.h | 15 +- arch/loongarch/kernel/module-sections.c | 38 +-- arch/loongarch/kvm/vcpu.c | 8 +- arch/m68k/kernel/head.S | 31 +- arch/mips/crypto/chacha-core.S | 20 +- arch/parisc/Makefile | 4 +- arch/parisc/include/asm/pgtable.h | 7 +- arch/parisc/include/asm/special_insns.h | 28 ++ arch/parisc/include/asm/uaccess.h | 21 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/entry.S | 17 +- arch/parisc/kernel/syscall.S | 30 +- arch/parisc/lib/memcpy.c | 19 +- arch/parisc/mm/fault.c | 4 + arch/powerpc/boot/Makefile | 1 + arch/s390/boot/vmem.c | 3 + arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/x86/coco/sev/shared.c | 3 + arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kvm/mmu/mmu.c | 10 +- drivers/accel/habanalabs/gaudi2/gaudi2.c | 2 +- drivers/acpi/pfr_update.c | 2 +- drivers/ata/Kconfig | 32 +- drivers/ata/libata-scsi.c | 58 ++-- drivers/base/power/runtime.c | 27 +- drivers/bluetooth/btmtk.c | 7 +- drivers/bus/mhi/host/boot.c | 8 +- drivers/bus/mhi/host/internal.h | 4 +- drivers/bus/mhi/host/main.c | 12 +- drivers/cdx/controller/cdx_rpmsg.c | 3 +- drivers/comedi/comedi_fops.c | 5 + drivers/comedi/drivers.c | 27 +- drivers/comedi/drivers/pcl726.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpuidle/governors/menu.c | 101 ++---- drivers/crypto/caam/ctrl.c | 5 +- drivers/crypto/caam/intern.h | 1 + .../crypto/intel/qat/qat_common/adf_common_drv.h | 1 + drivers/crypto/intel/qat/qat_common/adf_init.c | 1 + drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 + drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 +- drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h | 125 +++++-- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 35 +- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpu/drm/Kconfig | 5 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 76 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 +- drivers/gpu/drm/amd/amdgpu/imu_v12_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 ++-- drivers/gpu/drm/amd/amdgpu/mmhub_v4_1_0.c | 34 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 28 ++ .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 5 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 - .../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 - .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 ++- .../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 34 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 + .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 30 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/drm_draw.c | 155 +++++++++ drivers/gpu/drm/drm_draw_internal.h | 56 ++++ drivers/gpu/drm/drm_format_helper.c | 234 +++++++++---- drivers/gpu/drm/drm_format_internal.h | 127 ++++++++ drivers/gpu/drm/drm_panic.c | 269 ++------------- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 17 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 42 +-- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 29 +- drivers/gpu/drm/i915/display/intel_tc.c | 58 +++- drivers/gpu/drm/nouveau/nvif/vmm.c | 3 +- drivers/gpu/drm/tests/drm_format_helper_test.c | 176 +++++----- drivers/gpu/drm/xe/Kconfig | 1 + drivers/hwmon/gsc-hwmon.c | 4 +- drivers/iio/adc/ad7173.c | 3 +- drivers/iio/adc/ad_sigma_delta.c | 4 +- drivers/iio/imu/bno055/bno055.c | 11 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 33 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6 +- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 43 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12 +- drivers/iio/light/adjd_s311.c | 2 +- drivers/iio/light/as73211.c | 4 +- drivers/iio/light/bh1745.c | 2 +- drivers/iio/light/isl29125.c | 2 +- drivers/iio/light/ltr501.c | 2 +- drivers/iio/light/max44000.c | 2 +- drivers/iio/light/rohm-bu27034.c | 2 +- drivers/iio/light/rpr0521.c | 2 +- drivers/iio/light/st_uvis25.h | 2 +- drivers/iio/light/tcs3414.c | 2 +- drivers/iio/light/tcs3472.c | 2 +- drivers/iio/pressure/bmp280-core.c | 9 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/iio/temperature/maxim_thermocouple.c | 26 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/main.c | 23 ++ drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 - drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 + drivers/infiniband/hw/erdma/erdma_verbs.c | 4 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6 +- drivers/infiniband/hw/hns/hns_roce_restrack.c | 9 +- drivers/infiniband/sw/rxe/rxe_net.c | 29 +- drivers/infiniband/sw/rxe/rxe_qp.c | 2 +- drivers/iommu/amd/init.c | 4 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/md/dm-crypt.c | 47 ++- drivers/md/dm.c | 17 +- drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +- drivers/media/i2c/hi556.c | 26 +- drivers/media/i2c/mt9m114.c | 8 - drivers/media/i2c/ov2659.c | 3 +- drivers/media/pci/intel/ipu6/ipu6-isys-csi2.c | 12 +- drivers/media/pci/intel/ivsc/mei_ace.c | 2 + drivers/media/pci/intel/ivsc/mei_csi.c | 2 + drivers/media/platform/qcom/camss/camss.c | 4 +- drivers/media/platform/qcom/venus/core.c | 18 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/hfi_venus.c | 5 + drivers/media/platform/qcom/venus/vdec.c | 5 +- drivers/media/platform/qcom/venus/venc.c | 5 +- drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/raspberrypi/pisp_be/pisp_be.c | 5 +- .../media/platform/verisilicon/rockchip_vpu_hw.c | 9 - drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 - drivers/memstick/core/memstick.c | 1 - drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mmc/host/sdhci-pci-gli.c | 37 ++- drivers/mmc/host/sdhci_am654.c | 18 + drivers/most/core.c | 2 +- drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/mtd/nand/raw/renesas-nand-controller.c | 6 + drivers/mtd/nand/spi/core.c | 5 +- drivers/mtd/spi-nor/swp.c | 19 +- drivers/net/bonding/bond_3ad.c | 67 +++- drivers/net/bonding/bond_options.c | 1 + drivers/net/can/ti_hecc.c | 2 +- drivers/net/dsa/microchip/ksz_common.c | 6 + drivers/net/ethernet/google/gve/gve_main.c | 2 + drivers/net/ethernet/intel/igc/igc_main.c | 14 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en/dcbnl.h | 1 - .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 18 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 12 +- .../ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 87 +++++ drivers/net/ethernet/mellanox/mlx5/core/port.c | 40 +-- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 + drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 + drivers/net/ethernet/microchip/lan865x/lan865x.c | 21 ++ drivers/net/ethernet/realtek/rtase/rtase.h | 2 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 72 ++-- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 +- drivers/net/phy/mscc/mscc.h | 12 + drivers/net/phy/mscc/mscc_main.c | 12 + drivers/net/phy/mscc/mscc_ptp.c | 49 ++- drivers/net/ppp/ppp_generic.c | 17 +- drivers/net/usb/asix_devices.c | 2 +- drivers/net/wireless/ath/ath11k/ce.c | 3 - drivers/net/wireless/ath/ath11k/dp_rx.c | 3 - drivers/net/wireless/ath/ath11k/hal.c | 33 +- drivers/net/wireless/ath/ath12k/ce.c | 3 - drivers/net/wireless/ath/ath12k/hal.c | 38 ++- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/pci/controller/dwc/pci-imx6.c | 32 +- drivers/pci/controller/pcie-rockchip-host.c | 49 +-- drivers/pci/controller/pcie-rockchip.h | 11 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/pcie/portdrv.c | 2 +- drivers/phy/qualcomm/phy-qcom-m31.c | 14 +- drivers/platform/chrome/cros_ec.c | 3 + .../intel/uncore-frequency/uncore-frequency-tpmi.c | 5 + drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 71 ++-- drivers/s390/char/sclp.c | 11 +- drivers/scsi/mpi3mr/mpi3mr.h | 6 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 2 + drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/scsi_lib.c | 3 + drivers/soc/qcom/mdt_loader.c | 43 +++ drivers/soc/tegra/pmc.c | 51 +-- drivers/spi/spi-fsl-lpspi.c | 8 +- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/vt/defkeymap.c_shipped | 112 +++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/ufs/host/ufs-exynos.c | 4 +- drivers/ufs/host/ufshcd-pci.c | 42 ++- drivers/usb/atm/cxacru.c | 172 +++++----- drivers/usb/core/hcd.c | 20 +- drivers/usb/core/quirks.c | 1 + drivers/usb/dwc3/dwc3-imx8mp.c | 7 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/dwc3/ep0.c | 20 +- drivers/usb/dwc3/gadget.c | 19 +- drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-mem.c | 22 +- drivers/usb/host/xhci-pci-renesas.c | 7 +- drivers/usb/host/xhci-ring.c | 9 +- drivers/usb/host/xhci.c | 21 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/musb/omap2430.c | 14 +- drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 ++ drivers/usb/typec/class.c | 7 +- drivers/usb/typec/tcpm/fusb302.c | 32 +- drivers/usb/typec/tcpm/maxim_contaminant.c | 58 ++++ .../usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c | 3 +- .../typec/tcpm/qcom/qcom_pmic_typec_pdphy_stub.c | 3 +- drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_port.c | 4 +- drivers/usb/typec/tcpm/tcpci_maxim.h | 1 + drivers/usb/typec/tcpm/tcpm.c | 7 +- drivers/vhost/vsock.c | 6 +- drivers/video/console/vgacon.c | 2 +- fs/btrfs/block-group.c | 59 ++-- fs/btrfs/ctree.c | 9 +- fs/btrfs/free-space-tree.c | 17 +- fs/btrfs/qgroup.c | 38 ++- fs/btrfs/send.c | 361 ++++++++++++--------- fs/btrfs/subpage.c | 19 +- fs/btrfs/super.c | 13 +- fs/btrfs/transaction.c | 1 + fs/btrfs/zoned.c | 13 +- fs/buffer.c | 2 +- fs/debugfs/inode.c | 11 +- fs/ext4/fsmap.c | 23 +- fs/ext4/indirect.c | 4 +- fs/ext4/inode.c | 2 +- fs/ext4/orphan.c | 5 +- fs/ext4/super.c | 8 +- fs/f2fs/node.c | 10 + fs/file.c | 75 ++--- fs/jbd2/checkpoint.c | 1 + fs/namespace.c | 34 +- fs/netfs/write_collect.c | 10 +- fs/netfs/write_issue.c | 4 +- fs/nfs/pagelist.c | 9 +- fs/nfs/write.c | 29 +- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/server/connection.c | 3 +- fs/smb/server/connection.h | 7 +- fs/smb/server/oplock.c | 13 +- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/transport_rdma.h | 4 +- fs/smb/server/transport_tcp.c | 26 +- fs/splice.c | 3 + fs/squashfs/super.c | 14 +- fs/xfs/xfs_itable.c | 6 +- include/drm/drm_format_helper.h | 12 + include/linux/call_once.h | 43 ++- include/linux/compiler.h | 8 - include/linux/iosys-map.h | 7 +- include/linux/iov_iter.h | 20 +- include/linux/kcov.h | 47 +-- include/linux/mlx5/mlx5_ifc.h | 14 +- include/linux/mlx5/port.h | 83 ----- include/linux/netfs.h | 1 + include/linux/nfs_page.h | 1 + include/net/bond_3ad.h | 1 + include/uapi/linux/pfrut.h | 1 + io_uring/futex.c | 3 + io_uring/net.c | 27 +- kernel/cgroup/cpuset.c | 9 +- kernel/sched/ext.c | 18 +- kernel/trace/ftrace.c | 19 +- kernel/trace/trace.c | 34 +- kernel/trace/trace.h | 10 +- mm/damon/paddr.c | 4 + mm/debug_vm_pgtable.c | 9 +- mm/filemap.c | 3 +- mm/memory-failure.c | 8 + net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_event.c | 8 +- net/bluetooth/hci_sync.c | 19 +- net/bridge/br_multicast.c | 16 + net/bridge/br_private.h | 2 + net/core/dev.c | 12 + net/hsr/hsr_slave.c | 8 +- net/ipv4/netfilter/nf_reject_ipv4.c | 6 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/seg6_hmac.c | 6 +- net/mptcp/options.c | 6 +- net/mptcp/pm_netlink.c | 19 +- net/sched/sch_cake.c | 14 +- net/sched/sch_htb.c | 2 +- net/smc/af_smc.c | 3 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 12 +- rust/kernel/alloc/allocator.rs | 30 +- rust/kernel/alloc/allocator_test.rs | 11 + security/apparmor/lsm.c | 4 +- sound/core/timer.c | 4 +- sound/pci/hda/patch_realtek.c | 2 + sound/soc/sof/amd/acp-loader.c | 6 +- sound/usb/stream.c | 2 +- sound/usb/validate.c | 2 +- tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 + 341 files changed, 3816 insertions(+), 2245 deletions(-)

4 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2025